ALERT: "How A Hacker Launches A Web Application Attack!"- White Paper
Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. All undetectable by Firewalls and IDS! Download *FREE* white paper from SPI Dynamics for a complete guide to protection!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Sony-baloney
2. Windows rootkits in 2005, part two
II. BUGTRAQ SUMMARY
1. Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
2. Juniper Networks Routers ISAKMP IKE Traffic Multiple Unspecified Vulnerabilities
3. Secgo Software Crypto IP Gateway/Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
4. Help Center Live Module.PHP Local File Include Vulnerability
5. Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
6. XOOPS Multiple Input Validation Vulnerabilities
7. Cisco Adaptive Security Applicance Failover Testing Denial of Service Weakness
8. GNU Mailman Attachment Scrubber UTF8 Filename Denial Of Service Vulnerability
9. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
10. Wizz Forum Multiple SQL Injection Vulnerabilities
11. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
12. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
13. PHPsysInfo Multiple Input Validation Vulnerabilities
14. Peel rubid Parameter SQL Injection Vulnerability
15. Openswan IKE Traffic Denial Of Service Vulnerabilities
16. Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
17. Cyphor Show.PHP SQL Injection Vulnerability
18. Walla TeleSite Multiple Input Validation Vulnerabilities
19. Sun Solaris LibIKE IKE Exchange Denial Of Service Vulnerability
20. PHPNuke Search Module SQL Injection Vulnerability
21. Multiple Vendor Antivirus Products Obscured File Name Scan Evasion Vulnerability
22. MyBulletinBoard Multiple HTML Injection Vulnerabilities
23. Pearl Forums Index.PHP Multiple SQL Injection Vulnerabilities
24. MyBulletinBoard Unspecified Denial Of Service Vulnerability
25. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
26. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
27. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
28. First 4 Internet CodeSupport Uninstallation ActiveX Software Remote Code Execution Vulnerability
29. PADL Software MigtrationTools Insecure Temporary File Creation Vulnerability
30. First 4 Internet XCP-Aurora Unspecified Local Vulnerabilities
31. Pearl Forums Index.PHP Local File Include Vulnerability
32. Macromedia Breeze Communication Server and Live Server RTMP Data Validation Vulnerability
33. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
34. PHPWCMS Multiple Remote File Include Vulnerabilities
35. Macromedia Flash Communication Server MX RTMP Data Validation Vulnerability
36. Macromedia Contribute Publishing Server Insecure Shared Connection Key Encryption Weakness
37. Pollvote File Include Vulnerability
38. PHPWCMS Multiple Cross-Site Scripting Vulnerabilities
39. AlstraSoft Template Seller Pro Remote File Include Vulnerability
40. AlstraSoft Template Seller Pro SQL Injection Vulnerability
41. Ekinboard Title Post HTML Injection Vulnerability
42. Belkin Wireless Routers Remote Authentication Bypass Vulnerability
43. Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability
44. Ekinboard Profile.PHP Cross-Site Scripting Vulnerability
45. Multiple Vendor lpCommandLine Application Path Vulnerability
46. Floosietek FTGate IMAP Server Buffer Overflow Vulnerability
47. Oracle Database Windows XP Simple File Sharing Authentication Bypass Vulnerability
48. IBM Informix Dynamic Server Windows XP Simple File Sharing Authentication Bypass Vulnerability
49. IBM DB2 Windows XP Simple File Sharing Authentication Bypass Vulnerability
50. Cisco 7920 Wireless IP Phone Fixed SNMP Community String Vulnerability
51. Counterpane Password Safe Insecure Encryption Vulnerability
52. Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access Vulnerability
53. FreeFTPD User Command Buffer Overflow Vulnerability
54. AudienceView Error.ASP Cross-Site Scripting Vulnerability
55. Microsoft Windows Plug and Play Denial of Service Vulnerability
56. Mambo Open Source Remote File Include Vulnerability
57. Nortel Switched Firewall IKE Traffic Multiple Unspecified Vulnerabilities
58. Antharia OnContent // CMS Index.PHP SQL Injection Vulnerability
59. PHPWebThings MSG Parameter SQL Injection Vulnerability
60. Unclassified NewsBoard Forum.PHP SQL Injection Vulnerability
61. Arki-DB Index.PHP SQL Injection Vulnerability
62. Multiple Vendor TCP Acknowledgements Remote Denial Of Service Vulnerability
63. Uresk Links Admin Index.PHP Authentication Bypass Vulnerability
64. PHP Easy Download Edit.PHP Authentication Bypass Vulnerability
65. HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Denial Of Service Vulnerability
66. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
67. Pmachine Pro Email This Entry Mail_autocheck.PHP Remote File Include Vulnerability
68. HP-UX IKE Exchange Denial Of Service Vulnerabilities
69. Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access Vulnerability
70. UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities
71. Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities
72. Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability
73. Check Point Firewall-1 and VPN-1 ISAKMP IKE Unspecified Denial of Service Vulnerability
74. Interspire ArticleLive NX Search Module SQL Injection Vulnerability
75. Revize CMS Query_results.JSP SQL Injection Vulnerability
76. Revize CMS Revize.XML Information Disclosure Vulnerability
77. WHM AutoPilot Account Cancellation Access Validation Vulnerability
78. Revize CMS HTTPTranslatorServlet Cross-Site Scripting Vulnerability
79. LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
80. FreeFTPD Multiple Buffer Overflow Vulnerabilities
81. yaSSL Unspecified Certificate Chain Processing Vulnerability
82. Qualcomm Worldmail Server Directory Traversal Vulnerability
83. XMB Forum Member.PHP HTML Injection Vulnerability
84. VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
85. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
86. MailEnable IMAP Mailbox Name Buffer Overflow Vulnerability
87. Magic Winmail Server Multiple Input Validation Vulnerabilities
88. MailEnable IMAP Command Directory Traversal Vulnerability
89. SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed
90. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
91. Hitachi Products Multiple Cross-Site Scripting Vulnerabilities
92. Hitachi Groupmax Mail Unspecified Malformed Email Message Denial Of Service Vulnerability
93. Hitachi Collaboration Schedule Unspecified Denial Of Service Vulnerability
94. PHP-Fusion Options.php and Viewforum.php SQL Injection Vulnerabilities
95. Exponent Content Management System Multiple Improper File Permission Vulnerabilities
96. PHPMyFAQ Multiple Cross-Site Scripting Vulnerabilities
III. SECURITYFOCUS NEWS
1. Texas puts Sony BMG in its sights
2. Sony BMG's copy-protection problems grow
3. Sony BMG faces digital-rights siege
4. Gold at the end of rainbow cracking?
5. Skype under scrutiny for bugs
6. Say hello to the Skype Trojan
7. Shared music abuse bug hits iTunes
8. US cybersecurity all at sea
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Certification & Accreditation Engineer, Stamford
2. [SJ-JOB] Security Consultant, Tempe
3. [SJ-JOB] Management, Foster City
4. [SJ-JOB] Application Security Engineer, New Delhi
5. [SJ-JOB] Jr. Security Analyst, New Delhi
6. [SJ-JOB] Security Engineer, Seattle
7. [SJ-JOB] Security Auditor, San Jose
8. [SJ-JOB] Security Consultant, Schaumburg
9. [SJ-JOB] Security Architect, Atlanta
10. [SJ-JOB] Information Assurance Engineer, Kent
11. [SJ-JOB] Jr. Security Analyst, South Brunswick
12. [SJ-JOB] Application Security Architect, Leicester
13. [SJ-JOB] Information Assurance Engineer, Fairfax
14. [SJ-JOB] Sr. Product Manager, Jakarta
15. [SJ-JOB] VP, Information Security, Baroda
16. [SJ-JOB] Information Assurance Engineer, Fairfax
17. [SJ-JOB] Quality Assurance, Toronto
18. [SJ-JOB] Security System Administrator, Bellevue
19. [SJ-JOB] Technology Risk Consultant, Centreville
20. [SJ-JOB] Account Manager, San Francisco
21. [SJ-JOB] Sales Engineer, New York
22. [SJ-JOB] Application Security Engineer, SF Bay Area
23. [SJ-JOB] VP / Dir / Mgr engineering, Alexandria
24. [SJ-JOB] Security Engineer, San Diego, California
25. [SJ-JOB] Management, Seattle
26. [SJ-JOB] Sr. Security Analyst, Chicago
27. [SJ-JOB] Application Security Engineer, San Francisco
28. [SJ-JOB] Application Security Architect, Minneapolis / St. Paul
29. [SJ-JOB] Training / Awareness Specialist, Tampa
30. [SJ-JOB] Sr. Security Analyst, Toronto
31. [SJ-JOB] Application Security Engineer, Minneapolis / St. Paul
32. [SJ-JOB] Security Consultant, London
33. [SJ-JOB] Security Architect, London
34. [SJ-JOB] Security Architect, London
35. [SJ-JOB] Security Consultant, Surrey
36. [SJ-JOB] Security Consultant, London
37. [SJ-JOB] Account Manager, San Francisco
38. [SJ-JOB] Security Consultant, London
39. [SJ-JOB] Security Consultant, London
40. [SJ-JOB] Security Consultant, London
41. [SJ-JOB] Sales Engineer, San Francisco
42. [SJ-JOB] Information Assurance Analyst, San Antonio
43. [SJ-JOB] Security Consultant, London
44. [SJ-JOB] Jr. Security Analyst, San Antonio
45. [SJ-JOB] Sr. Security Analyst, San Antonio
46. [SJ-JOB] Sr. Security Engineer, Denver
47. [SJ-JOB] Manager, Information Security, Denver
48. [SJ-JOB] Security Engineer, Hillsboro
49. [SJ-JOB] Security Researcher, Bangalore
50. [SJ-JOB] Quality Assurance, New York
51. [SJ-JOB] Security Director, New York
52. [SJ-JOB] Security Researcher, Adelaide
V. INCIDENTS LIST SUMMARY
1. Malware Site
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #266
2. Windows XP Security Guide - Laptop Policy
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Kryptor for Linux released
2. Automatic Password Generator Tools on Unix Platform
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Sony-baloney
By Scott Granneman
The Sony story brings up dozens of questions about where we are headed with DRM issues and security, and what's really at stake.
http://www.securityfocus.com/columnists/370
2. Windows rootkits in 2005, part two
By James Butler, Sherri Sparks
This three-part article series looks at Windows rootkits indepth. Part two focuses on the latest cutting edge rootkit technologies that are used to hide malicious code from security scanners.
http://www.securityfocus.com/infocus/1851
II. BUGTRAQ SUMMARY
--------------------
1. Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15401
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15401
Summary:
Various Cisco IOS, PIX Firewall, Firewall Services Module (FWSM), VPN 3000 Series Concentrator, and MDS Series SanOS releases are prone to denial of service attacks. These issues are due to security flaws in Cisco's IPSec implementation. The vulnerabilities may be triggered by malformed IKE traffic.
Successful attacks will cause most affected devices to restart. For Cisco MDS Series devices, this is limited to causing the IKE process to restart.
2. Juniper Networks Routers ISAKMP IKE Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15402
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15402
Summary:
Various Juniper Networks M, T, J, and E Series Routers are affected by multiple unspecified vulnerabilities. The reported issues include buffer overflows, format strings, and denial of service vulnerabilities.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
3. Secgo Software Crypto IP Gateway/Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15403
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15403
Summary:
Secgo Software Crypto IP Gateway and Client are prone to multiple unspecified vulnerabilities in their IKEv1 implementation. The reported issues include buffer overflows and denial of service vulnerabilities.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
4. Help Center Live Module.PHP Local File Include Vulnerability
BugTraq ID: 15404
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15404
Summary:
Help Center Live is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to disclose sensitive information. This may help with further attacks on the affected computer.
It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.
5. Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15405
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15405
Summary:
Stonesoft StoneGate Firewall and VPN Client are prone to multiple unspecified vulnerabilities in its IKEv1 implementation. Potential issues include denial of service attacks, format strings, and buffer overflows.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
6. XOOPS Multiple Input Validation Vulnerabilities
BugTraq ID: 15406
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15406
Summary:
XOOPS is prone to multiple input validation vulnerabilities.
XOOPS is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input.
XOOPS is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before being used in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data. An attacker may also be able to exploit this vulnerability to execute arbitrary commands.
7. Cisco Adaptive Security Applicance Failover Testing Denial of Service Weakness
BugTraq ID: 15407
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15407
Summary:
Cisco Adaptive Security Appliances are prone to a weakness that may cause a denial of service condition in certain circumstances. This issue is due to insufficient validation of ARP responses.
This issue reportedly affects Cisco ASA devices running 7.0(0), 7.0(2), and 7.0(4). Other versions may also be affected.
8. GNU Mailman Attachment Scrubber UTF8 Filename Denial Of Service Vulnerability
BugTraq ID: 15408
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15408
Summary:
GNU Mailman is prone to denial of service attacks. This issue affects the attachment scrubber utility.
The vulnerability could be triggered by mailing list posts and will impact the availability of mailing lists hosted by the application.
9. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
BugTraq ID: 15409
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15409
Summary:
Horde is prone to an unspecified cross-site scripting vulnerability. This issue is related to how Horde renders error messages.
Successful exploitation could let an attacker inject hostile HTML and script code into the browser session of another user in the context of the site hosting Horde. This could allow for theft of cookie-based authentication credentials or other attacks.
10. Wizz Forum Multiple SQL Injection Vulnerabilities
BugTraq ID: 15410
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15410
Summary:
Wizz Forum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
11. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
BugTraq ID: 15411
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15411
Summary:
PHP cURL and GD are prone to multiple safe_mode and open_basedir restriction bypass vulnerabilities. Successful exploitation could lead to disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.
12. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 15413
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15413
Summary:
PHP on Apache 2 is prone to a restriction bypass vulnerability when calling 'virtual()'. Successful exploitation could lead to disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.
13. PHPsysInfo Multiple Input Validation Vulnerabilities
BugTraq ID: 15414
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15414
Summary:
phpSysinfo is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
phpSysinfo is prone to a local file include vulnerability, an HTTP response splitting vulnerability, and cross-site scripting attacks.
An attacker may exploit these vulnerabilities to access files within the context of the Web server application, poison Web proxy server caches, and execute arbitrary HTML and script code within the context of the victim's Web browser.
Other attacks are also possible.
It should be noted that the cross-site scripting issues are not exploitable on Debian systems.
14. Peel rubid Parameter SQL Injection Vulnerability
BugTraq ID: 15415
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15415
Summary:
Peel is prone to a SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Peel 2.6 and 2.7 are reported to be vulnerable. Other versions may also be affected.
15. Openswan IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15416
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15416
Summary:
Openswan is prone to multiple denial of service vulnerabilities in their ISAKMP implementation.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
The vulnerabilities are believed to affect Openswan 2.x releases prior to 2.4.2.
16. Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
BugTraq ID: 15417
Remote: Unknown
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15417
Summary:
Unspecified Codegrrl applications are prone to a remote arbitrary code execution vulnerability. This is due to a lack of proper sanitization of user-supplied input.
An attacker can exploit this to execute arbitrary code in the context of the Web server process. This may facilitate a compromise of the system; other attacks are also possible.
17. Cyphor Show.PHP SQL Injection Vulnerability
BugTraq ID: 15418
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15418
Summary:
Cyphor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
18. Walla TeleSite Multiple Input Validation Vulnerabilities
BugTraq ID: 15419
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15419
Summary:
Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
Walla TeleSite is prone to information and path disclosure, file enumeration, SQL injection, and cross-site scripting attacks within the context of the victim's Web browser and the affected computer.
Other attacks are also possible.
Walla Telesite version 3.0 is affected; earlier versions are also affected.
19. Sun Solaris LibIKE IKE Exchange Denial Of Service Vulnerability
BugTraq ID: 15420
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15420
Summary:
Sun Solaris is prone to a denial of service vulnerability. This issue exists in the 'libike' IKE implementation and may impact the availability of the 'in.iked' daemon.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to handling of malformed IKEv1 traffic. This may be triggered by a remote privileged user.
20. PHPNuke Search Module SQL Injection Vulnerability
BugTraq ID: 15421
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15421
Summary:
PHPNuke is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
21. Multiple Vendor Antivirus Products Obscured File Name Scan Evasion Vulnerability
BugTraq ID: 15423
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15423
Summary:
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow malicious files to bypass detection.
This issue arises when an affected application processes a file with an obscured file name.
This issue could result in malicious files bypassing detection and allowing them to be opened by a recipient.
Update: Symantec is currently investigating this issue in regards to Symantec products. It is unclear at this time if malicious files may evade scanning, or if the automatic removal feature fails. This BID will be updated as further information is disclosed.
22. MyBulletinBoard Multiple HTML Injection Vulnerabilities
BugTraq ID: 15424
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15424
Summary:
MyBulletinBoard is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit these issues to control how the site is rendered to the user; other attacks are also possible.
23. Pearl Forums Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 15425
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15425
Summary:
Pearl Forums is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
24. MyBulletinBoard Unspecified Denial Of Service Vulnerability
BugTraq ID: 15426
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15426
Summary:
MyBulletinBoard is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to properly sanitize user-supplied input.
Very little information is available on this vulnerability; this BID will be updated as further information becomes available.
25. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
BugTraq ID: 15427
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15427
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue reportedly only occurs when the '-alpha' command line option is utilized.
This issue allows attackers to create malicious PNM files, that when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.
When an application that uses the vulnerable library processes a malformed XPM file, the application will crash, denying service to legitimate users. It may also be possible for the attacker to exploit this issue to execute arbitrary code with the privileges of the application utilizing the vulnerable library.
27. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
BugTraq ID: 15429
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15429
Summary:
gdk-pixbuf and gtk2 are prone to a denial of service vulnerability. This issue occurs when an application utilizing one of the affected libraries handles a malformed XPM image file.
Exploitation could cause an application utilizing a vulnerable library to enter an infinite loop, resulting in a denial of service.
28. First 4 Internet CodeSupport Uninstallation ActiveX Software Remote Code Execution Vulnerability
BugTraq ID: 15430
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15430
Summary:
First 4 Internet CodeSupport is susceptible to a remote code execution vulnerability.
The CodeSupport package can be told to download, and then execute arbitrary content from remote Web sites. As it fails to verify that the source of the remote content is from a trusted source, attackers may utilize it to download and execute malicious code from arbitrary sources, facilitating the remote compromise of targeted computers.
29. PADL Software MigtrationTools Insecure Temporary File Creation Vulnerability
BugTraq ID: 15431
Remote: No
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15431
Summary:
PADL Software MigrationTools creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to obtain sensitive information in the context of the affected computer.
Exploitation would most likely result in loss of confidentiality, data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
MigrationTools version 46 is reported to be affected by this issue. Other versions may also be affected.
30. First 4 Internet XCP-Aurora Unspecified Local Vulnerabilities
BugTraq ID: 15432
Remote: No
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15432
Summary:
Multiple unspecified vulnerabilities are present in the kernel driver contained in the First 4 Internet XCP-Aurora DRM software. As these issues are in a kernel driver, local attackers may exploit these issues to gain SYSTEM level privileges.
One or more of these issues may be buffer overflow-related, as the corruption of kernel memory is stated to occur, allowing arbitrary code execution in the context of the local kernel.
Further details are not currently available. This BID will be updated when more information is available.
31. Pearl Forums Index.PHP Local File Include Vulnerability
BugTraq ID: 15433
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15433
Summary:
Pearl Forums is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to disclose sensitive information. This may help with further attacks on the affected computer.
It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.
32. Macromedia Breeze Communication Server and Live Server RTMP Data Validation Vulnerability
BugTraq ID: 15434
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15434
Summary:
Macromedia Breeze Communication Server and Live Server do not sufficiently validate RTMP data. Successful exploitation could lead to a denial of service condition.
33. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
BugTraq ID: 15435
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15435
Summary:
gdk-pixbuf and gtk2 are prone to a buffer overflow vulnerability.
When an application that utilizes a vulnerable library processes a malformed XPM image file, it results in a heap-based buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the context of the victim user.
34. PHPWCMS Multiple Remote File Include Vulnerabilities
BugTraq ID: 15436
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15436
Summary:
phpwcms is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to disclose sensitive information. This may help with further attacks on the affected computer.
35. Macromedia Flash Communication Server MX RTMP Data Validation Vulnerability
BugTraq ID: 15437
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15437
Summary:
Macromedia Flash Communication Server MX does not sufficiently validate RTMP data. Successful exploitation could lead to a denial of service condition.
36. Macromedia Contribute Publishing Server Insecure Shared Connection Key Encryption Weakness
BugTraq ID: 15438
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15438
Summary:
Macromedia CPS (Contribute Publishing Server) is susceptible to an insecure shared connection key encryption weakness. These shared connection keys are used in shared FTP login credentials.
This issue may allow remote attackers to decrypt the contents of network packets, gaining access to the cleartext contents of authentication credentials, aiding them in further attacks.
Versions prior to 1.11 of Macromedia CPS are susceptible to this issue.
37. Pollvote File Include Vulnerability
BugTraq ID: 15439
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15439
Summary:
Pollvote is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary local and remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
38. PHPWCMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15440
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15440
Summary:
phpwcms is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
39. AlstraSoft Template Seller Pro Remote File Include Vulnerability
BugTraq ID: 15441
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15441
Summary:
Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
40. AlstraSoft Template Seller Pro SQL Injection Vulnerability
BugTraq ID: 15442
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15442
Summary:
Template Seller Pro is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
41. Ekinboard Title Post HTML Injection Vulnerability
BugTraq ID: 15443
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15443
Summary:
Ekinboard is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible
42. Belkin Wireless Routers Remote Authentication Bypass Vulnerability
BugTraq ID: 15444
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15444
Summary:
Certain Belkin wireless routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a flaw in the Web administration interface authentication process.
This issue allows remote attackers to gain administrative access to affected devices.
Belkin F5D7232-4, and F5D7230-4 routers with firmware versions 4.05.03 and 4.03.03 are affected by this issue. Other devices may also be affected due to code reuse among devices.
43. Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability
BugTraq ID: 15446
Remote: No
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15446
Summary:
Apple iTunes 6 for Windows is prone to an arbitrary local code execution vulnerability.
This is due to a design error in which malicious code may be executed in the context of the user running the affected application.
44. Ekinboard Profile.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15447
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15447
Summary:
Ekinboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
45. Multiple Vendor lpCommandLine Application Path Vulnerability
BugTraq ID: 15448
Remote: No
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15448
Summary:
Multiple vendor applications are prone to an arbitrary local code execution vulnerability.
This is due to a design error in which malicious code may be executed in the context of the user running the affected application.
46. Floosietek FTGate IMAP Server Buffer Overflow Vulnerability
BugTraq ID: 15449
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15449
Summary:
Floosietek FTGate is prone to a remote buffer overflow vulnerability in the IMAP server. Successful exploitation could result in a denial of service or execution of arbitrary code.
47. Oracle Database Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15450
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15450
Summary:
Oracle Database is affected by an authentication bypass vulnerability when run on Microsoft Windows XP computers that have Simple File Sharing enabled.
This vulnerability may let attackers compromise the database using the Windows XP Guest account.
The researcher who discovered this issue has not provided a conclusive list of affected Oracle database products. For the time being, all versions that run on Windows XP are assumed to be affected. If contrary information is made available, this BID will be updated accordingly.
48. IBM Informix Dynamic Server Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15451
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15451
Summary:
IBM Informix Dynamic Server (IBM Informix IDS) is affected by an authentication bypass vulnerability when run on Microsoft Windows XP computers that have Simple File Sharing enabled.
This vulnerability may let attackers gain unauthorized access to the database using the Windows XP Guest account.
The researcher who discovered this issue has not provided a conclusive list of affected IBM Informix Dynamic Server products. For the time being, all versions that run on Windows XP are assumed to be affected. If contrary information is made available, this BID will be updated accordingly.
49. IBM DB2 Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15452
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15452
Summary:
IBM DB2 is affected by an authentication bypass vulnerability when run on Microsoft Windows XP computers that have Simple File Sharing enabled.
This vulnerability may let attackers gain unauthorized access to the database using the Windows XP Guest account. This could be exploited with a custom client that will authenticate the attacker as the Guest account.
The researcher who discovered this issue has not provided a conclusive list of affected IBM DB2 products. For the time being, all versions that run on Windows XP are assumed to be affected. If contrary information is made available, this BID will be updated accordingly.
50. Cisco 7920 Wireless IP Phone Fixed SNMP Community String Vulnerability
BugTraq ID: 15454
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15454
Summary:
Cisco 7920 Wireless IP Phone is prone to a fixed default SNMP community string issue. This could allow remote attackers to retrieve and modify the device configuration.
Cisco 7920 Wireless IP Phones running firmware version 1.0(8) and earlier are vulnerable to this issue.
51. Counterpane Password Safe Insecure Encryption Vulnerability
BugTraq ID: 15455
Remote: No
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15455
Summary:
Counterpane Password Safe is susceptible to an insecure encryption vulnerability that allows easier brute force decryption attacks.
Password Safe uses a key-stretching algorithm designed to dramatically slow down brute force password guessing attacks. A random value is encrypted with the Blowfish algorithm one thousand times with a value derived from the password used as the encryption key. In order to brute force attack the Password Safe database, an attacker must follow the same one thousand encryption steps on every password guess. This is done to make brute force attacks much more time and resource intensive, lowering the likelihood of a successful attack.
This vulnerability allows attackers with access to the Password Safe database to employ a brute force password guessing attack against the database much more efficiently that the Password Safe design intended. The data contained in the Password Safe database aids malicious users in further attacks.
52. Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access Vulnerability
BugTraq ID: 15456
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15456
Summary:
Cisco 7920 Wireless IP Phone allows remote debugger connections. Successful exploitation of this vulnerability could allow a remote attacker to obtain debugging information from the device or cause a denial of service.
Cisco 7920 Wireless IP Phones running firmware version 2.0 and earlier are vulnerable to this issue.
53. FreeFTPD User Command Buffer Overflow Vulnerability
BugTraq ID: 15457
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15457
Summary:
freeFTPd is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before storing it in a finite sized buffer.
An attacker can exploit this issue to crash the server, denying service to legitimate users. Arbitrary code execution with SYSTEM privileges may also be possible.
54. AudienceView Error.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 15459
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15459
Summary:
AudienceView is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
55. Microsoft Windows Plug and Play Denial of Service Vulnerability
BugTraq ID: 15460
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15460
Summary:
Microsoft Windows Plug and Play service is prone to a denial of service condition. This issue is caused by a malformed request to the service that causes virtual memory consumption.
On Windows XP, a remote attacker must authenticate over RPC to exploit this issue using the originally described attack vector.
Update: A reliable source has indicated that this issue is anonymously exploitable via named pipes or other MSRPC calls on Microsoft Windows XP SP2. This issue may be exploited by differing attack vectors than originally described by Microsoft.
56. Mambo Open Source Remote File Include Vulnerability
BugTraq ID: 15461
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15461
Summary:
Mambo is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Update: Reportedly, this issue is being actively exploited in the wild; multiple Web sites have been defaced, and the issue described in this BID is being cited as the attackers method of entry.
57. Nortel Switched Firewall IKE Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15462
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15462
Summary:
Nortel Switched Firewall is prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
58. Antharia OnContent // CMS Index.PHP SQL Injection Vulnerability
BugTraq ID: 15464
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15464
Summary:
Antharia OnContent //CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
59. PHPWebThings MSG Parameter SQL Injection Vulnerability
BugTraq ID: 15465
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15465
Summary:
phpWebThings is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
60. Unclassified NewsBoard Forum.PHP SQL Injection Vulnerability
BugTraq ID: 15466
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15466
Summary:
Unclassified NewsBoard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
61. Arki-DB Index.PHP SQL Injection Vulnerability
BugTraq ID: 15467
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15467
Summary:
Arki-DB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
62. Multiple Vendor TCP Acknowledgements Remote Denial Of Service Vulnerability
BugTraq ID: 15468
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15468
Summary:
Multiple vendors are susceptible to a remote TCP acknowledgement denial of service vulnerability.
This issue presents itself when the remote peer forges acknowledgment packets prior to actually receiving packets from the sending host. As soon as the server receives an acknowledgment for a packet that has been sent, it assumes that the client has received it. These acknowledgment packets influence the servers congestion control mechanism.
This vulnerability allows remote attackers to consume excessive network resources, denying network service to legitimate users.
This issue exists in the TCP protocol specification as defined by RFC 793. However, it is likely that a number of specific vendor implementations will also be affected. This BID will be updated as individual implementations of the protocol are reported to be affected.
63. Uresk Links Admin Index.PHP Authentication Bypass Vulnerability
BugTraq ID: 15469
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15469
Summary:
Uresk Links is prone to an authentication bypass vulnerability.
An attacker can exploit this vulnerability to gain administrative access to the affected application.
64. PHP Easy Download Edit.PHP Authentication Bypass Vulnerability
BugTraq ID: 15470
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15470
Summary:
PHP Easy Download is prone to an authentication bypass vulnerability.
An attacker can exploit this vulnerability to gain administrative access to the affected application.
65. HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Denial Of Service Vulnerability
BugTraq ID: 15471
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15471
Summary:
HP Jetdirect 635n IPv6/IPsec Print Server is prone to a denial of service vulnerability. This issue is due to a security flaw in HP's IPSec implementation. This vulnerability may be triggered by malformed IKE traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic.
66. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
BugTraq ID: 15472
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15472
Summary:
A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.
This vulnerability would most likely be exploited through HTML e-mail, though other attack vectors exist such as HTML injection attacks in third-party Web applications.
67. Pmachine Pro Email This Entry Mail_autocheck.PHP Remote File Include Vulnerability
BugTraq ID: 15473
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15473
Summary:
Pmachine Pro Email This Entry is prone to a remote file include vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
68. HP-UX IKE Exchange Denial Of Service Vulnerabilities
BugTraq ID: 15474
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15474
Summary:
HP-UX is prone to denial of service vulnerabilities. These issues are due to security flaws in HP's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic.
69. Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access Vulnerability
BugTraq ID: 15475
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15475
Summary:
Senao SI-680H VOIP WIFI Phone allows remote debugger connections. Successful exploitation of this vulnerability could allow a remote attacker to obtain debugging information from the device or cause a denial of service.
Senao SI-680H VOIP WIFI Phones running firmware version 0.03.0839 is prone to this issue. Other versions may also be vulnerable.
70. UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities
BugTraq ID: 15476
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15476
Summary:
UTStarcom F1000 VOIP WIFI Phone is prone to multiple remote access vulnerabilities. These issues allow remote attackers to gain remote administrative access to affected devices.
UTStarcom F1000 VOIP WIFI Phone with software version s2.0, firmware version 5.5.1 is affected by these issues. Other versions and devices may also be affected.
71. Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities
BugTraq ID: 15477
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15477
Summary:
WirelessIP5000 is prone to multiple unauthorized access vulnerabilities.
An attacker can exploit these issues to disclose sensitive or privileged information, alter device configuration settings, and deny service to legitimate users.
72. Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability
BugTraq ID: 15478
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15478
Summary:
The Zyxel P2000W v.1 VOIP WIFI Phone is prone to an information disclosure vulnerability.
Sensitive information may be disclosed to attackers, and could be useful in further attacks. Informataion obtained may aid an attacker to perform denial of service attacks.
73. Check Point Firewall-1 and VPN-1 ISAKMP IKE Unspecified Denial of Service Vulnerability
BugTraq ID: 15479
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15479
Summary:
Check Point Firewall-1 and VPN-1 are prone to denial of service attacks due to unspecified vulnerabilities in the IPSec implementation. The vulnerabilities may be triggered by malformed IKE traffic.
74. Interspire ArticleLive NX Search Module SQL Injection Vulnerability
BugTraq ID: 15480
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15480
Summary:
ArticleLive NX is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
75. Revize CMS Query_results.JSP SQL Injection Vulnerability
BugTraq ID: 15481
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15481
Summary:
Revize CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Other scripts may also be vulnerable.
76. Revize CMS Revize.XML Information Disclosure Vulnerability
BugTraq ID: 15482
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15482
Summary:
Revize CMS is prone to an information disclosure vulnerability. This issue is due to a failure in the application to restrict access to sensitive files.
An attacker can exploit this vulnerability to retrieve sensitive information. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
77. WHM AutoPilot Account Cancellation Access Validation Vulnerability
BugTraq ID: 15483
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15483
Summary:
WHM AutoPilot is a commercial script designed to aid in the administration of Web-hosting environments.
WHM AutoPilot is susceptible to an account cancellation access validation vulnerability. This issue is due to a failure of the application to ensure that cancellation requests from users are performed only by authorized users.
This vulnerability allows attackers to issue cancellation requests for arbitrary users, potentially causing a denial of service situation as targeted Web hosting accounts are inadvertently disabled.
Versions 2.5.20 and prior are affected by this issue.
78. Revize CMS HTTPTranslatorServlet Cross-Site Scripting Vulnerability
BugTraq ID: 15484
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15484
Summary:
Revize CMS is prone to a cross-site scripting vulnerabilities. This is due to a lack of proper sanitization of user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
79. LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
BugTraq ID: 15485
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15485
Summary:
LiteSpeed Web Server is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
80. FreeFTPD Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 15486
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15486
Summary:
freeFTPd is prone to multiple buffer overflow vulnerabilities. These issues are due to a failure in the application to do proper bounds checking on user-supplied data before storing it in finite sized buffers.
An attacker can exploit these issues to crash the server, denying service to legitimate users. Arbitrary code execution with SYSTEM privileges may also be possible.
81. yaSSL Unspecified Certificate Chain Processing Vulnerability
BugTraq ID: 15487
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15487
Summary:
yaSSL is susceptible to an unspecified certificate chain processing vulnerability. No further details regarding this issue are currently available.
This issue may allow improper certificates to be used when authenticating connections. An attacker may use forged certificates to carry out various attacks.
It is conjectured that a malicious Web site could take advantage of this by posing as a trusted Web site in phishing style attacks. This could lead to users taking actions such as authenticating or submitting sensitive or private information.
Further information about this issue and its impacts are not currently available. This BID will be updated as further information becomes available.
82. Qualcomm Worldmail Server Directory Traversal Vulnerability
BugTraq ID: 15488
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15488
Summary:
Qualcomm Worldmail server is prone to a directory traversal vulnerability.
Successful exploitation could allow an attacker to gain access to files owned by other users of the application.
Sensitive information may be obtained and modified in this manner.
Worldmail server version 3.0 is vulnerable; other versions may also be affected.
83. XMB Forum Member.PHP HTML Injection Vulnerability
BugTraq ID: 15489
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15489
Summary:
XMB Forum is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
84. VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
BugTraq ID: 15490
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15490
Summary:
VP-ASP Shopping Cart is prone to an HTML injection vulnerability. This is due to a lack of proper validation of user-supplied input before being used in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
85. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
BugTraq ID: 15491
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15491
Summary:
Novell NetMail is prone to a buffer overflow vulnerability in an unspecified IMAP command. Successful exploitation may result in a denial of service or arbitrary code execution.
This issue exists in NetMail 3.52D, however, earlier versions may also be vulnerable.
Details regarding the precise nature of this vulnerability are not currently available. This record will be updated when more information is available.
86. MailEnable IMAP Mailbox Name Buffer Overflow Vulnerability
BugTraq ID: 15492
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15492
Summary:
MailEnable is prone to a buffer overflow vulnerability in multiple IMAP commands. The issue is due to improper bounds checking on the mailbox name argument supplied to various commands.
This issue is reported to affect MailEnable Professional 1.6 with Hotfix MEIMAPS-UPD0511010000.zip and MailEnable Enterprise 1.1 with Hotfix MEIMAPS-UPD0511010000.zip. Other versions may also be vulnerable.
87. Magic Winmail Server Multiple Input Validation Vulnerabilities
BugTraq ID: 15493
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15493
Summary:
Magic Winmail Server is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Magic Winmail Server is prone to cross-site scripting, HTML injection and directory traversal vulnerabilities.
88. MailEnable IMAP Command Directory Traversal Vulnerability
BugTraq ID: 15494
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15494
Summary:
MailEnable is prone to a directory traversal vulnerability when processing certain IMAP commands. Successful exploitation could allow data corruption.
This issue is reported to affect MailEnable Professional 1.6 with Hotfix MEIMAPS-UPD0511010000.zip and MailEnable Enterprise 1.1 with Hotfix MEIMAPS-UPD0511010000.zip. Other versions may also be vulnerable.
89. SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed
BugTraq ID: 15495
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15495
Summary:
Updates for the SCO OpenServer Mozilla Web browser have been released, addressing multiple security vulnerabilities and weaknesses.
This release fixes a number of bugs, including some security vulnerabilities and weaknesses.
Many of the bugs that have been fixed in this maintenance pack may have a security impact that may be exploited by a local or remote attacker. Possible consequences include denial of service, spoofing, gaining knowledge of potentially sensitive information, conducting cross-site scripting attacks, bypassing certain security restrictions, manipulating certain data, or compromising a user's system and gaining local privilege escalation.
90. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
BugTraq ID: 15496
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15496
Summary:
GNU gnump3d is prone to a directory traversal vulnerability.
Very little information is available on this issue. It is conjectured an attacker can exploit this vulnerability to retrieve or corrupt arbitrary files, this may aid in further attacks against the underlying system; other attacks are also possible.
91. Hitachi Products Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15498
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15498
Summary:
Hitachi Collaboration Schedule and Collaboration Calendar are prone to multiple unspecified cross-site scripting vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
92. Hitachi Groupmax Mail Unspecified Malformed Email Message Denial Of Service Vulnerability
BugTraq ID: 15499
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15499
Summary:
Hitachi Groupmax Mail is prone to an unspecified denial of service vulnerability while processing malformed email.
This issue allows remote attackers to crash affected mail servers, denying service to legitimate users.
Further information is not currently available; this BID will be updated as new information is disclosed.
93. Hitachi Collaboration Schedule Unspecified Denial Of Service Vulnerability
BugTraq ID: 15500
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15500
Summary:
Hitachi Collaboration Schedule is prone to a denial of service vulnerability.
This vulnerability may be triggered by multiple invalid requests sent to the schedule.
No further details have been provided.
94. PHP-Fusion Options.php and Viewforum.php SQL Injection Vulnerabilities
BugTraq ID: 15502
Remote: Yes
Date Published: 2005-11-19
Relevant URL: http://www.securityfocus.com/bid/15502
Summary:
PHP-Fusion is prone to SQL injection vulnerabilities in multiple PHP scripts. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
95. Exponent Content Management System Multiple Improper File Permission Vulnerabilities
BugTraq ID: 15503
Remote: Yes
Date Published: 2005-11-19
Relevant URL: http://www.securityfocus.com/bid/15503
Summary:
Exponent Content Management System is prone to multiple vulnerabilities. These issues exist because file permissions on user files are incorrectly set.
These vulnerabilities could lead to information disclosure or script execution in the context of the vulnerable Web site.
96. PHPMyFAQ Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15504
Remote: Yes
Date Published: 2005-11-19
Relevant URL: http://www.securityfocus.com/bid/15504
Summary:
phpMyFAQ is prone to multiple cross-site scripting vulnerabilities in various parameters of the Add Content page.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. Exploitation of these vulnerabilities may facilitate the
theft of cookie-based authentication credentials as well as other attacks.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Texas puts Sony BMG in its sights
By: Robert Lemos
UPDATE: The Attorney General for Texas announces the state is suing Sony BMG, calling the company's copy-protection technology "illegal spyware." The EFF files a lawsuit on the same day.
http://www.securityfocus.com/news/11358
2. Sony BMG's copy-protection problems grow
By: Robert Lemos
As researchers find more security issues with the music giant's protection software and legislators criticize overly broad restrictions on digital media, Sony BMG decides to pull CDs from stores, release a better removal tool and offer consumers the ability to return the discs.
http://www.securityfocus.com/news/11357
3. Sony BMG faces digital-rights siege
By: Robert Lemos
As virus writers explore Sony BMG's "rootkit," consumer and security complaints against the content company have gained legal backing, with at least five cases filed or ready to be filed against the music giant.
http://www.securityfocus.com/news/11356
4. Gold at the end of rainbow cracking?
By: Robert Lemos
Large tables of password hashes can make cracking weak logon credentials a snap. Some enterprising people think there may be a business in putting the tables online.
http://www.securityfocus.com/news/11355
5. Skype under scrutiny for bugs
By: John Leyden
The recent emergence of two sets of serious security vulnerabilities in Skype, the popular VoIP communications software app, couldn't have come at a worse time for the firm.
http://www.securityfocus.com/news/11354
6. Say hello to the Skype Trojan
By: John Leyden
Virus writers are targeting Skype users with a new Trojan that poses as the latest version of the popular VoIP software.
http://www.securityfocus.com/news/11348
7. Shared music abuse bug hits iTunes
By: John Leyden
Security researchers have discovered a vulnerability in Apple's popular iTunes application which might be exploited to interfere with shared music downloads.
http://www.securityfocus.com/news/11347
8. US cybersecurity all at sea
By: John Leyden
US cybersecurity risks are being poorly managed by the Department of Homeland Security, according to a former US presidential information security advisor.
http://www.securityfocus.com/news/11345
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Certification & Accreditation Engineer, Stamford
http://www.securityfocus.com/archive/77/417543
V. INCIDENTS LIST SUMMARY
---------------------------
1. Malware Site
http://www.securityfocus.com/archive/75/417497
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #266
http://www.securityfocus.com/archive/88/417574
2. Windows XP Security Guide - Laptop Policy
http://www.securityfocus.com/archive/88/417573
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Kryptor for Linux released
http://www.securityfocus.com/archive/91/417236
2. Automatic Password Generator Tools on Unix Platform
http://www.securityfocus.com/archive/91/417235
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!"- White Paper
Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. All undetectable by Firewalls and IDS! Download *FREE* white paper from SPI Dynamics for a complete guide to protection!
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!"- White Paper
Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. All undetectable by Firewalls and IDS! Download *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=7013000000035V
1
------------------------------------------------------------------
I. FRONT AND CENTER
1. Sony-baloney
2. Windows rootkits in 2005, part two
II. BUGTRAQ SUMMARY
1. Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
2. Juniper Networks Routers ISAKMP IKE Traffic Multiple Unspecified Vulnerabilities
3. Secgo Software Crypto IP Gateway/Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
4. Help Center Live Module.PHP Local File Include Vulnerability
5. Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
6. XOOPS Multiple Input Validation Vulnerabilities
7. Cisco Adaptive Security Applicance Failover Testing Denial of Service Weakness
8. GNU Mailman Attachment Scrubber UTF8 Filename Denial Of Service Vulnerability
9. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
10. Wizz Forum Multiple SQL Injection Vulnerabilities
11. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
12. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
13. PHPsysInfo Multiple Input Validation Vulnerabilities
14. Peel rubid Parameter SQL Injection Vulnerability
15. Openswan IKE Traffic Denial Of Service Vulnerabilities
16. Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
17. Cyphor Show.PHP SQL Injection Vulnerability
18. Walla TeleSite Multiple Input Validation Vulnerabilities
19. Sun Solaris LibIKE IKE Exchange Denial Of Service Vulnerability
20. PHPNuke Search Module SQL Injection Vulnerability
21. Multiple Vendor Antivirus Products Obscured File Name Scan Evasion Vulnerability
22. MyBulletinBoard Multiple HTML Injection Vulnerabilities
23. Pearl Forums Index.PHP Multiple SQL Injection Vulnerabilities
24. MyBulletinBoard Unspecified Denial Of Service Vulnerability
25. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
26. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
27. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
28. First 4 Internet CodeSupport Uninstallation ActiveX Software Remote Code Execution Vulnerability
29. PADL Software MigtrationTools Insecure Temporary File Creation Vulnerability
30. First 4 Internet XCP-Aurora Unspecified Local Vulnerabilities
31. Pearl Forums Index.PHP Local File Include Vulnerability
32. Macromedia Breeze Communication Server and Live Server RTMP Data Validation Vulnerability
33. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
34. PHPWCMS Multiple Remote File Include Vulnerabilities
35. Macromedia Flash Communication Server MX RTMP Data Validation Vulnerability
36. Macromedia Contribute Publishing Server Insecure Shared Connection Key Encryption Weakness
37. Pollvote File Include Vulnerability
38. PHPWCMS Multiple Cross-Site Scripting Vulnerabilities
39. AlstraSoft Template Seller Pro Remote File Include Vulnerability
40. AlstraSoft Template Seller Pro SQL Injection Vulnerability
41. Ekinboard Title Post HTML Injection Vulnerability
42. Belkin Wireless Routers Remote Authentication Bypass Vulnerability
43. Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability
44. Ekinboard Profile.PHP Cross-Site Scripting Vulnerability
45. Multiple Vendor lpCommandLine Application Path Vulnerability
46. Floosietek FTGate IMAP Server Buffer Overflow Vulnerability
47. Oracle Database Windows XP Simple File Sharing Authentication Bypass Vulnerability
48. IBM Informix Dynamic Server Windows XP Simple File Sharing Authentication Bypass Vulnerability
49. IBM DB2 Windows XP Simple File Sharing Authentication Bypass Vulnerability
50. Cisco 7920 Wireless IP Phone Fixed SNMP Community String Vulnerability
51. Counterpane Password Safe Insecure Encryption Vulnerability
52. Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access Vulnerability
53. FreeFTPD User Command Buffer Overflow Vulnerability
54. AudienceView Error.ASP Cross-Site Scripting Vulnerability
55. Microsoft Windows Plug and Play Denial of Service Vulnerability
56. Mambo Open Source Remote File Include Vulnerability
57. Nortel Switched Firewall IKE Traffic Multiple Unspecified Vulnerabilities
58. Antharia OnContent // CMS Index.PHP SQL Injection Vulnerability
59. PHPWebThings MSG Parameter SQL Injection Vulnerability
60. Unclassified NewsBoard Forum.PHP SQL Injection Vulnerability
61. Arki-DB Index.PHP SQL Injection Vulnerability
62. Multiple Vendor TCP Acknowledgements Remote Denial Of Service Vulnerability
63. Uresk Links Admin Index.PHP Authentication Bypass Vulnerability
64. PHP Easy Download Edit.PHP Authentication Bypass Vulnerability
65. HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Denial Of Service Vulnerability
66. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
67. Pmachine Pro Email This Entry Mail_autocheck.PHP Remote File Include Vulnerability
68. HP-UX IKE Exchange Denial Of Service Vulnerabilities
69. Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access Vulnerability
70. UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities
71. Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities
72. Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability
73. Check Point Firewall-1 and VPN-1 ISAKMP IKE Unspecified Denial of Service Vulnerability
74. Interspire ArticleLive NX Search Module SQL Injection Vulnerability
75. Revize CMS Query_results.JSP SQL Injection Vulnerability
76. Revize CMS Revize.XML Information Disclosure Vulnerability
77. WHM AutoPilot Account Cancellation Access Validation Vulnerability
78. Revize CMS HTTPTranslatorServlet Cross-Site Scripting Vulnerability
79. LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
80. FreeFTPD Multiple Buffer Overflow Vulnerabilities
81. yaSSL Unspecified Certificate Chain Processing Vulnerability
82. Qualcomm Worldmail Server Directory Traversal Vulnerability
83. XMB Forum Member.PHP HTML Injection Vulnerability
84. VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
85. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
86. MailEnable IMAP Mailbox Name Buffer Overflow Vulnerability
87. Magic Winmail Server Multiple Input Validation Vulnerabilities
88. MailEnable IMAP Command Directory Traversal Vulnerability
89. SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed
90. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
91. Hitachi Products Multiple Cross-Site Scripting Vulnerabilities
92. Hitachi Groupmax Mail Unspecified Malformed Email Message Denial Of Service Vulnerability
93. Hitachi Collaboration Schedule Unspecified Denial Of Service Vulnerability
94. PHP-Fusion Options.php and Viewforum.php SQL Injection Vulnerabilities
95. Exponent Content Management System Multiple Improper File Permission Vulnerabilities
96. PHPMyFAQ Multiple Cross-Site Scripting Vulnerabilities
III. SECURITYFOCUS NEWS
1. Texas puts Sony BMG in its sights
2. Sony BMG's copy-protection problems grow
3. Sony BMG faces digital-rights siege
4. Gold at the end of rainbow cracking?
5. Skype under scrutiny for bugs
6. Say hello to the Skype Trojan
7. Shared music abuse bug hits iTunes
8. US cybersecurity all at sea
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Certification & Accreditation Engineer, Stamford
2. [SJ-JOB] Security Consultant, Tempe
3. [SJ-JOB] Management, Foster City
4. [SJ-JOB] Application Security Engineer, New Delhi
5. [SJ-JOB] Jr. Security Analyst, New Delhi
6. [SJ-JOB] Security Engineer, Seattle
7. [SJ-JOB] Security Auditor, San Jose
8. [SJ-JOB] Security Consultant, Schaumburg
9. [SJ-JOB] Security Architect, Atlanta
10. [SJ-JOB] Information Assurance Engineer, Kent
11. [SJ-JOB] Jr. Security Analyst, South Brunswick
12. [SJ-JOB] Application Security Architect, Leicester
13. [SJ-JOB] Information Assurance Engineer, Fairfax
14. [SJ-JOB] Sr. Product Manager, Jakarta
15. [SJ-JOB] VP, Information Security, Baroda
16. [SJ-JOB] Information Assurance Engineer, Fairfax
17. [SJ-JOB] Quality Assurance, Toronto
18. [SJ-JOB] Security System Administrator, Bellevue
19. [SJ-JOB] Technology Risk Consultant, Centreville
20. [SJ-JOB] Account Manager, San Francisco
21. [SJ-JOB] Sales Engineer, New York
22. [SJ-JOB] Application Security Engineer, SF Bay Area
23. [SJ-JOB] VP / Dir / Mgr engineering, Alexandria
24. [SJ-JOB] Security Engineer, San Diego, California
25. [SJ-JOB] Management, Seattle
26. [SJ-JOB] Sr. Security Analyst, Chicago
27. [SJ-JOB] Application Security Engineer, San Francisco
28. [SJ-JOB] Application Security Architect, Minneapolis / St. Paul
29. [SJ-JOB] Training / Awareness Specialist, Tampa
30. [SJ-JOB] Sr. Security Analyst, Toronto
31. [SJ-JOB] Application Security Engineer, Minneapolis / St. Paul
32. [SJ-JOB] Security Consultant, London
33. [SJ-JOB] Security Architect, London
34. [SJ-JOB] Security Architect, London
35. [SJ-JOB] Security Consultant, Surrey
36. [SJ-JOB] Security Consultant, London
37. [SJ-JOB] Account Manager, San Francisco
38. [SJ-JOB] Security Consultant, London
39. [SJ-JOB] Security Consultant, London
40. [SJ-JOB] Security Consultant, London
41. [SJ-JOB] Sales Engineer, San Francisco
42. [SJ-JOB] Information Assurance Analyst, San Antonio
43. [SJ-JOB] Security Consultant, London
44. [SJ-JOB] Jr. Security Analyst, San Antonio
45. [SJ-JOB] Sr. Security Analyst, San Antonio
46. [SJ-JOB] Sr. Security Engineer, Denver
47. [SJ-JOB] Manager, Information Security, Denver
48. [SJ-JOB] Security Engineer, Hillsboro
49. [SJ-JOB] Security Researcher, Bangalore
50. [SJ-JOB] Quality Assurance, New York
51. [SJ-JOB] Security Director, New York
52. [SJ-JOB] Security Researcher, Adelaide
V. INCIDENTS LIST SUMMARY
1. Malware Site
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #266
2. Windows XP Security Guide - Laptop Policy
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Kryptor for Linux released
2. Automatic Password Generator Tools on Unix Platform
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Sony-baloney
By Scott Granneman
The Sony story brings up dozens of questions about where we are headed with DRM issues and security, and what's really at stake.
http://www.securityfocus.com/columnists/370
2. Windows rootkits in 2005, part two
By James Butler, Sherri Sparks
This three-part article series looks at Windows rootkits indepth. Part two focuses on the latest cutting edge rootkit technologies that are used to hide malicious code from security scanners.
http://www.securityfocus.com/infocus/1851
II. BUGTRAQ SUMMARY
--------------------
1. Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15401
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15401
Summary:
Various Cisco IOS, PIX Firewall, Firewall Services Module (FWSM), VPN 3000 Series Concentrator, and MDS Series SanOS releases are prone to denial of service attacks. These issues are due to security flaws in Cisco's IPSec implementation. The vulnerabilities may be triggered by malformed IKE traffic.
Successful attacks will cause most affected devices to restart. For Cisco MDS Series devices, this is limited to causing the IKE process to restart.
2. Juniper Networks Routers ISAKMP IKE Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15402
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15402
Summary:
Various Juniper Networks M, T, J, and E Series Routers are affected by multiple unspecified vulnerabilities. The reported issues include buffer overflows, format strings, and denial of service vulnerabilities.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
3. Secgo Software Crypto IP Gateway/Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15403
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15403
Summary:
Secgo Software Crypto IP Gateway and Client are prone to multiple unspecified vulnerabilities in their IKEv1 implementation. The reported issues include buffer overflows and denial of service vulnerabilities.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
4. Help Center Live Module.PHP Local File Include Vulnerability
BugTraq ID: 15404
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15404
Summary:
Help Center Live is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to disclose sensitive information. This may help with further attacks on the affected computer.
It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.
5. Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15405
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15405
Summary:
Stonesoft StoneGate Firewall and VPN Client are prone to multiple unspecified vulnerabilities in its IKEv1 implementation. Potential issues include denial of service attacks, format strings, and buffer overflows.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
6. XOOPS Multiple Input Validation Vulnerabilities
BugTraq ID: 15406
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15406
Summary:
XOOPS is prone to multiple input validation vulnerabilities.
XOOPS is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input.
XOOPS is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before being used in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data. An attacker may also be able to exploit this vulnerability to execute arbitrary commands.
7. Cisco Adaptive Security Applicance Failover Testing Denial of Service Weakness
BugTraq ID: 15407
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15407
Summary:
Cisco Adaptive Security Appliances are prone to a weakness that may cause a denial of service condition in certain circumstances. This issue is due to insufficient validation of ARP responses.
This issue reportedly affects Cisco ASA devices running 7.0(0), 7.0(2), and 7.0(4). Other versions may also be affected.
8. GNU Mailman Attachment Scrubber UTF8 Filename Denial Of Service Vulnerability
BugTraq ID: 15408
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15408
Summary:
GNU Mailman is prone to denial of service attacks. This issue affects the attachment scrubber utility.
The vulnerability could be triggered by mailing list posts and will impact the availability of mailing lists hosted by the application.
9. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
BugTraq ID: 15409
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15409
Summary:
Horde is prone to an unspecified cross-site scripting vulnerability. This issue is related to how Horde renders error messages.
Successful exploitation could let an attacker inject hostile HTML and script code into the browser session of another user in the context of the site hosting Horde. This could allow for theft of cookie-based authentication credentials or other attacks.
10. Wizz Forum Multiple SQL Injection Vulnerabilities
BugTraq ID: 15410
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15410
Summary:
Wizz Forum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
11. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
BugTraq ID: 15411
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15411
Summary:
PHP cURL and GD are prone to multiple safe_mode and open_basedir restriction bypass vulnerabilities. Successful exploitation could lead to disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.
12. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 15413
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15413
Summary:
PHP on Apache 2 is prone to a restriction bypass vulnerability when calling 'virtual()'. Successful exploitation could lead to disclosure of sensitive information.
This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other versions may also be vulnerable.
13. PHPsysInfo Multiple Input Validation Vulnerabilities
BugTraq ID: 15414
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15414
Summary:
phpSysinfo is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
phpSysinfo is prone to a local file include vulnerability, an HTTP response splitting vulnerability, and cross-site scripting attacks.
An attacker may exploit these vulnerabilities to access files within the context of the Web server application, poison Web proxy server caches, and execute arbitrary HTML and script code within the context of the victim's Web browser.
Other attacks are also possible.
It should be noted that the cross-site scripting issues are not exploitable on Debian systems.
14. Peel rubid Parameter SQL Injection Vulnerability
BugTraq ID: 15415
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15415
Summary:
Peel is prone to a SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Peel 2.6 and 2.7 are reported to be vulnerable. Other versions may also be affected.
15. Openswan IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15416
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15416
Summary:
Openswan is prone to multiple denial of service vulnerabilities in their ISAKMP implementation.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
The vulnerabilities are believed to affect Openswan 2.x releases prior to 2.4.2.
16. Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
BugTraq ID: 15417
Remote: Unknown
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15417
Summary:
Unspecified Codegrrl applications are prone to a remote arbitrary code execution vulnerability. This is due to a lack of proper sanitization of user-supplied input.
An attacker can exploit this to execute arbitrary code in the context of the Web server process. This may facilitate a compromise of the system; other attacks are also possible.
17. Cyphor Show.PHP SQL Injection Vulnerability
BugTraq ID: 15418
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15418
Summary:
Cyphor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
18. Walla TeleSite Multiple Input Validation Vulnerabilities
BugTraq ID: 15419
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15419
Summary:
Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
Walla TeleSite is prone to information and path disclosure, file enumeration, SQL injection, and cross-site scripting attacks within the context of the victim's Web browser and the affected computer.
Other attacks are also possible.
Walla Telesite version 3.0 is affected; earlier versions are also affected.
19. Sun Solaris LibIKE IKE Exchange Denial Of Service Vulnerability
BugTraq ID: 15420
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15420
Summary:
Sun Solaris is prone to a denial of service vulnerability. This issue exists in the 'libike' IKE implementation and may impact the availability of the 'in.iked' daemon.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to handling of malformed IKEv1 traffic. This may be triggered by a remote privileged user.
20. PHPNuke Search Module SQL Injection Vulnerability
BugTraq ID: 15421
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15421
Summary:
PHPNuke is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
21. Multiple Vendor Antivirus Products Obscured File Name Scan Evasion Vulnerability
BugTraq ID: 15423
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15423
Summary:
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow malicious files to bypass detection.
This issue arises when an affected application processes a file with an obscured file name.
This issue could result in malicious files bypassing detection and allowing them to be opened by a recipient.
Update: Symantec is currently investigating this issue in regards to Symantec products. It is unclear at this time if malicious files may evade scanning, or if the automatic removal feature fails. This BID will be updated as further information is disclosed.
22. MyBulletinBoard Multiple HTML Injection Vulnerabilities
BugTraq ID: 15424
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15424
Summary:
MyBulletinBoard is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit these issues to control how the site is rendered to the user; other attacks are also possible.
23. Pearl Forums Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 15425
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15425
Summary:
Pearl Forums is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
24. MyBulletinBoard Unspecified Denial Of Service Vulnerability
BugTraq ID: 15426
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15426
Summary:
MyBulletinBoard is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to properly sanitize user-supplied input.
Very little information is available on this vulnerability; this BID will be updated as further information becomes available.
25. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
BugTraq ID: 15427
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15427
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue reportedly only occurs when the '-alpha' command line option is utilized.
This issue allows attackers to create malicious PNM files, that when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.
26. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
BugTraq ID: 15428
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15428
Summary:
A remote integer overflow vulnerability affects gdk-pixbuf.
When an application that uses the vulnerable library processes a malformed XPM file, the application will crash, denying service to legitimate users. It may also be possible for the attacker to exploit this issue to execute arbitrary code with the privileges of the application utilizing the vulnerable library.
27. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
BugTraq ID: 15429
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15429
Summary:
gdk-pixbuf and gtk2 are prone to a denial of service vulnerability. This issue occurs when an application utilizing one of the affected libraries handles a malformed XPM image file.
Exploitation could cause an application utilizing a vulnerable library to enter an infinite loop, resulting in a denial of service.
28. First 4 Internet CodeSupport Uninstallation ActiveX Software Remote Code Execution Vulnerability
BugTraq ID: 15430
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15430
Summary:
First 4 Internet CodeSupport is susceptible to a remote code execution vulnerability.
The CodeSupport package can be told to download, and then execute arbitrary content from remote Web sites. As it fails to verify that the source of the remote content is from a trusted source, attackers may utilize it to download and execute malicious code from arbitrary sources, facilitating the remote compromise of targeted computers.
29. PADL Software MigtrationTools Insecure Temporary File Creation Vulnerability
BugTraq ID: 15431
Remote: No
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15431
Summary:
PADL Software MigrationTools creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to obtain sensitive information in the context of the affected computer.
Exploitation would most likely result in loss of confidentiality, data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
MigrationTools version 46 is reported to be affected by this issue. Other versions may also be affected.
30. First 4 Internet XCP-Aurora Unspecified Local Vulnerabilities
BugTraq ID: 15432
Remote: No
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15432
Summary:
Multiple unspecified vulnerabilities are present in the kernel driver contained in the First 4 Internet XCP-Aurora DRM software. As these issues are in a kernel driver, local attackers may exploit these issues to gain SYSTEM level privileges.
One or more of these issues may be buffer overflow-related, as the corruption of kernel memory is stated to occur, allowing arbitrary code execution in the context of the local kernel.
Further details are not currently available. This BID will be updated when more information is available.
31. Pearl Forums Index.PHP Local File Include Vulnerability
BugTraq ID: 15433
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15433
Summary:
Pearl Forums is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to disclose sensitive information. This may help with further attacks on the affected computer.
It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.
32. Macromedia Breeze Communication Server and Live Server RTMP Data Validation Vulnerability
BugTraq ID: 15434
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15434
Summary:
Macromedia Breeze Communication Server and Live Server do not sufficiently validate RTMP data. Successful exploitation could lead to a denial of service condition.
33. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
BugTraq ID: 15435
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15435
Summary:
gdk-pixbuf and gtk2 are prone to a buffer overflow vulnerability.
When an application that utilizes a vulnerable library processes a malformed XPM image file, it results in a heap-based buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code in the context of the victim user.
34. PHPWCMS Multiple Remote File Include Vulnerabilities
BugTraq ID: 15436
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15436
Summary:
phpwcms is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to disclose sensitive information. This may help with further attacks on the affected computer.
35. Macromedia Flash Communication Server MX RTMP Data Validation Vulnerability
BugTraq ID: 15437
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15437
Summary:
Macromedia Flash Communication Server MX does not sufficiently validate RTMP data. Successful exploitation could lead to a denial of service condition.
36. Macromedia Contribute Publishing Server Insecure Shared Connection Key Encryption Weakness
BugTraq ID: 15438
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15438
Summary:
Macromedia CPS (Contribute Publishing Server) is susceptible to an insecure shared connection key encryption weakness. These shared connection keys are used in shared FTP login credentials.
This issue may allow remote attackers to decrypt the contents of network packets, gaining access to the cleartext contents of authentication credentials, aiding them in further attacks.
Versions prior to 1.11 of Macromedia CPS are susceptible to this issue.
37. Pollvote File Include Vulnerability
BugTraq ID: 15439
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15439
Summary:
Pollvote is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary local and remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
38. PHPWCMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15440
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15440
Summary:
phpwcms is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
39. AlstraSoft Template Seller Pro Remote File Include Vulnerability
BugTraq ID: 15441
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15441
Summary:
Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
40. AlstraSoft Template Seller Pro SQL Injection Vulnerability
BugTraq ID: 15442
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15442
Summary:
Template Seller Pro is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
41. Ekinboard Title Post HTML Injection Vulnerability
BugTraq ID: 15443
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15443
Summary:
Ekinboard is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible
42. Belkin Wireless Routers Remote Authentication Bypass Vulnerability
BugTraq ID: 15444
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15444
Summary:
Certain Belkin wireless routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a flaw in the Web administration interface authentication process.
This issue allows remote attackers to gain administrative access to affected devices.
Belkin F5D7232-4, and F5D7230-4 routers with firmware versions 4.05.03 and 4.03.03 are affected by this issue. Other devices may also be affected due to code reuse among devices.
43. Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability
BugTraq ID: 15446
Remote: No
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15446
Summary:
Apple iTunes 6 for Windows is prone to an arbitrary local code execution vulnerability.
This is due to a design error in which malicious code may be executed in the context of the user running the affected application.
44. Ekinboard Profile.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15447
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15447
Summary:
Ekinboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
45. Multiple Vendor lpCommandLine Application Path Vulnerability
BugTraq ID: 15448
Remote: No
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15448
Summary:
Multiple vendor applications are prone to an arbitrary local code execution vulnerability.
This is due to a design error in which malicious code may be executed in the context of the user running the affected application.
46. Floosietek FTGate IMAP Server Buffer Overflow Vulnerability
BugTraq ID: 15449
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15449
Summary:
Floosietek FTGate is prone to a remote buffer overflow vulnerability in the IMAP server. Successful exploitation could result in a denial of service or execution of arbitrary code.
47. Oracle Database Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15450
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15450
Summary:
Oracle Database is affected by an authentication bypass vulnerability when run on Microsoft Windows XP computers that have Simple File Sharing enabled.
This vulnerability may let attackers compromise the database using the Windows XP Guest account.
The researcher who discovered this issue has not provided a conclusive list of affected Oracle database products. For the time being, all versions that run on Windows XP are assumed to be affected. If contrary information is made available, this BID will be updated accordingly.
48. IBM Informix Dynamic Server Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15451
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15451
Summary:
IBM Informix Dynamic Server (IBM Informix IDS) is affected by an authentication bypass vulnerability when run on Microsoft Windows XP computers that have Simple File Sharing enabled.
This vulnerability may let attackers gain unauthorized access to the database using the Windows XP Guest account.
The researcher who discovered this issue has not provided a conclusive list of affected IBM Informix Dynamic Server products. For the time being, all versions that run on Windows XP are assumed to be affected. If contrary information is made available, this BID will be updated accordingly.
49. IBM DB2 Windows XP Simple File Sharing Authentication Bypass Vulnerability
BugTraq ID: 15452
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15452
Summary:
IBM DB2 is affected by an authentication bypass vulnerability when run on Microsoft Windows XP computers that have Simple File Sharing enabled.
This vulnerability may let attackers gain unauthorized access to the database using the Windows XP Guest account. This could be exploited with a custom client that will authenticate the attacker as the Guest account.
The researcher who discovered this issue has not provided a conclusive list of affected IBM DB2 products. For the time being, all versions that run on Windows XP are assumed to be affected. If contrary information is made available, this BID will be updated accordingly.
50. Cisco 7920 Wireless IP Phone Fixed SNMP Community String Vulnerability
BugTraq ID: 15454
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15454
Summary:
Cisco 7920 Wireless IP Phone is prone to a fixed default SNMP community string issue. This could allow remote attackers to retrieve and modify the device configuration.
Cisco 7920 Wireless IP Phones running firmware version 1.0(8) and earlier are vulnerable to this issue.
51. Counterpane Password Safe Insecure Encryption Vulnerability
BugTraq ID: 15455
Remote: No
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15455
Summary:
Counterpane Password Safe is susceptible to an insecure encryption vulnerability that allows easier brute force decryption attacks.
Password Safe uses a key-stretching algorithm designed to dramatically slow down brute force password guessing attacks. A random value is encrypted with the Blowfish algorithm one thousand times with a value derived from the password used as the encryption key. In order to brute force attack the Password Safe database, an attacker must follow the same one thousand encryption steps on every password guess. This is done to make brute force attacks much more time and resource intensive, lowering the likelihood of a successful attack.
This vulnerability allows attackers with access to the Password Safe database to employ a brute force password guessing attack against the database much more efficiently that the Password Safe design intended. The data contained in the Password Safe database aids malicious users in further attacks.
52. Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access Vulnerability
BugTraq ID: 15456
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15456
Summary:
Cisco 7920 Wireless IP Phone allows remote debugger connections. Successful exploitation of this vulnerability could allow a remote attacker to obtain debugging information from the device or cause a denial of service.
Cisco 7920 Wireless IP Phones running firmware version 2.0 and earlier are vulnerable to this issue.
53. FreeFTPD User Command Buffer Overflow Vulnerability
BugTraq ID: 15457
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15457
Summary:
freeFTPd is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before storing it in a finite sized buffer.
An attacker can exploit this issue to crash the server, denying service to legitimate users. Arbitrary code execution with SYSTEM privileges may also be possible.
54. AudienceView Error.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 15459
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15459
Summary:
AudienceView is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
55. Microsoft Windows Plug and Play Denial of Service Vulnerability
BugTraq ID: 15460
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15460
Summary:
Microsoft Windows Plug and Play service is prone to a denial of service condition. This issue is caused by a malformed request to the service that causes virtual memory consumption.
On Windows XP, a remote attacker must authenticate over RPC to exploit this issue using the originally described attack vector.
Update: A reliable source has indicated that this issue is anonymously exploitable via named pipes or other MSRPC calls on Microsoft Windows XP SP2. This issue may be exploited by differing attack vectors than originally described by Microsoft.
56. Mambo Open Source Remote File Include Vulnerability
BugTraq ID: 15461
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15461
Summary:
Mambo is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Update: Reportedly, this issue is being actively exploited in the wild; multiple Web sites have been defaced, and the issue described in this BID is being cited as the attackers method of entry.
57. Nortel Switched Firewall IKE Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15462
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15462
Summary:
Nortel Switched Firewall is prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
58. Antharia OnContent // CMS Index.PHP SQL Injection Vulnerability
BugTraq ID: 15464
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15464
Summary:
Antharia OnContent //CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
59. PHPWebThings MSG Parameter SQL Injection Vulnerability
BugTraq ID: 15465
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15465
Summary:
phpWebThings is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
60. Unclassified NewsBoard Forum.PHP SQL Injection Vulnerability
BugTraq ID: 15466
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15466
Summary:
Unclassified NewsBoard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
61. Arki-DB Index.PHP SQL Injection Vulnerability
BugTraq ID: 15467
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15467
Summary:
Arki-DB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
62. Multiple Vendor TCP Acknowledgements Remote Denial Of Service Vulnerability
BugTraq ID: 15468
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15468
Summary:
Multiple vendors are susceptible to a remote TCP acknowledgement denial of service vulnerability.
This issue presents itself when the remote peer forges acknowledgment packets prior to actually receiving packets from the sending host. As soon as the server receives an acknowledgment for a packet that has been sent, it assumes that the client has received it. These acknowledgment packets influence the servers congestion control mechanism.
This vulnerability allows remote attackers to consume excessive network resources, denying network service to legitimate users.
This issue exists in the TCP protocol specification as defined by RFC 793. However, it is likely that a number of specific vendor implementations will also be affected. This BID will be updated as individual implementations of the protocol are reported to be affected.
63. Uresk Links Admin Index.PHP Authentication Bypass Vulnerability
BugTraq ID: 15469
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15469
Summary:
Uresk Links is prone to an authentication bypass vulnerability.
An attacker can exploit this vulnerability to gain administrative access to the affected application.
64. PHP Easy Download Edit.PHP Authentication Bypass Vulnerability
BugTraq ID: 15470
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15470
Summary:
PHP Easy Download is prone to an authentication bypass vulnerability.
An attacker can exploit this vulnerability to gain administrative access to the affected application.
65. HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Denial Of Service Vulnerability
BugTraq ID: 15471
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15471
Summary:
HP Jetdirect 635n IPv6/IPsec Print Server is prone to a denial of service vulnerability. This issue is due to a security flaw in HP's IPSec implementation. This vulnerability may be triggered by malformed IKE traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic.
66. Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
BugTraq ID: 15472
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15472
Summary:
A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.
This vulnerability would most likely be exploited through HTML e-mail, though other attack vectors exist such as HTML injection attacks in third-party Web applications.
67. Pmachine Pro Email This Entry Mail_autocheck.PHP Remote File Include Vulnerability
BugTraq ID: 15473
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15473
Summary:
Pmachine Pro Email This Entry is prone to a remote file include vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
68. HP-UX IKE Exchange Denial Of Service Vulnerabilities
BugTraq ID: 15474
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15474
Summary:
HP-UX is prone to denial of service vulnerabilities. These issues are due to security flaws in HP's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic.
69. Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access Vulnerability
BugTraq ID: 15475
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15475
Summary:
Senao SI-680H VOIP WIFI Phone allows remote debugger connections. Successful exploitation of this vulnerability could allow a remote attacker to obtain debugging information from the device or cause a denial of service.
Senao SI-680H VOIP WIFI Phones running firmware version 0.03.0839 is prone to this issue. Other versions may also be vulnerable.
70. UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities
BugTraq ID: 15476
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15476
Summary:
UTStarcom F1000 VOIP WIFI Phone is prone to multiple remote access vulnerabilities. These issues allow remote attackers to gain remote administrative access to affected devices.
UTStarcom F1000 VOIP WIFI Phone with software version s2.0, firmware version 5.5.1 is affected by these issues. Other versions and devices may also be affected.
71. Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities
BugTraq ID: 15477
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15477
Summary:
WirelessIP5000 is prone to multiple unauthorized access vulnerabilities.
An attacker can exploit these issues to disclose sensitive or privileged information, alter device configuration settings, and deny service to legitimate users.
72. Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability
BugTraq ID: 15478
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15478
Summary:
The Zyxel P2000W v.1 VOIP WIFI Phone is prone to an information disclosure vulnerability.
Sensitive information may be disclosed to attackers, and could be useful in further attacks. Informataion obtained may aid an attacker to perform denial of service attacks.
73. Check Point Firewall-1 and VPN-1 ISAKMP IKE Unspecified Denial of Service Vulnerability
BugTraq ID: 15479
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15479
Summary:
Check Point Firewall-1 and VPN-1 are prone to denial of service attacks due to unspecified vulnerabilities in the IPSec implementation. The vulnerabilities may be triggered by malformed IKE traffic.
74. Interspire ArticleLive NX Search Module SQL Injection Vulnerability
BugTraq ID: 15480
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15480
Summary:
ArticleLive NX is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
75. Revize CMS Query_results.JSP SQL Injection Vulnerability
BugTraq ID: 15481
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15481
Summary:
Revize CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Other scripts may also be vulnerable.
76. Revize CMS Revize.XML Information Disclosure Vulnerability
BugTraq ID: 15482
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15482
Summary:
Revize CMS is prone to an information disclosure vulnerability. This issue is due to a failure in the application to restrict access to sensitive files.
An attacker can exploit this vulnerability to retrieve sensitive information. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
77. WHM AutoPilot Account Cancellation Access Validation Vulnerability
BugTraq ID: 15483
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15483
Summary:
WHM AutoPilot is a commercial script designed to aid in the administration of Web-hosting environments.
WHM AutoPilot is susceptible to an account cancellation access validation vulnerability. This issue is due to a failure of the application to ensure that cancellation requests from users are performed only by authorized users.
This vulnerability allows attackers to issue cancellation requests for arbitrary users, potentially causing a denial of service situation as targeted Web hosting accounts are inadvertently disabled.
Versions 2.5.20 and prior are affected by this issue.
78. Revize CMS HTTPTranslatorServlet Cross-Site Scripting Vulnerability
BugTraq ID: 15484
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15484
Summary:
Revize CMS is prone to a cross-site scripting vulnerabilities. This is due to a lack of proper sanitization of user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
79. LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
BugTraq ID: 15485
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15485
Summary:
LiteSpeed Web Server is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
80. FreeFTPD Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 15486
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15486
Summary:
freeFTPd is prone to multiple buffer overflow vulnerabilities. These issues are due to a failure in the application to do proper bounds checking on user-supplied data before storing it in finite sized buffers.
An attacker can exploit these issues to crash the server, denying service to legitimate users. Arbitrary code execution with SYSTEM privileges may also be possible.
81. yaSSL Unspecified Certificate Chain Processing Vulnerability
BugTraq ID: 15487
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15487
Summary:
yaSSL is susceptible to an unspecified certificate chain processing vulnerability. No further details regarding this issue are currently available.
This issue may allow improper certificates to be used when authenticating connections. An attacker may use forged certificates to carry out various attacks.
It is conjectured that a malicious Web site could take advantage of this by posing as a trusted Web site in phishing style attacks. This could lead to users taking actions such as authenticating or submitting sensitive or private information.
Further information about this issue and its impacts are not currently available. This BID will be updated as further information becomes available.
82. Qualcomm Worldmail Server Directory Traversal Vulnerability
BugTraq ID: 15488
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15488
Summary:
Qualcomm Worldmail server is prone to a directory traversal vulnerability.
Successful exploitation could allow an attacker to gain access to files owned by other users of the application.
Sensitive information may be obtained and modified in this manner.
Worldmail server version 3.0 is vulnerable; other versions may also be affected.
83. XMB Forum Member.PHP HTML Injection Vulnerability
BugTraq ID: 15489
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15489
Summary:
XMB Forum is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
84. VP-ASP Shopping Cart Shopadmin.ASP HTML Injection Vulnerability
BugTraq ID: 15490
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15490
Summary:
VP-ASP Shopping Cart is prone to an HTML injection vulnerability. This is due to a lack of proper validation of user-supplied input before being used in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
85. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability
BugTraq ID: 15491
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15491
Summary:
Novell NetMail is prone to a buffer overflow vulnerability in an unspecified IMAP command. Successful exploitation may result in a denial of service or arbitrary code execution.
This issue exists in NetMail 3.52D, however, earlier versions may also be vulnerable.
Details regarding the precise nature of this vulnerability are not currently available. This record will be updated when more information is available.
86. MailEnable IMAP Mailbox Name Buffer Overflow Vulnerability
BugTraq ID: 15492
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15492
Summary:
MailEnable is prone to a buffer overflow vulnerability in multiple IMAP commands. The issue is due to improper bounds checking on the mailbox name argument supplied to various commands.
This issue is reported to affect MailEnable Professional 1.6 with Hotfix MEIMAPS-UPD0511010000.zip and MailEnable Enterprise 1.1 with Hotfix MEIMAPS-UPD0511010000.zip. Other versions may also be vulnerable.
87. Magic Winmail Server Multiple Input Validation Vulnerabilities
BugTraq ID: 15493
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15493
Summary:
Magic Winmail Server is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Magic Winmail Server is prone to cross-site scripting, HTML injection and directory traversal vulnerabilities.
88. MailEnable IMAP Command Directory Traversal Vulnerability
BugTraq ID: 15494
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15494
Summary:
MailEnable is prone to a directory traversal vulnerability when processing certain IMAP commands. Successful exploitation could allow data corruption.
This issue is reported to affect MailEnable Professional 1.6 with Hotfix MEIMAPS-UPD0511010000.zip and MailEnable Enterprise 1.1 with Hotfix MEIMAPS-UPD0511010000.zip. Other versions may also be vulnerable.
89. SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - Multiple Vulnerabilities Fixed
BugTraq ID: 15495
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15495
Summary:
Updates for the SCO OpenServer Mozilla Web browser have been released, addressing multiple security vulnerabilities and weaknesses.
This release fixes a number of bugs, including some security vulnerabilities and weaknesses.
Many of the bugs that have been fixed in this maintenance pack may have a security impact that may be exploited by a local or remote attacker. Possible consequences include denial of service, spoofing, gaining knowledge of potentially sensitive information, conducting cross-site scripting attacks, bypassing certain security restrictions, manipulating certain data, or compromising a user's system and gaining local privilege escalation.
90. GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
BugTraq ID: 15496
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15496
Summary:
GNU gnump3d is prone to a directory traversal vulnerability.
Very little information is available on this issue. It is conjectured an attacker can exploit this vulnerability to retrieve or corrupt arbitrary files, this may aid in further attacks against the underlying system; other attacks are also possible.
91. Hitachi Products Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15498
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15498
Summary:
Hitachi Collaboration Schedule and Collaboration Calendar are prone to multiple unspecified cross-site scripting vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
92. Hitachi Groupmax Mail Unspecified Malformed Email Message Denial Of Service Vulnerability
BugTraq ID: 15499
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15499
Summary:
Hitachi Groupmax Mail is prone to an unspecified denial of service vulnerability while processing malformed email.
This issue allows remote attackers to crash affected mail servers, denying service to legitimate users.
Further information is not currently available; this BID will be updated as new information is disclosed.
93. Hitachi Collaboration Schedule Unspecified Denial Of Service Vulnerability
BugTraq ID: 15500
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15500
Summary:
Hitachi Collaboration Schedule is prone to a denial of service vulnerability.
This vulnerability may be triggered by multiple invalid requests sent to the schedule.
No further details have been provided.
94. PHP-Fusion Options.php and Viewforum.php SQL Injection Vulnerabilities
BugTraq ID: 15502
Remote: Yes
Date Published: 2005-11-19
Relevant URL: http://www.securityfocus.com/bid/15502
Summary:
PHP-Fusion is prone to SQL injection vulnerabilities in multiple PHP scripts. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
95. Exponent Content Management System Multiple Improper File Permission Vulnerabilities
BugTraq ID: 15503
Remote: Yes
Date Published: 2005-11-19
Relevant URL: http://www.securityfocus.com/bid/15503
Summary:
Exponent Content Management System is prone to multiple vulnerabilities. These issues exist because file permissions on user files are incorrectly set.
These vulnerabilities could lead to information disclosure or script execution in the context of the vulnerable Web site.
96. PHPMyFAQ Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15504
Remote: Yes
Date Published: 2005-11-19
Relevant URL: http://www.securityfocus.com/bid/15504
Summary:
phpMyFAQ is prone to multiple cross-site scripting vulnerabilities in various parameters of the Add Content page.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. Exploitation of these vulnerabilities may facilitate the
theft of cookie-based authentication credentials as well as other attacks.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Texas puts Sony BMG in its sights
By: Robert Lemos
UPDATE: The Attorney General for Texas announces the state is suing Sony BMG, calling the company's copy-protection technology "illegal spyware." The EFF files a lawsuit on the same day.
http://www.securityfocus.com/news/11358
2. Sony BMG's copy-protection problems grow
By: Robert Lemos
As researchers find more security issues with the music giant's protection software and legislators criticize overly broad restrictions on digital media, Sony BMG decides to pull CDs from stores, release a better removal tool and offer consumers the ability to return the discs.
http://www.securityfocus.com/news/11357
3. Sony BMG faces digital-rights siege
By: Robert Lemos
As virus writers explore Sony BMG's "rootkit," consumer and security complaints against the content company have gained legal backing, with at least five cases filed or ready to be filed against the music giant.
http://www.securityfocus.com/news/11356
4. Gold at the end of rainbow cracking?
By: Robert Lemos
Large tables of password hashes can make cracking weak logon credentials a snap. Some enterprising people think there may be a business in putting the tables online.
http://www.securityfocus.com/news/11355
5. Skype under scrutiny for bugs
By: John Leyden
The recent emergence of two sets of serious security vulnerabilities in Skype, the popular VoIP communications software app, couldn't have come at a worse time for the firm.
http://www.securityfocus.com/news/11354
6. Say hello to the Skype Trojan
By: John Leyden
Virus writers are targeting Skype users with a new Trojan that poses as the latest version of the popular VoIP software.
http://www.securityfocus.com/news/11348
7. Shared music abuse bug hits iTunes
By: John Leyden
Security researchers have discovered a vulnerability in Apple's popular iTunes application which might be exploited to interfere with shared music downloads.
http://www.securityfocus.com/news/11347
8. US cybersecurity all at sea
By: John Leyden
US cybersecurity risks are being poorly managed by the Department of Homeland Security, according to a former US presidential information security advisor.
http://www.securityfocus.com/news/11345
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Certification & Accreditation Engineer, Stamford
http://www.securityfocus.com/archive/77/417543
2. [SJ-JOB] Security Consultant, Tempe
http://www.securityfocus.com/archive/77/417542
3. [SJ-JOB] Management, Foster City
http://www.securityfocus.com/archive/77/417536
4. [SJ-JOB] Application Security Engineer, New Delhi
http://www.securityfocus.com/archive/77/417524
5. [SJ-JOB] Jr. Security Analyst, New Delhi
http://www.securityfocus.com/archive/77/417535
6. [SJ-JOB] Security Engineer, Seattle
http://www.securityfocus.com/archive/77/417537
7. [SJ-JOB] Security Auditor, San Jose
http://www.securityfocus.com/archive/77/417519
8. [SJ-JOB] Security Consultant, Schaumburg
http://www.securityfocus.com/archive/77/417417
9. [SJ-JOB] Security Architect, Atlanta
http://www.securityfocus.com/archive/77/417314
10. [SJ-JOB] Information Assurance Engineer, Kent
http://www.securityfocus.com/archive/77/417304
11. [SJ-JOB] Jr. Security Analyst, South Brunswick
http://www.securityfocus.com/archive/77/417303
12. [SJ-JOB] Application Security Architect, Leicester
http://www.securityfocus.com/archive/77/417279
13. [SJ-JOB] Information Assurance Engineer, Fairfax
http://www.securityfocus.com/archive/77/417278
14. [SJ-JOB] Sr. Product Manager, Jakarta
http://www.securityfocus.com/archive/77/417275
15. [SJ-JOB] VP, Information Security, Baroda
http://www.securityfocus.com/archive/77/417276
16. [SJ-JOB] Information Assurance Engineer, Fairfax
http://www.securityfocus.com/archive/77/417277
17. [SJ-JOB] Quality Assurance, Toronto
http://www.securityfocus.com/archive/77/417188
18. [SJ-JOB] Security System Administrator, Bellevue
http://www.securityfocus.com/archive/77/417187
19. [SJ-JOB] Technology Risk Consultant, Centreville
http://www.securityfocus.com/archive/77/417183
20. [SJ-JOB] Account Manager, San Francisco
http://www.securityfocus.com/archive/77/417182
21. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/417186
22. [SJ-JOB] Application Security Engineer, SF Bay Area
http://www.securityfocus.com/archive/77/417180
23. [SJ-JOB] VP / Dir / Mgr engineering, Alexandria
http://www.securityfocus.com/archive/77/417181
24. [SJ-JOB] Security Engineer, San Diego, California
http://www.securityfocus.com/archive/77/417185
25. [SJ-JOB] Management, Seattle
http://www.securityfocus.com/archive/77/417166
26. [SJ-JOB] Sr. Security Analyst, Chicago
http://www.securityfocus.com/archive/77/417165
27. [SJ-JOB] Application Security Engineer, San Francisco
http://www.securityfocus.com/archive/77/417167
28. [SJ-JOB] Application Security Architect, Minneapolis / St. Paul
http://www.securityfocus.com/archive/77/417163
29. [SJ-JOB] Training / Awareness Specialist, Tampa
http://www.securityfocus.com/archive/77/417164
30. [SJ-JOB] Sr. Security Analyst, Toronto
http://www.securityfocus.com/archive/77/417153
31. [SJ-JOB] Application Security Engineer, Minneapolis / St. Paul
http://www.securityfocus.com/archive/77/417154
32. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/417156
33. [SJ-JOB] Security Architect, London
http://www.securityfocus.com/archive/77/417157
34. [SJ-JOB] Security Architect, London
http://www.securityfocus.com/archive/77/417158
35. [SJ-JOB] Security Consultant, Surrey
http://www.securityfocus.com/archive/77/417152
36. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/417155
37. [SJ-JOB] Account Manager, San Francisco
http://www.securityfocus.com/archive/77/417086
38. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/417087
39. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/417069
40. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/417067
41. [SJ-JOB] Sales Engineer, San Francisco
http://www.securityfocus.com/archive/77/417068
42. [SJ-JOB] Information Assurance Analyst, San Antonio
http://www.securityfocus.com/archive/77/417013
43. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/417018
44. [SJ-JOB] Jr. Security Analyst, San Antonio
http://www.securityfocus.com/archive/77/417014
45. [SJ-JOB] Sr. Security Analyst, San Antonio
http://www.securityfocus.com/archive/77/417016
46. [SJ-JOB] Sr. Security Engineer, Denver
http://www.securityfocus.com/archive/77/417012
47. [SJ-JOB] Manager, Information Security, Denver
http://www.securityfocus.com/archive/77/417006
48. [SJ-JOB] Security Engineer, Hillsboro
http://www.securityfocus.com/archive/77/417004
49. [SJ-JOB] Security Researcher, Bangalore
http://www.securityfocus.com/archive/77/417005
50. [SJ-JOB] Quality Assurance, New York
http://www.securityfocus.com/archive/77/417001
51. [SJ-JOB] Security Director, New York
http://www.securityfocus.com/archive/77/417002
52. [SJ-JOB] Security Researcher, Adelaide
http://www.securityfocus.com/archive/77/417003
V. INCIDENTS LIST SUMMARY
---------------------------
1. Malware Site
http://www.securityfocus.com/archive/75/417497
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #266
http://www.securityfocus.com/archive/88/417574
2. Windows XP Security Guide - Laptop Policy
http://www.securityfocus.com/archive/88/417573
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Kryptor for Linux released
http://www.securityfocus.com/archive/91/417236
2. Automatic Password Generator Tools on Unix Platform
http://www.securityfocus.com/archive/91/417235
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!"- White Paper
Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation. All undetectable by Firewalls and IDS! Download *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=7013000000035V
1
[ reply ]