Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: SecurityFocus Newsletter #503
- From: Howell, Paul
- Date: Fri May 29 08:22:35 2009
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of sfa@securityfocus.com
Sent: Thursday, May 28, 2009 7:14 PM
To: sf-news@securityfocus.com
Subject: SecurityFocus Newsletter #503
SecurityFocus Newsletter #503
----------------------------------------
This issue is sponsored by Thawte
SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence
and Increase Sales
Extended Validation SSL delivers the acknowledged industry standard for
the highest level of online identity assurance processes for SSL
certificate issuance. Find out how the EV standard increases the
visibility of authentication status through the use of a green address
bar in the latest high security web browsers.
http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f21
4c470a
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as
conveying topics of interest for our community. We are proud to offer
content from Matasano at this time and will be adding more in the coming
weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.A Botnet by Any Other Name
2.Projecting Borders into Cyberspace
II. BUGTRAQ SUMMARY
1. Novell GroupWise WebAccess Multiple Security Vulnerabilities
2. Apple Mac OS X PICT Image Handling Integer Overflow
Vulnerability
3. NTP 'ntpq' Stack Buffer Overflow Vulnerability
4. vbPlaza 'name' Parameter SQL Injection Vulnerability
5. BlackBerry Attachment Service PDF Distiller Multiple
Unspecified Security Vulnerabilities
6. Gallarific Cross Site Scripting and Authentication Bypass
Vulnerabilities
7. Red Hat Certificate System Agent Group Security Bypass
Vulnerability
8. WP-Lytebox 'main.php' Local File Include Vulnerability
9. libxml XML Entity Name Heap Buffer Overflow Vulnerability
10. Multiple SlySoft Products Driver IOCTL Request Multiple Local
Buffer Overflow Vulnerabilities
11. FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability
12. Lighttpd Trailing Slash Information Disclosure Vulnerability
13. Soulseek Distributed File Search Buffer Overflow
Vulnerability
14. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
15. SonicWALL Global VPN Client 'RampartSvc' Local Privilege
Escalation Vulnerability
16. SonicWALL Global Security Client Local Privilege Escalation
Vulnerability
17. SonicWALL Global VPN Client Log File Remote Format String
Vulnerability
18. SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer
Overflow Vulnerability
19. Microsoft PowerPoint Paragraph Data Remote Code Execution
Vulnerability
20. IBM Director CIM Server Privilege Escalation Vulnerability
21. Nortel Networks Contact Center Administration CCMA Cookie
Authentication Bypass Vulnerability
22. Wireshark Prior to 1.0.7 Multiple Denial Of Service
Vulnerabilities
23. Wireshark PN-DCP Data Format String Vulnerability
24. Realty Web-Base 'list_list.php' Parameter SQL Injection
Vulnerability
25. NetDecision TFTP Server Directory Traversal Vulnerability
26. VidsharePro SQL Injection and Cross Site Scripting
Vulnerabilities
27. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet
Denial of Service Vulnerability
28. IBM WebSphere Partner Gateway 'bcgarchive' Information
Disclosure Vulnerability
29. Pinnacle Hollywood FX '.hfz' File Handling Remote Denial of
Service Vulnerability
30. Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer
Overflow Vulnerability
31. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
32. libwmf WMF Image File Remote Code Execution Vulnerability
33. Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
34. acpid Local Denial of Service Vulnerability
35. PRTG Traffic Grapher 'Monitor_Bandwidth' Cross Site Scripting
Vulnerability
36. Smarty Template Engine 'function.math.php' Security Bypass
Vulnerability
37. libsndfile Audio Data Multiple Denial Of Service
Vulnerabilities
38. Phorum 'image/bmp' MIME Type HTML Injection Vulnerability
39. Woltlab Burning Board 'image/bmp' MIME Type HTML-Injection
Vulnerability
40. Simple Machines Forum 'image/bmp' MIME Type HTML Injection
Vulnerability
41. Citrix Password Manager Secondary Credentials Local
Information Disclosure Vulnerability
42. Mozilla Firefox 'keygen' HTML Tag Denial of Service
Vulnerability
43. ATutor 'documentation/index.php' URL Handling Phishing
Vulnerability
44. HP Data Protector Express Local Unspecified Privilege
Escalation Vulnerability
45. Drupal Embedded Media Field Module Create Content Multiple
HTML Injection Vulnerabilities
46. FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow
Vulnerability
47. Lussumo Vanilla 'ajax/updatecheck.php' Cross-Site Scripting
Vulnerability
48. FreeType LWFN Files Buffer Overflow Vulnerability
49. Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow
Vulnerabilities
50. Lussumo Vanilla 'updatecheck.php' Cross Site Scripting
Vulnerability
51. phpBugTracker 'include.php' SQL Injection Vulnerability
52. Microsoft DirectX DirectShow QuickTime Video Remote Code
Execution Vulnerability
53. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote
Command Injection Vulnerability
54. Wireshark PCNFSD Dissector Denial of Service Vulnerability
55. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information
Disclosure Vulnerability
56. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin
Validation Weakness
57. Linux Kernel Audit System 'audit_syscall_entry()' System Call
Security Bypass Vulnerability
58. Linux Kernel 'drivers/char/agp/generic.c' Local Information
Disclosure Vulnerability
59. Linux Kernel 'ptrace_attach()' Local Privilege Escalation
Vulnerability
60. Linux Kernel 'exit_notify()' CAP_KILL Verification Local
Privilege Escalation Vulnerability
61. Linux Kernel 'kill_something_info()' Local Denial of Service
Vulnerability
62. Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
63. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access
Vulnerability
64. NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
65. Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow
Vulnerability
66. libsndfile VOC and AIFF Processing Buffer Overflow
Vulnerabilities
67. OpenSSL 'zlib' Compression Memory Leak Remote Denial of
Service Vulnerability
68. OpenSC 'pkcs11-tool' Inseure Key Generation Vulnerability
69. SiteX 'THEME_FOLDER' Parameter Multiple Local File Include
Vulnerabilities
70. AgoraGroups Joomla! Component 'id' Parameter SQL Injection
Vulnerability
71. Microsoft IIS Unicode Requests to WebDAV Multiple
Authentication Bypass Vulnerabilities
72. Drupal Ajax Session Module Multiple Input Validation
Vulnerabilities
73. Easy PX 41 CMS 'fiche' Parameter Local File Include
Vulnerability
74. RSGallery2 Component for Mambo/Joomla! Backdoor Vulnerability
75. PHP-Nuke 'main/tracking/userLog.php' SQL Injection
Vulnerability
76. pam_krb5 Existing/Non-Existing Username Enumeration Weakness
77. Apache 'Options' and 'AllowOverride' Directives Security
Bypass Vulnerability
78. Sun Java Runtime Environment and Java Development Kit
Multiple Security Vulnerabilities
79. IBM Hardware Management Console (HMC) Shared Memory
Unspecified Vulnerability
80. Microsoft Windows 'win32k.sys' Local Denial Of Service
Vulnerability
81. Microsoft Windows Desktop Wall Paper System Parameter Local
Denial Of Service Vulnerability
82. Pidgin Multiple Buffer Overflow Vulnerabilities
83. ImageMagick TIFF File Integer Overflow Vulnerability
84. Dokuwiki 'doku.php' Local File Include Vulnerability
85. RoomPHPlanning Multiple Vulnerabilities
86. ProFTPD CIDR Access Control Rule Bypass Vulnerability
87. Jetty Cross Site Scripting and Information Disclosure
Vulnerabilities
88. SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
89. Nortel Contact Center Manager Administration Password
Disclosure Vulnerability
90. Multiple ATEN IP KVM Switches Multiple Remote Vulnerabilities
and Weakness
91. ZEECAREERS and SHAADICLONE 'admin/addadminmembercode.php'
Authentication Bypass Vulnerability
92. Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
93. DBD::Pg BYTEA Values Memory Leak Denial of Service
Vulnerability
94. MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
95. PostgreSQL Conversion Encoding Remote Denial of Service
Vulnerability
96. DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow
Vulnerabilities
97. MySQL Empty Binary String Literal Remote Denial Of Service
Vulnerability
98. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request
Local Privilege Escalation Vulnerabilities
99. phpBugTracker 'index.php' SQL Injection Vulnerability
100. cpCommerce 'GLOBALS[prefix]' Local/Remote File Include
Vulnerability
III. SECURITYFOCUS NEWS
1. Browsers bashed first in hacking contest
2. Experts: U.S. needs to defend its "cyber turf"
3. Advisor: U.S. needs policy to defend cyberspace
4. Cabal forms to fight Conficker, offers bounty
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. New Tech Tip: Configuring Windows 7 for a limited user
2. AD Password complexity - passwords too long?
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. curuncula dbr rootkit detection tool
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over
globe-spanning botnets and their criminal intent: Conficker managed to
hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet
consisting of some 1.9 million malicious agents.
http://www.securityfocus.com/columnists/501
2.Projecting Borders into Cyberspace
By Jeffrey Carr
Two recent stories of significant cyber attacks come close to blaming
the Chinese for the intrusions but stop short.
http://www.securityfocus.com/columnists/500
II. BUGTRAQ SUMMARY
--------------------
1. Novell GroupWise WebAccess Multiple Security Vulnerabilities
BugTraq ID: 35066
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35066
Summary:
Novell GroupWise WebAccess is prone to multiple security
vulnerabilities.
An attacker may leverage these issues to bypass certain security
restrictions or conduct cross-site scripting attacks.
Note that some of the issues may be related to BID 35061. We will update
this BID as more information emerges.
Versions prior to WebAccess 7.03 HP3 and 8.0.0 HP2 are vulnerable.
2. Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
BugTraq ID: 34938
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34938
Summary:
Apple Mac OS X is prone to an integer-overflow vulnerability when
handling PICT image files.
An attacker can exploit this issue to execute arbitrary code in the
context of the victim.
NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X
2009-002 Multiple Security Vulnerabilities), but has been assigned its
own record to better document it.
3. NTP 'ntpq' Stack Buffer Overflow Vulnerability
BugTraq ID: 34481
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34481
Summary:
The 'ntpq' command is prone to a stack-based buffer-overflow
vulnerability.
Successful exploits will crash the affected utility. Code execution may
also be possible, but has not been confirmed.
4. vbPlaza 'name' Parameter SQL Injection Vulnerability
BugTraq ID: 35099
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35099
Summary:
vbPlaza is prone to an SQL-injection vulnerability because it fails to
properly sanitize user-supplied input before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database.
5. BlackBerry Attachment Service PDF Distiller Multiple Unspecified
Security Vulnerabilities
BugTraq ID: 35102
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35102
Summary:
BlackBerry Attachment Service is prone to multiple remote code-execution
vulnerabilities when handling specially crafted PDF files.
Attackers can leverage these issues to execute arbitrary machine code in
the context of the vulnerable service, possibly with SYSTEM-level
privileges. Successful exploits will compromise the server. Failed
attacks will likely result in denial-of-service conditions.
6. Gallarific Cross Site Scripting and Authentication Bypass
Vulnerabilities
BugTraq ID: 28163
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/28163
Summary:
Gallarific is prone to a cross-site scripting vulnerability and multiple
authentication-bypass vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected
site, steal cookie-based authentication credentials, add new categories,
add new users, and modify existing users. Other attacks are also
possible.
These issues affect both the commercial and the free versions of
Gallarific.
7. Red Hat Certificate System Agent Group Security Bypass Vulnerability
BugTraq ID: 35104
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35104
Summary:
Red Hat Certificate System (RHCS) is prone to a security-bypass
vulnerability because of an error related to the handling of multiple
agent groups.
Successfully exploiting this issue allows agent groups to approve or
reject certificates in arbitrary queues; this may aid in further
attacks.
RHCS 7.3 is vulnerable; other versions may also be affected.
8. WP-Lytebox 'main.php' Local File Include Vulnerability
BugTraq ID: 35098
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35098
Summary:
WP-Lytebox is prone to a local file-include vulnerability because it
fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute
local scripts in the context of the webserver process, which may aid in
further attacks.
WP-Lytebox 1.3 is vulnerable; other versions may also be affected.
9. libxml XML Entity Name Heap Buffer Overflow Vulnerability
BugTraq ID: 31126
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/31126
Summary:
The 'libxml' library is prone to a heap-based buffer-overflow
vulnerability because the software fails to perform adequate boundary
checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary within the
context of an application using the affected library. Failed exploit
attempts will result in a denial-of-service vulnerability.
10. Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer
Overflow Vulnerabilities
BugTraq ID: 34103
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34103
Summary:
Multiple SlySoft products are prone to multiple buffer-overflow
vulnerabilities because they fail to adequately validate user-supplied
input.
A local attacker can exploit these issues to execute arbitrary code with
SYSTEM-level privileges. Failed attacks will result in denial-of-service
conditions.
The following applications are vulnerable:
SlySoft AnyDVD 6.5.2.2
SlySoft AnyDVD HD 6.5.2.2
SlySoft Virtual CloneDrive 5.4.2.3
SlySoft CloneDVD 2.9.2.0
SlySoft CloneCD 5.3.1.3
11. FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability
BugTraq ID: 33777
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/33777
Summary:
FreeBSD is prone to a remote code-execution vulnerability.
Remote attackers can exploit this issue to execute arbitrary code with
superuser privileges. Successfully exploiting this issue will facilitate
in the complete compromise of affected computers.
FreeBSD 7.0 and 7.1 branches are vulnerable.
12. Lighttpd Trailing Slash Information Disclosure Vulnerability
BugTraq ID: 35097
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35097
Summary:
Lighttpd is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that
may lead to further attacks.
Lighttpd 1.4.23 is vulnerable; other versions may also be affected.
13. Soulseek Distributed File Search Buffer Overflow Vulnerability
BugTraq ID: 35091
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35091
Summary:
Soulseek is prone to a stack-based buffer-overflow vulnerability because
the application fails to perform adequate boundary checks on
user-supplied data.
Attackers can exploit this issue to execute arbitrary code within the
context of the affected application. Failed exploit attempt will result
in a denial-of-service condition.
Soulseek 156 and 157 NS are vulnerable; other versions may also be
affected.
14. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
BugTraq ID: 35052
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35052
Summary:
Nullsoft Winamp is prone to a buffer-overflow vulnerability because the
application fails to perform adequate boundary checks on user-supplied
input.
Attackers may leverage this issue to execute arbitrary code in the
context of the application. Failed attacks will cause denial-of-service
conditions.
Winamp 5.55 and prior versions are vulnerable.
15. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation
Vulnerability
BugTraq ID: 35092
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35092
Summary:
SonicWALL Global VPN Client is prone to a local privilege-escalation
vulnerability.
Successfully exploiting this issue allows local users to execute
arbitrary code with LocalSystem privileges, facilitating the complete
compromise of affected computers.
Global VPN Client 4.0.0.835 is vulnerable; other versions may also be
affected.
16. SonicWALL Global Security Client Local Privilege Escalation
Vulnerability
BugTraq ID: 35094
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35094
Summary:
SonicWALL Global Security Client is prone to a local
privilege-escalation vulnerability because the application fails to
perform adequate boundary checks on user-supplied data.
A local attacker can exploit this issue to execute arbitrary code with
SYSTEM-level privileges. Successfully exploiting this issue will result
in the complete compromise of affected computers.
Global Security Client 1.0.0.15 is vulnerable; other versions may also
be affected.
17. SonicWALL Global VPN Client Log File Remote Format String
Vulnerability
BugTraq ID: 35093
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35093
Summary:
SonicWALL Global VPN Client is prone to a remote format-string
vulnerability because it fails to properly sanitize user-supplied input
before passing it as the format specifier to a formatted-printing
function.
Successfully exploiting this issue allows remote attackers to execute
arbitrary machine code in the context of the application. Failed
attempts may cause denial-of-service conditions.
Global VPN Client 4.0.0.2-51e Standard and Enhanced are vulnerable;
other versions may also be affected.
18. SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow
Vulnerability
BugTraq ID: 34310
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34310
Summary:
SAP AG SAPgui is prone to a remote stack-based buffer-overflow
vulnerability.
Attackers can exploit this issue to execute arbitrary code within the
context of an application that uses the ActiveX control (typically
Internet Explorer). Failed exploit attempts will result in a
denial-of-service condition.
Versions prior to SAPgui 7.10 Patch Level 9 are vulnerable.
19. Microsoft PowerPoint Paragraph Data Remote Code Execution
Vulnerability
BugTraq ID: 34833
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34833
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a
malicious PowerPoint file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user. Failed
exploit attempts will result in a denial-of-service condition.
20. IBM Director CIM Server Privilege Escalation Vulnerability
BugTraq ID: 34065
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34065
Summary:
IBM Director is prone to a privilege-escalation vulnerability that
affects the CIM server.
Attackers can leverage this issue to execute arbitrary code with
elevated privileges in the context of the CIM server process.
Versions prior to IBM Director 5.20.3 Service Update 2 are affected.
21. Nortel Networks Contact Center Administration CCMA Cookie
Authentication Bypass Vulnerability
BugTraq ID: 34966
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34966
Summary:
Nortel Networks Contact Center Manager Administration (CCMA) is prone to
an authentication-bypass vulnerability because it fails to adequately
verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain unauthorized access to
the affected application, which may aid in further attacks.
CCMA 6.0 is vulnerable; other versions may also be affected.
22. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 34457
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34457
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to crash the application,
denying service to legitimate users. Attackers may be able to leverage
some of these vulnerabilities to execute arbitrary code, but this has
not been confirmed.
Versions prior to Wireshark 1.0.7 are vulnerable.
23. Wireshark PN-DCP Data Format String Vulnerability
BugTraq ID: 34291
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34291
Summary:
Wireshark is prone to a format-string vulnerability.
Attackers can leverage this issue to execute arbitrary code within the
context of the vulnerable application. Failed attacks will likely cause
denial-of-service conditions.
Wireshark 1.0.6 is vulnerable; other versions may also be affected.
24. Realty Web-Base 'list_list.php' Parameter SQL Injection
Vulnerability
BugTraq ID: 35043
Remote: Yes
Last Updated: 2009-05-25
Relevant URL: http://www.securityfocus.com/bid/35043
Summary:
Realty Web-Base is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an
SQL query.
Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities in
the underlying database.
Realty Web-Base 1.0 is vulnerable; other versions may also be affected.
25. NetDecision TFTP Server Directory Traversal Vulnerability
BugTraq ID: 35002
Remote: Yes
Last Updated: 2009-05-25
Relevant URL: http://www.securityfocus.com/bid/35002
Summary:
NetDecision TFTP Server is prone to a directory-traversal vulnerability
because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to upload and download
arbitrary files outside of the TFTP server root directory. This could
help the attacker launch further attacks.
NetDecision TFTP Server 4.2 is vulnerable; other versions may also be
affected.
26. VidsharePro SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 35033
Remote: Yes
Last Updated: 2009-05-25
Relevant URL: http://www.securityfocus.com/bid/35033
Summary:
VidsharePro is prone to an SQL-injection vulnerability and a cross-site
scripting vulnerability because it fails to sufficiently sanitize
user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, compromise the application, access or modify
data, or exploit latent vulnerabilities in the underlying database.
27. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of
Service Vulnerability
BugTraq ID: 35138
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35138
Summary:
OpenSSL is prone to a vulnerability that may allow attackers to cause
denial-of-service conditions.
OpenSSL 1.0.0 Beta 2 is vulnerable; other versions may also be affected.
28. IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure
Vulnerability
BugTraq ID: 35136
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35136
Summary:
IBM WebSphere Partner Gateway (WPG) is prone to an
information-disclosure vulnerability.
Exploiting this issue may allow an attacker to obtain sensitive
information that may aid in further attacks.
WPG 6.1.0 and 6.1.1 are vulnerable.
29. Pinnacle Hollywood FX '.hfz' File Handling Remote Denial of Service
Vulnerability
BugTraq ID: 35137
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35137
Summary:
Pinnacle Hollywood FX is prone to a remote denial-of-service
vulnerability because the application fails to handle specially crafted
files.
Exploiting this issue allows remote attackers to crash the application,
denying further service to legitimate users.
This issue may be related to the vulnerability described in BID 34936
(Pinnacle Studio '.hfz' File Directory Traversal Vulnerability).
Pinnacle Hollywood FX 6 is vulnerable; other versions may also be
affected.
30. Linux Kernel CIFS 'decode_unicode_ssetup()' Remote Buffer Overflow
Vulnerability
BugTraq ID: 34612
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34612
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability
because the software fails to perform adequate boundary checks on
user-supplied data.
An attacker can exploit this issue to execute arbitrary code with
kernel-level privileges. Successfully exploiting this issue will result
in the complete compromise of affected computers. Failed exploit
attempts will result in a denial-of-service condition.
31. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
BugTraq ID: 34453
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34453
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability
because the software fails to perform adequate boundary checks on
user-supplied data.
An attacker can exploit this issue to execute arbitrary code with
kernel-level privileges. Successfully exploiting this issue will result
in the complete compromise of affected computers. Failed exploit
attempts will result in a denial-of-service condition.
The issue affects Linux Kernel 2.6.29; other versions may also be
vulnerable.
32. libwmf WMF Image File Remote Code Execution Vulnerability
BugTraq ID: 34792
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34792
Summary:
The 'libwmf' library is prone to a buffer-overflow vulnerability because
the vector graphics linked library improperly allocates memory when
parsing WMF image files.
Successfully exploiting this issue would allow an attacker to corrupt
memory and execute arbitrary code in the context of the currently
logged-in user.
33. Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
BugTraq ID: 34985
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34985
Summary:
Eggdrop is prone to a remote denial-of-service vulnerability because it
fails to adequately validate user-supplied input.
An attacker may exploit this issue to crash the application, resulting
in a denial-of-service condition.
This issue is related to the vulnerability described in BID 24070
(Eggdrop Server Module Message Handling Remote Buffer Overflow
Vulnerability).
Versions prior to Eggdrop 1.6.19+ctcpfix are vulnerable.
34. acpid Local Denial of Service Vulnerability
BugTraq ID: 34692
Remote: No
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34692
Summary:
The 'acpid' daemon is prone to a local denial-of-service vulnerability.
Successful exploits will allow attackers to make the daemon
unresponsive, resulting in denial-of-service conditions.
The issue affects versions prior to acpid 1.0.10.
35. PRTG Traffic Grapher 'Monitor_Bandwidth' Cross Site Scripting
Vulnerability
BugTraq ID: 35128
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35128
Summary:
PRTG Traffic Grapher is prone to a cross-site scripting vulnerability
because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in
the browser of an unsuspecting user in the context of the affected site.
This may allow the attacker to steal cookie-based authentication
credentials and to launch other attacks.
PRTG Traffic Grapher 6.2.2.977 is vulnerable.
36. Smarty Template Engine 'function.math.php' Security Bypass
Vulnerability
BugTraq ID: 34918
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34918
Summary:
Smarty Template Engine is prone to a security-bypass vulnerability
because it fails to adequately sanitize user-supplied input.
Attackers may exploit the issue to bypass certain security restrictions
and execute arbitrary PHP code in the context of the application.
Smarty Template Engine 2.6.22 for Windows is vulnerable; other versions
may also be affected.
37. libsndfile Audio Data Multiple Denial Of Service Vulnerabilities
BugTraq ID: 35126
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35126
Summary:
The 'libsndfile' library is prone to multiple denial-of-service
vulnerabilities.
Exploiting these issues may allow attackers to crash an application that
uses the affected library, denying service to legitimate users.
These issues affect libsndfile 1.0.20; other versions may also be
affected.
38. Phorum 'image/bmp' MIME Type HTML Injection Vulnerability
BugTraq ID: 35134
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35134
Summary:
Phorum is prone to an HTML-injection vulnerability because the
application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials or to control how the site is
rendered to the user; other attacks are also possible.
39. Woltlab Burning Board 'image/bmp' MIME Type HTML-Injection
Vulnerability
BugTraq ID: 35135
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35135
Summary:
Woltlab Burning Board is prone to a HTML-injection vulnerability because
the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in
the browser of an unsuspecting user in the context of the affected site.
This may help the attacker steal cookie-based authentication credentials
and launch other attacks.
The following are vulnerable:
Burning Board 3.0.8 and prior
Burning Board Lite 2.0.1 and prior
40. Simple Machines Forum 'image/bmp' MIME Type HTML Injection
Vulnerability
BugTraq ID: 35130
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35130
Summary:
Simple Machines Forum (SMF) is prone to an HTML-injection vulnerability
because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the
affected browser, potentially allowing the attacker to steal
cookie-based authentication credentials or to control how the site is
rendered to the user. Other attacks are also possible.
NOTE: This issue was originally documented as a cross-site scripting
vulnerability. After further analysis, the BID has been rewritten as an
HTML-injection issue.
41. Citrix Password Manager Secondary Credentials Local Information
Disclosure Vulnerability
BugTraq ID: 35133
Remote: No
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35133
Summary:
Citrix Password Manager is prone to a local information-disclosure
vulnerability.
Exploiting this issue may allow a local attacker to obtain sensitive
information that may aid in further attacks.
Versions prior to Password Manager 4.6 SP1 are vulnerable.
42. Mozilla Firefox 'keygen' HTML Tag Denial of Service Vulnerability
BugTraq ID: 35132
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35132
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to cause the browser to stop
responding, thus denying service to legitimate users.
43. ATutor 'documentation/index.php' URL Handling Phishing Vulnerability
BugTraq ID: 35129
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35129
Summary:
ATutor is prone to a vulnerability that can aid in phishing attacks.
Successful exploits may allow attackers to redirect victims to a
malicious website. This may lead to other attacks.
ATutor 1.6.2 is vulnerable; other versions may also be affected.
44. HP Data Protector Express Local Unspecified Privilege Escalation
Vulnerability
BugTraq ID: 34955
Remote: No
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/34955
Summary:
HP Data Protector Express is prone to a local privilege-escalation
vulnerability.
Local attackers can exploit this issue to execute arbitrary code with
escalated privileges or cause denial-of-service conditions.
Successfully exploiting this issue may result in the complete compromise
of affected computers.
The issue affects the following:
HP Data Protector Express and SSE 3.x prior to build 47065
HP Data Protector Express and SSE 4.x prior to
build 46537
45. Drupal Embedded Media Field Module Create Content Multiple HTML
Injection Vulnerabilities
BugTraq ID: 35131
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35131
Summary:
The Embedded Media Field module for Drupal is prone to multiple
HTML-injection vulnerabilities because the module fails to properly
sanitize user-supplied input before using it in dynamically generated
content.
Attacker-supplied HTML and script code would run in the context of the
affected browser, potentially allowing the attacker to steal
cookie-based authentication credentials or to control how the site is
rendered to the user. Other attacks are also possible.
Note that to exploit these issues, attackers require 'Administer content
types' permissions within the Drupal application.
Embedded Media Field 6.x-1.0 is vulnerable; other versions may also be
affected.
http://drupal.org/node/207891
46. FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow
Vulnerability
BugTraq ID: 24074
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/24074
Summary:
FreeType is prone to an integer-overflow vulnerability because it fails
to properly validate TTF files.
An attacker may exploit this issue by enticing victims into opening
maliciously crafted TTF Files.
Successful exploits will allow attackers to execute arbitrary code in
the context in the context of applications that use the affected
library. Failed exploit attempts will likely result in denial-of-service
conditions.
This issue affects FreeType 2.3.4 and prior versions.
47. Lussumo Vanilla 'ajax/updatecheck.php' Cross-Site Scripting
Vulnerability
BugTraq ID: 35114
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35114
Summary:
Lussumo Vanilla is prone to a cross-site scripting vulnerability because
the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in
the browser of an unsuspecting user in the context of the affected site.
This may help the attacker steal cookie-based authentication credentials
and launch other attacks.
Vanilla 1.1.5 and 1.1.7 are vulnerable; other versions may also be
affected.
48. FreeType LWFN Files Buffer Overflow Vulnerability
BugTraq ID: 18034
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability because of an
integer overflow that causes a buffer to be overrun with
attacker-supplied data.
Exploiting this issue allows remote attackers to execute arbitrary
machine code in the context of applications that use the affected
library. Failed exploit attempts will likely crash applications, denying
service to legitimate users.
Versions prior to FreeType 2.2.1 are vulnerable.
49. Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow
Vulnerabilities
BugTraq ID: 35083
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35083
Summary:
Sun Solaris is prone to multiple buffer-overflow vulnerabilities because
the software fails to perform adequate boundary checks on user-supplied
input.
Attackers can leverage these issues to execute arbitrary code with
superuser privileges. Failed attacks will cause denial-of-service
conditions.
These issues affect Solaris 8 and 9.
50. Lussumo Vanilla 'updatecheck.php' Cross Site Scripting Vulnerability
BugTraq ID: 35124
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35124
Summary:
Vanilla is prone to a cross-site scripting vulnerability because it
fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in
the browser of an unsuspecting user in the context of the affected site.
This may allow the attacker to steal cookie-based authentication
credentials and to launch other attacks.
Versions prior to Vanilla 1.1.8 are vulnerable.
51. phpBugTracker 'include.php' SQL Injection Vulnerability
BugTraq ID: 35125
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35125
Summary:
phpBugTracker is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an
SQL query.
Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities in
the underlying database.
phpBugTracker 1.0.4 and prior versions are vulnerable.
52. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution
Vulnerability
BugTraq ID: 35139
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35139
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability
because the DirectShow component fails to properly handle QuickTime
media files.
Successfully exploiting this issue allows remote attackers to execute
arbitrary code in the context of the user running the application that
uses DirectX. Failed exploit attempts will result in a denial-of-service
condition.
53. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote
Command Injection Vulnerability
BugTraq ID: 35105
Remote: Yes
Last Updated: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35105
Summary:
S3DPlayer Web and StandAlone are prone to a remote command-injection
vulnerability because they fail to adequately sanitize user-supplied
input data.
Attackers can exploit this issue to execute arbitrary commands, within
the context of the affected application.
54. Wireshark PCNFSD Dissector Denial of Service Vulnerability
BugTraq ID: 35081
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35081
Summary:
Wireshark is prone to a denial-of-service vulnerability.
Exploiting this issue may allow attackers to cause the application to
crash.
This issue affects Wireshark 0.8.20 through 1.0.7.
55. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure
Vulnerability
BugTraq ID: 33846
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/33846
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability
because it fails to properly initialize certain memory before using
using it in a user-accessible operation.
Successful exploits will allow attackers to view portions of kernel
memory. Information harvested may be used in further attacks.
Versions prior to Linux Kernel 2.6.28.8 are vulnerable.
56. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation
Weakness
BugTraq ID: 33906
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/33906
Summary:
The Linux kernel is prone to an origin-validation weakness when dealing
with signal handling.
This weakness occurs when a privileged process calls attacker-supplied
processes as children. Attackers may exploit this to send arbitrary
signals to the privileged parent process.
A local attacker may exploit this issue to kill vulnerable processes,
resulting in a denial-of-service condition. In some cases, other attacks
may also be possible.
Linux kernel 2.6.28 is vulnerable; other versions may also be affected.
57. Linux Kernel Audit System 'audit_syscall_entry()' System Call
Security Bypass Vulnerability
BugTraq ID: 33951
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/33951
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.
A local attacker may be able to exploit this issue to bypass audit
mechanisms imposed on system calls. This may allow malicious behavior to
escape notice.
58. Linux Kernel 'drivers/char/agp/generic.c' Local Information
Disclosure Vulnerability
BugTraq ID: 34673
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34673
Summary:
The Linux kernel is prone to a local information-disclosure
vulnerability.
Local attackers can exploit this issue to obtain sensitive information
that may lead to further attacks.
Versions prior to the Linux kernel 2.6.30-rc3 are vulnerable.
59. Linux Kernel 'ptrace_attach()' Local Privilege Escalation
Vulnerability
BugTraq ID: 34799
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34799
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary code with
superuser privileges, resulting in a complete compromise of the affected
computer.
This issue affects Linux kernel 2.6.29; other versions may also be
affected.
60. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege
Escalation Vulnerability
BugTraq ID: 34405
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34405
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary code with
superuser privileges, resulting in a complete compromise of the affected
computer.
Versions prior to Linux kernel 2.6.29-git14 are vulnerable.
61. Linux Kernel 'kill_something_info()' Local Denial of Service
Vulnerability
BugTraq ID: 34558
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34558
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to signal all processes on the affected
computer, resulting in a denial-of-service condition.
The Linux Kernel 2.6.24 through 2.6.27.12 are vulnerable.
62. Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
BugTraq ID: 34331
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34331
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to trigger a kernel oops, resulting in
a denial-of-service condition.
This issue affects Linux kernel 2.6.19 through 2.6.29.
63. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
BugTraq ID: 34205
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34205
Summary:
The Linux Kernel is prone to an unauthorized-access vulnerability that
can occur when users with certain capabilities connect to the 'nfsd'
service.
An attacker with authenticated access to the affected application can
exploit this issue to perform privileged operations on a vulnerable
computer; this may aid in further attacks.
64. NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
BugTraq ID: 35017
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35017
Summary:
The 'ntpd' daemon is prone to a stack-based buffer-overflow
vulnerability when it is configured to use the 'autokey' OpenSSL
protocol.
Attackers can exploit this issue to execute arbitrary code in the
context of the application. Failed attempts will likely crash the
application, causing denial-of-service conditions.
65. Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
BugTraq ID: 34961
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34961
Summary:
Cyrus SASL is prone to a buffer-overflow vulnerability because it fails
to properly bounds-check user-supplied data before copying it into an
insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the
context of an application using the affected library. Failed exploit
attempts will result in denial-of-service conditions.
Versions prior to Cyrus SASL 2.1.23 are vulnerable.
66. libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities
BugTraq ID: 34978
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34978
Summary:
The 'libsndfile' library is prone to multiple buffer-overflow
vulnerabilities because it fails to perform adequate boundary checks on
user-supplied data.
Attackers can exploit these issues to execute arbitrary code in the
context of an application using the library. This can compromise the
affected application and possibly the computer. Failed attacks will
likely cause denial-of-service conditions.
These issues affect versions prior to libsndfile 1.0.20.
67. OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service
Vulnerability
BugTraq ID: 31692
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/31692
Summary:
OpenSSL is prone to a remote denial-of-service vulnerability.
Attackers can cause an application that uses this library to crash by
consuming available memory, denying service to legitimate users.
This issue affects OpenSSL 0.9.8f through 0.9.8h.
68. OpenSC 'pkcs11-tool' Inseure Key Generation Vulnerability
BugTraq ID: 34884
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34884
Summary:
OpenSC is prone to a security vulnerability that may result in the use
of an insecure RSA public key. This issue stems from a design error in
the 'pkcs11-tool' module.
Attackers can exploit this issue to gain access to the private
decryption key. Successfully exploiting this issue may allow attackers
to obtain sensitive information or gain unauthorized access to the
smartcard.
This issue affects only OpenSC 0.11.7 and the SVN trunk.
69. SiteX 'THEME_FOLDER' Parameter Multiple Local File Include
Vulnerabilities
BugTraq ID: 35122
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35122
Summary:
SiteX is prone to multiple local file-include vulnerabilities because it
fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially
sensitive information and execute arbitrary local scripts in the context
of the webserver process. This may allow the attacker to compromise the
application and the computer; other attacks are also possible.
SiteX 0.7.4.418 is vulnerable; other versions may also be affected.
70. AgoraGroups Joomla! Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 35118
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35118
Summary:
The AgoraGroups module for Joomla! is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied
data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities in
the underlying database.
AgoraGroups 0.3.5.3 is vulnerable; other versions may also be affected.
71. Microsoft IIS Unicode Requests to WebDAV Multiple Authentication
Bypass Vulnerabilities
BugTraq ID: 34993
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34993
Summary:
Microsoft Internet Information Service (IIS) is prone to multiple
authentication-bypass vulnerabilities because the application fails to
properly enforce access restrictions on certain requests to
password-protected WebDAV folders.
An attacker can exploit these issues to gain unauthorized access to
protected WebDAV resources, which may lead to other attacks.
This issue affects IIS 5.0, 5.1, and 6.0.
72. Drupal Ajax Session Module Multiple Input Validation Vulnerabilities
BugTraq ID: 35123
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35123
Summary:
Drupal Ajax Session module is prone to multiple cross-site scripting and
cross-site-request-forgery vulnerabilities because it fails to
adequately sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to perform arbitrary
actions on the vulnerable application. Attackers can also exploit these
issues to execute arbitrary script code and steal cookie-based
authentication credentials.
Ajax Session 5.x-1.0 is vulnerable; other versions may also be affected.
73. Easy PX 41 CMS 'fiche' Parameter Local File Include Vulnerability
BugTraq ID: 35119
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35119
Summary:
Easy PX 41 CMS is prone to a local file-include vulnerability because it
fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute
local scripts in the context of the webserver process, which may aid in
further attacks.
Easy PX 41 CMS 09.00.00B1 is vulnerable; other versions may also be
affected.
74. RSGallery2 Component for Mambo/Joomla! Backdoor Vulnerability
BugTraq ID: 35106
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35106
Summary:
RSGallery2 is prone to a backdoor vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application and possibly the webserver or computer.
RSGallery2 1.14.3 and 2.0.0b1 are vulnerable; other versions may also be
affected.
75. PHP-Nuke 'main/tracking/userLog.php' SQL Injection Vulnerability
BugTraq ID: 35117
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35117
Summary:
PHP-Nuke is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query.
Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities in
the underlying database.
PHP-Nuke 8.0.0 is vulnerable; other versions may also be affected.
76. pam_krb5 Existing/Non-Existing Username Enumeration Weakness
BugTraq ID: 35112
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35112
Summary:
The 'pam_krb5' module is prone to a username-enumeration weakness
because it displays different responses to login attempts, depending on
whether or not the username exists.
Attackers may exploit this weakness to discern valid usernames. This may
aid them in brute-force password cracking or other attacks.
This issue affects pam_krb5 2.2.14; other versions may also be affected.
77. Apache 'Options' and 'AllowOverride' Directives Security Bypass
Vulnerability
BugTraq ID: 35115
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35115
Summary:
Apache HTTP server is prone to a security-bypass vulnerability related
to the handling of specific configuration directives.
A local attacker may exploit this issue to execute arbitrary code
within the context of the webserver process. This may result in elevated
privileges or aid in further attacks.
Versions prior to Apache 2.2.9 are vulnerable.
78. Sun Java Runtime Environment and Java Development Kit Multiple
Security Vulnerabilities
BugTraq ID: 34240
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34240
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to
multiple security vulnerabilities.
Successful exploits may allow attackers to violate the same-origin
policy, obtain sensitive information, bypass security restrictions, run
untrusted applets with elevated privileges, and cause denial-of-service
conditions. This may result in a compromise of affected computers.
These issues affect versions *prior to* the following:
JDK and JRE 6 Update 13
JDK and JRE 5.0 Update 18
SDK and JRE 1.4.2_20
SDK and JRE 1.3.1_25
79. IBM Hardware Management Console (HMC) Shared Memory Unspecified
Vulnerability
BugTraq ID: 35113
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35113
Summary:
IBM Hardware Management Console (HMC) is prone to an unspecified
vulnerability.
This issue is tracked by APAR MB03011.
Currently, very little is known about this issue. We will update this
BID as more information emerges.
This issue affects HMC 7 Release 3.4.0 Service Pack 2.
80. Microsoft Windows 'win32k.sys' Local Denial Of Service Vulnerability
BugTraq ID: 35121
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35121
Summary:
Microsoft Windows is prone to a local denial-of-service vulnerability.
Currently, few technical details are available. We will update this BID
when more information emerges.
Attackers may exploit this issue to crash the affected computer, denying
service to legitimate users. Given the nature of this issue, attackers
may also be able to run arbitrary code with SYSTEM-level privileges, but
this has not been confirmed.
Windows Vista and Windows Server 2003 are reported vulnerable; other
versions may also be affected.
81. Microsoft Windows Desktop Wall Paper System Parameter Local Denial
Of Service Vulnerability
BugTraq ID: 35120
Remote: No
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35120
Summary:
Microsoft Windows is prone to a local denial-of-service vulnerability.
Attackers may exploit this issue to cause the computer to crash, denying
further service to legitimate users. Given the nature of this issue,
attackers may also be able to run arbitrary code, but this has not been
confirmed.
This issue affects Windows XP SP3; other versions may also be affected.
82. Pidgin Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 35067
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35067
Summary:
Pidgin is prone to multiple buffer-overflow vulnerabilities because it
fails to perform adequate boundary checks on user-supplied data.
Successful exploits may allow attackers to execute arbitrary code with
the privileges of a user running the software or cause denial-of-service
conditions.
Versions prior to Pidgin 2.5.6 are vulnerable.
83. ImageMagick TIFF File Integer Overflow Vulnerability
BugTraq ID: 35111
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35111
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it
fails to properly bounds-check user-supplied input. The vulnerability
occurs when handling malformed TIFF files.
Successfully exploiting this issue allows attackers to execute arbitrary
code with the privileges of a user running the application. Failed
exploit attempts will result in a denial-of-service condition.
ImageMagick 6.5.2-8 is vulnerable; other versions may be affected as
well.
84. Dokuwiki 'doku.php' Local File Include Vulnerability
BugTraq ID: 35095
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35095
Summary:
Dokuwiki is prone to a local file-include vulnerability because it fails
to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute
local scripts in the context of the webserver process, which may aid in
further attacks.
Dokuwiki 2009-02-14, rc2009-02-06, and rc2009-01-30 are vulnerable;
other versions may also be affected.
85. RoomPHPlanning Multiple Vulnerabilities
BugTraq ID: 35110
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35110
Summary:
RoomPHPlanning is prone to multiple vulnerabilities, including multiple
SQL-injection issues, an authentication-bypass issue, and a
security-bypass issue.
Attackers can exploit these issues to:
- gain administrative access to the affected application, which may aid
in further attacks
- manipulate the SQL query logic to carry out unauthorized actions on
the underlying database
- perform restricted actions
RoomPHPlanning 1.6 is vulnerable; other versions may also be affected.
86. ProFTPD CIDR Access Control Rule Bypass Vulnerability
BugTraq ID: 10252
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/10252
Summary:
ProFTPD is prone to a vulnerability that an attacker could exploit to
bypass an Access Control List (ACL). The issue was reportedly introduced
when a 'portability workaround' was applied to ProFTPD 1.2.9.
This vulnerability may lead a system administrator into a false sense of
security, where access to the ProFTPD server is believed to be
restricted by ACLs, but in reality the access restrictions will not be
enforced at all.
87. Jetty Cross Site Scripting and Information Disclosure
Vulnerabilities
BugTraq ID: 34800
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34800
Summary:
Jetty is prone to a cross-site scripting vulnerability and an
information-disclosure vulnerability.
An attacker may leverage these issues to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected
site, steal cookie-based authentication credentials, and obtain
sensitive information.
Jetty 6.1.16 and prior versions are affected.
88. SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
BugTraq ID: 34916
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34916
Summary:
SquirrelMail is prone to multiple vulnerabilities, including multiple
session-fixation issues, a code-injection issue, and multiple cross-site
scripting issues.
Attackers may exploit these issues to execute arbitrary script code in
the browser of an unsuspecting user, to hijack the session of a valid
user, or to inject and execute arbitrary PHP code in the context of the
webserver process. This may facilitate a compromise of the application
and the computer; other attacks are also possible.
Versions prior to SquirrelMail 1.4.18 are vulnerable.
89. Nortel Contact Center Manager Administration Password Disclosure
Vulnerability
BugTraq ID: 34964
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/34964
Summary:
Nortel Contact Center Manager Administration is prone to a
password-disclosure vulnerability caused by a design error.
Attackers can exploit this issue to gain access to the 'sysadmin'
password. Successfully exploiting this issue may lead to other attacks.
90. Multiple ATEN IP KVM Switches Multiple Remote Vulnerabilities and
Weakness
BugTraq ID: 35108
Remote: Yes
Last Updated: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35108
Summary:
Multiple ATEN IP KVM switches are prone to multiple remote
vulnerabilities and a weakness:
- A security weakness may allow attackers to decrypt HTTP traffic.
- A remote code-execution vulnerability is present.
- A security vulnerability may allow attackers to gain access to the
session key.
- A security vulnerability may allow attackers to gain access to mouse
events.
- A security vulnerability may allow attackers to gain access to the
session ID.
Attackers can exploit these issues to execute Java code, compromise and
gain unauthorized access to the affected device connected to the KVM,
gain access to the session key, and gain access to the session ID. Other
attacks are also possible.
91. ZEECAREERS and SHAADICLONE 'admin/addadminmembercode.php'
Authentication Bypass Vulnerability
BugTraq ID: 35107
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35107
Summary:
Zeeways ZEECAREERS and SHAADICLONE are prone to an authentication-bypass
vulnerability.
Attackers can exploit this issue to gain administrative access to an
affected application. This may aid in further attacks.
SHAADICLONE 2.0 and ZEECAREERS 2.0 are vulnerable; other versions may
also be affected.
92. Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
BugTraq ID: 35096
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35096
Summary:
Graphiks MyForum is prone to multiple SQL-injection vulnerabilities
because it fails to sufficiently sanitize user-supplied input before
using it in an SQL query.
A successful exploit may allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities in
the underlying database.
MyForum 1.3 is vulnerable; other versions may also be affected.
93. DBD::Pg BYTEA Values Memory Leak Denial of Service Vulnerability
BugTraq ID: 34757
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34757
Summary:
DBD::Pg is prone to a denial-of-service vulnerability caused by a memory
leak when handling BYTEA data.
Successful exploits may allow remote attackers to cause
denial-of-service conditions on computers running the affected software.
DBD::Pg 1.49 as distributed with Debian 4.0 is vulnerable; other
versions may also be affected.
94. MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
BugTraq ID: 29106
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/29106
Summary:
MySQL is prone to a security-bypass vulnerability.
An attacker can exploit this issue to gain access to table files created
by other users, bypassing certain security restrictions.
NOTE 1: This issue was also assigned CVE-2008-4097 because CVE-2008-2079
was incompletely fixed, allowing symlink attacks.
NOTE 2: CVE-2008-4098 was assigned because fixes for the vector
described in CVE-2008-4097 can also be bypassed.
This issue affects versions prior to MySQL 4 (prior to 4.1.24) and
MySQL 5 (prior to 5.0.60).
95. PostgreSQL Conversion Encoding Remote Denial of Service
Vulnerability
BugTraq ID: 34090
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34090
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
Exploiting this issue may allow attackers to terminate connections to
the PostgreSQL server, denying service to legitimate users.
96. DBD::Pg 'pg_getline()' and 'getline()' Heap Buffer Overflow
Vulnerabilities
BugTraq ID: 34755
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/34755
Summary:
DBD::Pg is prone to multiple heap-based buffer-overflow vulnerabilities
that occur because the application fails to perform adequate boundary
checks on user-supplied data.
Attackers may be able to exploit these issues to execute arbitrary code
within the context of an application that uses the vulnerable module.
Failed exploit attempts will result in a denial-of-service condition.
DBD::Pg 1.49 as distributed with Debian 4.0 is vulnerable; other
versions may also be affected.
97. MySQL Empty Binary String Literal Remote Denial Of Service
Vulnerability
BugTraq ID: 31081
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/31081
Summary:
MySQL is prone to a remote denial-of-service vulnerability because it
fails to handle empty binary string literals.
An attacker can exploit this issue to crash the application, denying
access to legitimate users.
This issue affects versions prior to MySQL 5.0.66, 5.1.26, and 6.0.6.
98. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local
Privilege Escalation Vulnerabilities
BugTraq ID: 35100
Remote: No
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35100
Summary:
Multiple ArcaBit ArcaVir products are prone to multiple local
privilege-escalation vulnerabilities that affect the 'ps_drv.sys'
driver.
An attacker can exploit these issues to execute arbitrary code with
elevated privileges, facilitating a complete compromise of the affected
computer.
The following applications are vulnerable:
ArcaVir 2009 Antivirus Protection
ArcaVir 2009 Internet Security
ArcaVir 2009 System Protection
ArcaVir 2009 Home Protection
99. phpBugTracker 'index.php' SQL Injection Vulnerability
BugTraq ID: 35101
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35101
Summary:
phpBugTracker is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an
SQL query.
Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities in
the underlying database.
phpBugTracker 1.0.3 is vulnerable; other versions may also be affected.
100. cpCommerce 'GLOBALS[prefix]' Local/Remote File Include
Vulnerability
BugTraq ID: 35103
Remote: Yes
Last Updated: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35103
Summary:
cpCommerce is prone to a local/remote file-include vulnerability because
it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the
application and the computer; other attacks are also possible.
Versions in the cpCommerce 1.2.x branch are vulnerable.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year,
before using it at the Pwn2Own contest to exploit Apple's browser.
Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549
2. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet,
defining what constitutes its cyberspace and pledging to defend its
virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548
3. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy
needs to deal with the role of the intelligence community, the
militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547
4. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the
author and, along with security firms and Internet service providers,
pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. New Tech Tip: Configuring Windows 7 for a limited user
http://www.securityfocus.com/archive/88/503884
2. AD Password complexity - passwords too long?
http://www.securityfocus.com/archive/88/503573
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. curuncula dbr rootkit detection tool
http://www.securityfocus.com/archive/91/502934
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
sf-news-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive
a confirmation request message to which you will have to answer.
Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Thawte
SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence
and Increase Sales
Extended Validation SSL delivers the acknowledged industry standard for
the highest level of online identity assurance processes for SSL
certificate issuance. Find out how the EV standard increases the
visibility of authentication status through the use of a green address
bar in the latest high security web browsers.
http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f21
4c470a
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
