News

Wednesday, January 07, 2009

SecurityFocus Newsletter #485

SecurityFocus Newsletter #485
----------------------------------------

This issue is sponsored by the Computer Forensics Show

THE COMPUTER FORENSICS SHOW IS THE "DON'T MISS" EVENT OF THE YEAR FOR ALL LITIGATION, ACCOUNTING AND IT PROFESSIONALS

April 27-29, 2009
Washington DC Convention Center
Washington, DC

August 3-5, 2009
San Jose Convention Center
San Jose, CA

www.computerforensicshow.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.MD5 Hack Interesting, But Not Threatening
2.Time to Exclude Bad ISPs
II. BUGTRAQ SUMMARY
1. xterm DECRQSS Remote Command Execution Vulnerability
2. Wireshark 1.0.2 Multiple Vulnerabilities
3. Fujitsu-Siemens WebTransactions Unspecified Remote Command Execution Vulnerability
4. Nokia 6131 Multiple Vulnerabilities
5. Citrix Broadcast Server 'login.asp' SQL Injection Vulnerability
6. Google Chrome FTP Client PASV Port Scan Information Disclosure Vulnerability
7. plxWebDev plx Autoreminder 'members.php' SQL Injection Vulnerability
8. Destiny Media Player '.lst' File Remote Stack Buffer Overflow Vulnerability
9. Destiny Media Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
10. Audio File Library (libaudiofile) 'msadpcm.c' WAV File Processing Buffer Overflow Vulnerability
11. The Rat CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
12. PhpMesFilms 'index.php' SQL Injection Vulnerability
13. Lito Lite SQL Injection and Cross Site Scripting Vulnerabilities
14. PNphpBB2 'ModName' Parameter Local File Include Vulnerabilities
15. Cybershade CMS 'index.php' Multiple Remote File Include Vulnerabilities
16. Aydan Bilisim Ayemsis Emlak PRO Multiple SQL Injection Vulnerabilities
17. Apple Safari Common Name Certificate Validation Vulnerability
18. WSN Guest 'search.php' SQL Injection Vulnerability
19. Joomla! 'com_na_newsdescription' Component 'newsid' Parameter SQL Injection Vulnerability
20. Joomla! Phoca Documentation Component 'id' Parameter SQL Injection Vulnerability
21. Joomla! and Mambo Simple Review Component 'category' Parameter SQL Injection Vulnerability
22. Symbian S60 Malformed SMS/MMS Remote Denial Of Service Vulnerability
23. Apple iPhone and iPod Touch Prior to Version 2.0 Multiple Remote Vulnerabilities
24. Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
25. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
26. Teamtek Universal FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
27. Samba Registry Share Name Unauthorized Access Vulnerability
28. Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
29. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
30. Xen XenStore Domain Configuration Data Unsafe Storage Vulnerability
31. Multiple Vendor FTP Server Long Command Handling Security Vulnerability
32. am-utils 'expn' Insecure Temporary File Creation Vulnerability
33. 7-Zip Unspecified Archive Handling Vulnerability
34. Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
35. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
36. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
37. Adobe Flash Player Clipboard Security Weakness
38. Adobe Flash Player Multiple Security Vulnerabilities
39. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
40. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
41. Vim HelpTags Command Remote Format String Vulnerability
42. Vim Vim Script Multiple Command Execution Vulnerabilities
43. Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability
44. FlexCell Grid Control (ActiveX) Arbitrary File Overwrite Vulnerability
45. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
46. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
47. Plunet BusinessManager ACL Security Bypass and HTML Injection Vulnerabilities
48. Cisco Global Site Selector DNS Server Remote Denial Of Service Vulnerability
49. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
50. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
51. Microsoft Internet Explorer 'screen[""]' Remote Denial of Service Vulnerability
52. Multiple Vendor SizerOne ActiveX Control 'AddTab' Method Buffer Overflow Vulnerability
53. HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities
54. Symantec Mail Security For SMTP Denial Of Service Vulnerability
55. MyNETS 1.2.0.1 and prior Unspecified Cross Site Scripting Vulnerability
56. Joomla! XStandard Component Directory Traversal Vulnerability
57. Massimiliano Montoro Cain & Abel Malformed '.conf' File Buffer Overflow Vulnerability
58. IT!CMS 'login.php' SQL Injection Vulnerability
59. playSMS Multiple Remote And Local File Include Vulnerabilities
60. Multiple Browser Marquee Denial of Service Vulnerability
61. Mozilla Firefox xdg-open 'mailcap' File Remote Code Execution Vulnerability
62. Goople CMS 'frontpage.php' SQL Injection Vulnerability
63. PHP 5.2.7 'magic_quotes_gpc' Security Bypass Weakness
64. Rosoft Media Player Track List Files Stack-Based Buffer Overflow Vulnerability
65. PDFjam Multiple Insecure Temporary File Creation Vulnerabilities
66. ezPack 'index.php' SQL Injection and Cross Site Scripting Vulnerabilities
67. Movable Type 'publish post' Security Bypass Vulnerability
68. PHPAuctions Multiple Remote File Include Vulnerabilities
69. RiotPix 'username' Parameter SQL Injection Vulnerability
70. RiotPix 'read.php' SQL Injection Vulnerability
71. SimpleIrcBot Authentication Unspecified Security Bypass Vulnerability
72. L2J Multiple Unspecified Security Vulnerabilities
73. Walusoft TFTPServer2000 TFTP Server Directory Traversal Vulnerability
74. PHPAuctions 'profile.php' SQL Injection and Cross Site Scripting Vulnerabilities
75. PHPAuctions Cookie Authentication Bypass Vulnerability
76. Movable Type Unspecified Cross-Site Scripting Vulnerability
77. DotNetNuke User Account Security Bypass Vulnerability
78. SolucionXpressPro 'main.php' SQL Injection Vulnerability
79. Oracle October 2008 Oracle Critical Patch Update Multiple Vulnerabilities
80. Links SSL Certificate Verification Security Weakness
81. webSPELL Multiple SQL Injection Vulnerabilities
82. Multiple ASP SiteWare Products SQL Injection Vulnerabilities
83. Simple Text-File Login script 'slogin_lib.inc.php' Remote File Include Vulnerability
84. Flatnux 'index.php' HTML Injection Vulnerability
85. Analysis of High-Performance Access CGI Session Identifier Session Hijacking Vulnerability
86. Intel Trusted Execution Technology Multiple Unspecified Security Bypass Vulnerabilities
87. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
88. CFAGCMS 'right.php' SQL Injection Vulnerability
89. Sun Solaris NFS Version 4 Client Unspecified Local Denial Of Service Vulnerability
90. eDare eDNews 'eDNews_view.php' SQL Injection Vulnerability
91. rtgdictionary for TYPO3 Arbitrary File Upload Vulnerability
92. Mylene Multiple Unspecified Security Vulnerabilities
93. Microsoft MSN Messenger IP Address Information Disclosure Vulnerability
94. E-topbiz Online Store 'login.php' SQL Injection Vulnerability
95. E-topbiz eStore 'index.php' SQL Injection Vulnerability
96. TYPO3 advCalendar Extension Unspecified SQL Injection Vulnerability
97. TYPO3 CMS Poll system Extension Unspecified SQL Injection Vulnerability
98. TYPO3 Wir ber uns Extension SQL Injection and Cross Site Scripting Vulnerabilities
99. Joomla! Pax Gallery 'gid' Parameter SQL Injection Vulnerability
100. eDreamers eDNews 'lg' Parameter Local File Include Vulnerability
III. SECURITYFOCUS NEWS
1. Group attacks flaw in browser crypto security
2. Commission calls for cybersecurity czar
3. Microsoft hopes free security means less malware
4. Researchers find more flaws in wireless security
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #425
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. CfP DIMVA 2009
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.MD5 Hack Interesting, But Not Threatening
By Tim Callan
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
http://www.securityfocus.com/columnists/488

2.Time to Exclude Bad ISPs
By Oliver Day
In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam.
http://www.securityfocus.com/columnists/487


II. BUGTRAQ SUMMARY
--------------------
1. xterm DECRQSS Remote Command Execution Vulnerability
BugTraq ID: 33060
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33060
Summary:
The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

The issue affects xterm with patch 237; other versions may also be affected.

2. Wireshark 1.0.2 Multiple Vulnerabilities
BugTraq ID: 31009
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/31009
Summary:
Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.7 up to and including 1.0.2.

3. Fujitsu-Siemens WebTransactions Unspecified Remote Command Execution Vulnerability
BugTraq ID: 32927
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/32927
Summary:
Fujitsu-Siemens WebTransactions is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

WebTransactions 6.0, 7.0, and 7.1 are vulnerable; other versions may also be affected.

4. Nokia 6131 Multiple Vulnerabilities
BugTraq ID: 30716
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/30716
Summary:
Nokia 6131 is prone to multiple vulnerabilities.

The device is affected by URI-spoofing and denial-of-service issues.

Remote attackers may spoof the source URI of a site to direct users to a malicious location and trigger crashes in an affected device.

5. Citrix Broadcast Server 'login.asp' SQL Injection Vulnerability
BugTraq ID: 32832
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/32832
Summary:
Citrix Broadcast Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to the following are vulnerable:

Broadcast Server 6.1 for Citrix Application Gateway
Broadcast Server 2.0 for Avaya AG250

6. Google Chrome FTP Client PASV Port Scan Information Disclosure Vulnerability
BugTraq ID: 33112
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33112
Summary:
Google Chrome is prone to an information-disclosure vulnerability because it fails to adequately validate server-issued instructions while in PASV (passive) mode.

Attackers can exploit this issue to port-scan networks inside a victim computer's firewall. Information harvested may aid in further attacks.

Google Chrome 1.0.154.36 is affected; other versions may also be vulnerable.

7. plxWebDev plx Autoreminder 'members.php' SQL Injection Vulnerability
BugTraq ID: 33106
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33106
Summary:
plxWebDev plx Autoreminder is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects plx Autoreminder 3.7; other versions may also be affected.

8. Destiny Media Player '.lst' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 33100
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33100
Summary:
Destiny Media Player is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Destiny Media Player 1.61.0 is vulnerable; other versions may also be affected.

9. Destiny Media Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 33091
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33091
Summary:
Destiny Media Player is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Destiny Media Player 1.61.0 is vulnerable; other versions may also be affected.

10. Audio File Library (libaudiofile) 'msadpcm.c' WAV File Processing Buffer Overflow Vulnerability
BugTraq ID: 33066
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33066
Summary:
Audio File Library ('libaudiofile') is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data.

An attacker can exploit this issue to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects libaudiofile 0.2.6; other versions may also be vulnerable.

11. The Rat CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 29959
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/29959
Summary:
The Rat CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The Rat CMS Pre-Alpha 2 is vulnerable; other versions may also be affected.

12. PhpMesFilms 'index.php' SQL Injection Vulnerability
BugTraq ID: 33105
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33105
Summary:
PhpMesFilms is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PhpMesFilms 1.0 is vulnerable; other versions may also be affected.

13. Lito Lite SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 33104
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33104
Summary:
Lito Lite is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

14. PNphpBB2 'ModName' Parameter Local File Include Vulnerabilities
BugTraq ID: 33103
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33103
Summary:
PNphpBB2 is prone to multiple local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit these issues to execute arbitrary local scripts and retrieve potentially sensitive information.

These issues affect PNphpBB2 1.2i and prior versions.

15. Cybershade CMS 'index.php' Multiple Remote File Include Vulnerabilities
BugTraq ID: 33101
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33101
Summary:
Cybershade CMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Cybershade CMS 0.2b is affected; other versions may also be vulnerable.

16. Aydan Bilisim Ayemsis Emlak PRO Multiple SQL Injection Vulnerabilities
BugTraq ID: 33099
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33099
Summary:
Ayemsis Emlak PRO is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

17. Apple Safari Common Name Certificate Validation Vulnerability
BugTraq ID: 7518
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/7518
Summary:
Apple Safari web browser fails to correctly validate theCommon Name (CN) field for X.509 certificates when a SSL/TLS session is negotiated. Safari is not able to detect cases where the CN does not match the hostname of the server. This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server.

It has also been reported that Safari does not have a feature which allows users to inspect a certificate manually.

18. WSN Guest 'search.php' SQL Injection Vulnerability
BugTraq ID: 33097
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33097
Summary:
WSN Guest is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WSN Guest 1.23 is vulnerable; other versions may also be affected.

19. Joomla! 'com_na_newsdescription' Component 'newsid' Parameter SQL Injection Vulnerability
BugTraq ID: 33116
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33116
Summary:
The 'com_na_newsdescription' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

20. Joomla! Phoca Documentation Component 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 33114
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33114
Summary:
The Phoca Documentation component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

21. Joomla! and Mambo Simple Review Component 'category' Parameter SQL Injection Vulnerability
BugTraq ID: 33102
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33102
Summary:
The Joomla! and Mambo Simple Review component is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied input.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Simple Review 1.3.5 is vulnerable; other versions may be affected as well.

22. Symbian S60 Malformed SMS/MMS Remote Denial Of Service Vulnerability
BugTraq ID: 33072
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33072
Summary:
Symbian S60 is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to prevent users from sending or receiving SMS or MMS messages.

This issue affects handsets using Symbian S60.

23. Apple iPhone and iPod Touch Prior to Version 2.0 Multiple Remote Vulnerabilities
BugTraq ID: 30186
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/30186
Summary:
Apple iPhone and iPod touch are prone to multiple remote vulnerabilities:

1. A vulnerability that may allow users to spoof websites.
2. An information-disclosure vulnerability.
3. A buffer-overflow vulnerability.
4. Two memory-corruption vulnerabilities.

Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible.

These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4.

24. Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 33110
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33110
Summary:
Apache Roller is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Apache Roller 2.3, 3.0, 3.1, and 4.0 are vulnerable.

25. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
BugTraq ID: 21363
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/21363
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

This issue affects VUPlayer 2.44 and 2.49; earlier versions may also be vulnerable.

26. Teamtek Universal FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 21085
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/21085
Summary:
Universal FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

We are currently unable to confirm the affected versions due to conflicting product information.

27. Samba Registry Share Name Unauthorized Access Vulnerability
BugTraq ID: 33118
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33118
Summary:
Samba is prone to an unauthorized-access vulnerability that occurs when registry shares are enabled.

An attacker who has authenticated access to the affected application can exploit this issue to gain access to the root filesystem.

28. Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
BugTraq ID: 32708
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/32708
Summary:
Little CMS is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. The application is also prone to an integer-signedness issue.

Attackers may leverage one of these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The buffer-overflow issue affects all versions prior to Little CMS 1.16. The integer-signedness affects all versions prior to 1.17.

29. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
BugTraq ID: 31602
Remote: No
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/31602
Summary:
D-Bus is prone to a local denial-of-service vulnerability because it fails to handle malformed signatures contained in messages.

Local attackers can exploit this issue to crash an application that uses the affected library, denying service to legitimate users.

This issue affects D-BUS 1.2.1; other versions may also be affected.

30. Xen XenStore Domain Configuration Data Unsafe Storage Vulnerability
BugTraq ID: 31499
Remote: No
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/31499
Summary:
Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains.

UPDATE (December 19, 2008): The initial proposed patches did not resolve this issue.

Xen 3.3 is vulnerable; other versions may also be affected.

31. Multiple Vendor FTP Server Long Command Handling Security Vulnerability
BugTraq ID: 31289
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/31289
Summary:
FTP servers by multiple vendors are prone to a security vulnerability that allows attackers to perform cross-site request-forgery attacks.

Successful exploits can run arbitrary FTP commands on the server in the context of an unsuspecting user's session. This may lead to further attacks.

32. am-utils 'expn' Insecure Temporary File Creation Vulnerability
BugTraq ID: 28044
Remote: No
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/28044
Summary:
The 'expn' utility of the 'am-utils' package creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

33. 7-Zip Unspecified Archive Handling Vulnerability
BugTraq ID: 28285
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/28285
Summary:
7-Zip prone to a remote archive-handling vulnerability because the application fails to properly handle malformed archive files.

Successfully exploiting this issue may allow remote attackers to execute code, but this has not been confirmed. Exploit attempts will likely crash the application.

Versions prior to 7-Zip 4.57 are affected.

34. Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
BugTraq ID: 12770
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/12770
Summary:
A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches.

To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.

Grip 3.1.2 and 3.2.0 are affected; other versions may also be affected.

35. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
BugTraq ID: 32882
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/32882
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, help launch cross-site scripting attacks, and execute arbitrary script code with elevated privileges; other attacks are also possible.

UPDATE (December 18, 2008): Mozilla Firefox 2.0.0.19 for Windows is vulnerable to the cross-domain information-disclosure vulnerability documented by MFSA 2008-65. Firefox 2.0.0.20 is available and addresses this issue.

36. Adobe ActionScript SecurityErrorEvent Security Bypass Vulnerability
BugTraq ID: 25260
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/25260
Summary:
Adobe ActionScript is prone to a security-bypass vulnerability because the application allows Flash movies compiled by ActionScript to connect to arbitrary TCP ports on a host running a vulnerable version of Flash.

Successfully exploiting this issue allows an attacker to bypass the application's sandbox security model and scan other hosts that are connected to the computer running the vulnerable application.

37. Adobe Flash Player Clipboard Security Weakness
BugTraq ID: 31117
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/31117
Summary:
Adobe Flash Player is prone to a security weakness that may allow attackers to inject arbitrary content into a user's clipboard.

Attackers can exploit this issue to overwrite content that is contained in a victim's clipboard. As a result, attacker-supplied URIs can persist in the victim's clipboard.

38. Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 32129
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/32129
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.

Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication credentials, control how webpages are rendered, execute arbitrary script code in the context of the application, and execute arbitrary code in the context of the application. Other attacks may also be possible.

These issues affect Flash Player 9.0.124.0 and prior versions.

39. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
BugTraq ID: 26966
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.

An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.


NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities), but has been assigned its own record because of new technical details.

40. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
BugTraq ID: 30795
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/30795
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Versions prior to Vim 7.2.010 are vulnerable.

41. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Vim 6.4 and 7.1 are vulnerable; other versions may also be affected.

42. Vim Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 29715
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/29715
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.1.298 is vulnerable; other versions may also be affected.

43. Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability
BugTraq ID: 30648
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/30648
Summary:
Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Vim 6.2.429 through 6.3.058.

44. FlexCell Grid Control (ActiveX) Arbitrary File Overwrite Vulnerability
BugTraq ID: 32443
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/32443
Summary:
FlexCell Grid Control (ActiveX) is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.

Successfully exploiting this issue will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

FlexCell Grid Control (ActiveX) 5.7.0.1 is vulnerable; other versions may also be affected.

45. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

46. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

47. Plunet BusinessManager ACL Security Bypass and HTML Injection Vulnerabilities
BugTraq ID: 33153
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33153
Summary:
Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, or perform unauthorized actions as another user; other attacks may also be possible.

Unknown versions of BusinessManager are affected. We will update this BID when more information is available.

48. Cisco Global Site Selector DNS Server Remote Denial Of Service Vulnerability
BugTraq ID: 33152
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33152
Summary:
Cisco Global Site Selector is prone to a remote denial-of-service vulnerability when handling specific DNS requests.

A remote attacker may exploit this issue to crash the vulnerable DNS server, resulting in a denial-of-service condition.

This issue is documented in Cisco Bug ID CSCsj70093.

The following are vulnerable to this issue when running system software prior to version 3.0(1):
Cisco GSS 4480 Global Site Selector
Cisco GSS 4490 Global Site Selector
Cisco GSS 4491 Global Site Selector
Cisco GSS 4492R Global Site Selector

49. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
BugTraq ID: 33151
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33151
Summary:
Products by multiple vendors using OpenSSL are prone to a signature-verification vulnerability.

An attack would likely leverage this issue by first carrying out a man-in-the-middle attack. They are most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

50. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. They are most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

OpenSSL releases prior to 0.9.8j are affected.

51. Microsoft Internet Explorer 'screen[""]' Remote Denial of Service Vulnerability
BugTraq ID: 33149
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33149
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to view a malicious web page.

Successfully exploiting this issue will cause the application to crash, denying service to legitimate users.

Microsoft Internet Explorer 6, 7 and 8 Beta are vulnerable; other versions may also be affected.

52. Multiple Vendor SizerOne ActiveX Control 'AddTab' Method Buffer Overflow Vulnerability
BugTraq ID: 33148
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33148
Summary:
The SizerOne ActiveX control used in products by multiple vendors is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions.

53. HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33147
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33147
Summary:
HP OpenView Network Node Manager is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to insufficiently sized buffers.

Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

These issues affect HP OpenView Network Node Manager 7.51 with NNM_01168; other versions may also be affected.

54. Symantec Mail Security For SMTP Denial Of Service Vulnerability
BugTraq ID: 33146
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33146
Summary:
Symantec Mail Security for SMTP is prone to a remote denial-of-service vulnerability when processing mail messages from failed deliveries.

An attacker can exploit this issue to cause denial-of-service conditions.

Symantec Mail Security for SMTP 5.0.1 with Patch 189 is affected.

55. MyNETS 1.2.0.1 and prior Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 33145
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33145
Summary:
MyNETS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects versions 1.2.0.1 and prior.

56. Joomla! XStandard Component Directory Traversal Vulnerability
BugTraq ID: 33143
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33143
Summary:
The XStandard component for Joomla! is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

57. Massimiliano Montoro Cain & Abel Malformed '.conf' File Buffer Overflow Vulnerability
BugTraq ID: 33142
Remote: Yes
Last Updated: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33142
Summary:
Cain & Abel is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Cain & Abel 4.9.25; other versions may also be affected.

58. IT!CMS 'login.php' SQL Injection Vulnerability
BugTraq ID: 33139
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33139
Summary:
IT!CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

59. playSMS Multiple Remote And Local File Include Vulnerabilities
BugTraq ID: 33138
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33138
Summary:
playSMS is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.

playSMS 0.9.3 is vulnerable; other versions may also be affected.

60. Multiple Browser Marquee Denial of Service Vulnerability
BugTraq ID: 18165
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/18165
Summary:
Multiple browsers are prone to a denial-of-service vulnerability when parsing certain HTML content.

Successfully exploiting this issue allows attackers to consume excessive CPU resources in affected browsers, denying service to legitimate users.

Mozilla Firefox 1.5.0.3 is vulnerable to this issue; other versions and products may also be affected.

Internet Explorer 6.0 on Microsoft Windows XP is reported vulnerable to this issue; other versions may also be affected.

61. Mozilla Firefox xdg-open 'mailcap' File Remote Code Execution Vulnerability
BugTraq ID: 33137
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33137
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because the browser fails to properly validate the 'mime-type' of files before calling the 'xdg-open' utility, as defined in '/etc/mailcap'.

An attacker can exploit this issue to execute arbitrary code within the context of the affected browser.

This issue affects Firefox running on Slackware Linux 12.2. Other versions may also be vulnerable.

62. Goople CMS 'frontpage.php' SQL Injection Vulnerability
BugTraq ID: 33135
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33135
Summary:
Goople CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Goople CMS 1.8.2 is vulnerable; other versions may also be affected.

63. PHP 5.2.7 'magic_quotes_gpc' Security Bypass Weakness
BugTraq ID: 32673
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32673
Summary:
PHP is prone to a security-bypass weakness.

Attackers can use this issue to bypass security checks in PHP applications that rely on the Magic Quotes functionality. This opens such applications up to potential attacks that take advantage of the software's failure to properly sanitize user input.

The issue affects PHP 5.2.7.

64. Rosoft Media Player Track List Files Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26920
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/26920
Summary:
Rosoft Media Player is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Rosoft Media Player 4.1.7, 4.1.8, and 4.2.1 are vulnerable; other versions may also be affected.

NOTE: This BID originally covered this issue as a denial-of-service vulnerability; further information shows that the issue is more severe.

65. PDFjam Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 32931
Remote: No
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32931
Summary:
Multiple PDFjam scripts create temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

PDFjam 1.20 is vulnerable; other versions may also be affected.

66. ezPack 'index.php' SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 33131
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33131
Summary:
ezPack is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ezPack 4.2b2 is vulnerable; other versions may also be affected.

67. Movable Type 'publish post' Security Bypass Vulnerability
BugTraq ID: 33133
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33133
Summary:
Movable Type is prone to a security-bypass vulnerability because it fails to adequately validate user permissions.

An attacker can exploit this issue to bypass restrictions that are intended to prevent users with limited permissions from publishing documents.

Versions prior to Movable Type 4.23 are vulnerable.

68. PHPAuctions Multiple Remote File Include Vulnerabilities
BugTraq ID: 33130
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33130
Summary:
PHPAuctions is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

69. RiotPix 'username' Parameter SQL Injection Vulnerability
BugTraq ID: 33132
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33132
Summary:
RiotPix is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RiotPix 0.61 is vulnerable; other versions may also be affected.

70. RiotPix 'read.php' SQL Injection Vulnerability
BugTraq ID: 33129
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33129
Summary:
RiotPix is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RiotPix 0.61 is vulnerable; other versions may also be affected.

71. SimpleIrcBot Authentication Unspecified Security Bypass Vulnerability
BugTraq ID: 33127
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33127
Summary:
SimpleIrcBot is prone to a security-bypass vulnerability.

Attackers may exploit the issue to bypass certain security restrictions and perform unauthorized actions.

Versions prior to SimpleIrcBot 1.0 Stable are affected.

72. L2J Multiple Unspecified Security Vulnerabilities
BugTraq ID: 33126
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33126
Summary:
L2J is prone to multiple unspecified vulnerabilities.

Very few details are available. We will update this BID as more information emerges.

These issues affect versions prior to L2J Gracia v2.

73. Walusoft TFTPServer2000 TFTP Server Directory Traversal Vulnerability
BugTraq ID: 33117
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33117
Summary:
Walusoft TFTPServer2000 TFTP server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to access arbitrary files outside of the TFTP server root directory. This can expose sensitive information that could help the attacker launch further attacks.

Walusoft TFTPServer2000 3.6.1 is vulnerable; other versions may also be affected.

74. PHPAuctions 'profile.php' SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 33115
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33115
Summary:
PHPAuctions is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

75. PHPAuctions Cookie Authentication Bypass Vulnerability
BugTraq ID: 33120
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33120
Summary:
PHPAuctions is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.

76. Movable Type Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 32604
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32604
Summary:
Movable Type is prone to an unspecified cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The following versions are affected:

Movable Type 4
Movable Type 4 Enterprise
Movable Type 4 Community Edition
Movable Type 4 (Open Source)
Movable Type 3
Movable Type Enterprise 1.5

77. DotNetNuke User Account Security Bypass Vulnerability
BugTraq ID: 33109
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33109
Summary:
DotNetNuke is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions or obtain sensitive information.

The issue affects DotNetNuke 4.5.2 up to and including 4.9.0.

78. SolucionXpressPro 'main.php' SQL Injection Vulnerability
BugTraq ID: 33111
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33111
Summary:
SolucionXpressPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

79. Oracle October 2008 Oracle Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 31683
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/31683
Summary:
Oracle has released the October 2008 critical patch update addressing 36 vulnerabilities affecting the following software:

Oracle Database
Oracle Application Server
Oracle E-Business Suite
Oracle PeopleSoft Enterprise PeopleTools
Oracle PeopleSoft Enterprise
Oracle JD Edwards EnterpriseOne Tools
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop)

80. Links SSL Certificate Verification Security Weakness
BugTraq ID: 33108
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33108
Summary:
Links is prone to a security weakness because it fails to verify SSL certificates presented by a remote server.

An attacker can exploit this weakness to masquerade as a legitimate server using a man-in-the-middle attack or to launch other attacks such as phishing.

Links 2.2 is vulnerable; other versions may be affected as well.

81. webSPELL Multiple SQL Injection Vulnerabilities
BugTraq ID: 33107
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33107
Summary:
webSPELL is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

The issues affect webSPELL 4; other versions may also be vulnerable.

82. Multiple ASP SiteWare Products SQL Injection Vulnerabilities
BugTraq ID: 32812
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32812
Summary:
Multiple ASP SiteWare products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

RealtyListings 1
RealtyListings 2
AutoDealer 1
AutoDealer 2
HomeBuilder 1
HomeBuilder 2

83. Simple Text-File Login script 'slogin_lib.inc.php' Remote File Include Vulnerability
BugTraq ID: 32811
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32811
Summary:
Simple Text-File Login script (SiTeFiLo) is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

SiTeFiLo 1.0.6 is vulnerable; other versions may also be affected.

84. Flatnux 'index.php' HTML Injection Vulnerability
BugTraq ID: 32826
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32826
Summary:
Flatnux is prone to a HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

85. Analysis of High-Performance Access CGI Session Identifier Session Hijacking Vulnerability
BugTraq ID: 32794
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32794
Summary:
Analysis of High-Performance Access CGI is prone to a session-hijacking vulnerability.

An attacker can exploit this issue to gain access to the affected application with the privileges of the hijacked user.

Analysis of High-Performance Access CGI 4.01 and prior are vulnerable.

86. Intel Trusted Execution Technology Multiple Unspecified Security Bypass Vulnerabilities
BugTraq ID: 33119
Remote: No
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33119
Summary:
Multiple issues in Intel Trusted Execution Technology (TXT) may allow attackers to compromise the integrity of code (boot, system, or kernel) loaded using TXT.

Details on these issues are scheduled to be released at the BlackHat Security Conference on February 16-17, 2009. We will update this BID as more information becomes available.

Trusted Boot 20081008 is affected; additional applications using TXT may also be affected.

87. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
BugTraq ID: 32494
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32494
Summary:
Samba is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain arbitrary memory contents.

This issue affects Samba 3.0.29 up to and including 3.2.4.

88. CFAGCMS 'right.php' SQL Injection Vulnerability
BugTraq ID: 32851
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32851
Summary:
CFAGCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CFAGCMS 1 is vulnerable; other versions may also be affected.

89. Sun Solaris NFS Version 4 Client Unspecified Local Denial Of Service Vulnerability
BugTraq ID: 33128
Remote: No
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33128
Summary:
Sun Solaris is prone to an unspecified local denial-of-service vulnerability.

Local attackers may exploit this issue to panic a system, denying service to legitimate users.

This issue affects the following:

Solaris 10
OpenSolaris based on builds snv_01 to snv_101

90. eDare eDNews 'eDNews_view.php' SQL Injection Vulnerability
BugTraq ID: 33054
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33054
Summary:
eDNews is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

eDNews 2 is vulnerable; other versions may also be affected.

91. rtgdictionary for TYPO3 Arbitrary File Upload Vulnerability
BugTraq ID: 32234
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/32234
Summary:
The rtgdictionary extension for TYPO3 is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the webserver process. The issue occurs because the application fails to sanitize user-supplied input.

This issue affects rtgdictionary 0.1.9 and prior versions.

92. Mylene Multiple Unspecified Security Vulnerabilities
BugTraq ID: 33144
Remote: Yes
Last Updated: 2009-01-06
Relevant URL: http://www.securityfocus.com/bid/33144
Summary:
Mylene is prone to multiple unspecified vulnerabilities.

Very few details are available. We will update this BID as more information emerges.

These issues affect versions prior to Mylene 7.20081231.

93. Microsoft MSN Messenger IP Address Information Disclosure Vulnerability
BugTraq ID: 33125
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33125
Summary:
Microsoft MSN Messenger is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Microsoft MSN Messenger 8.5.1 is vulnerable; other versions may also be affected.

94. E-topbiz Online Store 'login.php' SQL Injection Vulnerability
BugTraq ID: 32188
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/32188
Summary:
E-topbiz Online Store is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Online Store 1 is vulnerable; other versions may also be affected.

95. E-topbiz eStore 'index.php' SQL Injection Vulnerability
BugTraq ID: 32197
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/32197
Summary:
E-topbiz eStore is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

eStore 3.0 is vulnerable; other versions may also be affected.

96. TYPO3 advCalendar Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 32230
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/32230
Summary:
TYPO3 advCalendar ('advcalendar') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects advcalendar 0.3.1; other versions may also be affected.

97. TYPO3 CMS Poll system Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 32231
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/32231
Summary:
TYPO3 CMS Poll system ('cms_poll') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to cms_poll 0.1.1 are vulnerable.

98. TYPO3 Wir ber uns Extension SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 32237
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/32237
Summary:
The 'Wir ber uns' (fsmi_people) extension for TYPO3 is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect fsmi_people 0.0.24; other versions may also be affected.

99. Joomla! Pax Gallery 'gid' Parameter SQL Injection Vulnerability
BugTraq ID: 33035
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33035
Summary:
The Pax Gallery component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Pax Gallery 1.0 is vulnerable; other versions may also be affected.

100. eDreamers eDNews 'lg' Parameter Local File Include Vulnerability
BugTraq ID: 33027
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/33027
Summary:
eDreamers eDNews is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

The issue affects eDNews 2; other versions may be vulnerable as well.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

2. Commission calls for cybersecurity czar
By: Robert Lemos
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
http://www.securityfocus.com/news/11540

3. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

4. Researchers find more flaws in wireless security
By: Robert Lemos
Two security experts plan to show a limited attack against the popular Wi-Fi Protected Access (WPA) -- a replacement for insecure WEP -- at a conference in Tokyo.
http://www.securityfocus.com/news/11537

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #425
http://www.securityfocus.com/archive/88/499701

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. CfP DIMVA 2009
http://www.securityfocus.com/archive/91/499756

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by the Computer Forensics Show

THE COMPUTER FORENSICS SHOW IS THE "DON'T MISS" EVENT OF THE YEAR FOR ALL LITIGATION, ACCOUNTING AND IT PROFESSIONALS

April 27-29, 2009
Washington DC Convention Center
Washington, DC

August 3-5, 2009
San Jose Convention Center
San Jose, CA

www.computerforensicshow.com

No comments:

Blog Archive