RUNNING A CISCO ENVIRONMENT? TRY FIREWALL MANAGER
Solsoft Firewall Manager is the SMB version of the flagship Solsoft security management platform.
Affordable, it is ideal to manage complex environments between 5 and 25 security devices.
Security policies can be designed and deployed on CISCO ASA, PIX, FWSM, IOS, VPN3000 as well as Check Point, Linux or Juniper devices.
DON'T WAIT, DOWNLOAD YOUR FREE TRIAL VERSION TODAY!
http://www.solsoft.com/security/sfm_securityfocus
------------------------------------------------------------------
I. FRONT AND CENTER
1. Two-factor banking
2. ICANN on center stage
3. OpenBSD's network stack
II. BUGTRAQ SUMMARY
1. Xine-Lib Remote CDDB Information Format String Vulnerability
2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
3. Cyphor Multiple Input Validation Vulnerabilities
4. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
5. Linux Kernel Multiple Security Vulnerabilities
6. Graphviz Insecure Temporary File Creation Vulnerability
7. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
8. BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
9. PHPMyAdmin Local File Include Vulnerability
10. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
11. SGI IRIX Runpriv Local Privilege Escalation Vulnerability
12. Microsoft Windows MSDTC Memory Corruption Vulnerability
13. Microsoft MSDTC COM+ Remote Code Execution Vulnerability
14. Microsoft MSDTC TIP Denial Of Service Vulnerability
15. Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
16. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
17. Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
18. RARLAB WinRAR Multiple Remote Vulnerabilities
19. Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
20. Microsoft Windows Explorer Web View Script Injection Vulnerability
21. Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability
22. Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
23. Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
24. VersatileBulletinBoard Multiple SQL Injection Vulnerabilities
25. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability
26. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability
27. OpenSSL Insecure Protocol Negotiation Weakness
28. OpenVMPS Logging Function Format String Vulnerability
29. VersatileBulletinBoard Multiple Cross-Site Scripting Vulnerabilities
30. PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
31. VersatileBulletinBoard Information Disclosure Vulnerability
32. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
33. Accelerated E Solutions SQL Injection Vulnerability
34. Zeroblog Thread.PHP Cross-Site Scripting Vulnerability
35. VERITAS NetBackup Java User-Interface Remote Format String Vulnerability
36. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
37. GFI MailSecurity for Exchange/SMTP Web Interface Remote Buffer Overflow Vulnerability
38. Zope RestructuredText Unspecified Security Vulnerability
39. WebGUI Arbitrary Command Execution Vulnerability
40. Sun Java System Application Server Java Server Page Source Disclosure Vulnerability
41. Linux Orinoco Driver Remote Information Disclosure Vulnerability
42. Xeobook Multiple HTML Injection Vulnerabilities
43. Symantec Brightmail AntiSpam Malformed MIME Message Denial Of Service Vulnerability
44. PHPWebSite Search Module SQL Injection Vulnerability
45. Sun Solaris Multiple Local Vulnerabilities
46. Ahnlab V3 Antivirus Multiple Archive Format Handling Remote Buffer Overflow Vulnerability
47. Yapig View.PHP Cross-Site Scripting Vulnerability
48. Hitachi OpenTP1 Denial Of Service Vulnerability
49. Kerio Personal Firewall and ServerFirewall Local Denial of Service Vulnerability
50. YaPig Homepage Form Field HTML Injection Vulnerability
51. AbiWord Stack-Based Buffer Overflow Vulnerabilities
52. Accelerated Mortgage Manager Password Field SQL Injection Vulnerability
53. HP-UX Itanium Local Denial Of Service Vulnerability
54. Clam Anti-Virus ClamAV OLE2 File Handling Denial Of Service Vulnerability
55. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
56. XMail Local Buffer Overflow Vulnerability
57. TYPSoft FTP Server RETR Denial Of Service Vulnerability
58. IBM AIX LSCFG Insecure Temporary File Creation Vulnerability
59. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation Weakness
60. RTasarim WebAdmin Login SQL Injection Vulnerability
61. Gallery Main.PHP Directory Traversal Vulnerability
62. Trust Digital Trusted Mobility Suite Authentication Bypass Vulnerability
63. W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities
64. Complete PHP Counter SQL Injection Vulnerability
65. Complete PHP Counter Cross-Site Scripting Vulnerability
66. SPE Insecure File Permissions Vulnerability
67. PunBB Search.PHP SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Worm worries don't wait for Windows exploits
2. Arrests unlikely to impact bot net threat, say experts
3. Fingerprint payments taking off despite security concerns
4. E-voting experts call for revised security guidelines
5. Say hello to the Skype Trojan
6. Shared music abuse bug hits iTunes
7. US cybersecurity all at sea
8. Worm fears over MS October patch batch
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sales Representative, Washington, D.C.
2. [SJ-JOB] Jr. Security Analyst, London
3. [SJ-JOB] Security Engineer, Washington D.C.
4. [SJ-JOB] Security System Administrator, London
5. [SJ-JOB] Information Assurance Analyst, Rosslyn, VA (near DC)
6. [SJ-JOB] Security Consultant, Luxembourg
7. [SJ-JOB] Manager, Information Security, london
8. [SJ-JOB] Security Architect, london
9. [SJ-JOB] Auditor, New York
10. [SJ-JOB] Information Assurance Engineer, Washington
11. [SJ-JOB] Security Engineer, San Francisco
12. [SJ-JOB] Security Engineer, San Diego
13. [SJ-JOB] Security Architect, San Antonio
14. [SJ-JOB] Security Architect, San Antonio
15. [SJ-JOB] Sr. Security Analyst, Davidson
16. [SJ-JOB] Information Assurance Engineer, Washington Navy Yard
17. [SJ-JOB] Information Assurance Engineer, Reston
18. [SJ-JOB] Sales Representative, Seattle
19. [SJ-JOB] Security Consultant, London + UK wide
20. [SJ-JOB] Developer, Milpitas
21. [SJ-JOB] Sales Representative, Crystal Lake
22. [SJ-JOB] Developer, Milpitas
23. [SJ-JOB] Sales Engineer, Vienna
24. [SJ-JOB] Application Security Engineer, Vienna
25. [SJ-JOB] Quality Assurance, Milpitas
26. [SJ-JOB] Channel / Business Development, Cupertino
27. [SJ-JOB] Forensics Engineer, London
28. [SJ-JOB] Account Manager, Atlanta
29. [SJ-JOB] Security Consultant, Remote working
30. [SJ-JOB] Technical Marketing Engineer, Cupertino
31. [SJ-JOB] Sales Representative, Chicago
32. [SJ-JOB] Security Product Marketing Manager, Santa Clara
33. [SJ-JOB] Security Consultant, Vashi, Navi Mumbai
34. [SJ-JOB] Security Engineer, Brussels
35. [SJ-JOB] Security Product Marketing Manager, Santa clara
36. [SJ-JOB] Technical Marketing Engineer, Belmont
37. [SJ-JOB] Security Product Marketing Manager, Belmont
38. [SJ-JOB] Security Product Marketing Manager, Belmont
39. [SJ-JOB] Security Engineer, Phoenix
40. [SJ-JOB] Security Product Manager, Santa Clara
41. [SJ-JOB] Director, Information Security, London
42. [SJ-JOB] Director, Information Security, washington, reston
43. [SJ-JOB] Sr. Security Analyst, Arlington
44. [SJ-JOB] Security Engineer, Providence
45. [SJ-JOB] Management, Washington
46. [SJ-JOB] Sales Engineer, Reston
47. [SJ-JOB] Security Engineer, Herndon
48. [SJ-JOB] Sr. Security Analyst, Arlington
49. [SJ-JOB] Sr. Security Analyst, Ft. Lauderdale
50. [SJ-JOB] Security Consultant, Minneapolis / St. Paul
51. [SJ-JOB] Manager, Information Security, Arlington
52. [SJ-JOB] Application Security Engineer, Calgary
53. [SJ-JOB] Security Consultant, New York
54. [SJ-JOB] Security Researcher, Chicago
55. [SJ-JOB] Application Security Architect, Calgary
56. [SJ-JOB] Manager, Information Security, Chicago
57. [SJ-JOB] Account Manager, Washington D.C.
58. [SJ-JOB] Security Consultant, NY
59. [SJ-JOB] Security Consultant, Miami
60. [SJ-JOB] Sales Engineer, Ambler
61. [SJ-JOB] Sales Engineer, New York CIty
62. [SJ-JOB] Sr. Security Engineer, Mountain View
63. [SJ-JOB] Sr. Security Analyst, San Diego
64. [SJ-JOB] Sales Representative, Boston
65. [SJ-JOB] Security Engineer, Phoenix
66. [SJ-JOB] Security Engineer, Phoenix
67. [SJ-JOB] Sr. Security Engineer, Buckinghamshire
68. [SJ-JOB] CHECK Team Leader, london
69. [SJ-JOB] Application Security Architect, london
70. [SJ-JOB] Security Engineer, Phoenix
71. [SJ-JOB] Jr. Security Analyst, San Diego
72. [SJ-JOB] Account Manager, Sterling
73. [SJ-JOB] Security Researcher, San Diego
74. [SJ-JOB] Sr. Product Manager, San Diego
75. [SJ-JOB] Sr. Security Engineer, Detroit
76. [SJ-JOB] Security Engineer, Austin
77. [SJ-JOB] Security Consultant, Flanders
78. [SJ-JOB] Sr. Security Analyst, Columbus
79. [SJ-JOB] Security Engineer, Denver
80. [SJ-JOB] Manager, Information Security, London
81. [SJ-JOB] Sr. Security Analyst, Richmond
82. [SJ-JOB] Developer, Columbia
83. [SJ-JOB] Developer, Columbia
84. [SJ-JOB] Customer Support, Boston
85. [SJ-JOB] Auditor, San Francisco and LA
V. INCIDENTS LIST SUMMARY
1. Strange attack question - seems udp
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Solaris sparc newbie exploit coding misc questions
2. [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow
3. [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability
VII. MICROSOFT FOCUS LIST SUMMARY
1. Auditing Options
2. SecurityFocus Microsoft Newsletter #260
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. NEW MAILING LISTS
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Two-factor banking
By Kelly Martin
People who lived through the Second World War, like my grandparents, had a very different view of money than those of us who grew up in the Information Age.
http://www.securityfocus.com/columnists/363
2. ICANN on center stage
By Scott Granneman
ICANN and the U.S. government reach center stage next month in Tunisia, as the future of IP address assignments and U.S. control of the root DNS turns into a hotbed of debate.
http://www.securityfocus.com/columnists/362
3. OpenBSD's network stack
By Federico Biancuzzi
SecurityFocus interviews three OpenBSD developers about their network stack protection against DoS ICMP attacks, a short comparison with Linux' stack, and some thoughts on OpenBGPD.
http://www.securityfocus.com/columnists/361
II. BUGTRAQ SUMMARY
--------------------
1. Xine-Lib Remote CDDB Information Format String Vulnerability
BugTraq ID: 15044
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15044
Summary:
Xine-lib is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to securely implement a formatted printing function.
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.
Xine-lib versions 0.9.13, 1.0, 1.0.1, 1.0.2, and 1.1.0 are reported to be affected. Other versions may also be affected, as well as all applications that utilize a vulnerable version of the library.
2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow malformed archive files to bypass detection.
This issue arises when an affected application processes a specially altered archive file that contains a fake, misleading MS-DOS executable MZ header.
This issue could result in malicious archives bypassing detection and allowing the contents to be opened by a recipient.
It should be noted that specific information regarding affected packages and versions is currently unavailable. The reporter of this issue used the EICAR test message stored in multiple different malformed archives. It may be possible that some of the reportedly affected packages may actually be immune to this issue.
This BID will be updated as further information is disclosed.
3. Cyphor Multiple Input Validation Vulnerabilities
BugTraq ID: 15047
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15047
Summary:
Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities.
Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible.
4. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
BugTraq ID: 15048
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15048
Summary:
up-IMAPProxy is reported prone to multiple unspecified remote format string vulnerabilities.
Successful exploitation could result in a failure of the application or arbitrary code execution in the context of the application.
Specific details of these issues are not currently known. This BID will be updated when further information becomes available.
5. Linux Kernel Multiple Security Vulnerabilities
BugTraq ID: 15049
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15049
Summary:
Linux kernel is prone to multiple vulnerabilities. These issues may allow local and remote attackers to trigger denial of service conditions or disclose sensitive kernel memory.
Linux kernel 2.6.x versions are known to be vulnerable at the moment. Other versions may be affected as well.
6. Graphviz Insecure Temporary File Creation Vulnerability
BugTraq ID: 15050
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
Graphviz creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
Graphviz 2.2.1 is reportedly affected, however, other versions may be vulnerable as well.
7. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15051
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15051
Summary:
xloadimage is affected by multiple remotely exploitable buffer overflow vulnerabilities.
The problems present themselves when the application processes malformed image titles.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access.
8. BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
BugTraq ID: 15052
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15052
Summary:
BEA has released 24 advisories identifying various vulnerabilities affecting BEA WebLogic Server and WebLogic Express. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.
It is conjectured that some of these issues may allow an attacker to completely compromise a vulnerable computer.
These issues are currently being analyzed. This BID will be updated and individuals BID will be released when further analysis is complete.
9. PHPMyAdmin Local File Include Vulnerability
BugTraq ID: 15053
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15053
Summary:
phpMyAdmin is prone to a local file include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
phpMyAdmin 2.6.4-pl1 is reported to be vulnerable. Other versions may be affected as well.
10. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
BugTraq ID: 15054
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15054
Summary:
Kaspersky Anti-Virus Engine is prone to a remote buffer overflow vulnerability.
This issue presents itself when an attacker sends a maliciously crafted CHM file to an affected computer and this file is processed by Kaspersky's CHM file parser.
This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. Attackers may gain privileged remote access to computers running the affected application.
11. SGI IRIX Runpriv Local Privilege Escalation Vulnerability
BugTraq ID: 15055
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15055
Summary:
SGI IRIX runpriv can allow local attackers to gain elevated privileges.
A local user can append an arbitrary command while executing the application and have the commands executed with superuser privileges.
A successful attack can allow the attacker to gain elevated privileges and completely compromise an affected computer.
IRIX 6.5.22 (maintenance) is reportedly vulnerable, however, other versions are likely to be affected as well.
12. Microsoft Windows MSDTC Memory Corruption Vulnerability
BugTraq ID: 15056
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15056
Summary:
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a memory corruption vulnerability. This issue could allow for execution of arbitrary code in the context of the service. The vulnerability may be remotely exploitable in some circumstances, but will also permit local privilege escalation.
This issue is remotely exploitable on Windows 2000 platforms, since the Network DTC is enabled by default on this platform. On Windows XP, this issue may be remotely exploitable if a local user has started the service. On Windows Server 2003, this vulnerability is limited to local privilege escalation unless Network DTC has been explicitly enabled by an administrator. This issue is not present on Windows XP SP2 and Windows Server 2003 SP1.
Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.
13. Microsoft MSDTC COM+ Remote Code Execution Vulnerability
BugTraq ID: 15057
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15057
Summary:
Microsoft Windows is prone to a vulnerability in the COM+ (Component Object Model) functionality of the MSDTC (Microsoft Distribution Transaction Coordinator) service. This issue may permit remote and local attackers to execute arbitrary code in the context of the service.
This issue may be exploited by remote anonymous attackers on Windows 2000 platforms. On Windows XP versions up to and including SP1, the attacker must authenticate as the Guest or another account prior to exploitation. On Windows XP SP2 and all Windows Server 2003 operating systems, this issue is limited to local privilege escalation.
Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.
14. Microsoft MSDTC TIP Denial Of Service Vulnerability
BugTraq ID: 15058
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15058
Summary:
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a denial of service vulnerability.
The vulnerability exists in the TIP (Transaction Internet Protocol) functionality that is provided by MSDTC. This vulnerability may be exploited by a remote attacker to deny the availability of services that depend on MSDTC.
This issue only exists on operating systems that have support for the TIP protocol enabled. This vulnerability is remotely exploitable on default configurations on Windows 2000. TIP is not enabled by default on Windows XP and Windows Server 2003 even if the MSDTC service is running.
Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.
15. Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
BugTraq ID: 15059
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15059
Summary:
The Microsoft MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a vulnerability that may permit denial of service attacks against the service or facilitate distributed denial of service attacks against other computers.
The vulnerability exists in the TIP (Transaction Internet Protocol) functionality that is provided by MSDTC.
This issue only exists on operating systems that have support for the TIP protocol enabled. This vulnerability is remotely exploitable on default configurations on Windows 2000. TIP is not enabled by default on Windows XP and Windows Server 2003 even if the MSDTC service is running.
Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.
16. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
BugTraq ID: 15060
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15060
Summary:
KWord is prone to a remote buffer overflow vulnerability.
The vulnerability arises when the application handles a malformed RTF file.
A successful attack may result in arbitrary code execution facilitating remote unauthorized access in the context of the user running KWord.
KOffice versions 1.2.0 to 1.4.1 are vulnerable to this issue.
17. Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
BugTraq ID: 15061
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15061
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability that is related to instantiation of COM objects.
Successful exploitation could let remote attackers execute arbitrary code in the context of the currently logged in user on the affected computer.
This is a variant of the vulnerability described in BID 14511 Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability. The difference between this issue and BID 14511 is that a different set of COM objects are affected that were not addressed in the previous BID.
18. RARLAB WinRAR Multiple Remote Vulnerabilities
BugTraq ID: 15062
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15062
Summary:
WinRAR is prone to multiple remote vulnerabilities. These issues include a format string and a buffer overflow vulnerability. Successful exploitation may allow an attacker to execute arbitrary code on a vulnerable computer.
WinRAR 3.50 and prior versions are vulnerable to these issues.
19. Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
BugTraq ID: 15063
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15063
Summary:
A buffer overflow vulnerability exists in the Microsoft Windows DirectX component. This issue is related to processing of .AVI (Audio Visual Interleave) media files. The specific vulnerability exists in DirectShow and could be exposed through applications that employ DirectShow to process .AVI files.
Successful exploitation will permit execution of arbitrary code in the context of the user who opens a malicious .AVI file.
This issue could be exploited through any means that will allow the attacker to deliver a malicious .AVI file to a victim user. In Web-based attack scenarios, exploitation could occur automatically if the malicious Web page can cause the .AVI file to be loaded automatically by Windows Media Player. Other attack vectors such as email or instant messaging may require the victim user to manually open the malicious .AVI.
It is not known if third-party applications rely on DirectShow to process .AVI files. If so, these applications could also present an attack vector.
20. Microsoft Windows Explorer Web View Script Injection Vulnerability
BugTraq ID: 15064
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15064
Summary:
Microsoft Windows Explorer Web View is affected by an arbitrary script injection vulnerability.
An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to preview it in Windows Explorer.
A successful attack can result in a remote compromise in the context of the vulnerable user.
21. Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability
BugTraq ID: 15065
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15065
Summary:
Microsoft Windows Plug and Play is prone to a buffer overflow vulnerability. This issue is due to a failure of the service to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue takes place when the PnP service handles malformed messages containing excessive data.
This vulnerability facilitates local privilege escalation and unauthorized remote access depending on the underlying operating system. A successful attack may result in arbitrary code execution resulting in an attacker gaining SYSTEM privileges.
This issue is unrelated to the one documented in BID 14513, "Microsoft Windows Plug and Play Buffer Overflow Vulnerability", but they both have similar attack scenarios and affects.
22. Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
BugTraq ID: 15066
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15066
Summary:
Microsoft Client Service for Netware is prone to a buffer overflow vulnerability that could permit the execution of arbitrary remote code.
A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This issue could also be exploited by local attackers to gain elevated privileges.
It should be noted that the Client Service for Netware is not installed by default on any affected operating system. Microsoft Windows XP Home is not affected by this vulnerability at all.
23. Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
BugTraq ID: 15067
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15067
Summary:
Microsoft CDO is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the library to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue presents itself when an attacker sends a specifically crafted email message to an email server utilizing the affected library.
This issue allows remote attackers to execute arbitrary machine code in the context of the application utilizing the library.
24. VersatileBulletinBoard Multiple SQL Injection Vulnerabilities
BugTraq ID: 15068
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15068
Summary:
versatileBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
It should be noted that 'magic_quotes_gpc' must be set to 'off' for these vulnerabilities to be exploitable.
25. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability
BugTraq ID: 15069
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15069
Summary:
Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut (.lnk) file.
An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and view the file's properties.
This issue also poses a local threat as a local unprivileged attacker could exploit this issue without user interaction to gain elevated privileges.
This vulnerability can facilitate arbitrary code execution with SYSTEM privileges.
This BID is related to the issue described in BID 15070 (Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability).
26. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability
BugTraq ID: 15070
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15070
Summary:
Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut (.lnk) file.
An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and view the file's properties.
This issue also poses a local threat as a local unprivileged attacker could exploit this issue without user interaction to gain elevated privileges.
This vulnerability can facilitate arbitrary code execution with SYSTEM privileges.
This BID is related to the issue described in BID 15069 (Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability).
27. OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 15071
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol negotiation weakness. This issue is due to the implementation of the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility with third party software.
This issue presents itself when two peers attempt to negotiate the protocol they wish to communicate with. Attackers able to intercept and modify the SSL communications may exploit this weakness to force SSL version 2 to be chosen.
The attacker may then exploit various insecurities in SSL version 2 to gain access to, or tamper with the cleartext communications between the targeted client and server.
It should be noted that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with the frequently used 'SSL_OP_ALL' option.
SSL peers configured not to permit SSL version 2 are not affected by this issue.
28. OpenVMPS Logging Function Format String Vulnerability
BugTraq ID: 15072
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15072
Summary:
OpenVMPS is affected by a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a system log entry.
Reports indicate that the immediate consequence of successful exploitation is a denial of service.
29. VersatileBulletinBoard Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15073
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15073
Summary:
versatileBulletinBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
30. PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
BugTraq ID: 15074
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15074
Summary:
PHP Advanced Transfer Manager is prone to a remote arbitrary file upload vulnerability.
This issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the script on the affected server.
31. VersatileBulletinBoard Information Disclosure Vulnerability
BugTraq ID: 15075
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15075
Summary:
versatileBulletinBoard is prone to an information disclosure issue.
A remote attacker may view a list of all files related to the application.
versatileBulletinBoard version 1.0.0.RC2 is affected.
32. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
BugTraq ID: 15076
Remote: No
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15076
Summary:
Two local denial of service vulnerabilities affects the Linux kernel. These issues are due to a design flaw that creates memory leaks.
These vulnerabilities may be exploited by local users to consume excessive kernel resources, likely triggering a kernel crash, denying service to legitimate users.
These issues affect Linux kernel versions prior to 2.6.14-rc4.
33. Accelerated E Solutions SQL Injection Vulnerability
BugTraq ID: 15077
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15077
Summary:
Accelerated E Solutions is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
34. Zeroblog Thread.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15078
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15078
Summary:
Zeroblog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
35. VERITAS NetBackup Java User-Interface Remote Format String Vulnerability
BugTraq ID: 15079
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15079
Summary:
NetBackup Java user-interface is affected by a remote format string vulnerability.
An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation with SYSTEM or superuser privileges.
36. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
BugTraq ID: 15080
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15080
Summary:
NetMail Network Messaging Application Protocol (NMAP) Agent is affected by a remote buffer overflow vulnerability.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected server process.
37. GFI MailSecurity for Exchange/SMTP Web Interface Remote Buffer Overflow Vulnerability
BugTraq ID: 15081
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15081
Summary:
GFI MailSecurity for Exchange/SMTP is affected by a remote buffer overflow vulnerability.
Specifically, the issue presents itself when the Web management interface of the application handles malformed HTTP requests.
A successful attack can result in a complete compromise of the vulnerable computer.
GFI MailSecurity for Exchange/SMTP version 8.1 is vulnerable to this issue.
38. Zope RestructuredText Unspecified Security Vulnerability
BugTraq ID: 15082
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15082
Summary:
Zope is prone to an unspecified vulnerability in the docutils module.
No other information has been provided; this BID will be updated when further details are available.
39. WebGUI Arbitrary Command Execution Vulnerability
BugTraq ID: 15083
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15083
Summary:
WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data.
This issue can facilitate unauthorized remote access.
40. Sun Java System Application Server Java Server Page Source Disclosure Vulnerability
BugTraq ID: 15084
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15084
Summary:
A problem with Sun Java System Application Server results in the disclosure of the source code of Java Server Pages. This allows attackers to gain unauthorized access to sensitive information, potentially aiding them in further attack.
41. Linux Orinoco Driver Remote Information Disclosure Vulnerability
BugTraq ID: 15085
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
The Orinoco drivers for Linux kernels is susceptible to a remote information disclosure vulnerability. This issue is due to the driver sending uninitialized kernel memory in small network packets.
Remote attackers may exploit this issue to gain access to potentially sensitive kernel memory, aiding them in further attacks.
42. Xeobook Multiple HTML Injection Vulnerabilities
BugTraq ID: 15086
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15086
Summary:
Xeobook is prone to multiple unspecified HTML injection vulnerabilities.
These are due to a lack of proper sanitization of user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
43. Symantec Brightmail AntiSpam Malformed MIME Message Denial Of Service Vulnerability
BugTraq ID: 15087
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15087
Summary:
Symantec Brightmail AntiSpam is susceptible to a denial of service vulnerability. This issue is due to a failure of the application to properly handle certain malformed MIME content.
This issue allows remote attackers to crash the application, denying further email scanning service to legitimate users.
44. PHPWebSite Search Module SQL Injection Vulnerability
BugTraq ID: 15088
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15088
Summary:
phpWebSite is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vendor has released the patch phpwebsite_security_patch_20051202.tgz addressing this issue.
This vulnerability was originally believed to be related to to BID 14172 (PHPWebSite Index.PHP Multiple SQL Injection Vulnerabilities) but is a seperate issue.
45. Sun Solaris Multiple Local Vulnerabilities
BugTraq ID: 15090
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15090
Summary:
Sun Solaris is prone to multiple local vulnerabilities. These issues may allow attackers to carry out denial of service attacks and obtain sensitive information.
Solaris 10 is vulnerable to these issues.
46. Ahnlab V3 Antivirus Multiple Archive Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 15091
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15091
Summary:
Ahnlab V3 Antivirus is affected by a remote buffer overflow vulnerability when handling various archive formats.
An attacker can exploit this issue by crafting a malicious archive and sending the archive to a computer to be scanned by the affected application.
An attacker may exploit this vulnerability to gain unauthorized remote access with SYSTEM privileges.
47. Yapig View.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15092
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15092
Summary:
Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
YaPig versions 0.95b and earlier are affected.
48. Hitachi OpenTP1 Denial Of Service Vulnerability
BugTraq ID: 15093
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15093
Summary:
OpenTP1 is prone to a denial of service vulnerability. This issue is due to a failure in the application to properly handle malformed data.
A remote attacker can exploit this vulnerability to cause the affected service to crash, denying service to legitimate users.
49. Kerio Personal Firewall and ServerFirewall Local Denial of Service Vulnerability
BugTraq ID: 15094
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15094
Summary:
Kerio Personal Firewall and ServerFirewall are prone to a local denial of service vulnerability.
Reports indicate that the FWDRV driver does not verify access to memory associated with the Process Environment Block (PEB) of the application. An attacker can trigger fatal exceptions and cause the firewall process to terminate.
A denial of service condition in the firewall can expose computers to further attacks.
50. YaPig Homepage Form Field HTML Injection Vulnerability
BugTraq ID: 15095
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15095
Summary:
YaPig is prone an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
51. AbiWord Stack-Based Buffer Overflow Vulnerabilities
BugTraq ID: 15096
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15096
Summary:
AbiWord is susceptible to multiple stack-based buffer overflow vulnerabilities; fixes are available. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer while importing RTF files.
These issues likely allow attackers to execute arbitrary machine code in the context of the user running the affected application.
Though similar to the vulnerability described in BID 14971 (AbiWord RTF File Processing Buffer Overflow Vulnerability), these vulnerabilities are a separate issue.
52. Accelerated Mortgage Manager Password Field SQL Injection Vulnerability
BugTraq ID: 15097
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15097
Summary:
Accelerated Mortgage Manager is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before passing it on to SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
53. HP-UX Itanium Local Denial Of Service Vulnerability
BugTraq ID: 15100
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15100
Summary:
HP-UX is prone to a local denial of service vulnerability. This issue is due to a failure in the application to properly handle exceptional conditions.
A local authorized attacker could exploit this vulnerability to cause the system to malfunction, resulting in a denial of service to legitimate users.
Only HP9000 Servers running HP-UX release B.11.23 on Itanium (IPF Architecture) platforms are affected.
54. Clam Anti-Virus ClamAV OLE2 File Handling Denial Of Service Vulnerability
BugTraq ID: 15101
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15101
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed OLE2 files.
Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.
55. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
BugTraq ID: 15102
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15102
Summary:
GNU wget and cURL are prone to a buffer overflow vulnerability. This issue is due to a failure in the applications to do proper bounds checking on user supplied data before using it in a memory copy operation.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the user utilizing the vulnerable application.
Exploitation of this vulnerability requires that NTLM authentication is enabled in the affected clients.
56. XMail Local Buffer Overflow Vulnerability
BugTraq ID: 15103
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15103
Summary:
XMail is prone to a local buffer overflow vulnerability.
A successful attack can facilitate arbitrary code execution with elevated privileges. An attacker can gain superuser or group mail privileges depending on the underlying operating system and distribution.
XMail 1.21 is reported to be vulnerable. Other versions may be affected as well.
57. TYPSoft FTP Server RETR Denial Of Service Vulnerability
BugTraq ID: 15104
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15104
Summary:
TYPSoft FTP Server is prone to a denial of service vulnerability. This issue is due to a failure in the application to properly handle exceptional conditions.
A local authorized attacker could exploit this vulnerability to cause the system to malfunction, resulting in a denial of service to legitimate users.
Versions 1.11 and earlier are known to be vulnerable.
58. IBM AIX LSCFG Insecure Temporary File Creation Vulnerability
BugTraq ID: 15105
Remote: No
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15105
Summary:
IBM AIX LSCFG creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
Reports indicate that an attacker can exploit this issue to overwrite the '/etc/passwd', which can lead to privilege escalation.
59. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation Weakness
BugTraq ID: 15106
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15106
Summary:
Mozilla Thunderbird is prone to an insecure SMTP authentication protocol negotiation weakness.
Reports indicate that the application uses PLAIN authentication if CRAM-MD5 or STARTTLS between a client and a server cannot be established. This can allow an attacker to obtain credentials by sniffing network traffic.
This issue can also allow an attacker to carry out man in the middle attacks by establishing a malicious server and causing CRAM-MD5 or STARTTLS to fail followed by harvesting authentication credentials of vulnerable users.
Mozilla Thunderbird 1.0.7 and 1.5 Beta 2 were reported to be vulnerable. Other versions may be affected as well.
60. RTasarim WebAdmin Login SQL Injection Vulnerability
BugTraq ID: 15107
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15107
Summary:
RTasarim WebAdmin is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
61. Gallery Main.PHP Directory Traversal Vulnerability
BugTraq ID: 15108
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15108
Summary:
Gallery is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
Exploitation of this vulnerability could lead to a loss of confidentiality. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
62. Trust Digital Trusted Mobility Suite Authentication Bypass Vulnerability
BugTraq ID: 15109
Remote: No
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15109
Summary:
Trusted Mobility Suite is prone to an authentication bypass vulnerability.
Exploitation of this vulnerability effectively bypasses any policy in place with regards to the currently connected handheld device.
63. W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities
BugTraq ID: 15110
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15110
Summary:
W-Agora is prone to multiple PHP code injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A remote attacker can exploit these vulnerability to upload or inject arbitrary PHP code to the application and execute it in the context of the Web server process.
64. Complete PHP Counter SQL Injection Vulnerability
BugTraq ID: 15111
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15111
Summary:
Complete PHP Counter is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
65. Complete PHP Counter Cross-Site Scripting Vulnerability
BugTraq ID: 15112
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15112
Summary:
Complete PHP Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
66. SPE Insecure File Permissions Vulnerability
BugTraq ID: 15113
Remote: No
Date Published: 2005-10-15
Relevant URL: http://www.securityfocus.com/bid/15113
Summary:
SPE is prone to a vulnerability regarding insecure file permissions. This issue is due to an error in the application during install.
A local attacker can exploit this vulnerability to execute arbitrary code in the context of the user utilizing the vulnerable application.
67. PunBB Search.PHP SQL Injection Vulnerability
BugTraq ID: 15114
Remote: Yes
Date Published: 2005-10-15
Relevant URL: http://www.securityfocus.com/bid/15114
Summary:
PunBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Worm worries don't wait for Windows exploits
By: Robert Lemos
Security researchers disagree over whether a recently announced flaw in Microsoft Windows will likely become food for an Internet worm.
http://www.securityfocus.com/news/11346
2. Arrests unlikely to impact bot net threat, say experts
By: Robert Lemos
The recent arrests of three men in The Netherlands who allegedly controlled a network of more than 100,000 compromised computers will not likely curtail the criminal economy surrounding bot nets.
http://www.securityfocus.com/news/11344
3. Fingerprint payments taking off despite security concerns
By: Robert Lemos
Consumers may be able to leave their wallets behind in the near future, but security and privacy experts worry that pay-by-fingerprint schemes could lead to hard-to-combat identity fraud and greater threats to civil rights.
http://www.securityfocus.com/news/11339
4. E-voting experts call for revised security guidelines
By: Robert Lemos
A federally funded group of voting technology experts call on the United States' Election Assistance Commission to revamp its process for evaluating the security of election systems.
http://www.securityfocus.com/news/11336
5. Say hello to the Skype Trojan
By: John Leyden
Virus writers are targeting Skype users with a new Trojan that poses as the latest version of the popular VoIP software.
http://www.securityfocus.com/news/11348
6. Shared music abuse bug hits iTunes
By: John Leyden
Security researchers have discovered a vulnerability in Apple's popular iTunes application which might be exploited to interfere with shared music downloads.
http://www.securityfocus.com/news/11347
7. US cybersecurity all at sea
By: John Leyden
US cybersecurity risks are being poorly managed by the Department of Homeland Security, according to a former US presidential information security advisor.
http://www.securityfocus.com/news/11345
8. Worm fears over MS October patch batch
By: John Leyden
Microsoft's patch train rolled into town on Tuesday carrying a cargo of nine updates.
http://www.securityfocus.com/news/11342
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Representative, Washington, D.C.
http://www.securityfocus.com/archive/77/413694
2. [SJ-JOB] Jr. Security Analyst, London
http://www.securityfocus.com/archive/77/413693
3. [SJ-JOB] Security Engineer, Washington D.C.
http://www.securityfocus.com/archive/77/413697
4. [SJ-JOB] Security System Administrator, London
http://www.securityfocus.com/archive/77/413698
5. [SJ-JOB] Information Assurance Analyst, Rosslyn, VA (near DC)
http://www.securityfocus.com/archive/77/413695
82. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/413098
83. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/413099
84. [SJ-JOB] Customer Support, Boston
http://www.securityfocus.com/archive/77/413100
85. [SJ-JOB] Auditor, San Francisco and LA
http://www.securityfocus.com/archive/77/413096
V. INCIDENTS LIST SUMMARY
---------------------------
1. Strange attack question - seems udp
http://www.securityfocus.com/archive/75/413544
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Solaris sparc newbie exploit coding misc questions
http://www.securityfocus.com/archive/82/413246
XI. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Solsoft
RUNNING A CISCO ENVIRONMENT? TRY FIREWALL MANAGER
Solsoft Firewall Manager is the SMB version of the flagship Solsoft security management platform.
Affordable, it is ideal to manage complex environments between 5 and 25 security devices.
Security policies can be designed and deployed on CISCO ASA, PIX, FWSM, IOS, VPN3000 as well as Check Point, Linux or Juniper devices.
DON'T WAIT, DOWNLOAD YOUR FREE TRIAL VERSION TODAY!
----------------------------------------
This Issue is Sponsored By: Solsoft
RUNNING A CISCO ENVIRONMENT? TRY FIREWALL MANAGER
Solsoft Firewall Manager is the SMB version of the flagship Solsoft security management platform.
Affordable, it is ideal to manage complex environments between 5 and 25 security devices.
Security policies can be designed and deployed on CISCO ASA, PIX, FWSM, IOS, VPN3000 as well as Check Point, Linux or Juniper devices.
DON'T WAIT, DOWNLOAD YOUR FREE TRIAL VERSION TODAY!
http://www.solsoft.com/security/sfm_securityfocus
------------------------------------------------------------------
I. FRONT AND CENTER
1. Two-factor banking
2. ICANN on center stage
3. OpenBSD's network stack
II. BUGTRAQ SUMMARY
1. Xine-Lib Remote CDDB Information Format String Vulnerability
2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
3. Cyphor Multiple Input Validation Vulnerabilities
4. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
5. Linux Kernel Multiple Security Vulnerabilities
6. Graphviz Insecure Temporary File Creation Vulnerability
7. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
8. BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
9. PHPMyAdmin Local File Include Vulnerability
10. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
11. SGI IRIX Runpriv Local Privilege Escalation Vulnerability
12. Microsoft Windows MSDTC Memory Corruption Vulnerability
13. Microsoft MSDTC COM+ Remote Code Execution Vulnerability
14. Microsoft MSDTC TIP Denial Of Service Vulnerability
15. Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
16. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
17. Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
18. RARLAB WinRAR Multiple Remote Vulnerabilities
19. Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
20. Microsoft Windows Explorer Web View Script Injection Vulnerability
21. Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability
22. Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
23. Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
24. VersatileBulletinBoard Multiple SQL Injection Vulnerabilities
25. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability
26. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability
27. OpenSSL Insecure Protocol Negotiation Weakness
28. OpenVMPS Logging Function Format String Vulnerability
29. VersatileBulletinBoard Multiple Cross-Site Scripting Vulnerabilities
30. PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
31. VersatileBulletinBoard Information Disclosure Vulnerability
32. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
33. Accelerated E Solutions SQL Injection Vulnerability
34. Zeroblog Thread.PHP Cross-Site Scripting Vulnerability
35. VERITAS NetBackup Java User-Interface Remote Format String Vulnerability
36. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
37. GFI MailSecurity for Exchange/SMTP Web Interface Remote Buffer Overflow Vulnerability
38. Zope RestructuredText Unspecified Security Vulnerability
39. WebGUI Arbitrary Command Execution Vulnerability
40. Sun Java System Application Server Java Server Page Source Disclosure Vulnerability
41. Linux Orinoco Driver Remote Information Disclosure Vulnerability
42. Xeobook Multiple HTML Injection Vulnerabilities
43. Symantec Brightmail AntiSpam Malformed MIME Message Denial Of Service Vulnerability
44. PHPWebSite Search Module SQL Injection Vulnerability
45. Sun Solaris Multiple Local Vulnerabilities
46. Ahnlab V3 Antivirus Multiple Archive Format Handling Remote Buffer Overflow Vulnerability
47. Yapig View.PHP Cross-Site Scripting Vulnerability
48. Hitachi OpenTP1 Denial Of Service Vulnerability
49. Kerio Personal Firewall and ServerFirewall Local Denial of Service Vulnerability
50. YaPig Homepage Form Field HTML Injection Vulnerability
51. AbiWord Stack-Based Buffer Overflow Vulnerabilities
52. Accelerated Mortgage Manager Password Field SQL Injection Vulnerability
53. HP-UX Itanium Local Denial Of Service Vulnerability
54. Clam Anti-Virus ClamAV OLE2 File Handling Denial Of Service Vulnerability
55. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
56. XMail Local Buffer Overflow Vulnerability
57. TYPSoft FTP Server RETR Denial Of Service Vulnerability
58. IBM AIX LSCFG Insecure Temporary File Creation Vulnerability
59. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation Weakness
60. RTasarim WebAdmin Login SQL Injection Vulnerability
61. Gallery Main.PHP Directory Traversal Vulnerability
62. Trust Digital Trusted Mobility Suite Authentication Bypass Vulnerability
63. W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities
64. Complete PHP Counter SQL Injection Vulnerability
65. Complete PHP Counter Cross-Site Scripting Vulnerability
66. SPE Insecure File Permissions Vulnerability
67. PunBB Search.PHP SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Worm worries don't wait for Windows exploits
2. Arrests unlikely to impact bot net threat, say experts
3. Fingerprint payments taking off despite security concerns
4. E-voting experts call for revised security guidelines
5. Say hello to the Skype Trojan
6. Shared music abuse bug hits iTunes
7. US cybersecurity all at sea
8. Worm fears over MS October patch batch
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Sales Representative, Washington, D.C.
2. [SJ-JOB] Jr. Security Analyst, London
3. [SJ-JOB] Security Engineer, Washington D.C.
4. [SJ-JOB] Security System Administrator, London
5. [SJ-JOB] Information Assurance Analyst, Rosslyn, VA (near DC)
6. [SJ-JOB] Security Consultant, Luxembourg
7. [SJ-JOB] Manager, Information Security, london
8. [SJ-JOB] Security Architect, london
9. [SJ-JOB] Auditor, New York
10. [SJ-JOB] Information Assurance Engineer, Washington
11. [SJ-JOB] Security Engineer, San Francisco
12. [SJ-JOB] Security Engineer, San Diego
13. [SJ-JOB] Security Architect, San Antonio
14. [SJ-JOB] Security Architect, San Antonio
15. [SJ-JOB] Sr. Security Analyst, Davidson
16. [SJ-JOB] Information Assurance Engineer, Washington Navy Yard
17. [SJ-JOB] Information Assurance Engineer, Reston
18. [SJ-JOB] Sales Representative, Seattle
19. [SJ-JOB] Security Consultant, London + UK wide
20. [SJ-JOB] Developer, Milpitas
21. [SJ-JOB] Sales Representative, Crystal Lake
22. [SJ-JOB] Developer, Milpitas
23. [SJ-JOB] Sales Engineer, Vienna
24. [SJ-JOB] Application Security Engineer, Vienna
25. [SJ-JOB] Quality Assurance, Milpitas
26. [SJ-JOB] Channel / Business Development, Cupertino
27. [SJ-JOB] Forensics Engineer, London
28. [SJ-JOB] Account Manager, Atlanta
29. [SJ-JOB] Security Consultant, Remote working
30. [SJ-JOB] Technical Marketing Engineer, Cupertino
31. [SJ-JOB] Sales Representative, Chicago
32. [SJ-JOB] Security Product Marketing Manager, Santa Clara
33. [SJ-JOB] Security Consultant, Vashi, Navi Mumbai
34. [SJ-JOB] Security Engineer, Brussels
35. [SJ-JOB] Security Product Marketing Manager, Santa clara
36. [SJ-JOB] Technical Marketing Engineer, Belmont
37. [SJ-JOB] Security Product Marketing Manager, Belmont
38. [SJ-JOB] Security Product Marketing Manager, Belmont
39. [SJ-JOB] Security Engineer, Phoenix
40. [SJ-JOB] Security Product Manager, Santa Clara
41. [SJ-JOB] Director, Information Security, London
42. [SJ-JOB] Director, Information Security, washington, reston
43. [SJ-JOB] Sr. Security Analyst, Arlington
44. [SJ-JOB] Security Engineer, Providence
45. [SJ-JOB] Management, Washington
46. [SJ-JOB] Sales Engineer, Reston
47. [SJ-JOB] Security Engineer, Herndon
48. [SJ-JOB] Sr. Security Analyst, Arlington
49. [SJ-JOB] Sr. Security Analyst, Ft. Lauderdale
50. [SJ-JOB] Security Consultant, Minneapolis / St. Paul
51. [SJ-JOB] Manager, Information Security, Arlington
52. [SJ-JOB] Application Security Engineer, Calgary
53. [SJ-JOB] Security Consultant, New York
54. [SJ-JOB] Security Researcher, Chicago
55. [SJ-JOB] Application Security Architect, Calgary
56. [SJ-JOB] Manager, Information Security, Chicago
57. [SJ-JOB] Account Manager, Washington D.C.
58. [SJ-JOB] Security Consultant, NY
59. [SJ-JOB] Security Consultant, Miami
60. [SJ-JOB] Sales Engineer, Ambler
61. [SJ-JOB] Sales Engineer, New York CIty
62. [SJ-JOB] Sr. Security Engineer, Mountain View
63. [SJ-JOB] Sr. Security Analyst, San Diego
64. [SJ-JOB] Sales Representative, Boston
65. [SJ-JOB] Security Engineer, Phoenix
66. [SJ-JOB] Security Engineer, Phoenix
67. [SJ-JOB] Sr. Security Engineer, Buckinghamshire
68. [SJ-JOB] CHECK Team Leader, london
69. [SJ-JOB] Application Security Architect, london
70. [SJ-JOB] Security Engineer, Phoenix
71. [SJ-JOB] Jr. Security Analyst, San Diego
72. [SJ-JOB] Account Manager, Sterling
73. [SJ-JOB] Security Researcher, San Diego
74. [SJ-JOB] Sr. Product Manager, San Diego
75. [SJ-JOB] Sr. Security Engineer, Detroit
76. [SJ-JOB] Security Engineer, Austin
77. [SJ-JOB] Security Consultant, Flanders
78. [SJ-JOB] Sr. Security Analyst, Columbus
79. [SJ-JOB] Security Engineer, Denver
80. [SJ-JOB] Manager, Information Security, London
81. [SJ-JOB] Sr. Security Analyst, Richmond
82. [SJ-JOB] Developer, Columbia
83. [SJ-JOB] Developer, Columbia
84. [SJ-JOB] Customer Support, Boston
85. [SJ-JOB] Auditor, San Francisco and LA
V. INCIDENTS LIST SUMMARY
1. Strange attack question - seems udp
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Solaris sparc newbie exploit coding misc questions
2. [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow
3. [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability
VII. MICROSOFT FOCUS LIST SUMMARY
1. Auditing Options
2. SecurityFocus Microsoft Newsletter #260
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. NEW MAILING LISTS
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Two-factor banking
By Kelly Martin
People who lived through the Second World War, like my grandparents, had a very different view of money than those of us who grew up in the Information Age.
http://www.securityfocus.com/columnists/363
2. ICANN on center stage
By Scott Granneman
ICANN and the U.S. government reach center stage next month in Tunisia, as the future of IP address assignments and U.S. control of the root DNS turns into a hotbed of debate.
http://www.securityfocus.com/columnists/362
3. OpenBSD's network stack
By Federico Biancuzzi
SecurityFocus interviews three OpenBSD developers about their network stack protection against DoS ICMP attacks, a short comparison with Linux' stack, and some thoughts on OpenBGPD.
http://www.securityfocus.com/columnists/361
II. BUGTRAQ SUMMARY
--------------------
1. Xine-Lib Remote CDDB Information Format String Vulnerability
BugTraq ID: 15044
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15044
Summary:
Xine-lib is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to securely implement a formatted printing function.
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.
Xine-lib versions 0.9.13, 1.0, 1.0.1, 1.0.2, and 1.1.0 are reported to be affected. Other versions may also be affected, as well as all applications that utilize a vulnerable version of the library.
2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow malformed archive files to bypass detection.
This issue arises when an affected application processes a specially altered archive file that contains a fake, misleading MS-DOS executable MZ header.
This issue could result in malicious archives bypassing detection and allowing the contents to be opened by a recipient.
It should be noted that specific information regarding affected packages and versions is currently unavailable. The reporter of this issue used the EICAR test message stored in multiple different malformed archives. It may be possible that some of the reportedly affected packages may actually be immune to this issue.
This BID will be updated as further information is disclosed.
3. Cyphor Multiple Input Validation Vulnerabilities
BugTraq ID: 15047
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15047
Summary:
Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities.
Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible.
4. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
BugTraq ID: 15048
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15048
Summary:
up-IMAPProxy is reported prone to multiple unspecified remote format string vulnerabilities.
Successful exploitation could result in a failure of the application or arbitrary code execution in the context of the application.
Specific details of these issues are not currently known. This BID will be updated when further information becomes available.
5. Linux Kernel Multiple Security Vulnerabilities
BugTraq ID: 15049
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15049
Summary:
Linux kernel is prone to multiple vulnerabilities. These issues may allow local and remote attackers to trigger denial of service conditions or disclose sensitive kernel memory.
Linux kernel 2.6.x versions are known to be vulnerable at the moment. Other versions may be affected as well.
6. Graphviz Insecure Temporary File Creation Vulnerability
BugTraq ID: 15050
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
Graphviz creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
Graphviz 2.2.1 is reportedly affected, however, other versions may be vulnerable as well.
7. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15051
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15051
Summary:
xloadimage is affected by multiple remotely exploitable buffer overflow vulnerabilities.
The problems present themselves when the application processes malformed image titles.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access.
8. BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
BugTraq ID: 15052
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15052
Summary:
BEA has released 24 advisories identifying various vulnerabilities affecting BEA WebLogic Server and WebLogic Express. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.
It is conjectured that some of these issues may allow an attacker to completely compromise a vulnerable computer.
These issues are currently being analyzed. This BID will be updated and individuals BID will be released when further analysis is complete.
9. PHPMyAdmin Local File Include Vulnerability
BugTraq ID: 15053
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15053
Summary:
phpMyAdmin is prone to a local file include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
phpMyAdmin 2.6.4-pl1 is reported to be vulnerable. Other versions may be affected as well.
10. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
BugTraq ID: 15054
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15054
Summary:
Kaspersky Anti-Virus Engine is prone to a remote buffer overflow vulnerability.
This issue presents itself when an attacker sends a maliciously crafted CHM file to an affected computer and this file is processed by Kaspersky's CHM file parser.
This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. Attackers may gain privileged remote access to computers running the affected application.
11. SGI IRIX Runpriv Local Privilege Escalation Vulnerability
BugTraq ID: 15055
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15055
Summary:
SGI IRIX runpriv can allow local attackers to gain elevated privileges.
A local user can append an arbitrary command while executing the application and have the commands executed with superuser privileges.
A successful attack can allow the attacker to gain elevated privileges and completely compromise an affected computer.
IRIX 6.5.22 (maintenance) is reportedly vulnerable, however, other versions are likely to be affected as well.
12. Microsoft Windows MSDTC Memory Corruption Vulnerability
BugTraq ID: 15056
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15056
Summary:
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a memory corruption vulnerability. This issue could allow for execution of arbitrary code in the context of the service. The vulnerability may be remotely exploitable in some circumstances, but will also permit local privilege escalation.
This issue is remotely exploitable on Windows 2000 platforms, since the Network DTC is enabled by default on this platform. On Windows XP, this issue may be remotely exploitable if a local user has started the service. On Windows Server 2003, this vulnerability is limited to local privilege escalation unless Network DTC has been explicitly enabled by an administrator. This issue is not present on Windows XP SP2 and Windows Server 2003 SP1.
Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.
13. Microsoft MSDTC COM+ Remote Code Execution Vulnerability
BugTraq ID: 15057
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15057
Summary:
Microsoft Windows is prone to a vulnerability in the COM+ (Component Object Model) functionality of the MSDTC (Microsoft Distribution Transaction Coordinator) service. This issue may permit remote and local attackers to execute arbitrary code in the context of the service.
This issue may be exploited by remote anonymous attackers on Windows 2000 platforms. On Windows XP versions up to and including SP1, the attacker must authenticate as the Guest or another account prior to exploitation. On Windows XP SP2 and all Windows Server 2003 operating systems, this issue is limited to local privilege escalation.
Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.
14. Microsoft MSDTC TIP Denial Of Service Vulnerability
BugTraq ID: 15058
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15058
Summary:
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a denial of service vulnerability.
The vulnerability exists in the TIP (Transaction Internet Protocol) functionality that is provided by MSDTC. This vulnerability may be exploited by a remote attacker to deny the availability of services that depend on MSDTC.
This issue only exists on operating systems that have support for the TIP protocol enabled. This vulnerability is remotely exploitable on default configurations on Windows 2000. TIP is not enabled by default on Windows XP and Windows Server 2003 even if the MSDTC service is running.
Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.
15. Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
BugTraq ID: 15059
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15059
Summary:
The Microsoft MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a vulnerability that may permit denial of service attacks against the service or facilitate distributed denial of service attacks against other computers.
The vulnerability exists in the TIP (Transaction Internet Protocol) functionality that is provided by MSDTC.
This issue only exists on operating systems that have support for the TIP protocol enabled. This vulnerability is remotely exploitable on default configurations on Windows 2000. TIP is not enabled by default on Windows XP and Windows Server 2003 even if the MSDTC service is running.
Update: Microsoft reports several systems have experienced one or more problems after installing the critical update from Microsoft Security Bulletin MS05-051 for this issue. For a more detailed explanation of these problems please see the attached microsoft knowledge base article 909444.
16. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
BugTraq ID: 15060
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15060
Summary:
KWord is prone to a remote buffer overflow vulnerability.
The vulnerability arises when the application handles a malformed RTF file.
A successful attack may result in arbitrary code execution facilitating remote unauthorized access in the context of the user running KWord.
KOffice versions 1.2.0 to 1.4.1 are vulnerable to this issue.
17. Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
BugTraq ID: 15061
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15061
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability that is related to instantiation of COM objects.
Successful exploitation could let remote attackers execute arbitrary code in the context of the currently logged in user on the affected computer.
This is a variant of the vulnerability described in BID 14511 Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability. The difference between this issue and BID 14511 is that a different set of COM objects are affected that were not addressed in the previous BID.
18. RARLAB WinRAR Multiple Remote Vulnerabilities
BugTraq ID: 15062
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15062
Summary:
WinRAR is prone to multiple remote vulnerabilities. These issues include a format string and a buffer overflow vulnerability. Successful exploitation may allow an attacker to execute arbitrary code on a vulnerable computer.
WinRAR 3.50 and prior versions are vulnerable to these issues.
19. Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
BugTraq ID: 15063
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15063
Summary:
A buffer overflow vulnerability exists in the Microsoft Windows DirectX component. This issue is related to processing of .AVI (Audio Visual Interleave) media files. The specific vulnerability exists in DirectShow and could be exposed through applications that employ DirectShow to process .AVI files.
Successful exploitation will permit execution of arbitrary code in the context of the user who opens a malicious .AVI file.
This issue could be exploited through any means that will allow the attacker to deliver a malicious .AVI file to a victim user. In Web-based attack scenarios, exploitation could occur automatically if the malicious Web page can cause the .AVI file to be loaded automatically by Windows Media Player. Other attack vectors such as email or instant messaging may require the victim user to manually open the malicious .AVI.
It is not known if third-party applications rely on DirectShow to process .AVI files. If so, these applications could also present an attack vector.
20. Microsoft Windows Explorer Web View Script Injection Vulnerability
BugTraq ID: 15064
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15064
Summary:
Microsoft Windows Explorer Web View is affected by an arbitrary script injection vulnerability.
An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to preview it in Windows Explorer.
A successful attack can result in a remote compromise in the context of the vulnerable user.
21. Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability
BugTraq ID: 15065
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15065
Summary:
Microsoft Windows Plug and Play is prone to a buffer overflow vulnerability. This issue is due to a failure of the service to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue takes place when the PnP service handles malformed messages containing excessive data.
This vulnerability facilitates local privilege escalation and unauthorized remote access depending on the underlying operating system. A successful attack may result in arbitrary code execution resulting in an attacker gaining SYSTEM privileges.
This issue is unrelated to the one documented in BID 14513, "Microsoft Windows Plug and Play Buffer Overflow Vulnerability", but they both have similar attack scenarios and affects.
22. Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
BugTraq ID: 15066
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15066
Summary:
Microsoft Client Service for Netware is prone to a buffer overflow vulnerability that could permit the execution of arbitrary remote code.
A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This issue could also be exploited by local attackers to gain elevated privileges.
It should be noted that the Client Service for Netware is not installed by default on any affected operating system. Microsoft Windows XP Home is not affected by this vulnerability at all.
23. Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
BugTraq ID: 15067
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15067
Summary:
Microsoft CDO is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the library to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue presents itself when an attacker sends a specifically crafted email message to an email server utilizing the affected library.
This issue allows remote attackers to execute arbitrary machine code in the context of the application utilizing the library.
24. VersatileBulletinBoard Multiple SQL Injection Vulnerabilities
BugTraq ID: 15068
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15068
Summary:
versatileBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
It should be noted that 'magic_quotes_gpc' must be set to 'off' for these vulnerabilities to be exploitable.
25. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability
BugTraq ID: 15069
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15069
Summary:
Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut (.lnk) file.
An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and view the file's properties.
This issue also poses a local threat as a local unprivileged attacker could exploit this issue without user interaction to gain elevated privileges.
This vulnerability can facilitate arbitrary code execution with SYSTEM privileges.
This BID is related to the issue described in BID 15070 (Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability).
26. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability
BugTraq ID: 15070
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15070
Summary:
Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut (.lnk) file.
An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and view the file's properties.
This issue also poses a local threat as a local unprivileged attacker could exploit this issue without user interaction to gain elevated privileges.
This vulnerability can facilitate arbitrary code execution with SYSTEM privileges.
This BID is related to the issue described in BID 15069 (Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability).
27. OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 15071
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol negotiation weakness. This issue is due to the implementation of the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility with third party software.
This issue presents itself when two peers attempt to negotiate the protocol they wish to communicate with. Attackers able to intercept and modify the SSL communications may exploit this weakness to force SSL version 2 to be chosen.
The attacker may then exploit various insecurities in SSL version 2 to gain access to, or tamper with the cleartext communications between the targeted client and server.
It should be noted that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with the frequently used 'SSL_OP_ALL' option.
SSL peers configured not to permit SSL version 2 are not affected by this issue.
28. OpenVMPS Logging Function Format String Vulnerability
BugTraq ID: 15072
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15072
Summary:
OpenVMPS is affected by a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a system log entry.
Reports indicate that the immediate consequence of successful exploitation is a denial of service.
29. VersatileBulletinBoard Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15073
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15073
Summary:
versatileBulletinBoard is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
30. PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
BugTraq ID: 15074
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15074
Summary:
PHP Advanced Transfer Manager is prone to a remote arbitrary file upload vulnerability.
This issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the script on the affected server.
31. VersatileBulletinBoard Information Disclosure Vulnerability
BugTraq ID: 15075
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15075
Summary:
versatileBulletinBoard is prone to an information disclosure issue.
A remote attacker may view a list of all files related to the application.
versatileBulletinBoard version 1.0.0.RC2 is affected.
32. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
BugTraq ID: 15076
Remote: No
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15076
Summary:
Two local denial of service vulnerabilities affects the Linux kernel. These issues are due to a design flaw that creates memory leaks.
These vulnerabilities may be exploited by local users to consume excessive kernel resources, likely triggering a kernel crash, denying service to legitimate users.
These issues affect Linux kernel versions prior to 2.6.14-rc4.
33. Accelerated E Solutions SQL Injection Vulnerability
BugTraq ID: 15077
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15077
Summary:
Accelerated E Solutions is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
34. Zeroblog Thread.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15078
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15078
Summary:
Zeroblog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
35. VERITAS NetBackup Java User-Interface Remote Format String Vulnerability
BugTraq ID: 15079
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15079
Summary:
NetBackup Java user-interface is affected by a remote format string vulnerability.
An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation with SYSTEM or superuser privileges.
36. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
BugTraq ID: 15080
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15080
Summary:
NetMail Network Messaging Application Protocol (NMAP) Agent is affected by a remote buffer overflow vulnerability.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected server process.
37. GFI MailSecurity for Exchange/SMTP Web Interface Remote Buffer Overflow Vulnerability
BugTraq ID: 15081
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15081
Summary:
GFI MailSecurity for Exchange/SMTP is affected by a remote buffer overflow vulnerability.
Specifically, the issue presents itself when the Web management interface of the application handles malformed HTTP requests.
A successful attack can result in a complete compromise of the vulnerable computer.
GFI MailSecurity for Exchange/SMTP version 8.1 is vulnerable to this issue.
38. Zope RestructuredText Unspecified Security Vulnerability
BugTraq ID: 15082
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15082
Summary:
Zope is prone to an unspecified vulnerability in the docutils module.
No other information has been provided; this BID will be updated when further details are available.
39. WebGUI Arbitrary Command Execution Vulnerability
BugTraq ID: 15083
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15083
Summary:
WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data.
This issue can facilitate unauthorized remote access.
40. Sun Java System Application Server Java Server Page Source Disclosure Vulnerability
BugTraq ID: 15084
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15084
Summary:
A problem with Sun Java System Application Server results in the disclosure of the source code of Java Server Pages. This allows attackers to gain unauthorized access to sensitive information, potentially aiding them in further attack.
41. Linux Orinoco Driver Remote Information Disclosure Vulnerability
BugTraq ID: 15085
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
The Orinoco drivers for Linux kernels is susceptible to a remote information disclosure vulnerability. This issue is due to the driver sending uninitialized kernel memory in small network packets.
Remote attackers may exploit this issue to gain access to potentially sensitive kernel memory, aiding them in further attacks.
42. Xeobook Multiple HTML Injection Vulnerabilities
BugTraq ID: 15086
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15086
Summary:
Xeobook is prone to multiple unspecified HTML injection vulnerabilities.
These are due to a lack of proper sanitization of user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
43. Symantec Brightmail AntiSpam Malformed MIME Message Denial Of Service Vulnerability
BugTraq ID: 15087
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15087
Summary:
Symantec Brightmail AntiSpam is susceptible to a denial of service vulnerability. This issue is due to a failure of the application to properly handle certain malformed MIME content.
This issue allows remote attackers to crash the application, denying further email scanning service to legitimate users.
44. PHPWebSite Search Module SQL Injection Vulnerability
BugTraq ID: 15088
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15088
Summary:
phpWebSite is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The vendor has released the patch phpwebsite_security_patch_20051202.tgz addressing this issue.
This vulnerability was originally believed to be related to to BID 14172 (PHPWebSite Index.PHP Multiple SQL Injection Vulnerabilities) but is a seperate issue.
45. Sun Solaris Multiple Local Vulnerabilities
BugTraq ID: 15090
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15090
Summary:
Sun Solaris is prone to multiple local vulnerabilities. These issues may allow attackers to carry out denial of service attacks and obtain sensitive information.
Solaris 10 is vulnerable to these issues.
46. Ahnlab V3 Antivirus Multiple Archive Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 15091
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15091
Summary:
Ahnlab V3 Antivirus is affected by a remote buffer overflow vulnerability when handling various archive formats.
An attacker can exploit this issue by crafting a malicious archive and sending the archive to a computer to be scanned by the affected application.
An attacker may exploit this vulnerability to gain unauthorized remote access with SYSTEM privileges.
47. Yapig View.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15092
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15092
Summary:
Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
YaPig versions 0.95b and earlier are affected.
48. Hitachi OpenTP1 Denial Of Service Vulnerability
BugTraq ID: 15093
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15093
Summary:
OpenTP1 is prone to a denial of service vulnerability. This issue is due to a failure in the application to properly handle malformed data.
A remote attacker can exploit this vulnerability to cause the affected service to crash, denying service to legitimate users.
49. Kerio Personal Firewall and ServerFirewall Local Denial of Service Vulnerability
BugTraq ID: 15094
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15094
Summary:
Kerio Personal Firewall and ServerFirewall are prone to a local denial of service vulnerability.
Reports indicate that the FWDRV driver does not verify access to memory associated with the Process Environment Block (PEB) of the application. An attacker can trigger fatal exceptions and cause the firewall process to terminate.
A denial of service condition in the firewall can expose computers to further attacks.
50. YaPig Homepage Form Field HTML Injection Vulnerability
BugTraq ID: 15095
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15095
Summary:
YaPig is prone an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
51. AbiWord Stack-Based Buffer Overflow Vulnerabilities
BugTraq ID: 15096
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15096
Summary:
AbiWord is susceptible to multiple stack-based buffer overflow vulnerabilities; fixes are available. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer while importing RTF files.
These issues likely allow attackers to execute arbitrary machine code in the context of the user running the affected application.
Though similar to the vulnerability described in BID 14971 (AbiWord RTF File Processing Buffer Overflow Vulnerability), these vulnerabilities are a separate issue.
52. Accelerated Mortgage Manager Password Field SQL Injection Vulnerability
BugTraq ID: 15097
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15097
Summary:
Accelerated Mortgage Manager is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before passing it on to SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
53. HP-UX Itanium Local Denial Of Service Vulnerability
BugTraq ID: 15100
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15100
Summary:
HP-UX is prone to a local denial of service vulnerability. This issue is due to a failure in the application to properly handle exceptional conditions.
A local authorized attacker could exploit this vulnerability to cause the system to malfunction, resulting in a denial of service to legitimate users.
Only HP9000 Servers running HP-UX release B.11.23 on Itanium (IPF Architecture) platforms are affected.
54. Clam Anti-Virus ClamAV OLE2 File Handling Denial Of Service Vulnerability
BugTraq ID: 15101
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15101
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed OLE2 files.
Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.
55. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
BugTraq ID: 15102
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15102
Summary:
GNU wget and cURL are prone to a buffer overflow vulnerability. This issue is due to a failure in the applications to do proper bounds checking on user supplied data before using it in a memory copy operation.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the user utilizing the vulnerable application.
Exploitation of this vulnerability requires that NTLM authentication is enabled in the affected clients.
56. XMail Local Buffer Overflow Vulnerability
BugTraq ID: 15103
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15103
Summary:
XMail is prone to a local buffer overflow vulnerability.
A successful attack can facilitate arbitrary code execution with elevated privileges. An attacker can gain superuser or group mail privileges depending on the underlying operating system and distribution.
XMail 1.21 is reported to be vulnerable. Other versions may be affected as well.
57. TYPSoft FTP Server RETR Denial Of Service Vulnerability
BugTraq ID: 15104
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15104
Summary:
TYPSoft FTP Server is prone to a denial of service vulnerability. This issue is due to a failure in the application to properly handle exceptional conditions.
A local authorized attacker could exploit this vulnerability to cause the system to malfunction, resulting in a denial of service to legitimate users.
Versions 1.11 and earlier are known to be vulnerable.
58. IBM AIX LSCFG Insecure Temporary File Creation Vulnerability
BugTraq ID: 15105
Remote: No
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15105
Summary:
IBM AIX LSCFG creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
Reports indicate that an attacker can exploit this issue to overwrite the '/etc/passwd', which can lead to privilege escalation.
59. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation Weakness
BugTraq ID: 15106
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15106
Summary:
Mozilla Thunderbird is prone to an insecure SMTP authentication protocol negotiation weakness.
Reports indicate that the application uses PLAIN authentication if CRAM-MD5 or STARTTLS between a client and a server cannot be established. This can allow an attacker to obtain credentials by sniffing network traffic.
This issue can also allow an attacker to carry out man in the middle attacks by establishing a malicious server and causing CRAM-MD5 or STARTTLS to fail followed by harvesting authentication credentials of vulnerable users.
Mozilla Thunderbird 1.0.7 and 1.5 Beta 2 were reported to be vulnerable. Other versions may be affected as well.
60. RTasarim WebAdmin Login SQL Injection Vulnerability
BugTraq ID: 15107
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15107
Summary:
RTasarim WebAdmin is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
61. Gallery Main.PHP Directory Traversal Vulnerability
BugTraq ID: 15108
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15108
Summary:
Gallery is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
Exploitation of this vulnerability could lead to a loss of confidentiality. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
62. Trust Digital Trusted Mobility Suite Authentication Bypass Vulnerability
BugTraq ID: 15109
Remote: No
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15109
Summary:
Trusted Mobility Suite is prone to an authentication bypass vulnerability.
Exploitation of this vulnerability effectively bypasses any policy in place with regards to the currently connected handheld device.
63. W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities
BugTraq ID: 15110
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15110
Summary:
W-Agora is prone to multiple PHP code injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A remote attacker can exploit these vulnerability to upload or inject arbitrary PHP code to the application and execute it in the context of the Web server process.
64. Complete PHP Counter SQL Injection Vulnerability
BugTraq ID: 15111
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15111
Summary:
Complete PHP Counter is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
65. Complete PHP Counter Cross-Site Scripting Vulnerability
BugTraq ID: 15112
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15112
Summary:
Complete PHP Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
66. SPE Insecure File Permissions Vulnerability
BugTraq ID: 15113
Remote: No
Date Published: 2005-10-15
Relevant URL: http://www.securityfocus.com/bid/15113
Summary:
SPE is prone to a vulnerability regarding insecure file permissions. This issue is due to an error in the application during install.
A local attacker can exploit this vulnerability to execute arbitrary code in the context of the user utilizing the vulnerable application.
67. PunBB Search.PHP SQL Injection Vulnerability
BugTraq ID: 15114
Remote: Yes
Date Published: 2005-10-15
Relevant URL: http://www.securityfocus.com/bid/15114
Summary:
PunBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Worm worries don't wait for Windows exploits
By: Robert Lemos
Security researchers disagree over whether a recently announced flaw in Microsoft Windows will likely become food for an Internet worm.
http://www.securityfocus.com/news/11346
2. Arrests unlikely to impact bot net threat, say experts
By: Robert Lemos
The recent arrests of three men in The Netherlands who allegedly controlled a network of more than 100,000 compromised computers will not likely curtail the criminal economy surrounding bot nets.
http://www.securityfocus.com/news/11344
3. Fingerprint payments taking off despite security concerns
By: Robert Lemos
Consumers may be able to leave their wallets behind in the near future, but security and privacy experts worry that pay-by-fingerprint schemes could lead to hard-to-combat identity fraud and greater threats to civil rights.
http://www.securityfocus.com/news/11339
4. E-voting experts call for revised security guidelines
By: Robert Lemos
A federally funded group of voting technology experts call on the United States' Election Assistance Commission to revamp its process for evaluating the security of election systems.
http://www.securityfocus.com/news/11336
5. Say hello to the Skype Trojan
By: John Leyden
Virus writers are targeting Skype users with a new Trojan that poses as the latest version of the popular VoIP software.
http://www.securityfocus.com/news/11348
6. Shared music abuse bug hits iTunes
By: John Leyden
Security researchers have discovered a vulnerability in Apple's popular iTunes application which might be exploited to interfere with shared music downloads.
http://www.securityfocus.com/news/11347
7. US cybersecurity all at sea
By: John Leyden
US cybersecurity risks are being poorly managed by the Department of Homeland Security, according to a former US presidential information security advisor.
http://www.securityfocus.com/news/11345
8. Worm fears over MS October patch batch
By: John Leyden
Microsoft's patch train rolled into town on Tuesday carrying a cargo of nine updates.
http://www.securityfocus.com/news/11342
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Representative, Washington, D.C.
http://www.securityfocus.com/archive/77/413694
2. [SJ-JOB] Jr. Security Analyst, London
http://www.securityfocus.com/archive/77/413693
3. [SJ-JOB] Security Engineer, Washington D.C.
http://www.securityfocus.com/archive/77/413697
4. [SJ-JOB] Security System Administrator, London
http://www.securityfocus.com/archive/77/413698
5. [SJ-JOB] Information Assurance Analyst, Rosslyn, VA (near DC)
http://www.securityfocus.com/archive/77/413695
6. [SJ-JOB] Security Consultant, Luxembourg
http://www.securityfocus.com/archive/77/413686
7. [SJ-JOB] Manager, Information Security, london
http://www.securityfocus.com/archive/77/413687
8. [SJ-JOB] Security Architect, london
http://www.securityfocus.com/archive/77/413684
9. [SJ-JOB] Auditor, New York
http://www.securityfocus.com/archive/77/413685
10. [SJ-JOB] Information Assurance Engineer, Washington
http://www.securityfocus.com/archive/77/413683
11. [SJ-JOB] Security Engineer, San Francisco
http://www.securityfocus.com/archive/77/413680
12. [SJ-JOB] Security Engineer, San Diego
http://www.securityfocus.com/archive/77/413682
13. [SJ-JOB] Security Architect, San Antonio
http://www.securityfocus.com/archive/77/413679
14. [SJ-JOB] Security Architect, San Antonio
http://www.securityfocus.com/archive/77/413681
15. [SJ-JOB] Sr. Security Analyst, Davidson
http://www.securityfocus.com/archive/77/413678
16. [SJ-JOB] Information Assurance Engineer, Washington Navy Yard
http://www.securityfocus.com/archive/77/413676
17. [SJ-JOB] Information Assurance Engineer, Reston
http://www.securityfocus.com/archive/77/413677
18. [SJ-JOB] Sales Representative, Seattle
http://www.securityfocus.com/archive/77/413674
19. [SJ-JOB] Security Consultant, London + UK wide
http://www.securityfocus.com/archive/77/413675
20. [SJ-JOB] Developer, Milpitas
http://www.securityfocus.com/archive/77/413672
21. [SJ-JOB] Sales Representative, Crystal Lake
http://www.securityfocus.com/archive/77/413613
22. [SJ-JOB] Developer, Milpitas
http://www.securityfocus.com/archive/77/413612
23. [SJ-JOB] Sales Engineer, Vienna
http://www.securityfocus.com/archive/77/413609
24. [SJ-JOB] Application Security Engineer, Vienna
http://www.securityfocus.com/archive/77/413610
25. [SJ-JOB] Quality Assurance, Milpitas
http://www.securityfocus.com/archive/77/413611
26. [SJ-JOB] Channel / Business Development, Cupertino
http://www.securityfocus.com/archive/77/413608
27. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/413566
28. [SJ-JOB] Account Manager, Atlanta
http://www.securityfocus.com/archive/77/413569
29. [SJ-JOB] Security Consultant, Remote working
http://www.securityfocus.com/archive/77/413567
30. [SJ-JOB] Technical Marketing Engineer, Cupertino
http://www.securityfocus.com/archive/77/413568
31. [SJ-JOB] Sales Representative, Chicago
http://www.securityfocus.com/archive/77/413565
32. [SJ-JOB] Security Product Marketing Manager, Santa Clara
http://www.securityfocus.com/archive/77/413552
33. [SJ-JOB] Security Consultant, Vashi, Navi Mumbai
http://www.securityfocus.com/archive/77/413553
34. [SJ-JOB] Security Engineer, Brussels
http://www.securityfocus.com/archive/77/413550
35. [SJ-JOB] Security Product Marketing Manager, Santa clara
http://www.securityfocus.com/archive/77/413554
36. [SJ-JOB] Technical Marketing Engineer, Belmont
http://www.securityfocus.com/archive/77/413551
37. [SJ-JOB] Security Product Marketing Manager, Belmont
http://www.securityfocus.com/archive/77/413493
38. [SJ-JOB] Security Product Marketing Manager, Belmont
http://www.securityfocus.com/archive/77/413494
39. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/413492
40. [SJ-JOB] Security Product Manager, Santa Clara
http://www.securityfocus.com/archive/77/413490
41. [SJ-JOB] Director, Information Security, London
http://www.securityfocus.com/archive/77/413491
42. [SJ-JOB] Director, Information Security, washington, reston
http://www.securityfocus.com/archive/77/413485
43. [SJ-JOB] Sr. Security Analyst, Arlington
http://www.securityfocus.com/archive/77/413487
44. [SJ-JOB] Security Engineer, Providence
http://www.securityfocus.com/archive/77/413489
45. [SJ-JOB] Management, Washington
http://www.securityfocus.com/archive/77/413486
46. [SJ-JOB] Sales Engineer, Reston
http://www.securityfocus.com/archive/77/413488
47. [SJ-JOB] Security Engineer, Herndon
http://www.securityfocus.com/archive/77/413450
48. [SJ-JOB] Sr. Security Analyst, Arlington
http://www.securityfocus.com/archive/77/413449
49. [SJ-JOB] Sr. Security Analyst, Ft. Lauderdale
http://www.securityfocus.com/archive/77/413451
50. [SJ-JOB] Security Consultant, Minneapolis / St. Paul
http://www.securityfocus.com/archive/77/413447
51. [SJ-JOB] Manager, Information Security, Arlington
http://www.securityfocus.com/archive/77/413448
52. [SJ-JOB] Application Security Engineer, Calgary
http://www.securityfocus.com/archive/77/413463
53. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/413464
54. [SJ-JOB] Security Researcher, Chicago
http://www.securityfocus.com/archive/77/413465
55. [SJ-JOB] Application Security Architect, Calgary
http://www.securityfocus.com/archive/77/413453
56. [SJ-JOB] Manager, Information Security, Chicago
http://www.securityfocus.com/archive/77/413454
57. [SJ-JOB] Account Manager, Washington D.C.
http://www.securityfocus.com/archive/77/413295
58. [SJ-JOB] Security Consultant, NY
http://www.securityfocus.com/archive/77/413296
59. [SJ-JOB] Security Consultant, Miami
http://www.securityfocus.com/archive/77/413336
60. [SJ-JOB] Sales Engineer, Ambler
http://www.securityfocus.com/archive/77/413293
61. [SJ-JOB] Sales Engineer, New York CIty
http://www.securityfocus.com/archive/77/413342
62. [SJ-JOB] Sr. Security Engineer, Mountain View
http://www.securityfocus.com/archive/77/413169
63. [SJ-JOB] Sr. Security Analyst, San Diego
http://www.securityfocus.com/archive/77/413170
64. [SJ-JOB] Sales Representative, Boston
http://www.securityfocus.com/archive/77/413167
65. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/413171
66. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/413168
67. [SJ-JOB] Sr. Security Engineer, Buckinghamshire
http://www.securityfocus.com/archive/77/413150
68. [SJ-JOB] CHECK Team Leader, london
http://www.securityfocus.com/archive/77/413153
69. [SJ-JOB] Application Security Architect, london
http://www.securityfocus.com/archive/77/413149
70. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/413151
71. [SJ-JOB] Jr. Security Analyst, San Diego
http://www.securityfocus.com/archive/77/413123
72. [SJ-JOB] Account Manager, Sterling
http://www.securityfocus.com/archive/77/413125
73. [SJ-JOB] Security Researcher, San Diego
http://www.securityfocus.com/archive/77/413121
74. [SJ-JOB] Sr. Product Manager, San Diego
http://www.securityfocus.com/archive/77/413122
75. [SJ-JOB] Sr. Security Engineer, Detroit
http://www.securityfocus.com/archive/77/413124
76. [SJ-JOB] Security Engineer, Austin
http://www.securityfocus.com/archive/77/413105
77. [SJ-JOB] Security Consultant, Flanders
http://www.securityfocus.com/archive/77/413103
78. [SJ-JOB] Sr. Security Analyst, Columbus
http://www.securityfocus.com/archive/77/413104
79. [SJ-JOB] Security Engineer, Denver
http://www.securityfocus.com/archive/77/413102
80. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/413097
81. [SJ-JOB] Sr. Security Analyst, Richmond
http://www.securityfocus.com/archive/77/413101
82. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/413098
83. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/413099
84. [SJ-JOB] Customer Support, Boston
http://www.securityfocus.com/archive/77/413100
85. [SJ-JOB] Auditor, San Francisco and LA
http://www.securityfocus.com/archive/77/413096
V. INCIDENTS LIST SUMMARY
---------------------------
1. Strange attack question - seems udp
http://www.securityfocus.com/archive/75/413544
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Solaris sparc newbie exploit coding misc questions
http://www.securityfocus.com/archive/82/413246
2. [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow
http://www.securityfocus.com/archive/82/413245
3. [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/82/413244
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Auditing Options
http://www.securityfocus.com/archive/88/413156
2. SecurityFocus Microsoft Newsletter #260
http://www.securityfocus.com/archive/88/413116
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. NEW MAILING LISTS
-----------------------------
1. Binary Analysis
http://securityfocus.com/archive/138
2. Crypto
http://securityfocus.com/archive/140
3. Phishing & BotNets
http://securityfocus.com/archive/135
4. Real Cases
http://securityfocus.com/archive/136
5. Wireless Security
http://securityfocus.com/archive/137
XI. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XII. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Solsoft
RUNNING A CISCO ENVIRONMENT? TRY FIREWALL MANAGER
Solsoft Firewall Manager is the SMB version of the flagship Solsoft security management platform.
Affordable, it is ideal to manage complex environments between 5 and 25 security devices.
Security policies can be designed and deployed on CISCO ASA, PIX, FWSM, IOS, VPN3000 as well as Check Point, Linux or Juniper devices.
DON'T WAIT, DOWNLOAD YOUR FREE TRIAL VERSION TODAY!
http://www.solsoft.com/security/sfm_securityfocus
[ reply ]