WINDOWS CENTER: SecurityFocus Newsletter #489

SecurityFocus Newsletter #489
----------------------------------------

Symantec NetBackup Design Best Practices with Data Domain
This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution.

http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a7c

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Take the Theoretical Seriously
2.The Drew Verdict Makes Us All Hackers
II. BUGTRAQ SUMMARY
1. HP Multiple LaserJet Printers Unspecified Directory Traversal Vulnerability
2. W3C Amaya HTML Tag Parameter Multiple Buffer Overflow Vulnerabilities
3. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
4. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
5. Multiple Vendors IPv6 Neighbor Discovery Protocol Implementation Address Spoofing Vulnerability
6. Flatnux '_FNROOTPATH' Parameter Remote File Include Vulnerability
7. TxtBlog 'admin/index.php' Remote Command Execution Vulnerability
8. DreamPics Photo/Video Gallery 'exhibition_id' SQL Injection Vulnerability
9. 4Site CMS Multiple SQL Injection Vulnerabilities
10. MyDesign Sayac 'admin.asp' Login Parameters SQL Injection Vulnerability
11. Technote 'shop_this_skin_path' Parameter Remote File Include Vulnerability
12. AJA Portal Rapidshare Module Arbitrary File Upload Vulnerability
13. WEBalbum 'photo.php' SQL Injection Vulnerability
14. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability
15. Ez PHP Comment Reviewer Name Cross Site Scripting Vulnerability
16. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities
17. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability
18. sblim-sfcb 'genSslCert.sh' Insecure Temporary File Creation Vulnerability
19. Vivvo 404 Error Page Cross Site Scripting Vulnerability
20. Multiple Groone Products 'abspath' Parameter Remote File Include Vulnerability
21. Online Grades Login Parameters SQL Injection Vulnerabilities
22. Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
23. OpenBSD BGP UPDATE Message Remote Denial of Service Vulnerability
24. E-Php B2B Trading Marketplace Script Multiple Cross Site Scripting Vulnerabilities
25. Sunbyte eFlower 'popupproduct.php' SQL Injection Vulnerability
26. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
27. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
28. RETIRED: DMXReady Online Notebook Manager Login Parameters SQL Injection Vulnerabilities
29. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
30. Free Download Manager Remote Control Server Stack Buffer Overflow Vulnerability
31. xterm DECRQSS Remote Command Execution Vulnerability
32. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
33. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
34. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
35. Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
36. Linux Kernel 'inotify' Local Privilege Escalation Vulnerability
37. Linux Kernel 'lbs_process_bss()' Remote Denial of Service Vulnerability
38. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
39. Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability
40. Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
41. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
42. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
43. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
44. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
45. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
46. Moodle Calendar Export Unspecified Information Disclosure Vulnerability
47. Multiple Cisco Wireless LAN Controllers Multiple Remote Vulnerabilities
48. DMXReady Blog Manager 'inc_weblogmanager.asp' Cross-Site Scripting and SQL Injection Vulnerabilities
49. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
50. phpSlash 'fields' Parameter Remote Command Execution Vulnerability
51. Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
52. Todd Miller Sudo 'Runas_Alias' Supplementary Group Local Privilege Escalation Vulnerability
53. Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
54. phpg Multiple Input Validation Vulnerabilities
55. Joomla! WATicketSystem Component 'catid' SQL Injection Vulnerability
56. MultiMedia Soft Multiple Components 'AdjMmsEng.dll' PLS File Buffer Overflow Vulnerability
57. Small HTTP server FTP Directory Traversal Vulnerability
58. MetaBBS Administration Settings Authentication Bypass Vulnerability
59. Cisco IOS HTTP Server Multiple Cross Site Scripting Vulnerabilities
60. Non-Creative Software LCPlayer '.qt' File Remote Buffer Overflow Vulnerability
61. Views Bulk Operations Unspecified Cross Site Scripting Vulnerability
62. rgboard Multiple Input Validation Vulnerabilities
63. YapBB 'forumhop.php' SQL Injection Vulnerability
64. Mahara Forum Post Cross Site Scripting Vulnerability
65. Moodle 'Login As' Cross Site Scripting Vulnerability
66. Power System Of Article Management Multiple Cross Site Scripting Vulnerabilities
67. Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
68. Team 'online.asp' Cross Site Scripting Vulnerability
69. Moodle '/user/pix.php' Information Disclosure Vulnerability
70. Moodle Log Table HTML Injection Vulnerability
71. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability
72. Jaws Multiple Local File Include Vulnerabilities
73. Openfiler 'password.html' Password Reset Security Bypass Vulnerability
74. PHPbbBook 'bbcode.php' Local File Include Vulnerability
75. GR Board Multiple Remote File Include Vulnerabilities
76. Syntax Desktop 'synTarget' Parameter Local File Include Vulnerability
77. ClickCart Login Parameters SQL Injection Vulnerabilities
78. Mozilla Firefox xdg-open 'mailcap' File Remote Code Execution Vulnerability
79. OpenHelpdesk 'ajax.php' Remote Command Execution Vulnerability
80. PHP Multiple Buffer Overflow Vulnerabilities
81. Multiple Java Runtime Implementations UTF-8 Input Validation Vulnerability
82. Sourdough 'neededFiles[patForms]' Parameter Remote File Include Vulnerability
83. CMS Mini 'guestbook' Remote Command Execution Vulnerability
84. Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
85. Flatnux User Profile 'Job' Field HTML Injection Vulnerability
86. AJA Portal Multiple Local File Include Vulnerabilities
87. phpBLASTER 'blaster_user' Parameter SQL Injection Vulnerability
88. Oracle January 2009 Critical Patch Update Multiple Vulnerabilities
89. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability
90. SMA-DB Cross Site Scripting and Remote File Include Vulnerabilities
91. Free Download Manager Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities
92. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
93. PSCS VPOP3 Email Message HTML Injection Vulnerability
94. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
95. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
96. Apple QuickTime 'jpeg' Atoms Movie File Remote Buffer Overflow Vulnerability
97. Multiple Whole Hog Software Products Cookie Authentication Bypass Vulnerability
98. Multiple Whole Hog Software Products Login SQL Injection Vulnerability
99. Drupal ImageField Module Multiple Vulnerabilities
100. D-Link DIR-300 Cross Site Scripting and Security Bypass Vulnerabilities
III. SECURITYFOCUS NEWS
1. Group releases list to kill most-dangerous bugs
2. Group attacks flaw in browser crypto security
3. Commission calls for cybersecurity czar
4. Microsoft hopes free security means less malware
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #429
2. customer user accounts and internal user accounts on same domain
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Time to Take the Theoretical Seriously
By Chris Wysopal
Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers
http://www.securityfocus.com/columnists/490

2.The Drew Verdict Makes Us All Hackers
By Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

II. BUGTRAQ SUMMARY
--------------------
1. HP Multiple LaserJet Printers Unspecified Directory Traversal Vulnerability
BugTraq ID: 33611
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33611
Summary:
Multiple HP printers are prone to an unspecified directory-traversal vulnerability because the device's webserver fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

The following HP printer models are vulnerable:

LaserJet 2410 with firmware prior to 20080819 SPCL112A
LaserJet 2420 with firmware prior to 20080819 SPCL112A
LaserJet 2430 with firmware prior to 20080819 SPCL112A
LaserJet 4250 with firmware prior to 20080819 SPCL015A
LaserJet 4350 with firmware prior to 20080819 SPCL015A
LaserJet 9040 with firmware prior to 20080819 SPCL110A
LaserJet 9050 with firmware prior to 20080819 SPCL110A
LaserJet 4345mfp with firmware prior to 09.120.9
Color LaserJet 4730mfp with firmware prior to 46.200.9
LaserJet 9040mfp with firmware prior to 08.110.9
LaserJet 9050mfp with firmware prior to 08.110.9
9200C Digital Sender with firmware prior to 09.120.9
Color LaserJet 9500mfp with firmware prior to 08.110.9

2. W3C Amaya HTML Tag Parameter Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 32847
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/32847
Summary:
W3C Amaya is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Amaya 10.0.1 is vulnerable; other versions may also be affected.

UPDATE (Januray 29, 2009): Amaya 11.0 is also vulnerable.

3. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
BugTraq ID: 33580
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33580
Summary:
Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues.

An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user.

These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2.

4. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
BugTraq ID: 30131
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/30131
Summary:
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.

5. Multiple Vendors IPv6 Neighbor Discovery Protocol Implementation Address Spoofing Vulnerability
BugTraq ID: 31529
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/31529
Summary:
Multiple vendors' IPv6 Neighbor Discovery Protocol (NDP) implementations are prone to a security vulnerability.

Exploiting the issue may allow attackers to intercept network traffic, perform man-in-the-middle attacks, or cause congested links to become overloaded.

6. Flatnux '_FNROOTPATH' Parameter Remote File Include Vulnerability
BugTraq ID: 33599
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33599
Summary:
Flatnux is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Flatnux 2009-01-27 is vulnerable; other versions may also be affected.

7. TxtBlog 'admin/index.php' Remote Command Execution Vulnerability
BugTraq ID: 33597
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33597
Summary:
TxtBlog is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

TxtBlog 1.0 Alpha is vulnerable; other versions may also be affected.

8. DreamPics Photo/Video Gallery 'exhibition_id' SQL Injection Vulnerability
BugTraq ID: 33596
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33596
Summary:
DreamPics Photo/Video Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

9. 4Site CMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 33594
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33594
Summary:
4Site CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

4Site CMS 2.6 is vulnerable; other versions may also be affected.

10. MyDesign Sayac 'admin.asp' Login Parameters SQL Injection Vulnerability
BugTraq ID: 33593
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33593
Summary:
MyDesign Sayac is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

MyDesign Sayac 2.0 is vulnerable; other versions may also be affected.

11. Technote 'shop_this_skin_path' Parameter Remote File Include Vulnerability
BugTraq ID: 33592
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33592
Summary:
Technote is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

Technote 7.2 is vulnerable; other versions may also be affected.

12. AJA Portal Rapidshare Module Arbitrary File Upload Vulnerability
BugTraq ID: 33591
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33591
Summary:
AJA Portal Rapidshare Module is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

13. WEBalbum 'photo.php' SQL Injection Vulnerability
BugTraq ID: 33590
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33590
Summary:
WEBalbum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WEBalbum 2.4b is vulnerable; other versions may also be affected.

14. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability
BugTraq ID: 33588
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33588
Summary:
BlazeVideo HDTV Player is prone to a heap-based buffer-overflow vulnerability because the application fails to handle malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

BlazeVideo HDTV Player 3.5 is vulnerable; other versions may also be affected.

15. Ez PHP Comment Reviewer Name Cross Site Scripting Vulnerability
BugTraq ID: 33587
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33587
Summary:
Ez PHP Comment is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

16. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities
BugTraq ID: 33585
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33585
Summary:
NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input.

Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Additionally, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks.

NaviCOPA Web Server 3.01 is vulnerable; other versions may also be affected.

17. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability
BugTraq ID: 33584
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33584
Summary:
Hex Workshop is prone to a memory-corruption vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Hex Workshop 6 is vulnerable; other versions may also be affected.

18. sblim-sfcb 'genSslCert.sh' Insecure Temporary File Creation Vulnerability
BugTraq ID: 33583
Remote: No
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33583
Summary:
sblim-sfcb creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

sblim-sfcb 1.3.2 is vulnerable; other versions may also be affected.

19. Vivvo 404 Error Page Cross Site Scripting Vulnerability
BugTraq ID: 33582
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33582
Summary:
Vivvo is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Versions prior to Vivvo 4.1.1 are vulnerable.

20. Multiple Groone Products 'abspath' Parameter Remote File Include Vulnerability
BugTraq ID: 33578
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33578
Summary:
Multiple Groone products are prone to a remote file-include vulnerability because they fail to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the applications and the underlying system; other attacks are also possible.

The following products are affected:

Groone GLinks 2.1
Groone GBook 2.0

Other versions may also be affected.

21. Online Grades Login Parameters SQL Injection Vulnerabilities
BugTraq ID: 33576
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33576
Summary:
Online Grades is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Online Grades 3.2.4 is vulnerable; other versions may also be affected.

22. Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
BugTraq ID: 33568
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33568
Summary:
Multiple VNC clients are prone to integer-overflow vulnerabilities because they fail to properly validate data supplied by the VNC server.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

The following are vulnerable to these issues; other VNC applications may also be affected.

UltraVNC prior to 1.0.5.4
TightVNC prior to 1.3.10

23. OpenBSD BGP UPDATE Message Remote Denial of Service Vulnerability
BugTraq ID: 33553
Remote: Yes
Last Updated: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33553
Summary:
OpenBSD is prone to a remote denial-of-service vulnerability when processing certain BGP UPDATE messages.

Exploiting this issue allows remote attackers to terminate BGP sessions and potentially cause denial-of-service conditions.

OpenBSD 4.4 and 4.3 are vulnerable.

24. E-Php B2B Trading Marketplace Script Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33551
Remote: Yes
Last Updated: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33551
Summary:
E-Php B2B Trading Marketplace Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

25. Sunbyte eFlower 'popupproduct.php' SQL Injection Vulnerability
BugTraq ID: 32589
Remote: Yes
Last Updated: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/32589
Summary:
Sunbyte eFlower is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

26. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
BugTraq ID: 33151
Remote: Yes
Last Updated: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33151
Summary:
Multiple vendors' products using OpenSSL are prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

27. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
BugTraq ID: 33579
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33579
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

This BID is being retired as an attacker requires administrative access to an affected application to exploit this issue. An attacker with that access would not need to exploit any issue in order to compromise the application in this manner.

28. RETIRED: DMXReady Online Notebook Manager Login Parameters SQL Injection Vulnerabilities
BugTraq ID: 33600
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33600
Summary:
DMXReady Online Notebook Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DMXReady Online Notebook Manager 1.1 is vulnerable; other versions may also be affected.

This BID is being retired as it is based on false or misleading information.

29. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
BugTraq ID: 33595
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33595
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

We don't know which versions of Simple Machines Forum are affected. We will update this BID when more information is available.

30. Free Download Manager Remote Control Server Stack Buffer Overflow Vulnerability
BugTraq ID: 33554
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33554
Summary:
Free Download Manager is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input. The issue affects the Remote Control Server.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Successful exploits may compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions.

The issue affects the following versions:

Free Download Manager 2.5 Build 758
Free Download Manager 3.0 Build 844

Other versions may also be affected.

31. xterm DECRQSS Remote Command Execution Vulnerability
BugTraq ID: 33060
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33060
Summary:
The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

The issue affects xterm with patch 237; other versions may also be affected.

32. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

33. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

34. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

35. Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
BugTraq ID: 32516
Remote: No
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/32516
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to create a soft lockup of the vulnerable kernel or to invoke the 'oom-killer' kernel functionality, which may halt unrelated processes. This may result in a denial-of-service condition.

NOTE: This issue was either caused or revealed by the fix for BID 32154 (Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability).

The Linux kernel 2.6.27 and prior versions are affected.

36. Linux Kernel 'inotify' Local Privilege Escalation Vulnerability
BugTraq ID: 33503
Remote: No
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33503
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc5 are vulnerable.

37. Linux Kernel 'lbs_process_bss()' Remote Denial of Service Vulnerability
BugTraq ID: 32484
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/32484
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability because of a buffer-overflow error in the 'libertas' subsystem.

Successful exploits will allow attackers to crash the affected computer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute code, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.27.5 are vulnerable.

38. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
BugTraq ID: 32676
Remote: No
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/32676
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to go into an infinite loop, which may cause a denial-of-service condition.

39. Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability
BugTraq ID: 33560
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33560
Summary:
Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.

40. Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
BugTraq ID: 30496
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/30496
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 4.1.0 to 4.1.37
Tomcat 5.5.0 to 5.5.26
Tomcat 6.0.0 to 6.0.16

41. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
BugTraq ID: 30494
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/30494
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.

The following versions are affected:

Apache Tomcat 4.1.0 to 4.1.37
Apache Tomcat 5.5.0 to 5.5.26
Apache Tomcat 6.0.0 to 6.0.16

Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.

42. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
BugTraq ID: 29502
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/29502
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. The issue affects the Host Manager web application.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 5.5.9 to 5.5.26
Tomcat 6.0.0 to 6.0.16

43. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
BugTraq ID: 30560
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/30560
Summary:
The Apache 'mod_proxy_ftp' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue is reported to affect Apache 2.0.63 and 2.2.9; other versions may also be affected.

44. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
BugTraq ID: 29653
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/29653
Summary:
The Apache 'mod_proxy_http' module is prone to a denial-of-service vulnerability that affects the processing of interim responses.

Attackers may exploit this issue to cause denial-of-service conditions.

Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected.

45. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
BugTraq ID: 27236
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/27236
Summary:
The Apache 'mod_proxy_balancer' module is prone to multiple vulnerabilities, including denial-of-service, memory-corruption, cross-site scripting, HTML-injection, and cross-site request-forgery issues.

Attackers can exploit these issues to inject arbitrary script code into vulnerable sections of the application, execute this script code in the browser of a user in the context of the affected site, and perform certain actions using the user's active session. Attackers can exploit the denial-of-service issue to deny further service to legitimate users. Exploiting the memory-corruption vulnerability is likely to cause a crash and could allow arbitrary code to run, but this has not been confirmed.

The issues affect Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0; other versions may also be vulnerable.

46. Moodle Calendar Export Unspecified Information Disclosure Vulnerability
BugTraq ID: 33612
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33612
Summary:
Moodle is prone to an unspecified information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks, including brute-force attacks against user accounts.

The following versions are affected:

Moodle 1.9 up to but not including 1.9.4
Moodle 1.8 up to but not including 1.8.8

47. Multiple Cisco Wireless LAN Controllers Multiple Remote Vulnerabilities
BugTraq ID: 33608
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33608
Summary:
Multiple Cisco Wireless LAN Controllers are prone to these remote vulnerabilities:

- Multiple denial-of-service vulnerabilities
- A remote privilege-escalation vulnerability

Remote attackers can exploit these issues to gain administrative rights on an affected device or crash the device, denying service to legitimate users.

The following devices are affected:

Cisco 4400 Series Wireless LAN Controllers
Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (WiSM)
Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

48. DMXReady Blog Manager 'inc_weblogmanager.asp' Cross-Site Scripting and SQL Injection Vulnerabilities
BugTraq ID: 33314
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33314
Summary:
DMXReady Blog Manager is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

49. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
BugTraq ID: 33598
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33598
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, bypass certain security settings, and execute arbitrary script code with elevated privileges; other attacks are also possible.

50. phpSlash 'fields' Parameter Remote Command Execution Vulnerability
BugTraq ID: 33572
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33572
Summary:
phpSlash is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

phpSlash 0.8.1.1 is vulnerable; other versions may also be affected.

51. Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32402
Remote: No
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/32402
Summary:
Moodle creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Moodle 1.8.2 is vulnerable; other versions may also be affected.

52. Todd Miller Sudo 'Runas_Alias' Supplementary Group Local Privilege Escalation Vulnerability
BugTraq ID: 33517
Remote: No
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33517
Summary:
Todd Miller 'sudo' is prone to a local privilege-escalation vulnerability because it fails to correctly validate certain nondefault rules in the 'sudoer' configuration file.

Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.

This issue affects 'sudo' 1.6.9 p17 to 1.6.9 p19; other versions may also be affected.

53. Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
BugTraq ID: 31887
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/31887
Summary:
Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary commands in the context of the vulnerable webserver.

This issue may be related to BID 15213 (Snoopy Arbitrary Command Execution Vulnerability); this has not been confirmed.

Versions prior to Snoopy 1.2.4 are affected. Additional applications that use the Snoopy library may also be vulnerable.

54. phpg Multiple Input Validation Vulnerabilities
BugTraq ID: 32963
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/32963
Summary:
The 'phpg' program is prone to multiple input-validation vulnerabilities:

- A script-injection vulnerability
- A denial-of-service vulnerability
- Multiple cross-site-scripting vulnerabilities

An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, or create a denial-of-service condition.

These issues affect phpg 1.6; other versions may also be affected.

55. Joomla! WATicketSystem Component 'catid' SQL Injection Vulnerability
BugTraq ID: 33353
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33353
Summary:
The Joomla! WATicketSystem component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to WATicketSystem 2.0.8 are vulnerable.

56. MultiMedia Soft Multiple Components 'AdjMmsEng.dll' PLS File Buffer Overflow Vulnerability
BugTraq ID: 33589
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33589
Summary:
Multiple MultiMedia Soft components are prone to a stack-based buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the applications using the vulnerable components. Failed exploit attempts will cause denial-of-service conditions.

The following components are reported to be vulnerable:
Audio DJ Studio for .NET
Audio Sound Recorder for .NET
Audio Sound Editor for .NET
Audio Sound Suite for .NET
Audio Sound Studio for .NET

Please note that this BID was initially written as Euphonics '.pls' File Buffer Overflow Vulnerability but it was updated due to more details being available. Euphonics 1.0 is vulnerable because it uses a vulnerable version of one of the MultiMedia Soft components.

57. Small HTTP server FTP Directory Traversal Vulnerability
BugTraq ID: 33570
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33570
Summary:
'Small HTTP server' is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary directories within the context of the webserver. Information harvested may aid in launching further attacks.

This issue affect Small HTTP server 3.05.84; other versions may also be affected.

58. MetaBBS Administration Settings Authentication Bypass Vulnerability
BugTraq ID: 33626
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33626
Summary:
MetaBBS is prone to a vulnerability that lets attackers modify arbitrary user passwords because it fails to adequately secure access to administrative functionality.

This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

MetaBBS 0.11 is vulnerable; other versions may also be affected.

59. Cisco IOS HTTP Server Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33625
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33625
Summary:
Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. In addition, these issues can also be leveraged to perform cross-site request-forgery attacks on the same scripts and parameters. Other attacks may also be possible.

Note that this issue may be related to an issue described in BID 33260 (Cisco IOS HTTP Server Multiple Cross Site Scripting Vulnerabilities).

Cisco IOS 12.4(23) is vulnerable; other versions may also be affected.

60. Non-Creative Software LCPlayer '.qt' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33623
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33623
Summary:
Non-Creative Software LCPlayer is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

LCPlayer 0.5.4 is vulnerable; other versions may also be affected.

61. Views Bulk Operations Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 33622
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33622
Summary:
Views bulk operations is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

62. rgboard Multiple Input Validation Vulnerabilities
BugTraq ID: 33621
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33621
Summary:
rgboard is prone to multiple input-validation vulnerabilities, including:

- A cross-site scripting vulnerability
- A local file-include vulnerability
- A remote file-include vulnerability

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer, execute arbitrary script code and steal cookie based authentication credentials; other attacks are also possible.

rgboard version 4 is vulnerable; other versions may also be affected.

63. YapBB 'forumhop.php' SQL Injection Vulnerability
BugTraq ID: 33620
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33620
Summary:
YapBB (Yet Another PHP Bulletin Board) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

YapBB 1.2 is vulnerable; other versions may also be affected.

64. Mahara Forum Post Cross Site Scripting Vulnerability
BugTraq ID: 33619
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33619
Summary:
Mahara is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Versions prior to Mahara 1.0.9 are vulnerable.

65. Moodle 'Login As' Cross Site Scripting Vulnerability
BugTraq ID: 33617
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33617
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

The following versions are affected:

Moodle 1.9 up to but not including 1.9.4
Moodle 1.8 up to but not including 1.8.8
Moodle 1.7 up to but not including 1.7.7
Moodle 1.6 up to but not including 1.6.9

66. Power System Of Article Management Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33616
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33616
Summary:
Power System Of Article Management is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Power System Of Article Management 3.0 is vulnerable; other versions may also be affected.

67. Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
BugTraq ID: 33615
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33615
Summary:
Moodle is prone to a cross-site request-forgery vulnerability.

Attackers may exploit this issue to perform unauthorized actions on forum posts. Other attacks may also be possible.

The following versions are affected:

Moodle 1.9 up to but not including 1.9.4
Moodle 1.8 up to but not including 1.8.8
Moodle 1.7 up to but not including 1.7.7

68. Team 'online.asp' Cross Site Scripting Vulnerability
BugTraq ID: 33614
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33614
Summary:
Team is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

69. Moodle '/user/pix.php' Information Disclosure Vulnerability
BugTraq ID: 33613
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33613
Summary:
Moodle is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view arbitrary files in the context of the webserver process. This may aid in further attacks.

The following versions are affected:

Moodle 1.9 up to but not including 1.9.4
Moodle 1.8 up to but not including 1.8.8

70. Moodle Log Table HTML Injection Vulnerability
BugTraq ID: 33610
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33610
Summary:
Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

The following Moodle branches and corresponding versions are affected:

1.9.x: prior to 1.9.4
1.8.x: prior to 1.8.8
1.7.x: prior to 1.7.7
1.6.x: prior to 1.6.9

71. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability
BugTraq ID: 33609
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33609
Summary:
QIP 2005 is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang and consume excessive computer resources, denying service to legitimate users.

This issue may occur in a third party component used by QIP 2005; however this has not been confirmed.

This issue affects QIP 2005 build 8082; other versions may also be vulnerable.

72. Jaws Multiple Local File Include Vulnerabilities
BugTraq ID: 33607
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33607
Summary:
Jaws is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver process. A successful attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of the vulnerable server.

Jaws 0.8.8 is vulnerable; other versions may also be affected.

73. Openfiler 'password.html' Password Reset Security Bypass Vulnerability
BugTraq ID: 33605
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33605
Summary:
Openfiler is prone to a security-bypass vulnerability because it fails to adequately restrict access to the password-reset feature.

An attacker can exploit this issue to gain administrative access to the application, which may allow the attacker to compromise the application; other attacks are also possible.

Openfiler 2.3 is vulnerable; other versions may also be affected.

74. PHPbbBook 'bbcode.php' Local File Include Vulnerability
BugTraq ID: 33603
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33603
Summary:
PHPbbBook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

PHPbbBook 1.3 is affected; other versions may also be vulnerable.

75. GR Board Multiple Remote File Include Vulnerabilities
BugTraq ID: 33602
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33602
Summary:
GR Board is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

GR Board 1.8 is vulnerable; other versions may also be affected.

76. Syntax Desktop 'synTarget' Parameter Local File Include Vulnerability
BugTraq ID: 33601
Remote: Yes
Last Updated: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33601
Summary:
Syntax Desktop is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

Syntax Desktop 2.7 is affected; other versions may also be vulnerable.

77. ClickCart Login Parameters SQL Injection Vulnerabilities
BugTraq ID: 33575
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33575
Summary:
ClickCart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ClickCart 6.0 is vulnerable; other versions may also be affected.

78. Mozilla Firefox xdg-open 'mailcap' File Remote Code Execution Vulnerability
BugTraq ID: 33137
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33137
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because the browser fails to properly validate the 'mime-type' of files before calling the 'xdg-open' utility, as defined in '/etc/mailcap'.

An attacker can exploit this issue to execute arbitrary code within the context of the affected browser.

This issue affects Firefox running on Slackware Linux 12.2. Other versions may also be vulnerable.

UPDATE (January 8, 2009): The exact fault for this issue is currently unclear. This could be a configuration problem in Slackware Linux, a failure to sanitize input in Firefox, or a problem in 'xdg-open'. We will update this BID pending further investigation.

79. OpenHelpdesk 'ajax.php' Remote Command Execution Vulnerability
BugTraq ID: 33574
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33574
Summary:
OpenHelpdesk is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

OpenHelpdesk 1.0.100 is vulnerable; other versions may also be affected.

80. PHP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30649
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/30649
Summary:
PHP is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable PHP functions. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

Versions prior to PHP 4.4.9 and PHP 5.2.8 are vulnerable.

81. Multiple Java Runtime Implementations UTF-8 Input Validation Vulnerability
BugTraq ID: 30633
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/30633
Summary:
Multiple Java runtime implementations are prone to a vulnerability because the applications fail to sufficiently sanitize user-supplied input.

Exploiting this issue in Apache Tomcat will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks. Other attacks may also be possible.

Exploiting this issue in other applications will depend on the individual application. Successful exploits may result in a bypass of intended security filters. This may have various security impacts. We will update this BID pending further investigation.

UPDATE (December, 18, 2008): Reports indicate that this issue may affect additional, unspecified Java Virtual Machine (JVM) implementations distributed by Sun, HP, IBM, Apple, and Apache. We will update this BID as more information becomes available.

UPDATE (January 9, 2009): This BID previously documented an issue in Apache Tomcat. Further reports indicate that the underlying issue is in various Java runtime implementations.

82. Sourdough 'neededFiles[patForms]' Parameter Remote File Include Vulnerability
BugTraq ID: 33569
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33569
Summary:
Sourdough is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Sourdough 0.3.5 is vulnerable; other versions may also be affected.

83. CMS Mini 'guestbook' Remote Command Execution Vulnerability
BugTraq ID: 33573
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33573
Summary:
CMS Mini is prone to a vulnerability that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

CMS Mini 0.2.2 is vulnerable; other versions may also be affected.

84. Grip CDDB Response Multiple Matches Buffer Overflow Vulnerability
BugTraq ID: 12770
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/12770
Summary:
A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than 16 matches.

To exploit this issue, an attacker must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through some other means. Successful exploits will allow arbitrary code to run.

Grip 3.1.2 and 3.2.0 are affected; other versions may also be affected.

85. Flatnux User Profile 'Job' Field HTML Injection Vulnerability
BugTraq ID: 33566
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33566
Summary:
Flatnux is prone to a HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

86. AJA Portal Multiple Local File Include Vulnerabilities
BugTraq ID: 33565
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33565
Summary:
AJA Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

AJA Portal 1.2 is vulnerable; other versions may also be affected.

87. phpBLASTER 'blaster_user' Parameter SQL Injection Vulnerability
BugTraq ID: 33567
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33567
Summary:
phpBLASTER is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpBLASTER 1.0 RC1 is vulnerable; other versions may also be affected.

88. Oracle January 2009 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 33177
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33177
Summary:
Oracle has released the January 2009 critical patch update. The update addresses 41 vulnerabilities affecting the following software:

Oracle Database
Oracle Secure Backup
Oracle TimesTen In-Memory Database
Oracle Application Server
Oracle Collaboration Suite
Oracle E-Business Suite Release
Oracle Enterprise Manager Grid Control
PeopleSoft Enterprise HRMS
JD Edwards Tools
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle WebLogic Portal (formerly BEA WebLogic Portal)

89. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability
BugTraq ID: 33586
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33586
Summary:
Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected.

90. SMA-DB Cross Site Scripting and Remote File Include Vulnerabilities
BugTraq ID: 33562
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33562
Summary:
SMA-DB is prone to a cross-site scripting vulnerability and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Attackers may also execute script code in an unsuspecting user's browser or steal cookie-based authentication credentials; other attacks are also possible.

SMA-DB 0.3.12 is vulnerable; other versions may also be affected.

91. Free Download Manager Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 33555
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33555
Summary:
Free Download Manager is prone to multiple remote buffer-overflow vulnerabilities because the software fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Successful exploits may compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions.

The issues affects the following versions:

Free Download Manager 2.5 Build 758
Free Download Manager 3.0 Build 844

Other versions may also be affected.

92. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
BugTraq ID: 33581
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33581
Summary:
Bugzilla is prone to a vulnerability caused by the use of a shared random seed. This issue occurs when Bugzilla is running under mod_perl.

An attacker may exploit this issue to predict random values generated by Bugzilla. This may reveal sensitive information such as attachment files or may allow the attacker to bypass cross-site request-forgery protection by predicting random token values. Other attacks may also be possible.

This issue affects Bugzilla 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl.

93. PSCS VPOP3 Email Message HTML Injection Vulnerability
BugTraq ID: 33558
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33558
Summary:
PSCS VPOP3 is prone to an HTML-injection vulnerability because the application fails to sufficiently sanitize user-supplied input before using it in dynamically generated content.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

94. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 27528
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/27528
Summary:
The 'xdg-utils' package is prone to a remote command-execution vulnerabilities.

An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious file.

Successful exploits will allow attackers to execute arbitrary commands with the privileges of the user running the affected application.

95. Samba Arbitrary Memory Contents Information Disclosure Vulnerability
BugTraq ID: 32494
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/32494
Summary:
Samba is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain arbitrary memory contents.

This issue affects Samba 3.0.29 up to and including 3.2.4.

96. Apple QuickTime 'jpeg' Atoms Movie File Remote Buffer Overflow Vulnerability
BugTraq ID: 33390
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33390
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X.

97. Multiple Whole Hog Software Products Cookie Authentication Bypass Vulnerability
BugTraq ID: 33577
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33577
Summary:
Multiple Whole Hog Software products are prone to an authentication-bypass vulnerability because they fail to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected applications, which may aid in further attacks.

This issue affects the following products:

Ware Support
Password Protect

98. Multiple Whole Hog Software Products Login SQL Injection Vulnerability
BugTraq ID: 33564
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33564
Summary:
Multiple Whole Hog Software products are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit may allow an attacker to compromise the applications, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following products are affected:

Ware Support
Password Protect

99. Drupal ImageField Module Multiple Vulnerabilities
BugTraq ID: 33557
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33557
Summary:
The ImageField module for Drupal is prone to a file-upload vulnerability and a cross-site scripting vulnerability.

An attacker could exploit these vulnerabilities to execute arbitrary script code in a user's browser in the context of the affected site or execute arbitrary code on the server.

These issues affect ImageField 5.x-2.2; other versions may also be vulnerable.

100. D-Link DIR-300 Cross Site Scripting and Security Bypass Vulnerabilities
BugTraq ID: 33556
Remote: Yes
Last Updated: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33556
Summary:
D-Link DIR-300 is prone to a cross-site scripting vulnerability and a security-bypass vulnerability.

An attacker may exploit these issues to bypass authentication or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The issues affect D-Link DIR-300 with firmware 1.04-tomi-1.1.2.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

2. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

3. Commission calls for cybersecurity czar
By: Robert Lemos
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
http://www.securityfocus.com/news/11540

4. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #429
http://www.securityfocus.com/archive/88/500589

2. customer user accounts and internal user accounts on same domain
http://www.securityfocus.com/archive/88/500442

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
Symantec NetBackup Design Best Practices with Data Domain
This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution.

http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a7c

News

Wednesday, February 04, 2009

SecurityFocus Newsletter #489

No comments:

WINDOWS CENTER

Blog Archive