WINDOWS CENTER: SecurityFocus Newsletter #490

SecurityFocus Newsletter #490
----------------------------------------

This issue is sponsored by Sophos

Is virtualization a black hole in your security? 5 ways to ensure it isn't...

End users running unauthorized virtual environments on their computers make corporate systems and data much more vulnerable. This paper describes the hidden threats raised by unauthorized unsecured desktop virtualization, and gives five effective ways to secure yourself against them.

http://dinclinx.com/Redirect.aspx?36;4037;35;189;0;6;259;0ad5ac9ed0ee883a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Don't Blame the Browser
2.Resurrecting the Killfile
II. BUGTRAQ SUMMARY
1. BusinessSpace 'id' Parameter SQL Injection Vulnerability
2. Q-News 'settings.php' Remote Command Execution Vulnerability
3. Akamai Download Manager ActiveX Control Remote Code Execution Vulnerability
4. BlackBerry Application Web Loader ActiveX Control Remote Buffer Overflow Vulnerability
5. Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability
6. Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability
7. Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
8. Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability
9. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability
10. Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow Vulnerability
11. Microsoft Charts ActiveX Control Memory Corruption Vulnerability
12. VeryPDF PDFView ActiveX Component Heap Buffer Overflow Vulnerability
13. RealNetworks RealPlayer IVR File Parsing Multiple Vulnerabilities
14. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
15. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
16. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
17. Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
18. Linux Kernel 'hfsplus_find_cat()' Local Denial of Service Vulnerability
19. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
20. Linux Kernel 'qdisc_run()' Local Denial of Service Vulnerability
21. DevTrack HTML Injection and SQL Injection Vulnerabilities
22. NetGear SSL312 CGI Binary Remote Denial of Service Vulnerability
23. FeedDemon 'outline' Tag Buffer Overflow Vulnerability
24. Scripts For Sites EZ Webring/EZ Top Sites 'category.php' SQL Injection Vulnerability
25. 3Com OfficeConnect Wireless Cable/DSL Gateway 'SaveCfgFile' Access Validation Vulnerability
26. Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
27. Banking@Home 'Login.asp' Multiple SQL Injection Vulnerabilities
28. Tor Multiple Denial of Service Vulnerabilities
29. Hedgehog-CMS Local File Include and PHP code Injection Vulnerabilities
30. Google Chrome Cross Site Scripting and Cross Domain Security Bypass Vulnerabilities
31. GNOME Evolution S/MIME Email Signature Verification Vulnerability
32. Agares Media Arcadem Pro 'articleblock.php' SQL Injection Vulnerability
33. WSN Links 'comments.php' SQL Injection Vulnerability
34. Avaya DECT Products Information Disclosure Weakness
35. W3C Amaya Multiple Buffer Overflow Vulnerabilities
36. W3C Amaya 'CheckUniqueName()' Multiple Stack Based Buffer Overflow Vulnerabilities
37. W3C Amaya HTML 'input' Tag Parameter Buffer Overflow Vulnerability
38. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
39. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability
40. OwnRS 'autor.php' SQL Injection Vulnerability
41. Enomaly ECP Insecure Temporary File Creation Vulnerability
42. Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities
43. RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability
44. Sun Fire X2100/X2200 M2 Servers Security Bypass and Remote Command Execution Vulnerability
45. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
46. YANOCC 'lang_check.php' Local File Include Vulnerability
47. w3b|cms Multiple SQL Injection Vulnerabilities
48. WebFrame Local and Remote File Include Vulnerabilities
49. Open Handset Alliance Android Multiple Local Vulnerabilities
50. Multiple Scripts For Sites EZ Products 'directory.php' Cross Site Scripting Vulnerability
51. FotoWeb Multiple Cross Site Scripting Vulnerabilities
52. PHP Director 'searching' Parameter SQL Injection Vulnerability
53. ilchClan 'statistic.php' SQL Injection Vulnerability
54. ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability
55. FTPShell server '.key' File Buffer Overflow Vulnerability
56. mod_auth_mysql Package Multibyte Character Encoding SQL Injection Vulnerability
57. AV Book Library Multiple SQL Injection Vulnerabilities
58. Hedgehog-CMS 'specialacts.php' Arbitrary File Upload Vulnerability
59. SnippetMaster Webpage Editor Cross Site Scripting and Remote File Include Vulnerabilities
60. Taridnt UP Remote File Upload Vulnerability
61. Multiple Cisco Wireless LAN Controllers Multiple Remote Vulnerabilities
62. JasPer 1.900.1 Multiple Vulnerabilities
63. Bitrix Site Manager Multiple Input Validation Vulnerabilities
64. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
65. glFusion Anonymous Comment 'username' Field HTML Injection Vulnerability
66. PyBlosxom Atom Flavor Multiple XML Injection Vulnerabilities
67. AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
68. If-CMS 'id' Parameter SQL Injection Vulnerability
69. FlexCMS 'catId' Parameter SQL Injection Vulnerability
70. OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability
71. OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability
72. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
73. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
74. Sun Java System Directory Server LDAP Request Denial Of Service Vulnerability
75. libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
76. A Better Member-Based ASP Photo Gallery 'view.asp' SQL Injection Vulnerability
77. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
78. Drupal Ajax Checklist Module Unspecified HTML Injection Vulnerability
79. Geovision Digital Video Surveillance System Directory Traversal Vulnerability
80. Fail2ban 'wuftpd.conf' Remote Denial of Service Vulnerability
81. Pebble Unspecified Cross Site Scripting Vulnerability
82. OpenCore 'pvmp3_huffman_parsing.cpp' Remote Buffer Underflow Vulnerability
83. TechExcel CustomerWise Multiple Input Validation Vulnerabilities
84. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
85. Barcode Generator 'image.php' Local File Include Vulnerability
86. Wicd 'wicd.conf' Default Configuration Local Information Disclosure Vulnerability
87. AJ Auction Pro SQL Injection and Cross Site Scripting Vulnerabilities
88. Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
89. Nokia Phoenix Service Software ActiveX Controls Multiple Buffer Overflow Vulnerabilities
90. IBM AIX 'at' Local Information Disclosure Vulnerability
91. Drupal 'install.php' Local File Include Vulnerability
92. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
93. Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
94. TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities
95. Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
96. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
97. MediaWiki 'config/index.php' Multiple Cross Site Scripting Vulnerabilities
98. Novell QuickFinder Server Multiple Cross-Site Scripting Vulnerabilities
99. HP OpenView Network Node Manager 'ovlaunch' Buffer Overflow Vulnerability
100. OpenSSH CBC Mode Information Disclosure Vulnerability
III. SECURITYFOCUS NEWS
1. Group releases list to kill most-dangerous bugs
2. Group attacks flaw in browser crypto security
3. Commission calls for cybersecurity czar
4. Microsoft hopes free security means less malware
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #430
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Don't Blame the Browser
Melih Abdulhayoglu
There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
http://www.securityfocus.com/columnists/492

2. Resurrecting the Killfile
By Oliver Day
In William Gibson's Idoru, one of the book's hackers describes a community of people who all share a file of unwanted things to create the walled city of Hak Nam. "They made something like a killfile of everything, everything they didn't like, and they turned that inside out," he wrote.
http://www.securityfocus.com/columnists/491

II. BUGTRAQ SUMMARY
--------------------
1. BusinessSpace 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 33692
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33692
Summary:
BusinessSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

BusinessSpace 1.2 is vulnerable; other versions may also be affected.

2. Q-News 'settings.php' Remote Command Execution Vulnerability
BugTraq ID: 33717
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33717
Summary:
Q-News is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

Q-News 2.0 is vulnerable; other versions may also be affected.

3. Akamai Download Manager ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 28993
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/28993
Summary:
Akamai Download Manager is prone to a remote code-execution vulnerability.

Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers.

This issue affects versions prior to Download Manager 2.2.3.7.

4. BlackBerry Application Web Loader ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 33663
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33663
Summary:
Research in Motion BlackBerry Application Web Loader ActiveX control is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

BlackBerry Application Web Loader 1.0 is vulnerable.

5. Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 32612
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32612
Summary:
Microsoft Hierarchical FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

Microsoft Hierarchical FlexGrid Control 6.0.88.4 is vulnerable; other versions may also be affected. The control is bundled with Microsoft Visual Basic 6.0 and Microsoft Visual FoxPro 8.0 SP1 and 9.0 SP 2.

6. Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 32591
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32591
Summary:
Microsoft DataGrid ActiveX control is prone to a remote memory-corruption vulnerability.

7. Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
BugTraq ID: 32710
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32710
Summary:
Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input.

Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

The issue affects the following:

Microsoft SQL Server 2000
Microsoft SQL Server 2005

8. Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 32592
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32592
Summary:
Microsoft FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability.

9. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability
BugTraq ID: 32613
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32613
Summary:
Microsoft Windows Common AVI ActiveX control is prone to a remote buffer-overflow vulnerability.

10. Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30674
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/30674
Summary:
The Microsoft Visual Studio ActiveX control, MaskedEdit, is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

'Msmask32.ocx' 6.0.81.69 is vulnerable; other versions may also be affected.

UPDATE: Testing indicates that 'Msmask32.ocx' 6.0.84.18 is not vulnerable; we are working with Microsoft to confirm our findings and gain further details. We recommend that users install 6.0.84.18 or a later version.

11. Microsoft Charts ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 32614
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32614
Summary:
Microsoft Charts ActiveX control is prone to a remote memory-corruption vulnerability.

12. VeryPDF PDFView ActiveX Component Heap Buffer Overflow Vulnerability
BugTraq ID: 32313
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32313
Summary:
The VeryPDF PDFView ActiveX control is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

13. RealNetworks RealPlayer IVR File Parsing Multiple Vulnerabilities
BugTraq ID: 33652
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33652
Summary:
RealNetworks RealPlayer is prone to multiple memory-corruption vulnerabilities that arise when the application processes a specially crafted IVR file.

Successfully exploiting these issues will allow remote attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will cause a denial-of-service condition.

RealPlayer 11 is affected; other versions may also be vulnerable.

14. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

15. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
BugTraq ID: 32289
Remote: No
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32289
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.27.6.

16. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

17. Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
BugTraq ID: 33339
Remote: No
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33339
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to manage memory in a proper manner.

Attackers can exploit this issue to cause a crash by exhausting memory resources.

This issue affects Linux kernel 2.6.x.

18. Linux Kernel 'hfsplus_find_cat()' Local Denial of Service Vulnerability
BugTraq ID: 32093
Remote: No
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32093
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

This issue affects versions prior to Linux kernel 2.6.28-rc1.

19. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

20. Linux Kernel 'qdisc_run()' Local Denial of Service Vulnerability
BugTraq ID: 32985
Remote: No
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32985
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Local attackers can exploit this issue to cause a soft lockup, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25 are vulnerable.

21. DevTrack HTML Injection and SQL Injection Vulnerabilities
BugTraq ID: 22460
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/22460
Summary:
DevTrack is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks are also possible.

DevTrack 6.0.3 is reported vulnerable; other versions may also be affected.

22. NetGear SSL312 CGI Binary Remote Denial of Service Vulnerability
BugTraq ID: 33675
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33675
Summary:
NetGear SSL312 is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.

23. FeedDemon 'outline' Tag Buffer Overflow Vulnerability
BugTraq ID: 33630
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33630
Summary:
FeedDemon is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

FeedDemon 2.7 and prior versions are vulnerable.

24. Scripts For Sites EZ Webring/EZ Top Sites 'category.php' SQL Injection Vulnerability
BugTraq ID: 32032
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32032
Summary:
EZ Webring and EZ Top Sites are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

25. 3Com OfficeConnect Wireless Cable/DSL Gateway 'SaveCfgFile' Access Validation Vulnerability
BugTraq ID: 33686
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33686
Summary:
The 3Com OfficeConnect Wireless Cable/DSL Gateway is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

The 3Com OfficeConnect Wireless Cable/DSL Gateway firmware 1.2.0 is vulnerable; other versions may also be affected.

26. Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
BugTraq ID: 33679
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33679
Summary:
Trend Micro InterScan Web Security Suite is prone to multiple security-bypass vulnerabilities.

Successful exploits may allow attackers to access sensitive areas and to elevate privileges to perform certain restricted actions, such as modifying system configuration.

These issues affect InterScan Web Security Suite 3.1 for Windows. Reportedly, Linux versions of the application are also affected.

27. Banking@Home 'Login.asp' Multiple SQL Injection Vulnerabilities
BugTraq ID: 33721
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33721
Summary:
Banking@Home is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Banking@Home 2.1 is vulnerable; other versions may also be affected.

28. Tor Multiple Denial of Service Vulnerabilities
BugTraq ID: 33713
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33713
Summary:
Tor is prone to multiple vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions.

These issues affect versions prior to Tor 0.2.0.34.

29. Hedgehog-CMS Local File Include and PHP code Injection Vulnerabilities
BugTraq ID: 33710
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33710
Summary:
Hedgehog-CMS is prone to local file-include and PHP code-injection vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities to execute arbitrary PHP code or to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

Hedgehog-CMS 1.21 is affected; other versions may also be vulnerable.

30. Google Chrome Cross Site Scripting and Cross Domain Security Bypass Vulnerabilities
BugTraq ID: 33529
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33529
Summary:
Google Chrome is prone to multiple cross-site scripting vulnerabilities and a cross-domain security-bypass vulnerability.

An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of an arbitrary site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The cross-domain security-bypass vulnerability will allow the attacker to bypass the same-origin policy and obtain potentially sensitive information.

These issues affect versions prior to Google Chrome 1.0.154.46.

31. GNOME Evolution S/MIME Email Signature Verification Vulnerability
BugTraq ID: 33720
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33720
Summary:
GNOME Evolution is prone to a signature-verification vulnerability.

Attackers can exploit this issue through man-in-the-middle attacks to modify signed messages undetected.

32. Agares Media Arcadem Pro 'articleblock.php' SQL Injection Vulnerability
BugTraq ID: 31322
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/31322
Summary:
Arcadem Pro is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

33. WSN Links 'comments.php' SQL Injection Vulnerability
BugTraq ID: 31302
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/31302
Summary:
WSN Links is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

WSN Links 4.0.34P is vulnerable; other versions may also be affected.

34. Avaya DECT Products Information Disclosure Weakness
BugTraq ID: 33709
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33709
Summary:
Avaya products that use the DECT wireless standard are prone to an information-disclosure weakness.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

35. W3C Amaya Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33047
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33047
Summary:
W3C Amaya is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to Amaya 11.1 are vulnerable.

36. W3C Amaya 'CheckUniqueName()' Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 33736
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33736
Summary:
W3C Amaya is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to Amaya 11.1 are vulnerable.

37. W3C Amaya HTML 'input' Tag Parameter Buffer Overflow Vulnerability
BugTraq ID: 33046
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33046
Summary:
W3C Amaya is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Amaya 11.0 and prior are vulnerable.

38. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
BugTraq ID: 33722
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33722
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.

ProFTPD 1.3.1 through 1.3.2 rc 2 are vulnerable.

39. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33419
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33419
Summary:
Merak Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Merak Media Player 3.2 is vulnerable; other versions may also be affected.

40. OwnRS 'autor.php' SQL Injection Vulnerability
BugTraq ID: 33402
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33402
Summary:
OwnRS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

OwnRS 1.2 is vulnerable; other versions may also be affected.

41. Enomaly ECP Insecure Temporary File Creation Vulnerability
BugTraq ID: 33544
Remote: No
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33544
Summary:
Enomaly ECP (Elastic Computing Platform) creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to ECP 2.1.1 are vulnerable.

42. Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities
BugTraq ID: 30723
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/30723
Summary:
Reflection for Secure IT is prone to multiple unspecified vulnerabilities.

Very few details are available regarding these issues. We will update this BID as more information emerges.

Given the nature of this application, these issues are likely remote in nature, but Symantec has not verified this information.

These issues affect Reflection for Secure IT UNIX Client and Server 7.0 prior to Service Pack 1 (SP1).

43. RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability
BugTraq ID: 33263
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33263
Summary:
RealVNC Viewer is prone to a remote code-execution vulnerability because it fails to adequately handle certain encoding types.

An attacker can exploit this issue to execute arbitrary code in the context of the vulnerable process. Failed exploit attempts are likely to result in denial-of-service conditions.

NOTE: This issue may be related to the vulnerability discussed in BID 30499 (RealVNC 4.1.2 'vncviewer.exe' Remote Denial of Service Vulnerability).

RealVNC 4.1.2 is vulnerable; earlier versions may also be affected.

44. Sun Fire X2100/X2200 M2 Servers Security Bypass and Remote Command Execution Vulnerability
BugTraq ID: 33506
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33506
Summary:
Sun Fire X2100 M2 and X2200 M2 Servers are prone to a security-bypass vulnerability and a remote command-execution vulnerability.

Successful exploits may allow attackers to gain unauthorized access or execute arbitrary commands on the Service Processor (SP). This may aid in further attacks.

Sun Fire X2100/X2200 M2 Servers with firmware prior to 3.20 are vulnerable.

45. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
BugTraq ID: 33494
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33494
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow an attacker to crash the browser, which will result in a denial-of-service condition.

Internet Explorer 7 on Windows XP SP3 is vulnerable; other versions running on different platforms may also be affected.

NOTE: This issue was originally published as a buffer-overflow vulnerability that could result in remote code execution. Further analysis and vendor reports, however, suggest that exploiting this issue may cause only a denial-of-service condition from stack exhaustion. This vulnerability cannot be exploited to execute arbitrary code.

46. YANOCC 'lang_check.php' Local File Include Vulnerability
BugTraq ID: 33704
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33704
Summary:
YANOCC is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

YANOCC 0.1.0 is affected; other versions may also be vulnerable.

47. w3b|cms Multiple SQL Injection Vulnerabilities
BugTraq ID: 33706
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33706
Summary:
The 'w3b|cms' program is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affected the following:

w3b|cms 3.5.0 and prior
Downloads module 1.5.0
News module 1.5.0
Portfolio module 2.0.0
Partner module 1.5.0
Mediathek module 1.5.0
Sitemap module 1.5.0
Links module 1.5.0
Blog module 1.5.0
Suche module 1.5.0
Gallery module 1.5.0

48. WebFrame Local and Remote File Include Vulnerabilities
BugTraq ID: 33701
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33701
Summary:
WebFrame is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.

WebFrame 0.76 is vulnerable; other versions may also be affected.

49. Open Handset Alliance Android Multiple Local Vulnerabilities
BugTraq ID: 33695
Remote: No
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33695
Summary:
Open Handset Alliance Android (previously Google Android) is prone to multiple local vulnerabilities including a privilege-escalation issue, multiple integer-overflow issues, and a buffer-overflow issue.

Local attackers may be able to exploit these issues to gain elevated privileges on a vulnerable device or to execute arbitrary code within the context of the kernel. Failed attacks will likely cause denial-of-service conditions.

Android 1.0 as shipped with the T-Mobile G1 phone is vulnerable; other versions may also be affected.

50. Multiple Scripts For Sites EZ Products 'directory.php' Cross Site Scripting Vulnerability
BugTraq ID: 33688
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33688
Summary:
Multiple Scripts For Sites products are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

51. FotoWeb Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33677
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33677
Summary:
FotoWeb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

FotoWeb 6.0 is vulnerable; other versions may also be affected.

52. PHP Director 'searching' Parameter SQL Injection Vulnerability
BugTraq ID: 33694
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33694
Summary:
PHP Director is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

A successful exploit may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP Director 0.2 is vulnerable; other versions may also be affected.

53. ilchClan 'statistic.php' SQL Injection Vulnerability
BugTraq ID: 33678
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33678
Summary:
ilchClan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ilchClan 1.1L is vulnerable; other versions may be affected as well.

54. ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability
BugTraq ID: 33702
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33702
Summary:
ZeroShell is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the software fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

ZeroShell 1.0beta11 is vulnerable; other versions may also be affected.

55. FTPShell server '.key' File Buffer Overflow Vulnerability
BugTraq ID: 33403
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33403
Summary:
FTPShell Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

FTPShell Server 4.3 is vulnerable; other versions may also be affected.

56. mod_auth_mysql Package Multibyte Character Encoding SQL Injection Vulnerability
BugTraq ID: 33392
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33392
Summary:
mod_auth_mysql is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

57. AV Book Library Multiple SQL Injection Vulnerabilities
BugTraq ID: 33336
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33336
Summary:
AV Book Library is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to AV Book Library 1.1 are vulnerable.

58. Hedgehog-CMS 'specialacts.php' Arbitrary File Upload Vulnerability
BugTraq ID: 33699
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33699
Summary:
Hedgehog-CMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Hedgehog-CMS 1.21 is affected; other versions may also be vulnerable.

59. SnippetMaster Webpage Editor Cross Site Scripting and Remote File Include Vulnerabilities
BugTraq ID: 33705
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33705
Summary:
SnippetMaster Webpage Editor is prone to a cross-site scripting vulnerability and multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. The attacker may also execute script code in an unsuspecting user's browser or steal cookie-based authentication credentials; other attacks are also possible.

SnippetMaster Webpage Editor 2.2.2 is vulnerable; other versions may also be affected.

60. Taridnt UP Remote File Upload Vulnerability
BugTraq ID: 33691
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33691
Summary:
Taridnt UP is prone to a remote file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Taridnt UP 1.0 is vulnerable; other versions may also be affected.

61. Multiple Cisco Wireless LAN Controllers Multiple Remote Vulnerabilities
BugTraq ID: 33608
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33608
Summary:
Multiple Cisco Wireless LAN Controllers are prone to these remote vulnerabilities:

- Multiple denial-of-service vulnerabilities
- A remote privilege-escalation vulnerability

Remote attackers can exploit these issues to gain administrative rights on an affected device or crash the device, denying service to legitimate users.

The following devices are affected:

Cisco 4400 Series Wireless LAN Controllers
Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (WiSM)
Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

62. JasPer 1.900.1 Multiple Vulnerabilities
BugTraq ID: 31470
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/31470
Summary:
JasPer is prone to multiple vulnerabilities, including a buffer-overflow vulnerability, a temporary file race condition, and multiple integer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts are likely to cause denial-of-service conditions.

JasPer 1.900.1 is vulnerable; other versions may also be affected.

63. Bitrix Site Manager Multiple Input Validation Vulnerabilities
BugTraq ID: 33689
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33689
Summary:
Bitrix Site Manager is prone to multiple input-validation vulnerabilities:

- An authentication-bypass vulnerability
- A cross-site scripting vulnerability

An attacker may leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and steal cookie-based authentication credentials. Other attacks are also possible.

64. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
BugTraq ID: 24052
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/24052
Summary:
JasPer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted JP2 files.

An attacker may exploit this issue by enticing victims to open a maliciously crafted file.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

This issue affects JasPer 1.900 and 1.900.1; other versions may also be affected.

65. glFusion Anonymous Comment 'username' Field HTML Injection Vulnerability
BugTraq ID: 33683
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33683
Summary:
glFusion is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

glFusion 1.1.0 and 1.1.1 are vulnerable; other versions may also be affected.

66. PyBlosxom Atom Flavor Multiple XML Injection Vulnerabilities
BugTraq ID: 33676
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33676
Summary:
PyBlosxom is prone to multiple XML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied XML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

PyBlosxom 1.4.3 is vulnerable; other versions may also be affected.

67. AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
BugTraq ID: 33698
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33698
Summary:
AdaptCMS Lite is prone to multiple cross-site scripting vulnerabilities and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

AdaptCMS Lite 1.4 is vulnerable; other versions may also be affected.

68. If-CMS 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 33697
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33697
Summary:
If-CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

If-CMS 2.07 is vulnerable; other versions may also be affected.

69. FlexCMS 'catId' Parameter SQL Injection Vulnerability
BugTraq ID: 33696
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33696
Summary:
FlexCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

70. OpenPegasus WBEM CIM Management Server 'PAMBasicAuthenticatorUnix.cpp' Buffer Overflow Vulnerability
BugTraq ID: 27172
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/27172
Summary:
OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue occurs in the PAM (Pluggable Authentication Module) authentication code.

Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Versions in the OpenPegasus 2.6 series are vulnerable.

71. OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability
BugTraq ID: 27188
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/27188
Summary:
OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

This issue occurs in the PAM (Pluggable Authentication Module) authentication code.

Versions in the OpenPegasus 2.6 series are vulnerable.

72. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
BugTraq ID: 32882
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/32882
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, help launch cross-site scripting attacks, and execute arbitrary script code with elevated privileges; other attacks are also possible.

UPDATE (December 18, 2008): Mozilla Firefox 2.0.0.19 for Windows is vulnerable to the cross-domain information-disclosure vulnerability documented by MFSA 2008-65. Firefox 2.0.0.20 is available and addresses this issue.

73. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
BugTraq ID: 33598
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33598
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, bypass certain security settings, and execute arbitrary script code with elevated privileges; other attacks are also possible.

74. Sun Java System Directory Server LDAP Request Denial Of Service Vulnerability
BugTraq ID: 33732
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33732
Summary:
Sun Java System Directory Server is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

The issue affects the following versions:

Sun Java System Directory Server 5.2
Sun Java System Directory Server 5.2 Patch2
Sun Java System Directory Server 5.2 Patch3
Sun Java System Directory Server 5.2 Patch4
Sun Java System Directory Server 5.2 Patch6

75. libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
BugTraq ID: 33724
Remote: No
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33724
Summary:
The 'libvirt' library is prone to a local privilege-escalation vulnerability because it fails perform adequate boundary-checks on user-supplied data.

Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects version 0.5.1; other versions may also be affected.

76. A Better Member-Based ASP Photo Gallery 'view.asp' SQL Injection Vulnerability
BugTraq ID: 33693
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33693
Summary:
A Better Member-Based ASP Photo Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects versions prior to 1.2.

77. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33405
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33405
Summary:
GStreamer is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of applications that use the affected library. Failed attacks will cause denial-of-service conditions.

Versions prior to GStreamer 'gst-plugins-good' 0.10.12 are vulnerable. Applications using the library, such as Songbird, Totem, and Amarok, may also be affected.

78. Drupal Ajax Checklist Module Unspecified HTML Injection Vulnerability
BugTraq ID: 33737
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33737
Summary:
The Ajax Checklist module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Note that attackers require valid authentication credentials with permission to create or edit posts, and use an input format containing the 'ajax_checklist' filter.

Versions prior to Ajax Checklist 5.x-1.1 are vulnerable.
http://drupal.org/node/207891

79. Geovision Digital Video Surveillance System Directory Traversal Vulnerability
BugTraq ID: 33735
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33735
Summary:
Geovision Digital Video Surveillance System is prone to a directory-traversal vulnerability.

Exploiting this issue allows an attacker to write arbitrary files to locations outside the application's current directory or gain access to sensitive information. Other attacks are also possible.

80. Fail2ban 'wuftpd.conf' Remote Denial of Service Vulnerability
BugTraq ID: 33734
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33734
Summary:
Fail2ban is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to add arbitrary IP addresses to the block list used by the application. This allows attackers to deny further network access to legitimate users.

81. Pebble Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 33733
Remote: Yes
Last Updated: 2009-02-11
Relevant URL: http://www.securityfocus.com/bid/33733
Summary:
Pebble is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

The issue affects Pebble versions prior to 2.3.2.

82. OpenCore 'pvmp3_huffman_parsing.cpp' Remote Buffer Underflow Vulnerability
BugTraq ID: 33673
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33673
Summary:
OpenCore is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

83. TechExcel CustomerWise Multiple Input Validation Vulnerabilities
BugTraq ID: 25624
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/25624
Summary:
CustomerWise is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML-injection issue, because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.

84. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
BugTraq ID: 33604
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33604
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain HTTP requests.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

This issue affects versions prior to Squid 2.7.STABLE5, Squid 3.0.STABLE12, and Squid 3.1.0.4.

85. Barcode Generator 'image.php' Local File Include Vulnerability
BugTraq ID: 31382
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/31382
Summary:
Barcode Generator is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files and execute local scripts within the context of the webserver process.

Barcode Generator 2.0.0 and prior versions are affected.

86. Wicd 'wicd.conf' Default Configuration Local Information Disclosure Vulnerability
BugTraq ID: 33658
Remote: No
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33658
Summary:
Wicd is prone to a local information-disclosure vulnerability because its default configuration fails to restrict ownership of its daemon.

Local attackers can exploit this issue to claim ownership of the Wicd daemon object and receive messages intended for the daemon. Information harvested from the messages could help attackers launch further attacks.

Versions prior to Wicd 1.5.9 are vulnerable.

87. AJ Auction Pro SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 31390
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/31390
Summary:
AJ Auction Pro is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

88. Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
BugTraq ID: 32533
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32533
Summary:
Multiple ActiveWebSoftwares products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

ActiveVotes 2.2
Active Force Matrix 2
Active Trade 2
Active Price Comparison 4
Active Test 2.1
eWebQuiz 8
Active Newsletter 4.3
Active Web Mail 4
Active Websurvey 9.1
Active Membership 2
Active Web Helpdesk 2
Active Photo Gallery 6.2
Active Time Billing 3.2

89. Nokia Phoenix Service Software ActiveX Controls Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33726
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33726
Summary:
Nokia Phoenix Service Software ActiveX controls are prone to multiple buffer-overflow vulnerabilities because they fail to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.

An attacker can exploit these issues to execute arbitrary code within the context of the application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Nokia Phoenix Service Software 2008.04.007.32837 is vulnerable; other versions may also be affected.

90. IBM AIX 'at' Local Information Disclosure Vulnerability
BugTraq ID: 33730
Remote: No
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33730
Summary:
IBM AIX is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may help in further attacks.

91. Drupal 'install.php' Local File Include Vulnerability
BugTraq ID: 33685
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33685
Summary:
Drupal is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

Drupal 6.9 is vulnerable; other versions may also be affected.

92. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 33627
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33627
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

93. Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 33628
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33628
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

94. TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 33714
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33714
Summary:
TYPO3 is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.

95. Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
BugTraq ID: 33568
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33568
Summary:
Multiple VNC clients are prone to integer-overflow vulnerabilities because they fail to properly validate data supplied by the VNC server.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

The following are vulnerable to these issues;

UltraVNC prior to 1.0.5.4
TightVNC prior to 1.3.10

Other VNC applications may also be affected.

96. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
BugTraq ID: 32232
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32232
Summary:
GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users may be under a false sense of security that can aid attackers in launching further attacks.

Versions prior to GnuTLS 2.6.1 are vulnerable.

97. MediaWiki 'config/index.php' Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33681
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33681
Summary:
MediaWiki is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.

Versions prior to MediaWiki 1.13.3, 1.12.1, and 1.6.11 are vulnerable.

98. Novell QuickFinder Server Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 33708
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33708
Summary:
Novell QuickFinder Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

99. HP OpenView Network Node Manager 'ovlaunch' Buffer Overflow Vulnerability
BugTraq ID: 33668
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33668
Summary:
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager. Failed exploits can result in a denial-of-service condition.

Network Node Manager 7.53 running on Microsoft Windows is affected; other versions and platforms may also be vulnerable.

100. OpenSSH CBC Mode Information Disclosure Vulnerability
BugTraq ID: 32319
Remote: Yes
Last Updated: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/32319
Summary:
OpenSSH is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain four bytes of plaintext from an encrypted session.

OpenSSH 4.7p1 is vulnerable; other versions may also be affected. Various versions of SSH Tectia are also affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

2. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

3. Commission calls for cybersecurity czar
By: Robert Lemos
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
http://www.securityfocus.com/news/11540

4. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #430
http://www.securityfocus.com/archive/88/500706

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sophos

Is virtualization a black hole in your security? 5 ways to ensure it isn't...

http://dinclinx.com/Redirect.aspx?36;4037;35;189;0;6;259;0ad5ac9ed0ee883a

News

Wednesday, February 11, 2009

SecurityFocus Newsletter #490

No comments:

WINDOWS CENTER

Blog Archive