ALERT: Simulate A Hacker Breaking into Your Web Apps- FREE Product Trial and and CYA (Cover Your Apps) T-shirt
WebInspect employs threat agents to simulate attackers analyzing your web applications, formulating attacks and applying them to determine if vulnerabilities exist. Run a FREE Test of your Web Apps via our FREE 15 Day Product Trial that delivers a comprehensive Vulnerability Report
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70130000000C1P
H
------------------------------------------------------------------
I. FRONT AND CENTER
1. How not to respond to a security advisory
2. Tech support woes
3. Debunking the WMF backdoor
II. BUGTRAQ SUMMARY
1. EZDatabaseRemote PHP Script Code Execution Vulnerability
2. Helmsman HomeFtp Remote Denial Of Service Vulnerability
3. Ultimate Auction Item.PL Cross-Site Scripting Vulnerability
4. Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service Vulnerability
5. WP-Stats Author Parameter SQL Injection Vulnerability
6. Benders Calendar Multiple SQL Injection Vulnerabilities
7. 8Pixel.net SimpleBlog Multiple Input Validation Vulnerabilities
8. Bit 5 Blog Index.PHP SQL Injection Vulnerability
9. Bit 5 Blog AddComment.PHP HTML Injection Vulnerability
10. White Album Pictures.PHP SQL Injection Vulnerability
11. GNU Mailman Large Date Data Denial Of Service Vulnerability
12. GeoBlog ViewCat.PHP SQL Injection Vulnerability
13. Tux Paint Insecure Temporary File Creation Vulnerability
14. Faq-O-Matic Multiple Cross-Site Scripting Vulnerabilities
15. Albatross Remote Arbitrary Code Execution Vulnerability
16. CounterPath eyeBeam SIP Header Data Remote Buffer Overflow Vulnerability
17. Ultimate Auction ItemList.PL Cross-Site Scripting Vulnerability
18. GTP iCommerce Multiple Cross-Site Scripting Vulnerabilities
19. EZDatabase Index.PHP Cross-Site Scripting Vulnerability
20. AmbiCom Blue Neighbors Bluetooth Stack Object Push Buffer Overflow Vulnerability
21. CubeCart Multiple Cross-Site Scripting Vulnerabilities
22. Apache Geronimo Multiple Input Validation Vulnerabilities
23. GRSecurity Elevated Service Privileges Weakness
24. AOL You've Got Pictures ActiveX Control Buffer Overflow Vulnerability
25. phpXplorer Workspaces.PHP Directory Traversal Vulnerability
26. Netbula Anyboard Anyboard.CGI Cross-Site Scripting Vulnerability
27. Widexl Download Tracker Down.PL Cross-Site Scripting Vulnerability
28. RedKernel Referrer Tracker Rkrt_stats.PHP Cross-Site Scripting Vulnerability
29. CMU SNMP SNMPTRAPD Daemon Remote Format String Vulnerability
30. WehnTrust Path Specification Local Privilege Escalation Vulnerability
31. BlogPHP Index.PHP SQL Injection Vulnerability
32. microBlog Index.PHP Multiple SQL Injection Vulnerabilities
33. Mozilla Thunderbird File Attachment Spoofing Vulnerability
34. microBlog BBCode URL Tag Script Injection Vulnerability
35. PDFDirectory Unspecified SQL Injection Vulnerability
36. PHP Fusebox Index.PHP Cross-Site Scripting Vulnerability
37. EMC Legato Networker Multiple Remote Vulnerabilities
38. Computer Associates Unicenter Remote Control DM Primer Remote Denial of Service Vulnerability
39. WebMobo WBNews Comments.PHP HTML Injection Vulnerability
40. Antiword Insecure Temporary File Creation Vulnerabilities
41. PowerPortal Multiple Cross-Site Scripting Vulnerabilities
42. SMBCMS Local Site Search Cross-Site Scripting Vulnerability
43. HTMLtoNuke HTMLtonuke.PHP Remote File Include Vulnerability
44. Linux Kernel mq_open System Call Unspecified Denial of Service Vulnerability
45. Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
46. MPM HP-180W VOIP WIFI Phone Information Disclosure Vulnerability
47. AOblogger Multiple Input Validation Vulnerabilities
48. Oracle January Security Update Multiple Vulnerabilities
49. ACT P202S VOIP WIFI Phones Multiple Remote Vulnerabilities
50. Clipcomm CPW-100E and CP-100E VOIP Phones Remote Administrative Access Vulnerability
51. Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability
52. Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability
53. phpXplorer Action.PHP Directory Traversal Vulnerability
54. Cisco CallManager CCMAdmin Remote Privilege Escalation Vulnerability
55. Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities
56. Cisco CallManager Multiple Remote Denial Of Service Vulnerabilities
57. FreeBSD IEEE 802.11 Network Subsystem Remote Buffer Overflow Vulnerability
58. 3Com TippingPoint IPS Remote Unspecified Denial Of Service Vulnerability
59. Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
60. Douran FollowWeb Portal Register.ASPX Cross-Site Scripting Vulnerability
61. Cisco IOS SGBP Remote Denial of Service Vulnerability
62. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability
63. Eggblog Multiple Input Validation Vulnerabilities
64. SaralBlog Multiple Input Validation Vulnerabilities
65. Linksys BEFVP41 IP Options Remote Denial Of Service Vulnerability
66. MyBB Signature HTML Injection Vulnerability
67. F-Secure Multiple Archive Handling Vulnerabilities
68. PHlyMail Multiple Input Validation Vulnerabilities
69. BitComet Torrent File Handling Remote Buffer Overflow Vulnerability
70. My Amazon Store Manager Search.PHP Cross-Site Scripting Vulnerability
71. Netrix X-Site Manager Product_Details.PHP Cross-Site Scripting Vulnerability
72. Kerio WinRoute Firewall Multiple Denial of Service Vulnerabilities
73. ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities
74. HP-UX FTPD Remote Denial Of Service Vulnerability
75. Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability
76. WebspotBlogging Login.PHP SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Bot herder pleads guilty to 'zombie' sales
2. Researcher: Sony BMG "rootkit" still widespread
3. Zero-day WMF flaw underscores patch problems
4. Security flaws on the rise, questions remain
5. Skype under scrutiny for bugs
6. Say hello to the Skype Trojan
7. Shared music abuse bug hits iTunes
8. US cybersecurity all at sea
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Manager, Information Security, Arlington
2. [SJ-JOB] Security System Administrator, Arlington
3. [SJ-JOB] Manager, Information Security, Tampa
4. [SJ-JOB] Security Engineer, Sydney
5. [SJ-JOB] Security Engineer, Sydney
6. [SJ-JOB] Security Engineer, Sydney
7. [SJ-JOB] Security Engineer, Sydney
8. [SJ-JOB] Management, Silicon Valley/Bay Area
9. [SJ-JOB] Security Consultant, Chicago
10. [SJ-JOB] Security Consultant, Any
11. [SJ-JOB] Auditor, Milwaukee
12. [SJ-JOB] Auditor, Milwaukee
13. [SJ-JOB] Sales Engineer, Southern
14. [SJ-JOB] Security Director, Southern
15. [SJ-JOB] Security Consultant, Southern
16. [SJ-JOB] Security Consultant, Phoenix
17. [SJ-JOB] Security Architect, Schaumburg
18. [SJ-JOB] Sr. Security Analyst, Herndon
19. [SJ-JOB] Security Auditor, Chicago
20. [SJ-JOB] Technology Risk Consultant, London/South-West
21. [SJ-JOB] Developer, San Diego
22. [SJ-JOB] Management, Chicago
23. [SJ-JOB] Security Auditor, New York
24. [SJ-JOB] Sales Engineer, NY/NJ Area
25. [SJ-JOB] Sales Engineer, Milwaukee
26. [SJ-JOB] Sr. Security Engineer, Fort Lauderdale
27. [SJ-JOB] Quality Assurance, Westborough
28. [SJ-JOB] Sr. Security Analyst, Evansville
29. [SJ-JOB] Director of Privacy and Security, New York
30. [SJ-JOB] Channel / Business Development, Boston
31. [SJ-JOB] Information Assurance Analyst, Charlotte
V. INCIDENTS LIST SUMMARY
1. Moderators Introduction
2. Incoming New Moderator...
3. REVIEW: "Incident Response", Douglas Schweitzer
4. constant flow of root queries
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. creating AD accounts for IdM solutions
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. How not to respond to a security advisory
By Jason Miller
A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals.
http://www.securityfocus.com/columnists/380
2. Tech support woes
By Scott Granneman
Technical support that's outsourced to foreign countries can cause frustration and have a negative impact on security when the problems remain unsolved.
http://www.securityfocus.com/columnists/381
3. Debunking the WMF backdoor
By Thomas C. Greene
Claims that the WMF vulnerability was an intentional backdoor into Windows systems makes for an interesting conspiracy theory, but doesn't fit with the facts.
http://www.securityfocus.com/columnists/382
II. BUGTRAQ SUMMARY
--------------------
1. EZDatabaseRemote PHP Script Code Execution Vulnerability
BugTraq ID: 16237
Remote: Yes
Date Published: 2006-01-14
Relevant URL: http://www.securityfocus.com/bid/16237
Summary:
ezDatabase is prone to a remote PHP script code execution vulnerability.
An attacker can exploit this issue to execute arbitrary malicious PHP code and execute it in the context of the Web server process. These may facilitate a compromise of the application and the underlying system; other attacks are also possible.
ezDatabase version 2.0 is vulnerable to these issues; other versions may also be affected.
2. Helmsman HomeFtp Remote Denial Of Service Vulnerability
BugTraq ID: 16238
Remote: Yes
Date Published: 2006-01-14
Relevant URL: http://www.securityfocus.com/bid/16238
Summary:
Helmsman HomeFtp is prone to a remote denial of service vulnerability. Successfully authentication is required to exploit this issue.
A remote attacker may exploit this issue to deny service for legitimate users.
3. Ultimate Auction Item.PL Cross-Site Scripting Vulnerability
BugTraq ID: 16239
Remote: Yes
Date Published: 2006-01-14
Relevant URL: http://www.securityfocus.com/bid/16239
Summary:
Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 3.67 is vulnerable to this issue; prior versions may also be affected.
4. Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service Vulnerability
BugTraq ID: 16240
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16240
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability.
This issue presents itself when the browser handles a specially crafted IMG element in a malformed XML block.
An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application.
5. WP-Stats Author Parameter SQL Injection Vulnerability
BugTraq ID: 16241
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16241
Summary:
WO-Stats is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
6. Benders Calendar Multiple SQL Injection Vulnerabilities
BugTraq ID: 16242
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16242
Summary:
Benders Calendar is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
7. 8Pixel.net SimpleBlog Multiple Input Validation Vulnerabilities
BugTraq ID: 16243
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16243
Summary:
SimpleBlog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, or the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
8. Bit 5 Blog Index.PHP SQL Injection Vulnerability
BugTraq ID: 16244
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16244
Summary:
Bit 5 Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
9. Bit 5 Blog AddComment.PHP HTML Injection Vulnerability
BugTraq ID: 16246
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16246
Summary:
Bit 5 Blog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
10. White Album Pictures.PHP SQL Injection Vulnerability
BugTraq ID: 16247
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16247
Summary:
White Album is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
11. GNU Mailman Large Date Data Denial Of Service Vulnerability
BugTraq ID: 16248
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16248
Summary:
GNU Mailman is prone to a denial of service attack. This issue affects the email date parsing functionality of Mailman.
The vulnerability could be triggered by mailing list posts and will impact the availability of mailing lists hosted by the application.
12. GeoBlog ViewCat.PHP SQL Injection Vulnerability
BugTraq ID: 16249
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16249
Summary:
geoBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
13. Tux Paint Insecure Temporary File Creation Vulnerability
BugTraq ID: 16250
Remote: No
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16250
Summary:
Tux Paint creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
14. Faq-O-Matic Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16251
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16251
Summary:
Faq-O-Matic is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
These issues may be related to those discussed in BID 4565 and BID 4023 (Faq-O-Matic Cross Site Scripting Vulnerability).
15. Albatross Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 16252
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16252
Summary:
Albatross is prone to an arbitrary code execution vulnerability.
Reports indicate that malicious user-supplied data may be insecurely used as part of a template, which may lead to arbitrary code execution.
A remote attacker may exploit this issue to gain unauthorized access to an affected computer. Other attacks may be possible as well.
16. CounterPath eyeBeam SIP Header Data Remote Buffer Overflow Vulnerability
BugTraq ID: 16253
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16253
Summary:
A remote buffer overflow vulnerability affects CounterPath eyeBeam. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to crash the affected application. It is conjectured that remote arbitrary code execution may also be possible. This may facilitate unauthorized access or privilege escalation.
Specific version information regarding affected packages is currently unavailable. This BID will be updated as further information is disclosed. It should be noted that the eyeBeam package has been re-branded and redistributed by other vendors.
17. Ultimate Auction ItemList.PL Cross-Site Scripting Vulnerability
BugTraq ID: 16254
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16254
Summary:
Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 3.67 is vulnerable to this issue; prior versions may also be affected.
18. GTP iCommerce Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16255
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16255
Summary:
GTP iCommerce is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
19. EZDatabase Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16257
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16257
Summary:
EZDatabase is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Versions less than 2.1.2 are reported to be affected; other versions may also be vulnerable.
20. AmbiCom Blue Neighbors Bluetooth Stack Object Push Buffer Overflow Vulnerability
BugTraq ID: 16258
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16258
Summary:
AmbiCom Blue Neighbors Bluetooth stack is prone to a buffer overflow vulnerability. The issue exists in the Object Push Service.
This issue allows remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploitation attempts likely result in the application or device crashing.
21. CubeCart Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16259
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16259
Summary:
CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Some of these issues may be related to those discussed in BID 14962 (CubeCart Multiple Cross-Site Scripting Vulnerabilities). Further information suggests some of those issues may not have been properly addressed; this has not been confirmed by Symantec.
22. Apache Geronimo Multiple Input Validation Vulnerabilities
BugTraq ID: 16260
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16260
Summary:
Apache Geronimo is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, or the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
23. GRSecurity Elevated Service Privileges Weakness
BugTraq ID: 16261
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16261
Summary:
The grsecurity patch may improperly allow services to run with elevated privileges. This issue is due to a failure of the kernel to properly drop administrative roles.
This issue may lead to a false sense of security by allowing network services that are intended to have limited privileges to have administrative privileges. The exact repercussions of this issue depend on the particular function of the services running with elevated privileges. Privileges granted to services depend on the configured administrative role.
Attackers may exploit latent vulnerabilities in network services, and compromise the underlying computer. This is due to the targeted service having elevated privileges that are not intended.
24. AOL You've Got Pictures ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 16262
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16262
Summary:
AOL You've Got Pictures ActiveX control is prone to a buffer overflow vulnerability.
It is possible to invoke the object from a malicious Web page to trigger the condition. If the vulnerability were successfully exploited, this would result in a denial of service due to a runtime error in the affected module that causes the running instance of the client application that the object is invoked through (typically Internet Explorer) to crash. It may also be possible to exploit the condition to corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.
The affected ActiveX control was distributed in various versions of AOL Client Software, and on the You've Got Pictures Web site prior to 2004.
25. phpXplorer Workspaces.PHP Directory Traversal Vulnerability
BugTraq ID: 16263
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16263
Summary:
phpXplorer is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
Version 0.9.33 is vulnerable; other versions may also be affected.
26. Netbula Anyboard Anyboard.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 16264
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16264
Summary:
Anyboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
27. Widexl Download Tracker Down.PL Cross-Site Scripting Vulnerability
BugTraq ID: 16265
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16265
Summary:
Download Tracker is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 1.06 is vulnerable; other versions may also be affected.
28. RedKernel Referrer Tracker Rkrt_stats.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16266
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16266
Summary:
Referrer Tracker is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 1.1.0-3 is vulnerable; other versions may also be affected.
29. CMU SNMP SNMPTRAPD Daemon Remote Format String Vulnerability
BugTraq ID: 16267
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16267
Summary:
A remote format string vulnerability affects the CMU SNMP's snmptrapd daemon. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function.
A remote attacker may leverage this issue to execute arbitrary code with superuser privileges, facilitating the complete compromise of affected computers.
It should be noted that CMU SNMP has not been actively maintained for several years.
30. WehnTrust Path Specification Local Privilege Escalation Vulnerability
BugTraq ID: 16268
Remote: No
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16268
Summary:
Wehnus WehnTrust is prone to a vulnerability that could allow an arbitrary file to be executed.
The application adds a registry key to automatically start a service upon computer restarts without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges.
Specific version information about affected versions of WehnTrust is unavailable at this time. This BID will be updated as further information is disclosed.
31. BlogPHP Index.PHP SQL Injection Vulnerability
BugTraq ID: 16269
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16269
Summary:
BlogPHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
32. microBlog Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 16270
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16270
Summary:
microBlog is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
33. Mozilla Thunderbird File Attachment Spoofing Vulnerability
BugTraq ID: 16271
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16271
Summary:
Mozilla Thunderbird is prone to a file attachment spoofing vulnerability.
Successful exploitation may allow attackers to place malicious files on a user's computer by tricking users into saving seemingly safe attachments. If the user subsequently opens the file, this vulnerability may facilitate arbitrary code execution in the context of the user.
Thunderbird versions prior to 1.5 are affected.
34. microBlog BBCode URL Tag Script Injection Vulnerability
BugTraq ID: 16272
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16272
Summary:
microBlog is prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. Other attacks are also possible.
35. PDFDirectory Unspecified SQL Injection Vulnerability
BugTraq ID: 16273
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16273
Summary:
pdfdirectory is prone to an unspecified SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
36. PHP Fusebox Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16274
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16274
Summary:
PHP Fusebox is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 4.0.6 is vulnerable; other versions may also be affected.
37. EMC Legato Networker Multiple Remote Vulnerabilities
BugTraq ID: 16275
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16275
Summary:
EMC Legato Networker is affected by multiple remote vulnerabilities. A denial of service issue, and two remote code execution issues have been identified.
Version 7.2.1 of Legato Networker is vulnerable to these issues; prior versions may also be affected.
38. Computer Associates Unicenter Remote Control DM Primer Remote Denial of Service Vulnerability
BugTraq ID: 16276
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16276
Summary:
Computer Associates Unicenter Remote Control DM Primer is prone to a denial of service vulnerability.
Attackers may trigger a denial of service condition due to a hang. It should be noted that source IP addresses may be easily spoofed by an attacker as the service uses UDP.
39. WebMobo WBNews Comments.PHP HTML Injection Vulnerability
BugTraq ID: 16277
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16277
Summary:
WBNews is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Versions 1.1.0 and earlier are vulnerable; other versions may also be affected.
40. Antiword Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 16278
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16278
Summary:
Antiword creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
41. PowerPortal Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16279
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16279
Summary:
PowerPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
42. SMBCMS Local Site Search Cross-Site Scripting Vulnerability
BugTraq ID: 16281
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16281
Summary:
SMBCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 2.1 is vulnerable; other versions may also be affected.
43. HTMLtoNuke HTMLtonuke.PHP Remote File Include Vulnerability
BugTraq ID: 16282
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16282
Summary:
HTMLtoNuke is prone to a remote file include vulnerability. This is due to a lack of proper sanitization of user-supplied input.
An attacker can exploit this issue to execute arbitrary remote HTML and script code on an affected computer with the privileges of the Web server process.
Successful exploitation could facilitate unauthorized access; other attacks are also possible.
44. Linux Kernel mq_open System Call Unspecified Denial of Service Vulnerability
BugTraq ID: 16283
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16283
Summary:
Linux kernel mq_open system call is prone to a local denial of service vulnerability. Further information is not currently available. This record will be updated when more details are disclosed.
This issue affects Linux kernel 2.6.9. Earlier kernel versions may be affected.
45. Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
BugTraq ID: 16284
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16284
Summary:
The Linux kernel is affected by a local memory disclosure vulnerability.
This issue allows an attacker to read kernel memory. Information gathered via exploitation may aid malicious users in further attacks.
This issue affectes the 2.6 series of the Linux kernel, prior to 2.6.15.
46. MPM HP-180W VOIP WIFI Phone Information Disclosure Vulnerability
BugTraq ID: 16285
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16285
Summary:
The MPM HP-180W VOIP WIFI phone is prone to an information disclosure vulnerability.
Sensitive information may be disclosed to attackers, and could be useful in further attacks. Informataion obtained may aid an attacker to perform denial of service attacks.
MPM HP-180W phones with firmware version WE.00.17 is vulnerable to this issue. Due to code reuse, other devices and versions may also be affected. This issue may also be related to BID 15478 (Zyxel P2000W VOIP WIFI Phone Information Disclosure Vulnerability)
47. AOblogger Multiple Input Validation Vulnerabilities
BugTraq ID: 16286
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16286
Summary:
AOblogger is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure, creation of new data or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
Version 2.3 is vulnerable; other versions may also be affected.
48. Oracle January Security Update Multiple Vulnerabilities
BugTraq ID: 16287
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16287
Summary:
Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, PeopleSoft Enterprise Portal, JD Edwards EnterpriseOne Tools, OneWorld Tools, Oracle Developer Suite, and Oracle Workflow are prone to multiple vulnerabilities.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats.
Oracle has released a Critical Patch Update advisory for January 2006 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well.
49. ACT P202S VOIP WIFI Phones Multiple Remote Vulnerabilities
BugTraq ID: 16288
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16288
Summary:
ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible.
ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected.
50. Clipcomm CPW-100E and CP-100E VOIP Phones Remote Administrative Access Vulnerability
BugTraq ID: 16289
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16289
Summary:
Clipcomm CPW-100E and CP-100E VOIP phones allow unauthenticated, remote administrative access.
This issue allows remote attackers to gain access to potentially sensitive information, trace calls, perform factory resets, and corrupt memory; other attacks are also possible. Attackers may also turn CPW-100E phones into a remote listening device.
Clipcomm CPW-100E phones running firmware version 1.1.12, and CP-100E phones running firmware version 1.1.60 are prone to this issue. Due to code reuse, other devices and versions may also be affected.
51. Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability
BugTraq ID: 16290
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16290
Summary:
Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed.
The application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges.
Specific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed.
52. Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability
BugTraq ID: 16291
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16291
Summary:
Cisco IOS HTTP service is reportedly prone to an HTML injection vulnerability.
Specifically the vulnerability affects the Cisco Discovery Protocol (CDP) status page. An attacker can submit malicious HTML and script code through CDP packets to be executed in the context of a logged in administrator. This issue can also allow attackers to execute arbitrary commands on a vulnerable device.
Exploitation can facilitate a variety of attacks such as manipulation of routing information, account creation and access to all other functionality available to administrators.
IOS 11.2(8.11)SA6 is reportedly vulnerable to this issue, however, other versions of IOS 11 are likely affected as well. This issue does not affect IOS 12.
53. phpXplorer Action.PHP Directory Traversal Vulnerability
BugTraq ID: 16292
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16292
Summary:
phpXplorer is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
Version 0.9.33 is vulnerable; other versions may also be affected.
54. Cisco CallManager CCMAdmin Remote Privilege Escalation Vulnerability
BugTraq ID: 16293
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16293
Summary:
Cisco CallManager is susceptible to a remote privilege escalation vulnerability. This issue is due to a failure of the application to properly enforce access controls. This issue is only exploitable when Multi Level Administration is enabled, and users are granted read-only administrative access via the CCMAdmin Web interface.
This issue allows remote attackers to gain full read-write administrative access to the Web interface of Cisco CallManager.
55. Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities
BugTraq ID: 16294
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16294
Summary:
Oracle 10g is prone to multiple SQL injection vulnerabilities. These issues affect various functions of the 'SYS.KUPV$FT' package.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data and other attacks.
Oracle 10g Release 1 and prior versions are considered to be vulnerable to these issues.
These issues are part of the vulnerabilities addressed by Oracle in Oracle Critical Patch Update - January 2006. Please see BID 16287 (Oracle January Security Update Multiple Vulnerabilities) for more information.
56. Cisco CallManager Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 16295
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16295
Summary:
CallManager is susceptible to multiple remote denial of service vulnerabilities.
These issues are documented in Cisco bugs CSCea53907, CSCsa86197, CSCsb16635 and CSCsb64161, which are available to Cisco customers.
Attackers may exploit these vulnerabilities to crash the affected service, effectively denying service to legitimate users.
57. FreeBSD IEEE 802.11 Network Subsystem Remote Buffer Overflow Vulnerability
BugTraq ID: 16296
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16296
Summary:
FreeBSD is susceptible to a remote, kernel-level buffer overflow vulnerability. This issue is due to a failure of the kernel to properly bounds check user-supplied network data prior to copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the affected kernel, facilitating the complete compromise of affected computers. As this issue is present in a low-level network subsystem, it is likely exploitable even if the host is blocking packets with a host-based packet filter.
58. 3Com TippingPoint IPS Remote Unspecified Denial Of Service Vulnerability
BugTraq ID: 16299
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16299
Summary:
3Com TippingPoint IPS is susceptible to a remote denial of service vulnerability. This issue is reportedly due to certain unspecified, malformed traffic that results in a denial of service condition.
This issue allows remote attackers to consume excessive CPU resources on affected devices. It is reported that this issue may result in the crash of the device, denying further network services to legitimate users. The vendor states that this issue results in excessive CPU resource utilization.
Further details are unavailable at this time. This record will be updates as further information is disclosed.
59. Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
BugTraq ID: 16301
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16301
Summary:
The Linux kernel dm-crypt module is susceptible to a local information disclosure vulnerability. This issue is due to a failure of the module to properly zero sensitive memory buffers prior to freeing the memory.
This issue may allow local attackers to gain access to potentially sensitive memory that contains information on the cryptographic key utilized for the encrypted storage. This may aid them in further attacks.
This issue affects the 2.6 series of the Linux kernel.
60. Douran FollowWeb Portal Register.ASPX Cross-Site Scripting Vulnerability
BugTraq ID: 16302
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16302
Summary:
FollowWeb is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
61. Cisco IOS SGBP Remote Denial of Service Vulnerability
BugTraq ID: 16303
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16303
Summary:
Cisco IOS SGBP is prone to a remote denial of service vulnerability.
This issue arises on devices that have been configured to run SGBP.
A successful attack causes a device to hang and fail to respond to further requests. It should be noted that a system watchdog timer will detect this condition after a delay and restart the device.
62. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability
BugTraq ID: 16304
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16304
Summary:
The Linux kernel is susceptible to a local access validation vulnerability in the SDLA driver.
This issue allows local users with the 'CAP_NET_ADMIN' capability, but without the 'CAP_SYS_RAWIO' capability to read and write to the SDLA device firmware. This may cause a denial of service issue if attackers write an invalid firmware. Other attacks may also be possibly by writing modified firmware files.
63. Eggblog Multiple Input Validation Vulnerabilities
BugTraq ID: 16305
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16305
Summary:
Eggblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
64. SaralBlog Multiple Input Validation Vulnerabilities
BugTraq ID: 16306
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16306
Summary:
saralblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials or possibly permit an attacker to control how the site is rendered to the user. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
65. Linksys BEFVP41 IP Options Remote Denial Of Service Vulnerability
BugTraq ID: 16307
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16307
Summary:
Linksys BEFVP41 routers are susceptible to a remote denial of service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic.
This issue allows remote attackers to crash affected devices, denying service to legitimate users.
Reportedly, attackers must be located on the internal network, and be able to pass traffic through the router to exploit this issue. It may also be possible from the external side of the network, but this has not been confirmed.
66. MyBB Signature HTML Injection Vulnerability
BugTraq ID: 16308
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16308
Summary:
MyBB is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
The discoverer of this vulnerability has not disclosed which version or
versions of the application may be vulnerable to this issue. It is
conjectured this issue affects recent versions of MyBB.
67. F-Secure Multiple Archive Handling Vulnerabilities
BugTraq ID: 16309
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16309
Summary:
F-Secure is prone to multiple vulnerabilities when handling archives of various formats.
The application is affected by a remote buffer overflow vulnerability when handling malformed ZIP archives. A successful attack can facilitate arbitrary code execution and result in a full compromise.
Specially crafted ZIP and RAR archives can also bypass detection. This may result in arbitrary code execution or a malicious code infection.
68. PHlyMail Multiple Input Validation Vulnerabilities
BugTraq ID: 16310
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16310
Summary:
PHlyMail is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
69. BitComet Torrent File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 16311
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16311
Summary:
BitComet is prone to a buffer overflow vulnerability.
This issue presents itself when the application attempts to process a malformed '.torrent' file.
Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application.
BitComet 0.60 is reportedly vulnerable. Other versions may be affected as well.
70. My Amazon Store Manager Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16312
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16312
Summary:
My Amazon Store Manager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 1.0 is reported to be vulnerable; other versions may also be affected.
71. Netrix X-Site Manager Product_Details.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16313
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16313
Summary:
X-Site Manager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
72. Kerio WinRoute Firewall Multiple Denial of Service Vulnerabilities
BugTraq ID: 16314
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16314
Summary:
Kerio WinRoute Firewall is prone to multiple denial of service vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to crash the affected service, effectively disabling the firewall. This may aid in further attacks.
73. ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 16315
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16315
Summary:
ELOG is prone to multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary code and gain access to sensitive information.
The following vulnerabilities were identified:
A format string vulnerability exists in the 'write_logfile()' function.
ELOG is prone to a directory traversal vulnerability as well.
ELOG versions prior to 2.6.1 are vulnerable.
74. HP-UX FTPD Remote Denial Of Service Vulnerability
BugTraq ID: 16316
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16316
Summary:
A remote denial of service vulnerability has been reported in the HP-UX ftpd implementation. A remote unauthenticated user may cause the FTP server process to become unresponsive.
The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information becomes available.
75. Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability
BugTraq ID: 16317
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16317
Summary:
Ecartis is prone to an arbitrary attachment upload vulnerability.
This vulnerability presents itself when the PantoMIME functionality has been enabled.
The issue arises because unauthorized users who are not subscribed to a mailing list can send email attachments that will be saved in the PantoMIME directory. This can allow attackers to place arbitrary files on a vulnerable server.
Ecartis version 1.0.0 snapshot 20050909 is reportedly vulnerable. Other versions may be affected as well.
76. WebspotBlogging Login.PHP SQL Injection Vulnerability
BugTraq ID: 16319
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16319
Summary:
WebspotBlogging is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Bot herder pleads guilty to 'zombie' sales
By: Robert Lemos
A 20-year-old California man plead guilty to federal charges that he sold access to networks of compromised PCs and made money from illicitly installed adware.
http://www.securityfocus.com/news/11370
2. Researcher: Sony BMG "rootkit" still widespread
By: Robert Lemos
Even as media giant Sony BMG settles six cases in New York, a security researcher finds hundreds of thousands of networks appear to still contain PCs with the controversial copy protection installed.
http://www.securityfocus.com/news/11369
3. Zero-day WMF flaw underscores patch problems
By: Robert Lemos
The Windows Meta File incident suggests that open-source efforts can result in quicker fixes but pose larger issues of trust, and highlights that companies can no longer depend on patches to protect their systems.
http://www.securityfocus.com/news/11368
4. Security flaws on the rise, questions remain
By: Robert Lemos
After three years of modest or no gains, the number of publicly reported vulnerabilities jumped in 2005, boosted by easy-to-find bugs in Web applications. Yet, questions remain about the value of analyzing current databases, whose data rarely correlates easily.
http://www.securityfocus.com/news/11367
5. Skype under scrutiny for bugs
By: John Leyden
The recent emergence of two sets of serious security vulnerabilities in Skype, the popular VoIP communications software app, couldn't have come at a worse time for the firm.
http://www.securityfocus.com/news/11354
6. Say hello to the Skype Trojan
By: John Leyden
Virus writers are targeting Skype users with a new Trojan that poses as the latest version of the popular VoIP software.
http://www.securityfocus.com/news/11348
7. Shared music abuse bug hits iTunes
By: John Leyden
Security researchers have discovered a vulnerability in Apple's popular iTunes application which might be exploited to interfere with shared music downloads.
http://www.securityfocus.com/news/11347
8. US cybersecurity all at sea
By: John Leyden
US cybersecurity risks are being poorly managed by the Department of Homeland Security, according to a former US presidential information security advisor.
http://www.securityfocus.com/news/11345
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Manager, Information Security, Arlington
http://www.securityfocus.com/archive/77/422770
2. [SJ-JOB] Security System Administrator, Arlington
http://www.securityfocus.com/archive/77/422771
3. [SJ-JOB] Manager, Information Security, Tampa
http://www.securityfocus.com/archive/77/422772
4. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/422762
5. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/422763
6. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/422764
7. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/422760
8. [SJ-JOB] Management, Silicon Valley/Bay Area
http://www.securityfocus.com/archive/77/422761
9. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/422758
10. [SJ-JOB] Security Consultant, Any
http://www.securityfocus.com/archive/77/422757
29. [SJ-JOB] Director of Privacy and Security, New York
http://www.securityfocus.com/archive/77/422291
30. [SJ-JOB] Channel / Business Development, Boston
http://www.securityfocus.com/archive/77/422286
31. [SJ-JOB] Information Assurance Analyst, Charlotte
http://www.securityfocus.com/archive/77/422287
V. INCIDENTS LIST SUMMARY
---------------------------
1. Moderators Introduction
http://www.securityfocus.com/archive/75/422804
2. Incoming New Moderator...
http://www.securityfocus.com/archive/75/422777
3. REVIEW: "Incident Response", Douglas Schweitzer
http://www.securityfocus.com/archive/75/422744
4. constant flow of root queries
http://www.securityfocus.com/archive/75/422308
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. creating AD accounts for IdM solutions
http://www.securityfocus.com/archive/88/422486
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: Simulate A Hacker Breaking into Your Web Apps- FREE Product Trial and and CYA (Cover Your Apps) T-shirt
WebInspect employs threat agents to simulate attackers analyzing your web applications, formulating attacks and applying them to determine if vulnerabilities exist. Run a FREE Test of your Web Apps via our FREE 15 Day Product Trial that delivers a comprehensive Vulnerability Report
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70130000000C1P
H
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: Simulate A Hacker Breaking into Your Web Apps- FREE Product Trial and and CYA (Cover Your Apps) T-shirt
WebInspect employs threat agents to simulate attackers analyzing your web applications, formulating attacks and applying them to determine if vulnerabilities exist. Run a FREE Test of your Web Apps via our FREE 15 Day Product Trial that delivers a comprehensive Vulnerability Report
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70130000000C1P
H
------------------------------------------------------------------
I. FRONT AND CENTER
1. How not to respond to a security advisory
2. Tech support woes
3. Debunking the WMF backdoor
II. BUGTRAQ SUMMARY
1. EZDatabaseRemote PHP Script Code Execution Vulnerability
2. Helmsman HomeFtp Remote Denial Of Service Vulnerability
3. Ultimate Auction Item.PL Cross-Site Scripting Vulnerability
4. Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service Vulnerability
5. WP-Stats Author Parameter SQL Injection Vulnerability
6. Benders Calendar Multiple SQL Injection Vulnerabilities
7. 8Pixel.net SimpleBlog Multiple Input Validation Vulnerabilities
8. Bit 5 Blog Index.PHP SQL Injection Vulnerability
9. Bit 5 Blog AddComment.PHP HTML Injection Vulnerability
10. White Album Pictures.PHP SQL Injection Vulnerability
11. GNU Mailman Large Date Data Denial Of Service Vulnerability
12. GeoBlog ViewCat.PHP SQL Injection Vulnerability
13. Tux Paint Insecure Temporary File Creation Vulnerability
14. Faq-O-Matic Multiple Cross-Site Scripting Vulnerabilities
15. Albatross Remote Arbitrary Code Execution Vulnerability
16. CounterPath eyeBeam SIP Header Data Remote Buffer Overflow Vulnerability
17. Ultimate Auction ItemList.PL Cross-Site Scripting Vulnerability
18. GTP iCommerce Multiple Cross-Site Scripting Vulnerabilities
19. EZDatabase Index.PHP Cross-Site Scripting Vulnerability
20. AmbiCom Blue Neighbors Bluetooth Stack Object Push Buffer Overflow Vulnerability
21. CubeCart Multiple Cross-Site Scripting Vulnerabilities
22. Apache Geronimo Multiple Input Validation Vulnerabilities
23. GRSecurity Elevated Service Privileges Weakness
24. AOL You've Got Pictures ActiveX Control Buffer Overflow Vulnerability
25. phpXplorer Workspaces.PHP Directory Traversal Vulnerability
26. Netbula Anyboard Anyboard.CGI Cross-Site Scripting Vulnerability
27. Widexl Download Tracker Down.PL Cross-Site Scripting Vulnerability
28. RedKernel Referrer Tracker Rkrt_stats.PHP Cross-Site Scripting Vulnerability
29. CMU SNMP SNMPTRAPD Daemon Remote Format String Vulnerability
30. WehnTrust Path Specification Local Privilege Escalation Vulnerability
31. BlogPHP Index.PHP SQL Injection Vulnerability
32. microBlog Index.PHP Multiple SQL Injection Vulnerabilities
33. Mozilla Thunderbird File Attachment Spoofing Vulnerability
34. microBlog BBCode URL Tag Script Injection Vulnerability
35. PDFDirectory Unspecified SQL Injection Vulnerability
36. PHP Fusebox Index.PHP Cross-Site Scripting Vulnerability
37. EMC Legato Networker Multiple Remote Vulnerabilities
38. Computer Associates Unicenter Remote Control DM Primer Remote Denial of Service Vulnerability
39. WebMobo WBNews Comments.PHP HTML Injection Vulnerability
40. Antiword Insecure Temporary File Creation Vulnerabilities
41. PowerPortal Multiple Cross-Site Scripting Vulnerabilities
42. SMBCMS Local Site Search Cross-Site Scripting Vulnerability
43. HTMLtoNuke HTMLtonuke.PHP Remote File Include Vulnerability
44. Linux Kernel mq_open System Call Unspecified Denial of Service Vulnerability
45. Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
46. MPM HP-180W VOIP WIFI Phone Information Disclosure Vulnerability
47. AOblogger Multiple Input Validation Vulnerabilities
48. Oracle January Security Update Multiple Vulnerabilities
49. ACT P202S VOIP WIFI Phones Multiple Remote Vulnerabilities
50. Clipcomm CPW-100E and CP-100E VOIP Phones Remote Administrative Access Vulnerability
51. Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability
52. Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability
53. phpXplorer Action.PHP Directory Traversal Vulnerability
54. Cisco CallManager CCMAdmin Remote Privilege Escalation Vulnerability
55. Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities
56. Cisco CallManager Multiple Remote Denial Of Service Vulnerabilities
57. FreeBSD IEEE 802.11 Network Subsystem Remote Buffer Overflow Vulnerability
58. 3Com TippingPoint IPS Remote Unspecified Denial Of Service Vulnerability
59. Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
60. Douran FollowWeb Portal Register.ASPX Cross-Site Scripting Vulnerability
61. Cisco IOS SGBP Remote Denial of Service Vulnerability
62. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability
63. Eggblog Multiple Input Validation Vulnerabilities
64. SaralBlog Multiple Input Validation Vulnerabilities
65. Linksys BEFVP41 IP Options Remote Denial Of Service Vulnerability
66. MyBB Signature HTML Injection Vulnerability
67. F-Secure Multiple Archive Handling Vulnerabilities
68. PHlyMail Multiple Input Validation Vulnerabilities
69. BitComet Torrent File Handling Remote Buffer Overflow Vulnerability
70. My Amazon Store Manager Search.PHP Cross-Site Scripting Vulnerability
71. Netrix X-Site Manager Product_Details.PHP Cross-Site Scripting Vulnerability
72. Kerio WinRoute Firewall Multiple Denial of Service Vulnerabilities
73. ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities
74. HP-UX FTPD Remote Denial Of Service Vulnerability
75. Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability
76. WebspotBlogging Login.PHP SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Bot herder pleads guilty to 'zombie' sales
2. Researcher: Sony BMG "rootkit" still widespread
3. Zero-day WMF flaw underscores patch problems
4. Security flaws on the rise, questions remain
5. Skype under scrutiny for bugs
6. Say hello to the Skype Trojan
7. Shared music abuse bug hits iTunes
8. US cybersecurity all at sea
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Manager, Information Security, Arlington
2. [SJ-JOB] Security System Administrator, Arlington
3. [SJ-JOB] Manager, Information Security, Tampa
4. [SJ-JOB] Security Engineer, Sydney
5. [SJ-JOB] Security Engineer, Sydney
6. [SJ-JOB] Security Engineer, Sydney
7. [SJ-JOB] Security Engineer, Sydney
8. [SJ-JOB] Management, Silicon Valley/Bay Area
9. [SJ-JOB] Security Consultant, Chicago
10. [SJ-JOB] Security Consultant, Any
11. [SJ-JOB] Auditor, Milwaukee
12. [SJ-JOB] Auditor, Milwaukee
13. [SJ-JOB] Sales Engineer, Southern
14. [SJ-JOB] Security Director, Southern
15. [SJ-JOB] Security Consultant, Southern
16. [SJ-JOB] Security Consultant, Phoenix
17. [SJ-JOB] Security Architect, Schaumburg
18. [SJ-JOB] Sr. Security Analyst, Herndon
19. [SJ-JOB] Security Auditor, Chicago
20. [SJ-JOB] Technology Risk Consultant, London/South-West
21. [SJ-JOB] Developer, San Diego
22. [SJ-JOB] Management, Chicago
23. [SJ-JOB] Security Auditor, New York
24. [SJ-JOB] Sales Engineer, NY/NJ Area
25. [SJ-JOB] Sales Engineer, Milwaukee
26. [SJ-JOB] Sr. Security Engineer, Fort Lauderdale
27. [SJ-JOB] Quality Assurance, Westborough
28. [SJ-JOB] Sr. Security Analyst, Evansville
29. [SJ-JOB] Director of Privacy and Security, New York
30. [SJ-JOB] Channel / Business Development, Boston
31. [SJ-JOB] Information Assurance Analyst, Charlotte
V. INCIDENTS LIST SUMMARY
1. Moderators Introduction
2. Incoming New Moderator...
3. REVIEW: "Incident Response", Douglas Schweitzer
4. constant flow of root queries
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. creating AD accounts for IdM solutions
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. How not to respond to a security advisory
By Jason Miller
A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals.
http://www.securityfocus.com/columnists/380
2. Tech support woes
By Scott Granneman
Technical support that's outsourced to foreign countries can cause frustration and have a negative impact on security when the problems remain unsolved.
http://www.securityfocus.com/columnists/381
3. Debunking the WMF backdoor
By Thomas C. Greene
Claims that the WMF vulnerability was an intentional backdoor into Windows systems makes for an interesting conspiracy theory, but doesn't fit with the facts.
http://www.securityfocus.com/columnists/382
II. BUGTRAQ SUMMARY
--------------------
1. EZDatabaseRemote PHP Script Code Execution Vulnerability
BugTraq ID: 16237
Remote: Yes
Date Published: 2006-01-14
Relevant URL: http://www.securityfocus.com/bid/16237
Summary:
ezDatabase is prone to a remote PHP script code execution vulnerability.
An attacker can exploit this issue to execute arbitrary malicious PHP code and execute it in the context of the Web server process. These may facilitate a compromise of the application and the underlying system; other attacks are also possible.
ezDatabase version 2.0 is vulnerable to these issues; other versions may also be affected.
2. Helmsman HomeFtp Remote Denial Of Service Vulnerability
BugTraq ID: 16238
Remote: Yes
Date Published: 2006-01-14
Relevant URL: http://www.securityfocus.com/bid/16238
Summary:
Helmsman HomeFtp is prone to a remote denial of service vulnerability. Successfully authentication is required to exploit this issue.
A remote attacker may exploit this issue to deny service for legitimate users.
3. Ultimate Auction Item.PL Cross-Site Scripting Vulnerability
BugTraq ID: 16239
Remote: Yes
Date Published: 2006-01-14
Relevant URL: http://www.securityfocus.com/bid/16239
Summary:
Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 3.67 is vulnerable to this issue; prior versions may also be affected.
4. Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service Vulnerability
BugTraq ID: 16240
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16240
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability.
This issue presents itself when the browser handles a specially crafted IMG element in a malformed XML block.
An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application.
5. WP-Stats Author Parameter SQL Injection Vulnerability
BugTraq ID: 16241
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16241
Summary:
WO-Stats is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
6. Benders Calendar Multiple SQL Injection Vulnerabilities
BugTraq ID: 16242
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16242
Summary:
Benders Calendar is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
7. 8Pixel.net SimpleBlog Multiple Input Validation Vulnerabilities
BugTraq ID: 16243
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16243
Summary:
SimpleBlog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, or the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
8. Bit 5 Blog Index.PHP SQL Injection Vulnerability
BugTraq ID: 16244
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16244
Summary:
Bit 5 Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
9. Bit 5 Blog AddComment.PHP HTML Injection Vulnerability
BugTraq ID: 16246
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16246
Summary:
Bit 5 Blog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
10. White Album Pictures.PHP SQL Injection Vulnerability
BugTraq ID: 16247
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16247
Summary:
White Album is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
11. GNU Mailman Large Date Data Denial Of Service Vulnerability
BugTraq ID: 16248
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16248
Summary:
GNU Mailman is prone to a denial of service attack. This issue affects the email date parsing functionality of Mailman.
The vulnerability could be triggered by mailing list posts and will impact the availability of mailing lists hosted by the application.
12. GeoBlog ViewCat.PHP SQL Injection Vulnerability
BugTraq ID: 16249
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16249
Summary:
geoBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
13. Tux Paint Insecure Temporary File Creation Vulnerability
BugTraq ID: 16250
Remote: No
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16250
Summary:
Tux Paint creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
14. Faq-O-Matic Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16251
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16251
Summary:
Faq-O-Matic is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
These issues may be related to those discussed in BID 4565 and BID 4023 (Faq-O-Matic Cross Site Scripting Vulnerability).
15. Albatross Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 16252
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16252
Summary:
Albatross is prone to an arbitrary code execution vulnerability.
Reports indicate that malicious user-supplied data may be insecurely used as part of a template, which may lead to arbitrary code execution.
A remote attacker may exploit this issue to gain unauthorized access to an affected computer. Other attacks may be possible as well.
16. CounterPath eyeBeam SIP Header Data Remote Buffer Overflow Vulnerability
BugTraq ID: 16253
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16253
Summary:
A remote buffer overflow vulnerability affects CounterPath eyeBeam. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to crash the affected application. It is conjectured that remote arbitrary code execution may also be possible. This may facilitate unauthorized access or privilege escalation.
Specific version information regarding affected packages is currently unavailable. This BID will be updated as further information is disclosed. It should be noted that the eyeBeam package has been re-branded and redistributed by other vendors.
17. Ultimate Auction ItemList.PL Cross-Site Scripting Vulnerability
BugTraq ID: 16254
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16254
Summary:
Ultimate Auction is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 3.67 is vulnerable to this issue; prior versions may also be affected.
18. GTP iCommerce Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16255
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16255
Summary:
GTP iCommerce is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
19. EZDatabase Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16257
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16257
Summary:
EZDatabase is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Versions less than 2.1.2 are reported to be affected; other versions may also be vulnerable.
20. AmbiCom Blue Neighbors Bluetooth Stack Object Push Buffer Overflow Vulnerability
BugTraq ID: 16258
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16258
Summary:
AmbiCom Blue Neighbors Bluetooth stack is prone to a buffer overflow vulnerability. The issue exists in the Object Push Service.
This issue allows remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploitation attempts likely result in the application or device crashing.
21. CubeCart Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16259
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16259
Summary:
CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Some of these issues may be related to those discussed in BID 14962 (CubeCart Multiple Cross-Site Scripting Vulnerabilities). Further information suggests some of those issues may not have been properly addressed; this has not been confirmed by Symantec.
22. Apache Geronimo Multiple Input Validation Vulnerabilities
BugTraq ID: 16260
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16260
Summary:
Apache Geronimo is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, or the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
23. GRSecurity Elevated Service Privileges Weakness
BugTraq ID: 16261
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16261
Summary:
The grsecurity patch may improperly allow services to run with elevated privileges. This issue is due to a failure of the kernel to properly drop administrative roles.
This issue may lead to a false sense of security by allowing network services that are intended to have limited privileges to have administrative privileges. The exact repercussions of this issue depend on the particular function of the services running with elevated privileges. Privileges granted to services depend on the configured administrative role.
Attackers may exploit latent vulnerabilities in network services, and compromise the underlying computer. This is due to the targeted service having elevated privileges that are not intended.
24. AOL You've Got Pictures ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 16262
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16262
Summary:
AOL You've Got Pictures ActiveX control is prone to a buffer overflow vulnerability.
It is possible to invoke the object from a malicious Web page to trigger the condition. If the vulnerability were successfully exploited, this would result in a denial of service due to a runtime error in the affected module that causes the running instance of the client application that the object is invoked through (typically Internet Explorer) to crash. It may also be possible to exploit the condition to corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.
The affected ActiveX control was distributed in various versions of AOL Client Software, and on the You've Got Pictures Web site prior to 2004.
25. phpXplorer Workspaces.PHP Directory Traversal Vulnerability
BugTraq ID: 16263
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16263
Summary:
phpXplorer is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
Version 0.9.33 is vulnerable; other versions may also be affected.
26. Netbula Anyboard Anyboard.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 16264
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16264
Summary:
Anyboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
27. Widexl Download Tracker Down.PL Cross-Site Scripting Vulnerability
BugTraq ID: 16265
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16265
Summary:
Download Tracker is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 1.06 is vulnerable; other versions may also be affected.
28. RedKernel Referrer Tracker Rkrt_stats.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16266
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16266
Summary:
Referrer Tracker is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 1.1.0-3 is vulnerable; other versions may also be affected.
29. CMU SNMP SNMPTRAPD Daemon Remote Format String Vulnerability
BugTraq ID: 16267
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16267
Summary:
A remote format string vulnerability affects the CMU SNMP's snmptrapd daemon. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function.
A remote attacker may leverage this issue to execute arbitrary code with superuser privileges, facilitating the complete compromise of affected computers.
It should be noted that CMU SNMP has not been actively maintained for several years.
30. WehnTrust Path Specification Local Privilege Escalation Vulnerability
BugTraq ID: 16268
Remote: No
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16268
Summary:
Wehnus WehnTrust is prone to a vulnerability that could allow an arbitrary file to be executed.
The application adds a registry key to automatically start a service upon computer restarts without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges.
Specific version information about affected versions of WehnTrust is unavailable at this time. This BID will be updated as further information is disclosed.
31. BlogPHP Index.PHP SQL Injection Vulnerability
BugTraq ID: 16269
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16269
Summary:
BlogPHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
32. microBlog Index.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 16270
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16270
Summary:
microBlog is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
33. Mozilla Thunderbird File Attachment Spoofing Vulnerability
BugTraq ID: 16271
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16271
Summary:
Mozilla Thunderbird is prone to a file attachment spoofing vulnerability.
Successful exploitation may allow attackers to place malicious files on a user's computer by tricking users into saving seemingly safe attachments. If the user subsequently opens the file, this vulnerability may facilitate arbitrary code execution in the context of the user.
Thunderbird versions prior to 1.5 are affected.
34. microBlog BBCode URL Tag Script Injection Vulnerability
BugTraq ID: 16272
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16272
Summary:
microBlog is prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. Other attacks are also possible.
35. PDFDirectory Unspecified SQL Injection Vulnerability
BugTraq ID: 16273
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16273
Summary:
pdfdirectory is prone to an unspecified SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
36. PHP Fusebox Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16274
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16274
Summary:
PHP Fusebox is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 4.0.6 is vulnerable; other versions may also be affected.
37. EMC Legato Networker Multiple Remote Vulnerabilities
BugTraq ID: 16275
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16275
Summary:
EMC Legato Networker is affected by multiple remote vulnerabilities. A denial of service issue, and two remote code execution issues have been identified.
Version 7.2.1 of Legato Networker is vulnerable to these issues; prior versions may also be affected.
38. Computer Associates Unicenter Remote Control DM Primer Remote Denial of Service Vulnerability
BugTraq ID: 16276
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16276
Summary:
Computer Associates Unicenter Remote Control DM Primer is prone to a denial of service vulnerability.
Attackers may trigger a denial of service condition due to a hang. It should be noted that source IP addresses may be easily spoofed by an attacker as the service uses UDP.
39. WebMobo WBNews Comments.PHP HTML Injection Vulnerability
BugTraq ID: 16277
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16277
Summary:
WBNews is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Versions 1.1.0 and earlier are vulnerable; other versions may also be affected.
40. Antiword Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 16278
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16278
Summary:
Antiword creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
41. PowerPortal Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16279
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16279
Summary:
PowerPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
42. SMBCMS Local Site Search Cross-Site Scripting Vulnerability
BugTraq ID: 16281
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16281
Summary:
SMBCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 2.1 is vulnerable; other versions may also be affected.
43. HTMLtoNuke HTMLtonuke.PHP Remote File Include Vulnerability
BugTraq ID: 16282
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16282
Summary:
HTMLtoNuke is prone to a remote file include vulnerability. This is due to a lack of proper sanitization of user-supplied input.
An attacker can exploit this issue to execute arbitrary remote HTML and script code on an affected computer with the privileges of the Web server process.
Successful exploitation could facilitate unauthorized access; other attacks are also possible.
44. Linux Kernel mq_open System Call Unspecified Denial of Service Vulnerability
BugTraq ID: 16283
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16283
Summary:
Linux kernel mq_open system call is prone to a local denial of service vulnerability. Further information is not currently available. This record will be updated when more details are disclosed.
This issue affects Linux kernel 2.6.9. Earlier kernel versions may be affected.
45. Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
BugTraq ID: 16284
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16284
Summary:
The Linux kernel is affected by a local memory disclosure vulnerability.
This issue allows an attacker to read kernel memory. Information gathered via exploitation may aid malicious users in further attacks.
This issue affectes the 2.6 series of the Linux kernel, prior to 2.6.15.
46. MPM HP-180W VOIP WIFI Phone Information Disclosure Vulnerability
BugTraq ID: 16285
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16285
Summary:
The MPM HP-180W VOIP WIFI phone is prone to an information disclosure vulnerability.
Sensitive information may be disclosed to attackers, and could be useful in further attacks. Informataion obtained may aid an attacker to perform denial of service attacks.
MPM HP-180W phones with firmware version WE.00.17 is vulnerable to this issue. Due to code reuse, other devices and versions may also be affected. This issue may also be related to BID 15478 (Zyxel P2000W VOIP WIFI Phone Information Disclosure Vulnerability)
47. AOblogger Multiple Input Validation Vulnerabilities
BugTraq ID: 16286
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16286
Summary:
AOblogger is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure, creation of new data or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
Version 2.3 is vulnerable; other versions may also be affected.
48. Oracle January Security Update Multiple Vulnerabilities
BugTraq ID: 16287
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16287
Summary:
Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, PeopleSoft Enterprise Portal, JD Edwards EnterpriseOne Tools, OneWorld Tools, Oracle Developer Suite, and Oracle Workflow are prone to multiple vulnerabilities.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats.
Oracle has released a Critical Patch Update advisory for January 2006 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well.
49. ACT P202S VOIP WIFI Phones Multiple Remote Vulnerabilities
BugTraq ID: 16288
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16288
Summary:
ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible.
ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected.
50. Clipcomm CPW-100E and CP-100E VOIP Phones Remote Administrative Access Vulnerability
BugTraq ID: 16289
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16289
Summary:
Clipcomm CPW-100E and CP-100E VOIP phones allow unauthenticated, remote administrative access.
This issue allows remote attackers to gain access to potentially sensitive information, trace calls, perform factory resets, and corrupt memory; other attacks are also possible. Attackers may also turn CPW-100E phones into a remote listening device.
Clipcomm CPW-100E phones running firmware version 1.1.12, and CP-100E phones running firmware version 1.1.60 are prone to this issue. Due to code reuse, other devices and versions may also be affected.
51. Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability
BugTraq ID: 16290
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16290
Summary:
Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed.
The application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges.
Specific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed.
52. Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability
BugTraq ID: 16291
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16291
Summary:
Cisco IOS HTTP service is reportedly prone to an HTML injection vulnerability.
Specifically the vulnerability affects the Cisco Discovery Protocol (CDP) status page. An attacker can submit malicious HTML and script code through CDP packets to be executed in the context of a logged in administrator. This issue can also allow attackers to execute arbitrary commands on a vulnerable device.
Exploitation can facilitate a variety of attacks such as manipulation of routing information, account creation and access to all other functionality available to administrators.
IOS 11.2(8.11)SA6 is reportedly vulnerable to this issue, however, other versions of IOS 11 are likely affected as well. This issue does not affect IOS 12.
53. phpXplorer Action.PHP Directory Traversal Vulnerability
BugTraq ID: 16292
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16292
Summary:
phpXplorer is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
Version 0.9.33 is vulnerable; other versions may also be affected.
54. Cisco CallManager CCMAdmin Remote Privilege Escalation Vulnerability
BugTraq ID: 16293
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16293
Summary:
Cisco CallManager is susceptible to a remote privilege escalation vulnerability. This issue is due to a failure of the application to properly enforce access controls. This issue is only exploitable when Multi Level Administration is enabled, and users are granted read-only administrative access via the CCMAdmin Web interface.
This issue allows remote attackers to gain full read-write administrative access to the Web interface of Cisco CallManager.
55. Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities
BugTraq ID: 16294
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16294
Summary:
Oracle 10g is prone to multiple SQL injection vulnerabilities. These issues affect various functions of the 'SYS.KUPV$FT' package.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data and other attacks.
Oracle 10g Release 1 and prior versions are considered to be vulnerable to these issues.
These issues are part of the vulnerabilities addressed by Oracle in Oracle Critical Patch Update - January 2006. Please see BID 16287 (Oracle January Security Update Multiple Vulnerabilities) for more information.
56. Cisco CallManager Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 16295
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16295
Summary:
CallManager is susceptible to multiple remote denial of service vulnerabilities.
These issues are documented in Cisco bugs CSCea53907, CSCsa86197, CSCsb16635 and CSCsb64161, which are available to Cisco customers.
Attackers may exploit these vulnerabilities to crash the affected service, effectively denying service to legitimate users.
57. FreeBSD IEEE 802.11 Network Subsystem Remote Buffer Overflow Vulnerability
BugTraq ID: 16296
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16296
Summary:
FreeBSD is susceptible to a remote, kernel-level buffer overflow vulnerability. This issue is due to a failure of the kernel to properly bounds check user-supplied network data prior to copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the affected kernel, facilitating the complete compromise of affected computers. As this issue is present in a low-level network subsystem, it is likely exploitable even if the host is blocking packets with a host-based packet filter.
58. 3Com TippingPoint IPS Remote Unspecified Denial Of Service Vulnerability
BugTraq ID: 16299
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16299
Summary:
3Com TippingPoint IPS is susceptible to a remote denial of service vulnerability. This issue is reportedly due to certain unspecified, malformed traffic that results in a denial of service condition.
This issue allows remote attackers to consume excessive CPU resources on affected devices. It is reported that this issue may result in the crash of the device, denying further network services to legitimate users. The vendor states that this issue results in excessive CPU resource utilization.
Further details are unavailable at this time. This record will be updates as further information is disclosed.
59. Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
BugTraq ID: 16301
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16301
Summary:
The Linux kernel dm-crypt module is susceptible to a local information disclosure vulnerability. This issue is due to a failure of the module to properly zero sensitive memory buffers prior to freeing the memory.
This issue may allow local attackers to gain access to potentially sensitive memory that contains information on the cryptographic key utilized for the encrypted storage. This may aid them in further attacks.
This issue affects the 2.6 series of the Linux kernel.
60. Douran FollowWeb Portal Register.ASPX Cross-Site Scripting Vulnerability
BugTraq ID: 16302
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16302
Summary:
FollowWeb is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
61. Cisco IOS SGBP Remote Denial of Service Vulnerability
BugTraq ID: 16303
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16303
Summary:
Cisco IOS SGBP is prone to a remote denial of service vulnerability.
This issue arises on devices that have been configured to run SGBP.
A successful attack causes a device to hang and fail to respond to further requests. It should be noted that a system watchdog timer will detect this condition after a delay and restart the device.
62. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability
BugTraq ID: 16304
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16304
Summary:
The Linux kernel is susceptible to a local access validation vulnerability in the SDLA driver.
This issue allows local users with the 'CAP_NET_ADMIN' capability, but without the 'CAP_SYS_RAWIO' capability to read and write to the SDLA device firmware. This may cause a denial of service issue if attackers write an invalid firmware. Other attacks may also be possibly by writing modified firmware files.
63. Eggblog Multiple Input Validation Vulnerabilities
BugTraq ID: 16305
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16305
Summary:
Eggblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
64. SaralBlog Multiple Input Validation Vulnerabilities
BugTraq ID: 16306
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16306
Summary:
saralblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials or possibly permit an attacker to control how the site is rendered to the user. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
65. Linksys BEFVP41 IP Options Remote Denial Of Service Vulnerability
BugTraq ID: 16307
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16307
Summary:
Linksys BEFVP41 routers are susceptible to a remote denial of service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic.
This issue allows remote attackers to crash affected devices, denying service to legitimate users.
Reportedly, attackers must be located on the internal network, and be able to pass traffic through the router to exploit this issue. It may also be possible from the external side of the network, but this has not been confirmed.
66. MyBB Signature HTML Injection Vulnerability
BugTraq ID: 16308
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16308
Summary:
MyBB is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
The discoverer of this vulnerability has not disclosed which version or
versions of the application may be vulnerable to this issue. It is
conjectured this issue affects recent versions of MyBB.
67. F-Secure Multiple Archive Handling Vulnerabilities
BugTraq ID: 16309
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16309
Summary:
F-Secure is prone to multiple vulnerabilities when handling archives of various formats.
The application is affected by a remote buffer overflow vulnerability when handling malformed ZIP archives. A successful attack can facilitate arbitrary code execution and result in a full compromise.
Specially crafted ZIP and RAR archives can also bypass detection. This may result in arbitrary code execution or a malicious code infection.
68. PHlyMail Multiple Input Validation Vulnerabilities
BugTraq ID: 16310
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16310
Summary:
PHlyMail is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
69. BitComet Torrent File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 16311
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16311
Summary:
BitComet is prone to a buffer overflow vulnerability.
This issue presents itself when the application attempts to process a malformed '.torrent' file.
Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application.
BitComet 0.60 is reportedly vulnerable. Other versions may be affected as well.
70. My Amazon Store Manager Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16312
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16312
Summary:
My Amazon Store Manager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Version 1.0 is reported to be vulnerable; other versions may also be affected.
71. Netrix X-Site Manager Product_Details.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 16313
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16313
Summary:
X-Site Manager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
72. Kerio WinRoute Firewall Multiple Denial of Service Vulnerabilities
BugTraq ID: 16314
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16314
Summary:
Kerio WinRoute Firewall is prone to multiple denial of service vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities to crash the affected service, effectively disabling the firewall. This may aid in further attacks.
73. ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 16315
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16315
Summary:
ELOG is prone to multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary code and gain access to sensitive information.
The following vulnerabilities were identified:
A format string vulnerability exists in the 'write_logfile()' function.
ELOG is prone to a directory traversal vulnerability as well.
ELOG versions prior to 2.6.1 are vulnerable.
74. HP-UX FTPD Remote Denial Of Service Vulnerability
BugTraq ID: 16316
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16316
Summary:
A remote denial of service vulnerability has been reported in the HP-UX ftpd implementation. A remote unauthenticated user may cause the FTP server process to become unresponsive.
The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information becomes available.
75. Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability
BugTraq ID: 16317
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16317
Summary:
Ecartis is prone to an arbitrary attachment upload vulnerability.
This vulnerability presents itself when the PantoMIME functionality has been enabled.
The issue arises because unauthorized users who are not subscribed to a mailing list can send email attachments that will be saved in the PantoMIME directory. This can allow attackers to place arbitrary files on a vulnerable server.
Ecartis version 1.0.0 snapshot 20050909 is reportedly vulnerable. Other versions may be affected as well.
76. WebspotBlogging Login.PHP SQL Injection Vulnerability
BugTraq ID: 16319
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16319
Summary:
WebspotBlogging is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Bot herder pleads guilty to 'zombie' sales
By: Robert Lemos
A 20-year-old California man plead guilty to federal charges that he sold access to networks of compromised PCs and made money from illicitly installed adware.
http://www.securityfocus.com/news/11370
2. Researcher: Sony BMG "rootkit" still widespread
By: Robert Lemos
Even as media giant Sony BMG settles six cases in New York, a security researcher finds hundreds of thousands of networks appear to still contain PCs with the controversial copy protection installed.
http://www.securityfocus.com/news/11369
3. Zero-day WMF flaw underscores patch problems
By: Robert Lemos
The Windows Meta File incident suggests that open-source efforts can result in quicker fixes but pose larger issues of trust, and highlights that companies can no longer depend on patches to protect their systems.
http://www.securityfocus.com/news/11368
4. Security flaws on the rise, questions remain
By: Robert Lemos
After three years of modest or no gains, the number of publicly reported vulnerabilities jumped in 2005, boosted by easy-to-find bugs in Web applications. Yet, questions remain about the value of analyzing current databases, whose data rarely correlates easily.
http://www.securityfocus.com/news/11367
5. Skype under scrutiny for bugs
By: John Leyden
The recent emergence of two sets of serious security vulnerabilities in Skype, the popular VoIP communications software app, couldn't have come at a worse time for the firm.
http://www.securityfocus.com/news/11354
6. Say hello to the Skype Trojan
By: John Leyden
Virus writers are targeting Skype users with a new Trojan that poses as the latest version of the popular VoIP software.
http://www.securityfocus.com/news/11348
7. Shared music abuse bug hits iTunes
By: John Leyden
Security researchers have discovered a vulnerability in Apple's popular iTunes application which might be exploited to interfere with shared music downloads.
http://www.securityfocus.com/news/11347
8. US cybersecurity all at sea
By: John Leyden
US cybersecurity risks are being poorly managed by the Department of Homeland Security, according to a former US presidential information security advisor.
http://www.securityfocus.com/news/11345
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Manager, Information Security, Arlington
http://www.securityfocus.com/archive/77/422770
2. [SJ-JOB] Security System Administrator, Arlington
http://www.securityfocus.com/archive/77/422771
3. [SJ-JOB] Manager, Information Security, Tampa
http://www.securityfocus.com/archive/77/422772
4. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/422762
5. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/422763
6. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/422764
7. [SJ-JOB] Security Engineer, Sydney
http://www.securityfocus.com/archive/77/422760
8. [SJ-JOB] Management, Silicon Valley/Bay Area
http://www.securityfocus.com/archive/77/422761
9. [SJ-JOB] Security Consultant, Chicago
http://www.securityfocus.com/archive/77/422758
10. [SJ-JOB] Security Consultant, Any
http://www.securityfocus.com/archive/77/422757
11. [SJ-JOB] Auditor, Milwaukee
http://www.securityfocus.com/archive/77/422753
12. [SJ-JOB] Auditor, Milwaukee
http://www.securityfocus.com/archive/77/422754
13. [SJ-JOB] Sales Engineer, Southern
http://www.securityfocus.com/archive/77/422755
14. [SJ-JOB] Security Director, Southern
http://www.securityfocus.com/archive/77/422751
15. [SJ-JOB] Security Consultant, Southern
http://www.securityfocus.com/archive/77/422725
16. [SJ-JOB] Security Consultant, Phoenix
http://www.securityfocus.com/archive/77/422741
17. [SJ-JOB] Security Architect, Schaumburg
http://www.securityfocus.com/archive/77/422747
18. [SJ-JOB] Sr. Security Analyst, Herndon
http://www.securityfocus.com/archive/77/422697
19. [SJ-JOB] Security Auditor, Chicago
http://www.securityfocus.com/archive/77/422696
20. [SJ-JOB] Technology Risk Consultant, London/South-West
http://www.securityfocus.com/archive/77/422369
21. [SJ-JOB] Developer, San Diego
http://www.securityfocus.com/archive/77/422349
22. [SJ-JOB] Management, Chicago
http://www.securityfocus.com/archive/77/422348
23. [SJ-JOB] Security Auditor, New York
http://www.securityfocus.com/archive/77/422343
24. [SJ-JOB] Sales Engineer, NY/NJ Area
http://www.securityfocus.com/archive/77/422345
25. [SJ-JOB] Sales Engineer, Milwaukee
http://www.securityfocus.com/archive/77/422347
26. [SJ-JOB] Sr. Security Engineer, Fort Lauderdale
http://www.securityfocus.com/archive/77/422342
27. [SJ-JOB] Quality Assurance, Westborough
http://www.securityfocus.com/archive/77/422344
28. [SJ-JOB] Sr. Security Analyst, Evansville
http://www.securityfocus.com/archive/77/422289
29. [SJ-JOB] Director of Privacy and Security, New York
http://www.securityfocus.com/archive/77/422291
30. [SJ-JOB] Channel / Business Development, Boston
http://www.securityfocus.com/archive/77/422286
31. [SJ-JOB] Information Assurance Analyst, Charlotte
http://www.securityfocus.com/archive/77/422287
V. INCIDENTS LIST SUMMARY
---------------------------
1. Moderators Introduction
http://www.securityfocus.com/archive/75/422804
2. Incoming New Moderator...
http://www.securityfocus.com/archive/75/422777
3. REVIEW: "Incident Response", Douglas Schweitzer
http://www.securityfocus.com/archive/75/422744
4. constant flow of root queries
http://www.securityfocus.com/archive/75/422308
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. creating AD accounts for IdM solutions
http://www.securityfocus.com/archive/88/422486
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: Simulate A Hacker Breaking into Your Web Apps- FREE Product Trial and and CYA (Cover Your Apps) T-shirt
WebInspect employs threat agents to simulate attackers analyzing your web applications, formulating attacks and applying them to determine if vulnerabilities exist. Run a FREE Test of your Web Apps via our FREE 15 Day Product Trial that delivers a comprehensive Vulnerability Report
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70130000000C1P
H
[ reply ]