News

Loading...

Friday, December 12, 2008

SecurityFocus Newsletter #482

SecurityFocus Newsletter #482
----------------------------------------

This issue is sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a?cmpid=701500000006y9H


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Exclude Bad ISPs
2.Standing on Other's Shoulders
II. BUGTRAQ SUMMARY
1. Sun Java System Portal Server Web Console Information Disclosure Vulnerability
2. Sun Ray Server Administration Password Information Disclosure Vulnerability
3. Aruba Mobility Controller EAP Frame Remote Denial of Service Vulnerability
4. w3blabor Local File Include and Arbitrary File Upload Vulnerabilities
5. BMC Patrol Agent Remote Format String Vulnerability
6. PhPepperShop Multiple Cross Site Scripting Vulnerabilities
7. PrestaShop Multiple Cross-Site Scripting Vulnerabilities
8. PHP Multiple Newsletters 'lang' Parameter Local File Include Vulnerability
9. PHP 'proc_open()' Environment Parameter Safe Mode Restriction-Bypass Vulnerability
10. PHP 5.2.7 'magic_quotes_gpc' Security Bypass Weakness
11. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
12. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
13. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
14. pam_krb5 Existing Ticket Configuration Option Local Privilege Escalation Vulnerability
15. Ruby on Rails ':offset' And ':limit' Parameters SQL Injection Vulnerabilities
16. ActiveWebSoftwares ActiveVotes 'VoteHistory.asp' SQL Injection Vulnerability
17. Debian 'login' Local Privilege Escalation Vulnerability
18. MDaemon Server WorldClient 'IMG' Tag Script Injection Vulnerability
19. Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability
20. Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability
21. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability
22. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability
23. Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability
24. Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability
25. Microsoft WordPad Text Converter Remote Code Execution Vulnerability
26. Sun Java Web Console Unspecified URI Redirection Vulnerability
27. Opera Web Browser 'file://' Heap Based Buffer Overflow Vulnerability
28. Microsoft Excel Name Record Array Remote Code Execution Vulnerability
29. Netref 'id' Parameter Multiple SQL Injection Vulnerabilities
30. PvPGN Insecure Temporary File Creation Vulnerability
31. ProQuiz 'Username' Parameter SQL Injection Vulnerability
32. EasyMail Objects 'emmailstore.dll ' ActiveX Control Remote Buffer Overflow Vulnerability
33. ASP-CMS 'cha' Parameter SQL Injection Vulnerability
34. Moodle Wiki Page Name Cross Site Scripting Vulnerability
35. MailScanner Multiple Insecure Temporary File Creation Vulnerabilities
36. Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote Denial Of Service Vulnerabilities
37. HydraIRC Remote Denial Of Service Vulnerability
38. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability
39. University of Washington IMAP 'smtp.c' Null Pointer Dereference Denial of Service Vulnerability
40. University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
41. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability
42. Debian ppp-udeb Insecure Temporary File Creation Vulnerability
43. CUPS 'pstopdf' Insecure Temporary File Creation Vulnerability
44. phpMyAdmin 'table' Parameter SQL Injection Vulnerability
45. Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness
46. HP DECnet-Plus OpenVMS 'OSIT$NAMES' Security Bypass Weakness
47. Debian netdisco-mibs-installer Insecure Temporary File Creation Vulnerabilities
48. PEEL 'rubid' Parameter SQL Injection Vulnerability
49. Computer Associates ARCserve Backup 'LDBServer' Remote Code Execution Vulnerability
50. PHP Multiple Newsletters 'index.php' Cross Site Scripting Vulnerability
51. PunBB SQL Injection and Cross Site Scripting Vulnerabilities
52. Linux Kernel MIPS Untrusted User Application Local Denial of Service Vulnerability
53. PHPmyGallery 'common-tpl-vars.php' Local and Remote File Include Vulnerabilities
54. Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
55. 3CX Phone System Multiple Cross Site Scripting Vulnerabilities
56. ASPired2Blog 'blog_comments.asp' SQL Injection Vulnerability
57. Social Groupie 'create_album.php' Arbitrary File Upload Vulnerability
58. Analysis of High-Performance Access CGI Session Identifier Session Hijacking Vulnerability
59. Affiliate Software Java 'logon.jsp' SQL Injection Vulnerability
60. Xpoze 'home.html' SQL Injection Vulnerability
61. SUMON Multiple Remote Command Execution Vulnerabilities
62. Social Groupie 'id' Parameter SQL Injection Vulnerability
63. Mercury Mail Remote Mailbox Name Service Buffer Overflow Vulnerability
64. Symantec Multiple Products SPBBCDrv Driver Local Denial of Service Vulnerability
65. Butterfly Organizer Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
66. Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
67. VirtualBox 'ipcdUnix.cpp' Insecure Temporary File Creation Vulnerability
68. Akira Powered Image Gallery 'function.php' SQL Injection Vulnerability
69. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
70. Wireshark 1.0.4 SMTP Denial of Service Vulnerability
71. Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
72. Poll Pro User and Passwrod SQL Injection Vulnerabilities
73. PHPmyGallery Local and Remote File Include Vulnerabilities
74. dotnetindex Professional Download Assistant SQL Injection Vulnerability
75. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
76. OpenSSH CBC Mode Information Disclosure Vulnerability
77. Perl Archive::Tar Module Remote Directory Traversal Vulnerability
78. ASP Product Catalog Default.ASP SQL Injection Vulnerability
79. Adobe Flash Player Multiple Security Vulnerabilities
80. NitroTech 'common.php' Remote File Include Vulnerability
81. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
82. ARB Multiple Insecure Temporary File Creation Vulnerabilities
83. Linksys WVC54GC Wireless-G Internet Video Camera Information Disclosure Vulnerability
84. Net-SNMP GETBULK Remote Denial of Service Vulnerability
85. Vinagre 'vinarge_utils_show_error()' Function Format String Vulnerability
86. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
87. PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability
88. PHP 'chdir()' and 'ftok()' 'safe_mode' Multiple Security Bypss Vulnerabilities
89. Tag Board 4 phpBB3 'tag_board.php' SQL Injection Vulnerability
90. ffdshow Long URL Link Remote Buffer Overflow Vulnerability
91. Google Gears WorkerPool API 'allowCrossOrigin()' Same Origin Policy Violation Vulnerability
92. WebCAF Multiple Input Validation Vulnerabilities
93. Multiple Laptop Face Recognition Authentication Bypass Vulnerability
94. Secure Downloads for vBulletin 'fileinfo.php' SQL Injection Vulnerability
95. SIU Guarani SQL Injection and Arbitrary File Upload Vulnerabilities
96. GpsDrive 'geo-nearest' Insecure Temporary File Creation Vulnerability
97. DD-WRT Cross-Site Request Forgery Vulnerability
98. GpsDrive Insecure Temporary File Creation Vulnerability
99. Neostrada Livebox ADSL Router HTTP Request Denial of Service Vulnerability
100. MG2 'includes/mg2_functions.php' PHP Code Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Commission calls for cybersecurity czar
2. Microsoft hopes free security means less malware
3. Researchers find more flaws in wireless security
4. Secure hash competition kicks off
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Exclude Bad ISPs
By Oliver Day
In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam.
http://www.securityfocus.com/columnists/487

2. Standing on Other's Shoulders
By Chris Wysopal
"If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build.
http://www.securityfocus.com/columnists/486


II. BUGTRAQ SUMMARY
--------------------
1. Sun Java System Portal Server Web Console Information Disclosure Vulnerability
BugTraq ID: 32770
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32770
Summary:
Sun Java System Portal Server is prone to an information-disclosure issue because the Web Console component fails to restrict access to potentially sensitive information.

Attackers can exploit this issue to obtain information that will aid in further attacks.

Java System Portal Server 7.1 and 7.2 are vulnerable.

2. Sun Ray Server Administration Password Information Disclosure Vulnerability
BugTraq ID: 32769
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32769
Summary:
Sun Ray server is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain the Sun Ray administration password. Successful exploits will allow unauthorized users to gain access to the Sun Ray Data Store and unauthorized access to the Sun Ray Administration GUI as the 'admin' user. Other attacks are also possible.

3. Aruba Mobility Controller EAP Frame Remote Denial of Service Vulnerability
BugTraq ID: 32694
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32694
Summary:
Aruba Mobility Controller is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected device to restart, denying service to legitimate users.

4. w3blabor Local File Include and Arbitrary File Upload Vulnerabilities
BugTraq ID: 32675
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32675
Summary:
The 'w3blabor' program is prone to a local file-include vulnerability and two arbitrary-file-upload vulnerabilities because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, and obtain sensitive information. By exploiting the arbitrary-file-upload and local file-include vulnerabilities at the same time, the attacker may be able to execute remote code.

These issues affect w3blabor 3.0.5; other versions may also be affected.

5. BMC Patrol Agent Remote Format String Vulnerability
BugTraq ID: 32692
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32692
Summary:
BMC Patrol Agent is prone to a remote format-string vulnerability because the software fails to perform adequate boundary checks on user-supplied input.

Attackers can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed attacks will likely cause denial-of-service conditions.

Versions prior to Patrol Agent 3.7.30 are vulnerable.

6. PhPepperShop Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 32690
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32690
Summary:
PhPepperShop is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

PhPepperShop 1.4 is vulnerable; other versions may also be affected.

7. PrestaShop Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 32689
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32689
Summary:
PrestaShop is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

PrestaShop 1.1 beta 3 is vulnerable; other versions may also be affected.

8. PHP Multiple Newsletters 'lang' Parameter Local File Include Vulnerability
BugTraq ID: 32726
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32726
Summary:
PHP Multiple Newsletters is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

PHP Multiple Newsletters 2.7 is vulnerable; other versions may also be affected.

9. PHP 'proc_open()' Environment Parameter Safe Mode Restriction-Bypass Vulnerability
BugTraq ID: 32717
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32717
Summary:
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass some safe-mode restrictions.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.

This issue is reported to affect PHP 5.2.8 on the Linux operating system; other versions may also be vulnerable.

10. PHP 5.2.7 'magic_quotes_gpc' Security Bypass Weakness
BugTraq ID: 32673
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32673
Summary:
PHP is prone to a security-bypass weakness.

Attackers can use this issue to bypass security checks in PHP applications that rely on the Magic Quotes functionality. This opens such applications up to potential attacks that take advantage of the software's failure to properly sanitize user input.

The issue affects PHP 5.2.7.

11. PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
BugTraq ID: 29829
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/29829
Summary:
PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.6 and prior versions are vulnerable.

12. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
BugTraq ID: 31612
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/31612
Summary:
PHP is prone to a denial-of-service vulnerability because the application fails to handle certain file requests.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

PHP 4.4 prior to 4.4.9 and PHP 5.2 through 5.2.6 are vulnerable.

13. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
BugTraq ID: 31602
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/31602
Summary:
D-Bus is prone to a local denial-of-service vulnerability because it fails to handle malformed signatures contained in messages.

Local attackers can exploit this issue to crash an application that uses the affected library, denying service to legitimate users.

This issue affects D-BUS 1.2.1; other versions may also be affected.

14. pam_krb5 Existing Ticket Configuration Option Local Privilege Escalation Vulnerability
BugTraq ID: 31534
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/31534
Summary:
The 'pam_krb5' module is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges on the affected computer.

15. Ruby on Rails ':offset' And ':limit' Parameters SQL Injection Vulnerabilities
BugTraq ID: 31176
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/31176
Summary:
Ruby on Rails is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Versions prior to Ruby on Rails 2.1.1 are affected.

16. ActiveWebSoftwares ActiveVotes 'VoteHistory.asp' SQL Injection Vulnerability
BugTraq ID: 32541
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32541
Summary:
ActiveWebSoftwares ActiveVotes is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ActiveVotes 2.2 is vulnerable; other versions may also be affected.

17. Debian 'login' Local Privilege Escalation Vulnerability
BugTraq ID: 32552
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32552
Summary:
Debian is prone to a local privilege-escalation vulnerability because of an error in the 'login' program.

Local attackers in the UTMP group could exploit this issue to take ownership of arbitrary files on the vulnerable system. This may lead to a complete compromise of the system.

All versions of Debian are considered vulnerable.

18. MDaemon Server WorldClient 'IMG' Tag Script Injection Vulnerability
BugTraq ID: 32776
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32776
Summary:
WorldClient is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

WorldClient 10.0.2 with Internet Explorer 7 is affected; other versions may also be vulnerable.
http://drupal.org/node/207891

19. Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability
BugTraq ID: 32595
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32595
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

20. Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability
BugTraq ID: 32637
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32637
Summary:
The GDI component of Microsoft Windows is prone to a heap-overflow vulnerability that may be triggered by a malicious WMF (Windows Metafile) image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user.

21. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability
BugTraq ID: 32654
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32654
Summary:
Microsoft Windows Media Components is prone to an information-disclosure vulnerability when handling 'ISATAP' (Intra-Site Automatic Tunnel Addressing Protocol) URLs.

An attacker can use this vulnerability to obtain information that may aid in further attacks.

22. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability
BugTraq ID: 32653
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32653
Summary:
Microsoft Windows Media Components is prone to a remote code-execution vulnerability in the SPN (Service Principle Name) implementation.

A successful exploit of this vulnerability may allow a remote attacker to execute code in the context of the logged-in user.

23. Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability
BugTraq ID: 32155
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32155
Summary:
Microsoft XML Core Services (MSXML) is prone to a cross-domain information-disclosure vulnerability because the application fails to properly handle certain error checks.

An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain. Information obtained may aid in further attacks.

24. Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability
BugTraq ID: 32652
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32652
Summary:
Microsoft Windows Explorer is prone to a remote code-execution vulnerability that affects the 'search-ms' protocol handler.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

This issue affects Windows Vista and Windows Server 2008.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

25. Microsoft WordPad Text Converter Remote Code Execution Vulnerability
BugTraq ID: 32718
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32718
Summary:
Microsoft WordPad is prone to a remote code-execution vulnerability because of an unspecified error that may result in corrupted memory.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions.

26. Sun Java Web Console Unspecified URI Redirection Vulnerability
BugTraq ID: 32771
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32771
Summary:
Sun Java Web Console is prone to an unspecified URI-redirection vulnerability.

An attacker may leverage this issue to redirect legitimate, authenticated users to malicious sites. This may aid in phishing attacks.

The following are vulnerable to this issue:

Java Web Console 3.0.2 through 3.0.5
Solaris 10

27. Opera Web Browser 'file://' Heap Based Buffer Overflow Vulnerability
BugTraq ID: 32323
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32323
Summary:
Opera Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Opera Web Browser 9.62 is vulnerable; other versions may also be affected.

28. Microsoft Excel Name Record Array Remote Code Execution Vulnerability
BugTraq ID: 32622
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32622
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

29. Netref 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 32725
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32725
Summary:
Netref is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Netref 4.0 is vulnerable; other versions may also be affected.

30. PvPGN Insecure Temporary File Creation Vulnerability
BugTraq ID: 32736
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32736
Summary:
PvPGN creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects PvPGN 1.8.1; other versions may also be affected.

31. ProQuiz 'Username' Parameter SQL Injection Vulnerability
BugTraq ID: 32724
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32724
Summary:
ProQuiz is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ProQuiz 1.0 is vulnerable; other versions may also be affected.

32. EasyMail Objects 'emmailstore.dll ' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 32722
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32722
Summary:
EasyMail Objects ActiveX control is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

33. ASP-CMS 'cha' Parameter SQL Injection Vulnerability
BugTraq ID: 32786
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32786
Summary:
ASP-CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ASP-CMS 1.0 is vulnerable; other versions may also be affected.

34. Moodle Wiki Page Name Cross Site Scripting Vulnerability
BugTraq ID: 32714
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32714
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Moodle 1.6.8, 1.7.6, 1.8.7, and 1.9.3 are vulnerable.

35. MailScanner Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 32557
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32557
Summary:
Multiple MailScanner scripts create temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of an affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

MailScanner versions prior to 4.74.7-2 are affected.

36. Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 27804
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/27804
Summary:
Universal FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

Universal FTP Server 1.0.44 is vulnerable; other versions may also be affected.

37. HydraIRC Remote Denial Of Service Vulnerability
BugTraq ID: 30523
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/30523
Summary:
HydraIRC is prone to a remote denial-of-service vulnerability because the application fails to validate user-supplied data.

An attacker may exploit this issue crash the application, resulting in a denial-of-service condition.

This issue affects HydraIRC 0.3.164 and prior versions.

38. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability
BugTraq ID: 32613
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32613
Summary:
Microsoft Windows Common AVI ActiveX control is prone to a remote buffer-overflow vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

39. University of Washington IMAP 'smtp.c' Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 32280
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32280
Summary:
The University of Washington IMAP library is prone to a remote denial-of-service vulnerability because it fails to handle malicious SMTP server behavior.

Successful exploits may allow remote attackers to cause denial-of-service conditions on client applications using the affected library.

This issue affects University of Washington IMAP 2007b; other versions may also be affected.

40. University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
BugTraq ID: 32072
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32072
Summary:
University of Washington IMAP 'tmail' and 'dmail' are prone to local buffer-overflow vulnerabilities because they fail to perform adequate boundary checks on user-supplied data.

The attacker can exploit this issue to execute arbitrary code within the context of the vulnerable application, possibly resulting in elevated privileges. Since 'tmail' is installed setuid root by default, this may result in a complete compromise of the vulnerable computer.

The following applications are vulnerable:

University of Washington imap-2007c and earlier
University of Washington Alpine 2.00
Panda Programming imap

41. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability
BugTraq ID: 32721
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32721
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

NOTE: Symantec has received reports that this issue is being actively exploited in the wild.

42. Debian ppp-udeb Insecure Temporary File Creation Vulnerability
BugTraq ID: 32742
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32742
Summary:
Debian ppp-udeb creates a temporary file in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting the temporary file in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Debian ppp-udeb 2.4.4rel; other versions may also be affected.

43. CUPS 'pstopdf' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32745
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32745
Summary:
CUPS creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

CUPS 1.3,8 is vulnerable; other versions may also be affected.

44. phpMyAdmin 'table' Parameter SQL Injection Vulnerability
BugTraq ID: 32720
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32720
Summary:
phpMyAdmin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Authentication is required to access these scripts, but attackers may also make use of cross-site-request-forgery attacks to exploit this issue.

This issue affects versions prior to phpMyAdmin 2.11.9.4 and 3.1.1.0.

45. Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness
BugTraq ID: 32780
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32780
Summary:
Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system.

Internet Explorer 8 includes a cross-site-scripting filter that is designed to prevent cross-site-scripting attacks against vulnerable web applications. Attackers may be able to bypass this filter under certain conditions, such as by taking advantage of an existing vulnerability in a web application.

Internet Explorer 8 beta 2 is vulnerable.

46. HP DECnet-Plus OpenVMS 'OSIT$NAMES' Security Bypass Weakness
BugTraq ID: 32711
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32711
Summary:
HP DECnet-Plus OpenVMS is prone to a security-bypass weakness.

Attackers may be able to bypass certain security restrictions and make changes to the 'OSIT$NAMES' table without having the appropriate privileges.

Versions prior to HP DECnet-Plus OpenVMS V8.3 ECO03 are vulnerable.

47. Debian netdisco-mibs-installer Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 32734
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32734
Summary:
Debian netdisco-mibs-installer creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

These issues affect netdisco-mibs-installer 1.0; other versions may also be affected.

48. PEEL 'rubid' Parameter SQL Injection Vulnerability
BugTraq ID: 32715
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32715
Summary:
PEEL is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PEEL 3.1 is vulnerable; other versions may also be affected.

49. Computer Associates ARCserve Backup 'LDBServer' Remote Code Execution Vulnerability
BugTraq ID: 32764
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32764
Summary:
Computer Associates ARCserve Backup is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely crash the affected 'LDBserver' service.

50. PHP Multiple Newsletters 'index.php' Cross Site Scripting Vulnerability
BugTraq ID: 32727
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32727
Summary:
PHP Multiple Newsletters is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

PHP Multiple Newsletters 2.7 is vulnerable; other versions may also be affected.

51. PunBB SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 32713
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32713
Summary:
PunBB is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to PunBB 1.3.2 are vulnerable.

52. Linux Kernel MIPS Untrusted User Application Local Denial of Service Vulnerability
BugTraq ID: 32716
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32716
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting 64-bit MIPS architectures.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

53. PHPmyGallery 'common-tpl-vars.php' Local and Remote File Include Vulnerabilities
BugTraq ID: 32723
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32723
Summary:
PHPmyGallery is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.

PHPmyGallery 1.5beta is vulnerable; other versions may also be affected.

54. Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
BugTraq ID: 32712
Remote: No
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32712
Summary:
Compiz Fusion is prone to a security-bypass vulnerability because of an issue with the 'Expo' plugin.

Attackers may be able to bypass certain security restrictions, which may allow them to bypass the screensaver protection and to access the locked desktop.

Versions prior to Compiz Fusion 0.5.2, 0.7.4, and 0.7.8 are vulnerable.

55. 3CX Phone System Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 32709
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32709
Summary:
3CX Phone System is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

3CX Phone System 6.1793 is vulnerable; other versions may also be affected.

56. ASPired2Blog 'blog_comments.asp' SQL Injection Vulnerability
BugTraq ID: 32797
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32797
Summary:
ASPired2Blog is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

57. Social Groupie 'create_album.php' Arbitrary File Upload Vulnerability
BugTraq ID: 32795
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32795
Summary:
Social Groupie is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

58. Analysis of High-Performance Access CGI Session Identifier Session Hijacking Vulnerability
BugTraq ID: 32794
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32794
Summary:
Analysis of High-Performance Access CGI is prone to a session-hijacking vulnerability.

An attacker can exploit this issue to gain access to the affected application with the privileges of the hijacked user.

Analysis of High-Performance Access CGI 4.01and prior are vulnerable.

59. Affiliate Software Java 'logon.jsp' SQL Injection Vulnerability
BugTraq ID: 32791
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32791
Summary:
Affiliate Software Java is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects Affiliate Software Java 4.0; other versions may also be affected.

60. Xpoze 'home.html' SQL Injection Vulnerability
BugTraq ID: 32789
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32789
Summary:
Xpoze is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects Xpoze Pro 4.10; other versions may also be vulnerable.

61. SUMON Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 32788
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32788
Summary:
SUMON is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

Versions of SUMON up to and including 0.7.0 are vulnerable to these issues.

62. Social Groupie 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 32787
Remote: Yes
Last Updated: 2008-12-12
Relevant URL: http://www.securityfocus.com/bid/32787
Summary:
Social Groupie is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

63. Mercury Mail Remote Mailbox Name Service Buffer Overflow Vulnerability
BugTraq ID: 16396
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/16396
Summary:
Mercury Mail is prone to a remote buffer-overflow vulnerability in its mailbox name service. This issue occurs because the application fails to properly bounds-check user-supplied input before copying it to a finite-sized memory buffer.

Exploiting this vulnerability allows remote attackers to execute arbitrary machine code with SYSTEM privileges in the context of the affected server process.

Mercury Mail 4.01b is affected; other versions may also be affected.

64. Symantec Multiple Products SPBBCDrv Driver Local Denial of Service Vulnerability
BugTraq ID: 23241
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/23241
Summary:
Multiple Symantec products are prone to a local denial-of-service vulnerability.

This issue occurs when attackers supply invalid argument values to the 'SPBBCDrv.sys' driver.

A local attacker may exploit this issue to crash affected computers, denying service to legitimate users.

65. Butterfly Organizer Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29700
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/29700
Summary:
Butterfly Organizer is prone to multiple cross-site scripting and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Butterfly Organizer 2.0.1 is vulnerable; other versions may also be affected.

66. Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 21320
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/21320
Summary:
AT-TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code and gain unauthorized remote access to a vulnerable computer. A denial-of-service condition may arise as well.

AT-TFTP 1.9 is reported vulnerable; other versions may be affected as well.

67. VirtualBox 'ipcdUnix.cpp' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32444
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32444
Summary:
VirtualBox creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to VirtualBox 2.0.6 are vulnerable.

68. Akira Powered Image Gallery 'function.php' SQL Injection Vulnerability
BugTraq ID: 31286
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/31286
Summary:
Akira Powered Image Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Akira Powered Image Gallery 0.9.6.2 is vulnerable; prior versions may also be affected.

69. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 31838
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/31838
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issue may allow attackers to crash the application or cause the application to crash, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.10.3 up to and including 1.0.3.

70. Wireshark 1.0.4 SMTP Denial of Service Vulnerability
BugTraq ID: 32422
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32422
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang, which may aid in other attacks.

This issue affects Wireshark 1.0.4; other versions may also be vulnerable.

71. Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
BugTraq ID: 32708
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32708
Summary:
Little CMS is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. The application is also prone to an integer-signedness issue.

Attackers may leverage one of these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The buffer-overflow issue affects all versions prior to Little CMS 1.16. The integer-signedness affects all versions prior to 1.17.

72. Poll Pro User and Passwrod SQL Injection Vulnerabilities
BugTraq ID: 32707
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32707
Summary:
Poll Pro is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Poll Pro 2.0 is vulnerable; other versions may also be affected.

73. PHPmyGallery Local and Remote File Include Vulnerabilities
BugTraq ID: 32705
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32705
Summary:
PHPmyGallery is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.

PHPmyGallery 1.0beta2 is vulnerable; other versions may also be affected.

74. dotnetindex Professional Download Assistant SQL Injection Vulnerability
BugTraq ID: 32706
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32706
Summary:
Professional Download Assistant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Professional Download Assistant 0.1 is vulnerable; other versions may be affected as well.

75. OpenSC CardOS M4 Smart Cards Insecure Permissions Vulnerability
BugTraq ID: 30473
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/30473
Summary:
OpenSC insecurely initializes smart cards and USB crypto tokens based on Seimens CardOS M4.

Attackers can leverage this issue to change the PIN number on a card without having knowledge of the existing PIN or PUK number. Successfully exploiting this issue allows attackers to use the card in further attacks.

NOTE: This issue cannot be leveraged to access an existing PIN number.

This issue occurs in versions prior to OpenSC 0.11.6.

76. OpenSSH CBC Mode Information Disclosure Vulnerability
BugTraq ID: 32319
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32319
Summary:
OpenSSH is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain four bytes of plaintext from an encrypted session.

OpenSSH 4.7p1 is vulnerable; other versions may also be affected. Various versions of SSH Tectia are also affected.

77. Perl Archive::Tar Module Remote Directory Traversal Vulnerability
BugTraq ID: 26355
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/26355
Summary:
Perl Archive::Tar module is prone to a directory-traversal vulnerability because it fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

Note that all applications using Perl Archive::Tar module may be affected.

78. ASP Product Catalog Default.ASP SQL Injection Vulnerability
BugTraq ID: 25884
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/25884
Summary:
ASP Product Catalog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

79. Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 32129
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32129
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.

Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication credentials, control how webpages are rendered, execute arbitrary script code in the context of the application, and execute arbitrary code in the context of the application. Other attacks may also be possible.

These issues affect Flash Player 9.0.124.0 and prior versions.

80. NitroTech 'common.php' Remote File Include Vulnerability
BugTraq ID: 20810
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/20810
Summary:
NitroTech is prone to a remote file-include vulnerability.

An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

NitroTech 0.0.3a is vulnerable; other versions may also be affected.

81. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
BugTraq ID: 32232
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32232
Summary:
GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users may be under a false sense of security that can aid attackers in launching further attacks.

Versions prior to GnuTLS 2.6.1 are vulnerable.

82. ARB Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 30895
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/30895
Summary:
ARB creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

ARB 0.0.20071207 is vulnerable; other versions may also be affected.

83. Linksys WVC54GC Wireless-G Internet Video Camera Information Disclosure Vulnerability
BugTraq ID: 32666
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32666
Summary:
Linksys WVC54GC Wireless-G Internet Video Camera is prone to an information-disclosure vulnerability because it fails to encrypt sensitive information before transmitting it over the network.

Exploiting this issue can allow a remote attacker to harvest sensitive information. This can facilitate further attacks such as intercepting video streams, accessing wireless authentication credentials, causing a denial of service, or modifying the device's firmware.

Firmware for the Linksys WVC54GC Wireless-G Internet Video Camera prior to version 1.25 is affected.

84. Net-SNMP GETBULK Remote Denial of Service Vulnerability
BugTraq ID: 32020
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32020
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.

This issue affects versions *prior to* the following:

Net-SNMP 5.2.5.1
Net-SNMP 5.3.2.3
Net-SNMP 5.4.2.1

85. Vinagre 'vinarge_utils_show_error()' Function Format String Vulnerability
BugTraq ID: 32682
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32682
Summary:
Vinagre is prone to a remote format-string vulnerability because it fails to sufficiently sanitize user-supplied input before using it in a formatted-printing function.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious '.vnc' file.

Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely crash the application.

86. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
BugTraq ID: 32494
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32494
Summary:
Samba is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain arbitrary memory contents.

This issue affects Samba 3.0.29 up to and including 3.2.4.

87. PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability
BugTraq ID: 29797
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/29797
Summary:
PHP is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can leverage this issue to bypass security restrictions enforced by 'safe_mode' to access data outside of the root webserver directory. Successful attacks may allow an attacker to access sensitive information that could aid in further attacks.

PHP 5.2.6 is vulnerable; other versions may also be affected.

88. PHP 'chdir()' and 'ftok()' 'safe_mode' Multiple Security Bypss Vulnerabilities
BugTraq ID: 29796
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/29796
Summary:
PHP is prone to multiple 'safe_mode' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to determine the presence of files in unauthorized locations; other attacks are also possible.

Exploiting these issues allows attackers to obtain sensitive data that could be used in other attacks.

These vulnerabilities would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restriction is expected to isolate users from each other.

PHP 5.2.6 is vulnerable; other versions may also be affected.

89. Tag Board 4 phpBB3 'tag_board.php' SQL Injection Vulnerability
BugTraq ID: 32701
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32701
Summary:
Tag Board 4 phpBB3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Tag Board 4 phpBB3 3.0.2 is affected; other versions may also be vulnerable.

90. ffdshow Long URL Link Remote Buffer Overflow Vulnerability
BugTraq ID: 32438
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32438
Summary:
The 'ffdshow' codec is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of an application that uses the library. Failed attacks may cause denial-of-service conditions.

This issue affects versions prior to ffdshow rev2347_20081123. Additional applications that use this codec may also be vulnerable.

91. Google Gears WorkerPool API 'allowCrossOrigin()' Same Origin Policy Violation Vulnerability
BugTraq ID: 32698
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32698
Summary:
Google Gears is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling WorkerPool objects.

An attacker may violate the same-origin policy and obtain sensitive information, including authentication credentials for web applications. Other attacks are also possible.

Versions prior to Google Gears 0.5.4 are vulnerable.

92. WebCAF Multiple Input Validation Vulnerabilities
BugTraq ID: 32704
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32704
Summary:
WebCAF is prone to multiple input-validation vulnerabilities:

- A remote command-execution vulnerability
- An arbitrary-file-deletion vulnerability
- Multiple local file-include vulnerabilities
- Additional unspecified vulnerabilities

An attacker can exploit these issues to execute arbitrary commands in the context of the webserver process, obtain sensitive information, or create denial-of-service conditions.

WebCAF 1.4 is vulnerable; other versions may also be affected.

93. Multiple Laptop Face Recognition Authentication Bypass Vulnerability
BugTraq ID: 32700
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32700
Summary:
Face-recognition applications for multiple laptops are prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain unauthorized access to the affected device.

This issue affects the following face-recognition applications:

Lenovo Veriface III
Asus SmartLogon 1.0.0005
Toshiba Face Recognition 2.0.2.32

94. Secure Downloads for vBulletin 'fileinfo.php' SQL Injection Vulnerability
BugTraq ID: 32699
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32699
Summary:
Secure Downloads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

95. SIU Guarani SQL Injection and Arbitrary File Upload Vulnerabilities
BugTraq ID: 32697
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32697
Summary:
SIU Guarani is prone to multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability.

Exploiting these issues could allow an attacker to compromise the application, upload arbitrary files and execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.

96. GpsDrive 'geo-nearest' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32739
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32739
Summary:
GpsDrive creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

GpsDrive 2.09 is vulnerable; other versions may also be affected.

97. DD-WRT Cross-Site Request Forgery Vulnerability
BugTraq ID: 32703
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32703
Summary:
DD-WRT is prone to a cross-site request-forgery vulnerability.

Successful exploits will allow attackers to run arbitrary commands with administrative privileges, change web administration password, enable remote administration and create port forwarding rules to bypass the NAT. Other attacks are also possible.

DD-WRT v24-sp1 is vulnerable; other versions may also be affected.

98. GpsDrive Insecure Temporary File Creation Vulnerability
BugTraq ID: 30905
Remote: No
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/30905
Summary:
GpsDrive creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

GpsDrive 2.10pre4 is vulnerable; other versions may also be affected.

99. Neostrada Livebox ADSL Router HTTP Request Denial of Service Vulnerability
BugTraq ID: 32696
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32696
Summary:
Neostrada Livebox ADSL Router is prone to a denial-of-service vulnerability because it fails to adequately handle malformed HTTP requests.

Successful exploits will deny service to legitimate users. Given the nature of this issue, remote code execution may be possible, but this has not been confirmed.

100. MG2 'includes/mg2_functions.php' PHP Code Injection Vulnerability
BugTraq ID: 32695
Remote: Yes
Last Updated: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32695
Summary:
MG2 (MiniGal2) is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

MG2 0.5.1 is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Commission calls for cybersecurity czar
By: Robert Lemos
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
http://www.securityfocus.com/news/11540

2. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

3. Researchers find more flaws in wireless security
By: Robert Lemos
Two security experts plan to show a limited attack against the popular Wi-Fi Protected Access (WPA) -- a replacement for insecure WEP -- at a conference in Tokyo.
http://www.securityfocus.com/news/11537

4. Secure hash competition kicks off
By: Robert Lemos
Dozens of amateur and professional cryptographers have joined the United States' first open competition for creating an uncrackable algorithm for generating hashes -- the digital fingerprints widely used in a variety of security functions.
http://www.securityfocus.com/news/11536

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a?cmpid=701500000006y9H

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive