ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiN
E
------------------------------------------------------------------
I. FRONT AND CENTER
1. Mouse-Trapped
2. Nothing to Fear... ?
II. BUGTRAQ SUMMARY
1. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability
2. HP-UX ARPA Transport Software Unspecified Local Denial of Service Vulnerability
3. TWiki CGI Session File Code Execution Vulnerability
4. Plain Old Webserver Firefox Extension Directory Traversal Vulnerability
5. Roaring Penguin Software MIMEDefang Unspecified Remote Buffer Overflow Vulnerability
6. vBulletin Attachment.PHP Cross-Site Scripting Vulnerability
7. OPENi-CMS Plugin Remote File Include Vulnerability
8. Nabopoll Administrative Authentication Bypass Vulnerability
9. Allons_voter Administrative Authentication Bypass Vulnerability
10. McRefer Administrative Authentication Bypass Vulnerability
11. MoinMoin Multiple Cross-Site Scripting Vulnerabilities
12. Cisco IOS SIP Packet Handling Remote Denial Of Service Vulnerability
13. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
14. D-Bus Signals.C Local Denial of Service Vulnerability
15. MoniMoni Multiple Cross Site Scripting Vulnerabilities
16. EJabberD Mod_Roster_ODBC Unspecified Vulnerability
17. PHP RRD Browser P Parameter Directory Traversal Vulnerability
18. ISC BIND Remote DNSSEC Validation Denial of Service Vulnerability
19. ISC BIND Remote Fetch Context Denial of Service Vulnerability
20. SmidgeonSoft PEBrowse Remote Buffer Overflow Vulnerability
21. Microsoft Internet Explorer for Windows Mobile Remote WML Content Denial of Service Vulnerability
22. eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
23. Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
24. Ovidentia Multiple Remote File Include Vulnerabilities
25. GTK2 GDKPixBufLoader Remote Denial of Service Vulnerability
26. March Networks Digital Video Recorders Unspecified Denial of Service Vulnerability
27. Community Server SearchResults.ASPX Cross-Site Scripting Vulnerability
28. Advanced Poll Admin Index.PHP Information Disclosure Vulnerability
29. Adobe ColdFusion Unspecified Cross-Site Scripting Vulnerability
30. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
31. Adobe ColdFusion User_Agent Error Page Cross-Site Scripting Vulnerability
32. Samba Server VFS Plugin AFSACL.SO Remote Format String Vulnerability
33. NetKit FTP Server ChDir Information Disclosure Vulnerability
34. Fetchmail Multiple Password Information Disclosure Vulnerabilities
35. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
36. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability
37. AT Contenator Nav.PHP Remote File Include Vulnerability
38. Microsoft Word 2000 Malformed Function Code Execution Vulnerability
39. Microsoft Internet Explorer ADODB.Connection Execute Memory Corruption Vulnerability
40. Microsoft Office Malformed String Remote Code Execution Vulnerability
41. Microsoft PowerPoint Record Improper Memory Access Remote Code Execution Vulnerability
42. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability
43. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability
44. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
45. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
46. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
47. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
48. Microsoft Antivirus Engine Integer Overflow Vulnerability
49. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
50. Microsoft Office And Microsoft Windows RichEdit Component Remote Code Execution Vulnerability
51. Samba Deferred CIFS File Open Denial of Service Vulnerability
52. Aruba Mobility Controller Multiple Vulnerabilities
53. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
54. Kiwi CatTools TFTP Directory Traversal Vulnerability
55. Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability
56. Microsoft Word Code Execution Vulnerability
57. Microsoft Word Malformed Data Structures Code Execution Vulnerability
58. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
59. Xarancms Xarancms_haupt.PHP SQL Injection Vulnerability
60. Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
61. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
62. Sun Solaris Telnet Remote Authentication Bypass Vulnerability
63. Virtual Calendar Multiple Cross-Site Scripting Vulnerabilities
64. TaskFreak! Error.PHP Cross-Site Scripting Vulnerability
65. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
66. Samba NSS host lookup Winbind Multiple Remote Buffer Overflow Vulnerabilities
67. Fetchmail Remote Denial of Service Vulnerability
68. Wordpress Templates.PHP Cross-Site Scripting Vulnerability
69. Radical Technologies Portal Search Multiple Input Validation Vulnerabilities
70. Philboard Philboard_forum.ASP SQL Injection Vulnerability
71. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability
72. uTorrent Torrent File Handling Remote Heap Buffer Overflow Vulnerability
73. EWay Default.APSX Cross-Site Scripting Vulnerability
74. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
75. Intertianews Inertianews_Main.PHP Remote File Include Vulnerability
76. SMB4K Multiple Vulnerabilities
77. FusionPHP Fusion News Index.PHP Remote File Include Vulnerability
78. JBoss Portal Noproject Portal Cross-Site Scripting Vulnerability
79. Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
80. Apache Stats Extract Function Multiple Input Validation Vulnerabilities
81. Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
82. PollMentor Pollmentorres.ASP SQL Injection Vulnerability
83. phpCC Nickpage.PHP SQL Injection Vulnerability
84. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability
85. RETIRED: LightTPD Search.PHP Cross-Site Scripting Vulnerability
86. Miniwebsvr Web Server Directory Traversal Vulnerability
87. PHPPolls phpPollAdmin.PHP3 Administrative Authentication Bypass Vulnerability
88. Qdig QWD Variable Cross-Site Scripting Vulnerability
89. TagIt! TagBoard Multiple Remote File Include Vulnerabilities
90. WebMatic Index_Album.PHP Multiple Remote File Include Vulnerabilities
91. Linux Kernel ISO9660 Denial of Service Vulnerability
92. IP3 NetAccess Directory Traversal Vulnerability
93. Linux Kernel ListXATTR Local Denial of Service Vulnerability
94. PHPMyVisites Multiple Input Validation Vulnerabilities
95. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
96. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
97. Linux Kernel Multiple IPV6 Packet Filtering Bypass Vulnerabilities
98. Oreon Remote File Include Vulnerability
99. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
100. Trend Micro Antivirus UPX Compressed PE File Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. U.S. calls for more organized cyber response
2. Security pros work to undo teacher's conviction
3. Vista raises the bar for flaw finders
4. Fraud linked to TJX data heist spreads
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Consultant, Sunnyvayle
2. [SJ-JOB] Security Product Marketing Manager, Palo Alto
3. [SJ-JOB] Sr. Product Manager, Bay Area
4. [SJ-JOB] Senior Software Engineer, Austin
5. [SJ-JOB] Sales Engineer, Houston
6. [SJ-JOB] Sales Engineer, Austin
7. [SJ-JOB] Developer, Bay Area
8. [SJ-JOB] Sales Engineer, San Diego
9. [SJ-JOB] Manager, Information Security, Centennial
10. [SJ-JOB] Technical Support Engineer, Boston
11. [SJ-JOB] Sr. Security Engineer, Glenview
12. [SJ-JOB] Security Engineer, Centennial
13. [SJ-JOB] Manager, Information Security, London
14. [SJ-JOB] Account Manager, South East
15. [SJ-JOB] Senior Software Engineer, Cupertino
16. [SJ-JOB] Jr. Security Analyst, Peterborough
17. [SJ-JOB] Information Assurance Analyst, Falls Church
18. [SJ-JOB] Security System Administrator, London
19. [SJ-JOB] Security Engineer, Baltimore
20. [SJ-JOB] Security Engineer, san francisco
21. [SJ-JOB] Security Engineer, Tel Aviv
22. [SJ-JOB] Sr. Security Analyst, Chantilly
23. [SJ-JOB] Security Consultant, Seattle
24. [SJ-JOB] Security Engineer, Baltimore
25. [SJ-JOB] Information Assurance Analyst, McLean
26. [SJ-JOB] Sales Engineer, Tampa
27. [SJ-JOB] Sr. Security Analyst, Winter Haven
28. [SJ-JOB] Sales Engineer, North London
29. [SJ-JOB] Forensics Engineer, Wales
30. [SJ-JOB] Security Consultant, London / Surrey
31. [SJ-JOB] Security Consultant, London
32. [SJ-JOB] Penetration Engineer, Manchester
33. [SJ-JOB] Security Engineer, London
34. [SJ-JOB] Sales Engineer, New York or Boston
35. [SJ-JOB] Security Engineer, Reston
V. INCIDENTS LIST SUMMARY
1. Tracking down random ICMP
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Linkifier Plus executing JS?
2. PAKCON III: Call for Papers [cfp]
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #328
2. Time Zone change and Kerberos Auth
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Did I get hacked?
2. administrator permissions mail server
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Mouse-Trapped
By Mark Rasch
Substitute teacher Julie Amero faces up to 40 years in prison for exposing kids to porn using a classroom computer, but the facts strongly suggest that she was wrongfully convicted. Many issues remain, from the need for an independent computer forensics investigation and the presence of spyware and adware on the machine, to bad or incomplete legal work on both sides of this criminal case.
http://www.securityfocus.com/columnists/434
2. Nothing to Fear... ?
By Scott Granneman
Scott Granneman looks at the use of fear in computer security, from misleading media reports and gross exaggeration by industry leaders to the use of fear in order to sell new computers and software.
http://www.securityfocus.com/columnists/433
II. BUGTRAQ SUMMARY
--------------------
1. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability
BugTraq ID: 22547
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22547
Summary:
Adobe JRun is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
2. HP-UX ARPA Transport Software Unspecified Local Denial of Service Vulnerability
BugTraq ID: 22546
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22546
Summary:
HP-UX running the ARPA Transport Software is prone to an unspecified local denial-of-service vulnerability.
A local attacker can exploit this issue to deny service to legitimate users.
3. TWiki CGI Session File Code Execution Vulnerability
BugTraq ID: 22378
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22378
Summary:
TWiki is prone to a code-exeuction vulnerability.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 4.0.0 to 4.1.0 and all versions using 'SessionPlugin' are vulnerable.
4. Plain Old Webserver Firefox Extension Directory Traversal Vulnerability
BugTraq ID: 22502
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22502
Summary:
Plain Old Webserver is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
Version 0.0.7 is vulnerable; other versions may also be affected.
5. Roaring Penguin Software MIMEDefang Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 22514
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22514
Summary:
MIMEDefang is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check unspecified user-supplied data.
This issue is reported to affect versions 2.59 and 2.60.
6. vBulletin Attachment.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22466
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22466
Summary:
vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 3.6.4 is vulnerable to this issue; other versions may also be affected.
NOTE: The vendor refutes this issue, stating that it is only a bug and not a vulnerability because the attacker must have administrative credentials.
7. OPENi-CMS Plugin Remote File Include Vulnerability
BugTraq ID: 22511
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22511
Summary:
OPENi CMS Plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects version 1.0; other versions may also be vulnerable.
8. Nabopoll Administrative Authentication Bypass Vulnerability
BugTraq ID: 22509
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22509
Summary:
Nabopoll is prone to a vulnerability that will let attackers gain administrative access to the application.
This is due to insufficient access validation.
9. Allons_voter Administrative Authentication Bypass Vulnerability
BugTraq ID: 22508
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22508
Summary:
Allons_voter is prone to a vulnerability that will let attackers gain administrative access to the application.
This is due to insufficient access validation.
10. McRefer Administrative Authentication Bypass Vulnerability
BugTraq ID: 22507
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22507
Summary:
McRefer is prone to a vulnerability that will let attackers gain administrative access to the application.
This is due to insufficient access validation.
11. MoinMoin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 22506
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22506
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
12. Cisco IOS SIP Packet Handling Remote Denial Of Service Vulnerability
BugTraq ID: 22330
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22330
Summary:
CISCO IOS is prone to a denial-of-service vulnerability.
This issue affects only devices that support voice communications but don't have SIP enabled.
Attackers can exploit this issue to reload a vulnerable device.
IOS releases subsequent to 12.3(14)T, 12.3(8)YC1, and 12.3(8)YG are vulnerable. All 12.4 releases are affected as well.
13. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 21604
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because the kernel fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code with kernel-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in denial-of-service conditions.
Versions prior to 2.4.33.5 are vulnerable to this issue.
14. D-Bus Signals.C Local Denial of Service Vulnerability
BugTraq ID: 21571
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21571
Summary:
D-Bus is prone to a local denial-of-service vulnerability.
Exploiting this issue allows local attackers to disable the ability of a specific process to receive certain messages, effectively denying service to legitimate users.
D-Bus versions prior to 1.0.2 are vulnerable to this issue.
15. MoniMoni Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 22515
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22515
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Version 1.5.7 is vulnerable; other versions may also be affected.
16. EJabberD Mod_Roster_ODBC Unspecified Vulnerability
BugTraq ID: 22525
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22525
Summary:
ejabberd is prone to an unspecified vulnerability.
Currently, very little is known about this issue. This BID will be updated as more information becomes available.
Versions prior to 1.1.3 are vulnerable.
17. PHP RRD Browser P Parameter Directory Traversal Vulnerability
BugTraq ID: 22520
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22520
Summary:
php rrd browser is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Versions prior to 0.2.1 are vulnerable to this issue.
18. ISC BIND Remote DNSSEC Validation Denial of Service Vulnerability
BugTraq ID: 22231
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed DNSSEC validation requests.
Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users.
19. ISC BIND Remote Fetch Context Denial of Service Vulnerability
BugTraq ID: 22229
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22229
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected DNS requests.
Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users.
20. SmidgeonSoft PEBrowse Remote Buffer Overflow Vulnerability
BugTraq ID: 22501
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22501
Summary:
SmidgeonSoft PEBrowse is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data contained in PE-formatted executable files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable application. Note that users normally expect to be able to use this application to safely analyze potentially malicious executables, so they may be operating under a false sense of security.
PEBrowse Professional version 8.2.1.0 is vulnerable to this issue; other versions may also be affected.
21. Microsoft Internet Explorer for Windows Mobile Remote WML Content Denial of Service Vulnerability
BugTraq ID: 22500
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22500
Summary:
Microsoft Internet Explorer for Windows Mobile is prone to a remote denial-of-service vulnerability because the software fails to properly handle malformed remote data.
Successfully exploiting this issue may allow an attacker to hang or crash the application, denying service to legitimate users. Reportedly, to recover from the denial-of-service condition, users of affected devices must perform a 'hard battery reset'.
22. eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
BugTraq ID: 22498
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22498
Summary:
eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to upload and execute arbitrary PHP script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.
23. Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
BugTraq ID: 22448
Remote: No
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22448
Summary:
Trend Micro's 'VsapiNI.sys' antivirus scan engine is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to obtain SYSTEM privileges. A successful attack can result in the complete compromise of the affected computer.
The following software is vulnerable; other software and versions using the scan engine may also be affected:
Trend Micro's PC-Cillin Internet Security 2007
TmComm.sys version 1.5.0.1052
VsapiNI.sys (scan engine) version 3.320.0.100
Trend Micro Antivirus 2007
Trend Micro Anti-Spyware for SMB 3.2 SP1
Trend Micro Anti-Spyware for Consumer 3.5
Trend Micro Anti-Spyware for Enterprise 3.0 SP2
Client / Server / Messaging Security for SMB 3.5
Damage Cleanup Services 3.2
Anti-Rootkit Common Module (RCM)
24. Ovidentia Multiple Remote File Include Vulnerabilities
BugTraq ID: 18232
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/18232
Summary:
Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
25. GTK2 GDKPixBufLoader Remote Denial of Service Vulnerability
BugTraq ID: 22209
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22209
Summary:
Applications using the gtk2 library may be prone to a denial-of-service vulnerability because the library fails to handle malformed image data.
An attacker can exploit this issue to crash applications on a victim's computer.
26. March Networks Digital Video Recorders Unspecified Denial of Service Vulnerability
BugTraq ID: 22497
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22497
Summary:
March Networks Digital Video Recorders (DVR) are prone to an unspecified denial-of-service vulnerability.
A successful attack can deny service for legitimate users on the affected device.
Currently, few technical details are available for this issue. This BID will be updated as new information is disclosed.
All March Networks DVR 3000 and 4000 series devices are reported vulnerable.
27. Community Server SearchResults.ASPX Cross-Site Scripting Vulnerability
BugTraq ID: 22529
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22529
Summary:
Community Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
28. Advanced Poll Admin Index.PHP Information Disclosure Vulnerability
BugTraq ID: 22451
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22451
Summary:
Advanced Poll is prone to an information-disclosure vulnerability because the application discloses information about the administrative session variables.
An attacker can exploit these issue to access sensitive information that may aid the attacker in other attacks.
This issue affects versions 2.0.0 through 2.0.5-dev, inclusive.
29. Adobe ColdFusion Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 22544
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22544
Summary:
Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Note: This issue does not affect ColdFusion when 'Global Script Protection' is enabled in the application's admin settings page.
30. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
BugTraq ID: 22489
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22489
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when parsing certain FTP server responses.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
31. Adobe ColdFusion User_Agent Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 22401
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22401
Summary:
Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
32. Samba Server VFS Plugin AFSACL.SO Remote Format String Vulnerability
BugTraq ID: 22403
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22403
Summary:
Samba is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users running the affected application. This facilitates the remote compromise of affected computers.
Samba versions 3.06 to 3.0.23d are vulnerable.
33. NetKit FTP Server ChDir Information Disclosure Vulnerability
BugTraq ID: 21000
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21000
Summary:
Netkit FTP Server ('ftpd') is prone to an information-disclosure vulnerability due to a design error.
A local attacker could exploit this issue to bypass access restrictions and gain access to the root directory of the FTP server. Directory information gained may aid in further attacks.
Netkit FTP Server 0.17 and prior versions are affected.
34. Fetchmail Multiple Password Information Disclosure Vulnerabilities
BugTraq ID: 21903
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
Fetchmail is prone to multiple information-disclosure vulnerabilities because the application discloses information about user passwords.
An attacker can exploit these issue to access sensitive information that may aid the attacker in other attacks.
These issues affect versions prior to 6.3.6-rc4
35. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
BugTraq ID: 22387
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22387
Summary:
PostgreSQL is prone to information-disclosure and denial-of-service vulnerabilities; fixes are available.
An attacker can exploit these vulnerabilities to cause the backend database to crash and reveal sensitive information. This may lead to other attacks.
These issues affect versions 8.0, 8.1, and 8.2. The second issue described also affects version 7.3 and 7.4.
36. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability
BugTraq ID: 22289
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
The GD graphics library is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library. Arbitrary code execution may also be possible; this has not been confirmed.
37. AT Contenator Nav.PHP Remote File Include Vulnerability
BugTraq ID: 22543
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22543
Summary:
AT Contenator is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
This issue affects version 1.0; other versions may also be affected.
38. Microsoft Word 2000 Malformed Function Code Execution Vulnerability
BugTraq ID: 22225
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22225
Summary:
Microsoft Word 2000 is prone to a remote code-execution vulnerability.
Microsoft Word 2000 is confirmed vulnerable to a remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users.
Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Malformed String Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
39. Microsoft Internet Explorer ADODB.Connection Execute Memory Corruption Vulnerability
BugTraq ID: 20704
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/20704
Summary:
Microsoft Internet Explorer is prone to a memory-corruption condition when processing a specific method from the 'ADODB.Connection.2.7' instantiated ActiveX Object.
Successful exploits may allow attackers to crash the application, denying further service to users. This issue may also be exploited to execute arbitrary machine-code, but this has not been confirmed.
This issue does not affect Microsoft Data Access Components 2.8 on Windows Vista.
40. Microsoft Office Malformed String Remote Code Execution Vulnerability
BugTraq ID: 22383
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22383
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes maliciously crafted files.
This issue is currently being exploited via Excel files (.xls), but other Office applications may also be vulnerable.
An attacker could exploit this issue by enticing a victim into opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
41. Microsoft PowerPoint Record Improper Memory Access Remote Code Execution Vulnerability
BugTraq ID: 20325
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/20325
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint (.ppt) document to a user.
42. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability
BugTraq ID: 22504
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22504
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.
This issue is similar to the ones described in previous COM object instantiation records, but it affects a different set of COM objects.
43. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability
BugTraq ID: 22499
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22499
Summary:
Microsoft Windows Image Acquisition (WIA) service is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.
NOTE: The affected service is available only on Windows XP.
44. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
BugTraq ID: 22486
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22486
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.
This BID is similar to the one described in BID 15827 (Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability), but it affects a different set of COM objects.
45. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
BugTraq ID: 22484
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22484
Summary:
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
46. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
BugTraq ID: 22483
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22483
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that occurs when the application attempts to parse malformed Rich Text Files (RTF).
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
47. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
BugTraq ID: 22482
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22482
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
48. Microsoft Antivirus Engine Integer Overflow Vulnerability
BugTraq ID: 22479
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22479
Summary:
Microsoft Antivirus Engine is prone to an integer-overflow vulnerability when the application processes maliciously crafted files.
This issue is currently being exploited via Portable Document Files (PDF), but other Microsoft applications are also reported vulnerable.
An attacker could exploit this issue by enticing a victim into receiving or opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
49. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
BugTraq ID: 22476
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22476
Summary:
The Microsoft MFC component for Microsoft Windows and Microsoft Visual Studio .NET is prone to a remote code-execution vulnerability. This issue occurs when the application using the component attempts to parse malformed Rich Text Files (RTF).
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
50. Microsoft Office And Microsoft Windows RichEdit Component Remote Code Execution Vulnerability
BugTraq ID: 21876
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21876
Summary:
Microsoft Office and Microsoft Windows RichEdit component are prone to a remote code-execution vulnerability. This issue occurs when malformed Rich Text Files (RTF) are processed.
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
51. Samba Deferred CIFS File Open Denial of Service Vulnerability
BugTraq ID: 22395
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22395
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.6 through 3.0.23d, inclusive.
52. Aruba Mobility Controller Multiple Vulnerabilities
BugTraq ID: 22538
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22538
Summary:
Aruba Mobility Controller is prone to multiple vulnerabilities that may lead to authentication bypass, remote code execution, denial-of-service conditions.
Aruba Networks Mobility Controller devices with firmware version 2.0 or greater are vulnerable.
53. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 22478
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22478
Summary:
The Microsoft HTML Help ActiveX control is prone to a remote code-execution vulnerability.
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
54. Kiwi CatTools TFTP Directory Traversal Vulnerability
BugTraq ID: 22490
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22490
Summary:
Kiwi CatTools is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve or write arbitrary files on vulnerable computers in the context of the affected application. This may aid in further attacks.
This issue affects versions 2.0.0 through 3.2.8.
55. Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability
BugTraq ID: 21451
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21451
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
This issue is being actively exploited in the wild by two trojans.
56. Microsoft Word Code Execution Vulnerability
BugTraq ID: 21589
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21589
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.
Note that this issue is distinct from issues described in BID 21451 (Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
57. Microsoft Word Malformed Data Structures Code Execution Vulnerability
BugTraq ID: 21518
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21518
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.
This issue is being actively exploited in the wild in limited targeted attacks.
Note that this issue is distinct from BID 21451 (Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability).
Update - February 1, 2007: A new variant of this issue has been detected in the wild. Please see the references for more information about this variant, which is referred to as Trojan.Mdropper.X. Note that Trojan.Mdropper.X was previously thought to be targeting a new vulnerability that was described in BID 22328 (Microsoft Word 2003 Unspecified Code Execution Vulnerability). However, further analysis and reports have revealed that it is not distinct from this vulnerability. BID 22328 has been retired.
58. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
59. Xarancms Xarancms_haupt.PHP SQL Injection Vulnerability
BugTraq ID: 18520
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/18520
Summary:
Xarancms is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
60. Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 18228
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
The Mozilla Foundation has released thirteen security advisories specifying security vulnerabilities in Mozilla Firefox, SeaMonkey, Camino, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable application
- crash affected applications
- run JavaScript code with elevated privileges, potentially allowing the remote execution of machine code
- gain access to potentially sensitive information.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as further information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.4
- Mozilla Thunderbird version 1.5.0.4
- Mozilla SeaMonkey version 1.0.2
- Mozilla Camino 1.0.2
61. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
BugTraq ID: 22539
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A successful attack can allow local attackers to trigger a crash and deny service to legitimate users.
Kernel versions 2.6.x are vulnerable.
62. Sun Solaris Telnet Remote Authentication Bypass Vulnerability
BugTraq ID: 22512
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22512
Summary:
Sun Solaris 10 is prone to a vulnerability that allows remote attackers to bypass authentication.
Successfully exploiting this issue allows remote attackers to gain remote access to vulnerable computers. If the targeted computer is configured to allow non-console logins for superusers, then remote superuser access is possible.
63. Virtual Calendar Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 22536
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22536
Summary:
Virtual Calendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
64. TaskFreak! Error.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22537
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22537
Summary:
TaskFreak! is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
TaskFreak! 0.5.5 multiuser edition is reportedly vulnerable; other versions may be affected as well.
65. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
BugTraq ID: 22496
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22496
Summary:
PHP version 5.2.0 and prior is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to write files in unauthorized locations, cause a denial-of-service condition, and potentially execute code.
These issues are reported to affect PHP 4.4.4 and prior versions in the 4 branch, and 5.2.0 and prior versions in the 5 branch; other versions may also be vulnerable.
66. Samba NSS host lookup Winbind Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 22410
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22410
Summary:
Samba is prone to multiple remote buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit these issues to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will result in a denial of service.
These issues affects versions 3.0.21 to 3.0.23d.
67. Fetchmail Remote Denial of Service Vulnerability
BugTraq ID: 21902
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21902
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
68. Wordpress Templates.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22534
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22534
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
69. Radical Technologies Portal Search Multiple Input Validation Vulnerabilities
BugTraq ID: 22533
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22533
Summary:
Portal Search is reported prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include a cross-site scripting vulnerability, a remote URI-redirection vulnerability, and an information-disclosure vulnerability.
An attacker can exploit these issue to steal cookie-based authentication credentials, enhance phishing-style attacks, and gain access to sensitive information. This may lead to other attacks.
70. Philboard Philboard_forum.ASP SQL Injection Vulnerability
BugTraq ID: 22532
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22532
Summary:
Philboard is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
71. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability
BugTraq ID: 22531
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22531
Summary:
Microsoft Internet Explorer is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
This issue is similar to the one described in BID 22524 (Mozilla Firefox JavaScript Key Filtering Variant Vulnerability), and is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).
72. uTorrent Torrent File Handling Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 22530
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22530
Summary:
uTorrent is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the application.
This issue affects version 1.6; other versions may also be affected.
73. EWay Default.APSX Cross-Site Scripting Vulnerability
BugTraq ID: 22528
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22528
Summary:
eWay is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
74. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
BugTraq ID: 20707
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
GraphicsMagick is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
GraphicsMagick 1.1.7 and prior versions are vulnerable.
75. Intertianews Inertianews_Main.PHP Remote File Include Vulnerability
BugTraq ID: 21713
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21713
Summary:
Intertianews is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
This issue affects version 0.02b; other versions may also be affected.
76. SMB4K Multiple Vulnerabilities
BugTraq ID: 22299
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22299
Summary:
The 'smb4k' is prone to multiple vulnerabilities, including:
- A buffer-overflow vulnerability
- A denial-of-service vulnerability
- An information-disclosure issue
- An insecure-temporary-file-creation issue.
An attacker can exploit this issue to completely compromise affected computers. This includes executing arbitrary code with superuser privileges, crashing arbitrary processes, gaining access to sensitive information, and writing to the 'sudoers' file.
These issues affect version 0.8.0; other versions may also be vulnerable.
77. FusionPHP Fusion News Index.PHP Remote File Include Vulnerability
BugTraq ID: 19546
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/19546
Summary:
Fusion News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to access the underlying system.
78. JBoss Portal Noproject Portal Cross-Site Scripting Vulnerability
BugTraq ID: 22526
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22526
Summary:
JBoss Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
79. Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
BugTraq ID: 22524
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22524
Summary:
Mozilla Firefox is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
Mozilla Firefox 1.5.0.9 and 2.0.0.1 are vulnerable to this issue; other versions may also be affected. Applications based on the open-source Mozilla rendering engine may also be affected.
This issue is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).
80. Apache Stats Extract Function Multiple Input Validation Vulnerabilities
BugTraq ID: 22388
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22388
Summary:
Apache Stats is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issue could allow an attacker to compromise the application, execute arbitrary code in the context of the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Versions prior to 0.0.3 are vulnerable.
81. Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
BugTraq ID: 22545
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22545
Summary:
Fullaspsite Shop is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
82. PollMentor Pollmentorres.ASP SQL Injection Vulnerability
BugTraq ID: 22542
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22542
Summary:
PollMentor is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects version 2.0; other versions may also be vulnerable.
83. phpCC Nickpage.PHP SQL Injection Vulnerability
BugTraq ID: 22540
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22540
Summary:
phpCC is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects version 4.2; prior versions may also be affected.
84. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability
BugTraq ID: 22477
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22477
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
85. RETIRED: LightTPD Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22527
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22527
Summary:
lighttpd is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
UPDATE: This BID is being retired because the information shows that the application is not affected by this vulnerability.
86. Miniwebsvr Web Server Directory Traversal Vulnerability
BugTraq ID: 22523
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22523
Summary:
Miniwebsvr is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Note that the attacker can traverse to only one directory above the current working directory of the webserver application.
Version 0.0.6 is vulnerable to this issue; other versions may also be affected.
87. PHPPolls phpPollAdmin.PHP3 Administrative Authentication Bypass Vulnerability
BugTraq ID: 22522
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22522
Summary:
phpPolls is prone to a vulnerability that will let attackers gain administrative access to the application.
This is due to insufficient access validation.
This issue affects version 1.0.3; other versions may also be vulnerable.
88. Qdig QWD Variable Cross-Site Scripting Vulnerability
BugTraq ID: 22510
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22510
Summary:
Qdig is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
89. TagIt! TagBoard Multiple Remote File Include Vulnerabilities
BugTraq ID: 22518
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22518
Summary:
TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
TagBoard 2.1.b Build 2 and prior versions are vulnerable.
90. WebMatic Index_Album.PHP Multiple Remote File Include Vulnerabilities
BugTraq ID: 22444
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22444
Summary:
WebMatic is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
This issue affects version 2.6; other versions may also be affected.
91. Linux Kernel ISO9660 Denial of Service Vulnerability
BugTraq ID: 20920
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue affects the code that handles the ISO9660 filesystem.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
92. IP3 NetAccess Directory Traversal Vulnerability
BugTraq ID: 22513
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22513
Summary:
IP3 NetAccess is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker could exploit this vulnerability to reveal the contents of files that contain sensitive information that could aid in further attacks against the affected computer. An attacker can carry out this attack to obtain any arbitrary file on the affected system.
IP3 NetAccess devices with firmware versions earlier than 4.1.9.6 are vulnerable to this issue.
93. Linux Kernel ListXATTR Local Denial of Service Vulnerability
BugTraq ID: 22316
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
Successful exploits will result in denial-of-service conditions or potentially privilege escalation.
94. PHPMyVisites Multiple Input Validation Vulnerabilities
BugTraq ID: 22516
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22516
Summary:
phpMyVisites is prone to multiple input-validation vulnerabilities, including an HTTP-response-splitting issue, a cross-site scripting issue, and a local file-include issue, because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to:
- Influence or misrepresent how web content is served, cached, or interpreted
- Execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- Execute local script code in the context of the application.
This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to 2.2 Stable are vulnerable.
95. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
BugTraq ID: 21883
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21883
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.
96. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
BugTraq ID: 21663
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability due to a design error.
A local attacker can exploit this issue to cause the kernel to become unresponsive, denying further service to legitimate users.
Linux Kernel versions prior to 2.4.33.6 are vulnerable.
97. Linux Kernel Multiple IPV6 Packet Filtering Bypass Vulnerabilities
BugTraq ID: 20955
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/20955
Summary:
The Linux kernel is prone to multiple IPv6 packet-filtering-bypass vulnerabilities because of insufficient handling of fragmented packets.
An attacker could exploit these issues to bypass ip6_table filtering rules. This could result in a false sense of security because filtering rules set up by system administrators can be bypassed in order to access services that are otherwise protected.
98. Oreon Remote File Include Vulnerability
BugTraq ID: 22107
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22107
Summary:
Oreon is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Oreon 1.2.3 RC4 and prior versions are vulnerable to this issue.
99. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
BugTraq ID: 21219
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21219
Summary:
JBoss is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to read, create, delete, and overwrite arbitrary files from the vulnerable system in the context of the affected application. Successful exploits can result in a compromise of vulnerable applications.
JBoss Web Server 1.0.0.GA is vulnerable to this issue. Other applications that use the affected JBoss Java class may also be affected.
100. Trend Micro Antivirus UPX Compressed PE File Buffer Overflow Vulnerability
BugTraq ID: 22449
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22449
Summary:
Trend Micro Antivirus is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
This issue occurs when the application processes compressed UPX files.
Successsful exploits will result in attacker-supplied arbitrary code running with elevated privileges, resulting in the complete compromise of affected computers. Failed exploit attempts will likely cause denial-of-service conditions.
This issue affects all Trend Micro products and versions using the Scan Engine and Pattern File technology.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. U.S. calls for more organized cyber response
By: Robert Lemos
Federal officials renew calls for the private sector to help manage threats to critical infrastructure and the Internet.
http://www.securityfocus.com/news/11441
2. Security pros work to undo teacher's conviction
By: Robert Lemos
Researchers aim to recreate what caused a classroom PC to start displaying pornographic pop-ups, an incident that has led to four felony convictions for the substitute teacher involved.
http://www.securityfocus.com/news/11440
3. Vista raises the bar for flaw finders
By: Robert Lemos
Microsoft launches its latest operating system, Windows Vista--software that security researchers say will make finding exploitable vulnerabilities a lot harder.
http://www.securityfocus.com/news/11439
4. Fraud linked to TJX data heist spreads
By: Robert Lemos
Banks and retailers in the United States and Canada report an increasing amount of illicit transactions linked to a server breach at the company that owns retail chains in the U.S., Canada and Europe.
http://www.securityfocus.com/news/11438
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Consultant, Sunnyvayle
http://www.securityfocus.com/archive/77/459981
V. INCIDENTS LIST SUMMARY
---------------------------
1. Tracking down random ICMP
http://www.securityfocus.com/archive/75/457701
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Linkifier Plus executing JS?
http://www.securityfocus.com/archive/82/459870
2. PAKCON III: Call for Papers [cfp]
http://www.securityfocus.com/archive/82/459868
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #328
http://www.securityfocus.com/archive/88/459485
2. Time Zone change and Kerberos Auth
http://www.securityfocus.com/archive/88/459446
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Did I get hacked?
http://www.securityfocus.com/archive/91/459940
2. administrator permissions mail server
http://www.securityfocus.com/archive/91/459257
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiN
E
----------------------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiN
E
------------------------------------------------------------------
I. FRONT AND CENTER
1. Mouse-Trapped
2. Nothing to Fear... ?
II. BUGTRAQ SUMMARY
1. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability
2. HP-UX ARPA Transport Software Unspecified Local Denial of Service Vulnerability
3. TWiki CGI Session File Code Execution Vulnerability
4. Plain Old Webserver Firefox Extension Directory Traversal Vulnerability
5. Roaring Penguin Software MIMEDefang Unspecified Remote Buffer Overflow Vulnerability
6. vBulletin Attachment.PHP Cross-Site Scripting Vulnerability
7. OPENi-CMS Plugin Remote File Include Vulnerability
8. Nabopoll Administrative Authentication Bypass Vulnerability
9. Allons_voter Administrative Authentication Bypass Vulnerability
10. McRefer Administrative Authentication Bypass Vulnerability
11. MoinMoin Multiple Cross-Site Scripting Vulnerabilities
12. Cisco IOS SIP Packet Handling Remote Denial Of Service Vulnerability
13. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
14. D-Bus Signals.C Local Denial of Service Vulnerability
15. MoniMoni Multiple Cross Site Scripting Vulnerabilities
16. EJabberD Mod_Roster_ODBC Unspecified Vulnerability
17. PHP RRD Browser P Parameter Directory Traversal Vulnerability
18. ISC BIND Remote DNSSEC Validation Denial of Service Vulnerability
19. ISC BIND Remote Fetch Context Denial of Service Vulnerability
20. SmidgeonSoft PEBrowse Remote Buffer Overflow Vulnerability
21. Microsoft Internet Explorer for Windows Mobile Remote WML Content Denial of Service Vulnerability
22. eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
23. Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
24. Ovidentia Multiple Remote File Include Vulnerabilities
25. GTK2 GDKPixBufLoader Remote Denial of Service Vulnerability
26. March Networks Digital Video Recorders Unspecified Denial of Service Vulnerability
27. Community Server SearchResults.ASPX Cross-Site Scripting Vulnerability
28. Advanced Poll Admin Index.PHP Information Disclosure Vulnerability
29. Adobe ColdFusion Unspecified Cross-Site Scripting Vulnerability
30. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
31. Adobe ColdFusion User_Agent Error Page Cross-Site Scripting Vulnerability
32. Samba Server VFS Plugin AFSACL.SO Remote Format String Vulnerability
33. NetKit FTP Server ChDir Information Disclosure Vulnerability
34. Fetchmail Multiple Password Information Disclosure Vulnerabilities
35. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
36. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability
37. AT Contenator Nav.PHP Remote File Include Vulnerability
38. Microsoft Word 2000 Malformed Function Code Execution Vulnerability
39. Microsoft Internet Explorer ADODB.Connection Execute Memory Corruption Vulnerability
40. Microsoft Office Malformed String Remote Code Execution Vulnerability
41. Microsoft PowerPoint Record Improper Memory Access Remote Code Execution Vulnerability
42. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability
43. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability
44. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
45. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
46. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
47. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
48. Microsoft Antivirus Engine Integer Overflow Vulnerability
49. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
50. Microsoft Office And Microsoft Windows RichEdit Component Remote Code Execution Vulnerability
51. Samba Deferred CIFS File Open Denial of Service Vulnerability
52. Aruba Mobility Controller Multiple Vulnerabilities
53. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
54. Kiwi CatTools TFTP Directory Traversal Vulnerability
55. Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability
56. Microsoft Word Code Execution Vulnerability
57. Microsoft Word Malformed Data Structures Code Execution Vulnerability
58. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
59. Xarancms Xarancms_haupt.PHP SQL Injection Vulnerability
60. Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
61. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
62. Sun Solaris Telnet Remote Authentication Bypass Vulnerability
63. Virtual Calendar Multiple Cross-Site Scripting Vulnerabilities
64. TaskFreak! Error.PHP Cross-Site Scripting Vulnerability
65. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
66. Samba NSS host lookup Winbind Multiple Remote Buffer Overflow Vulnerabilities
67. Fetchmail Remote Denial of Service Vulnerability
68. Wordpress Templates.PHP Cross-Site Scripting Vulnerability
69. Radical Technologies Portal Search Multiple Input Validation Vulnerabilities
70. Philboard Philboard_forum.ASP SQL Injection Vulnerability
71. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability
72. uTorrent Torrent File Handling Remote Heap Buffer Overflow Vulnerability
73. EWay Default.APSX Cross-Site Scripting Vulnerability
74. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
75. Intertianews Inertianews_Main.PHP Remote File Include Vulnerability
76. SMB4K Multiple Vulnerabilities
77. FusionPHP Fusion News Index.PHP Remote File Include Vulnerability
78. JBoss Portal Noproject Portal Cross-Site Scripting Vulnerability
79. Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
80. Apache Stats Extract Function Multiple Input Validation Vulnerabilities
81. Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
82. PollMentor Pollmentorres.ASP SQL Injection Vulnerability
83. phpCC Nickpage.PHP SQL Injection Vulnerability
84. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability
85. RETIRED: LightTPD Search.PHP Cross-Site Scripting Vulnerability
86. Miniwebsvr Web Server Directory Traversal Vulnerability
87. PHPPolls phpPollAdmin.PHP3 Administrative Authentication Bypass Vulnerability
88. Qdig QWD Variable Cross-Site Scripting Vulnerability
89. TagIt! TagBoard Multiple Remote File Include Vulnerabilities
90. WebMatic Index_Album.PHP Multiple Remote File Include Vulnerabilities
91. Linux Kernel ISO9660 Denial of Service Vulnerability
92. IP3 NetAccess Directory Traversal Vulnerability
93. Linux Kernel ListXATTR Local Denial of Service Vulnerability
94. PHPMyVisites Multiple Input Validation Vulnerabilities
95. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
96. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
97. Linux Kernel Multiple IPV6 Packet Filtering Bypass Vulnerabilities
98. Oreon Remote File Include Vulnerability
99. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
100. Trend Micro Antivirus UPX Compressed PE File Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. U.S. calls for more organized cyber response
2. Security pros work to undo teacher's conviction
3. Vista raises the bar for flaw finders
4. Fraud linked to TJX data heist spreads
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Security Consultant, Sunnyvayle
2. [SJ-JOB] Security Product Marketing Manager, Palo Alto
3. [SJ-JOB] Sr. Product Manager, Bay Area
4. [SJ-JOB] Senior Software Engineer, Austin
5. [SJ-JOB] Sales Engineer, Houston
6. [SJ-JOB] Sales Engineer, Austin
7. [SJ-JOB] Developer, Bay Area
8. [SJ-JOB] Sales Engineer, San Diego
9. [SJ-JOB] Manager, Information Security, Centennial
10. [SJ-JOB] Technical Support Engineer, Boston
11. [SJ-JOB] Sr. Security Engineer, Glenview
12. [SJ-JOB] Security Engineer, Centennial
13. [SJ-JOB] Manager, Information Security, London
14. [SJ-JOB] Account Manager, South East
15. [SJ-JOB] Senior Software Engineer, Cupertino
16. [SJ-JOB] Jr. Security Analyst, Peterborough
17. [SJ-JOB] Information Assurance Analyst, Falls Church
18. [SJ-JOB] Security System Administrator, London
19. [SJ-JOB] Security Engineer, Baltimore
20. [SJ-JOB] Security Engineer, san francisco
21. [SJ-JOB] Security Engineer, Tel Aviv
22. [SJ-JOB] Sr. Security Analyst, Chantilly
23. [SJ-JOB] Security Consultant, Seattle
24. [SJ-JOB] Security Engineer, Baltimore
25. [SJ-JOB] Information Assurance Analyst, McLean
26. [SJ-JOB] Sales Engineer, Tampa
27. [SJ-JOB] Sr. Security Analyst, Winter Haven
28. [SJ-JOB] Sales Engineer, North London
29. [SJ-JOB] Forensics Engineer, Wales
30. [SJ-JOB] Security Consultant, London / Surrey
31. [SJ-JOB] Security Consultant, London
32. [SJ-JOB] Penetration Engineer, Manchester
33. [SJ-JOB] Security Engineer, London
34. [SJ-JOB] Sales Engineer, New York or Boston
35. [SJ-JOB] Security Engineer, Reston
V. INCIDENTS LIST SUMMARY
1. Tracking down random ICMP
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Linkifier Plus executing JS?
2. PAKCON III: Call for Papers [cfp]
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #328
2. Time Zone change and Kerberos Auth
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. Did I get hacked?
2. administrator permissions mail server
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Mouse-Trapped
By Mark Rasch
Substitute teacher Julie Amero faces up to 40 years in prison for exposing kids to porn using a classroom computer, but the facts strongly suggest that she was wrongfully convicted. Many issues remain, from the need for an independent computer forensics investigation and the presence of spyware and adware on the machine, to bad or incomplete legal work on both sides of this criminal case.
http://www.securityfocus.com/columnists/434
2. Nothing to Fear... ?
By Scott Granneman
Scott Granneman looks at the use of fear in computer security, from misleading media reports and gross exaggeration by industry leaders to the use of fear in order to sell new computers and software.
http://www.securityfocus.com/columnists/433
II. BUGTRAQ SUMMARY
--------------------
1. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability
BugTraq ID: 22547
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22547
Summary:
Adobe JRun is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
2. HP-UX ARPA Transport Software Unspecified Local Denial of Service Vulnerability
BugTraq ID: 22546
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22546
Summary:
HP-UX running the ARPA Transport Software is prone to an unspecified local denial-of-service vulnerability.
A local attacker can exploit this issue to deny service to legitimate users.
3. TWiki CGI Session File Code Execution Vulnerability
BugTraq ID: 22378
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22378
Summary:
TWiki is prone to a code-exeuction vulnerability.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Versions 4.0.0 to 4.1.0 and all versions using 'SessionPlugin' are vulnerable.
4. Plain Old Webserver Firefox Extension Directory Traversal Vulnerability
BugTraq ID: 22502
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22502
Summary:
Plain Old Webserver is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
Version 0.0.7 is vulnerable; other versions may also be affected.
5. Roaring Penguin Software MIMEDefang Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 22514
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22514
Summary:
MIMEDefang is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check unspecified user-supplied data.
This issue is reported to affect versions 2.59 and 2.60.
6. vBulletin Attachment.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22466
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22466
Summary:
vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 3.6.4 is vulnerable to this issue; other versions may also be affected.
NOTE: The vendor refutes this issue, stating that it is only a bug and not a vulnerability because the attacker must have administrative credentials.
7. OPENi-CMS Plugin Remote File Include Vulnerability
BugTraq ID: 22511
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22511
Summary:
OPENi CMS Plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects version 1.0; other versions may also be vulnerable.
8. Nabopoll Administrative Authentication Bypass Vulnerability
BugTraq ID: 22509
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22509
Summary:
Nabopoll is prone to a vulnerability that will let attackers gain administrative access to the application.
This is due to insufficient access validation.
9. Allons_voter Administrative Authentication Bypass Vulnerability
BugTraq ID: 22508
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22508
Summary:
Allons_voter is prone to a vulnerability that will let attackers gain administrative access to the application.
This is due to insufficient access validation.
10. McRefer Administrative Authentication Bypass Vulnerability
BugTraq ID: 22507
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22507
Summary:
McRefer is prone to a vulnerability that will let attackers gain administrative access to the application.
This is due to insufficient access validation.
11. MoinMoin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 22506
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22506
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
12. Cisco IOS SIP Packet Handling Remote Denial Of Service Vulnerability
BugTraq ID: 22330
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22330
Summary:
CISCO IOS is prone to a denial-of-service vulnerability.
This issue affects only devices that support voice communications but don't have SIP enabled.
Attackers can exploit this issue to reload a vulnerable device.
IOS releases subsequent to 12.3(14)T, 12.3(8)YC1, and 12.3(8)YG are vulnerable. All 12.4 releases are affected as well.
13. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 21604
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because the kernel fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code with kernel-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in denial-of-service conditions.
Versions prior to 2.4.33.5 are vulnerable to this issue.
14. D-Bus Signals.C Local Denial of Service Vulnerability
BugTraq ID: 21571
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21571
Summary:
D-Bus is prone to a local denial-of-service vulnerability.
Exploiting this issue allows local attackers to disable the ability of a specific process to receive certain messages, effectively denying service to legitimate users.
D-Bus versions prior to 1.0.2 are vulnerable to this issue.
15. MoniMoni Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 22515
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22515
Summary:
MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Version 1.5.7 is vulnerable; other versions may also be affected.
16. EJabberD Mod_Roster_ODBC Unspecified Vulnerability
BugTraq ID: 22525
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22525
Summary:
ejabberd is prone to an unspecified vulnerability.
Currently, very little is known about this issue. This BID will be updated as more information becomes available.
Versions prior to 1.1.3 are vulnerable.
17. PHP RRD Browser P Parameter Directory Traversal Vulnerability
BugTraq ID: 22520
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22520
Summary:
php rrd browser is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Versions prior to 0.2.1 are vulnerable to this issue.
18. ISC BIND Remote DNSSEC Validation Denial of Service Vulnerability
BugTraq ID: 22231
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed DNSSEC validation requests.
Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users.
19. ISC BIND Remote Fetch Context Denial of Service Vulnerability
BugTraq ID: 22229
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22229
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected DNS requests.
Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users.
20. SmidgeonSoft PEBrowse Remote Buffer Overflow Vulnerability
BugTraq ID: 22501
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22501
Summary:
SmidgeonSoft PEBrowse is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data contained in PE-formatted executable files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable application. Note that users normally expect to be able to use this application to safely analyze potentially malicious executables, so they may be operating under a false sense of security.
PEBrowse Professional version 8.2.1.0 is vulnerable to this issue; other versions may also be affected.
21. Microsoft Internet Explorer for Windows Mobile Remote WML Content Denial of Service Vulnerability
BugTraq ID: 22500
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22500
Summary:
Microsoft Internet Explorer for Windows Mobile is prone to a remote denial-of-service vulnerability because the software fails to properly handle malformed remote data.
Successfully exploiting this issue may allow an attacker to hang or crash the application, denying service to legitimate users. Reportedly, to recover from the denial-of-service condition, users of affected devices must perform a 'hard battery reset'.
22. eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
BugTraq ID: 22498
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22498
Summary:
eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to upload and execute arbitrary PHP script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.
23. Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
BugTraq ID: 22448
Remote: No
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22448
Summary:
Trend Micro's 'VsapiNI.sys' antivirus scan engine is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to obtain SYSTEM privileges. A successful attack can result in the complete compromise of the affected computer.
The following software is vulnerable; other software and versions using the scan engine may also be affected:
Trend Micro's PC-Cillin Internet Security 2007
TmComm.sys version 1.5.0.1052
VsapiNI.sys (scan engine) version 3.320.0.100
Trend Micro Antivirus 2007
Trend Micro Anti-Spyware for SMB 3.2 SP1
Trend Micro Anti-Spyware for Consumer 3.5
Trend Micro Anti-Spyware for Enterprise 3.0 SP2
Client / Server / Messaging Security for SMB 3.5
Damage Cleanup Services 3.2
Anti-Rootkit Common Module (RCM)
24. Ovidentia Multiple Remote File Include Vulnerabilities
BugTraq ID: 18232
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/18232
Summary:
Ovidentia is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
25. GTK2 GDKPixBufLoader Remote Denial of Service Vulnerability
BugTraq ID: 22209
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22209
Summary:
Applications using the gtk2 library may be prone to a denial-of-service vulnerability because the library fails to handle malformed image data.
An attacker can exploit this issue to crash applications on a victim's computer.
26. March Networks Digital Video Recorders Unspecified Denial of Service Vulnerability
BugTraq ID: 22497
Remote: Yes
Last Updated: 2007-02-09
Relevant URL: http://www.securityfocus.com/bid/22497
Summary:
March Networks Digital Video Recorders (DVR) are prone to an unspecified denial-of-service vulnerability.
A successful attack can deny service for legitimate users on the affected device.
Currently, few technical details are available for this issue. This BID will be updated as new information is disclosed.
All March Networks DVR 3000 and 4000 series devices are reported vulnerable.
27. Community Server SearchResults.ASPX Cross-Site Scripting Vulnerability
BugTraq ID: 22529
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22529
Summary:
Community Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
28. Advanced Poll Admin Index.PHP Information Disclosure Vulnerability
BugTraq ID: 22451
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22451
Summary:
Advanced Poll is prone to an information-disclosure vulnerability because the application discloses information about the administrative session variables.
An attacker can exploit these issue to access sensitive information that may aid the attacker in other attacks.
This issue affects versions 2.0.0 through 2.0.5-dev, inclusive.
29. Adobe ColdFusion Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 22544
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22544
Summary:
Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Note: This issue does not affect ColdFusion when 'Global Script Protection' is enabled in the application's admin settings page.
30. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
BugTraq ID: 22489
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22489
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when parsing certain FTP server responses.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
31. Adobe ColdFusion User_Agent Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 22401
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22401
Summary:
Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
32. Samba Server VFS Plugin AFSACL.SO Remote Format String Vulnerability
BugTraq ID: 22403
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22403
Summary:
Samba is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users running the affected application. This facilitates the remote compromise of affected computers.
Samba versions 3.06 to 3.0.23d are vulnerable.
33. NetKit FTP Server ChDir Information Disclosure Vulnerability
BugTraq ID: 21000
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21000
Summary:
Netkit FTP Server ('ftpd') is prone to an information-disclosure vulnerability due to a design error.
A local attacker could exploit this issue to bypass access restrictions and gain access to the root directory of the FTP server. Directory information gained may aid in further attacks.
Netkit FTP Server 0.17 and prior versions are affected.
34. Fetchmail Multiple Password Information Disclosure Vulnerabilities
BugTraq ID: 21903
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
Fetchmail is prone to multiple information-disclosure vulnerabilities because the application discloses information about user passwords.
An attacker can exploit these issue to access sensitive information that may aid the attacker in other attacks.
These issues affect versions prior to 6.3.6-rc4
35. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
BugTraq ID: 22387
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22387
Summary:
PostgreSQL is prone to information-disclosure and denial-of-service vulnerabilities; fixes are available.
An attacker can exploit these vulnerabilities to cause the backend database to crash and reveal sensitive information. This may lead to other attacks.
These issues affect versions 8.0, 8.1, and 8.2. The second issue described also affects version 7.3 and 7.4.
36. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability
BugTraq ID: 22289
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
The GD graphics library is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library. Arbitrary code execution may also be possible; this has not been confirmed.
37. AT Contenator Nav.PHP Remote File Include Vulnerability
BugTraq ID: 22543
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22543
Summary:
AT Contenator is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
This issue affects version 1.0; other versions may also be affected.
38. Microsoft Word 2000 Malformed Function Code Execution Vulnerability
BugTraq ID: 22225
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22225
Summary:
Microsoft Word 2000 is prone to a remote code-execution vulnerability.
Microsoft Word 2000 is confirmed vulnerable to a remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users.
Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Malformed String Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
39. Microsoft Internet Explorer ADODB.Connection Execute Memory Corruption Vulnerability
BugTraq ID: 20704
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/20704
Summary:
Microsoft Internet Explorer is prone to a memory-corruption condition when processing a specific method from the 'ADODB.Connection.2.7' instantiated ActiveX Object.
Successful exploits may allow attackers to crash the application, denying further service to users. This issue may also be exploited to execute arbitrary machine-code, but this has not been confirmed.
This issue does not affect Microsoft Data Access Components 2.8 on Windows Vista.
40. Microsoft Office Malformed String Remote Code Execution Vulnerability
BugTraq ID: 22383
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22383
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes maliciously crafted files.
This issue is currently being exploited via Excel files (.xls), but other Office applications may also be vulnerable.
An attacker could exploit this issue by enticing a victim into opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
41. Microsoft PowerPoint Record Improper Memory Access Remote Code Execution Vulnerability
BugTraq ID: 20325
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/20325
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint (.ppt) document to a user.
42. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability
BugTraq ID: 22504
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22504
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.
This issue is similar to the ones described in previous COM object instantiation records, but it affects a different set of COM objects.
43. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability
BugTraq ID: 22499
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22499
Summary:
Microsoft Windows Image Acquisition (WIA) service is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.
NOTE: The affected service is available only on Windows XP.
44. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
BugTraq ID: 22486
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22486
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.
This BID is similar to the one described in BID 15827 (Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability), but it affects a different set of COM objects.
45. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
BugTraq ID: 22484
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22484
Summary:
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
46. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
BugTraq ID: 22483
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22483
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that occurs when the application attempts to parse malformed Rich Text Files (RTF).
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
47. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
BugTraq ID: 22482
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22482
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
48. Microsoft Antivirus Engine Integer Overflow Vulnerability
BugTraq ID: 22479
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22479
Summary:
Microsoft Antivirus Engine is prone to an integer-overflow vulnerability when the application processes maliciously crafted files.
This issue is currently being exploited via Portable Document Files (PDF), but other Microsoft applications are also reported vulnerable.
An attacker could exploit this issue by enticing a victim into receiving or opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
49. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
BugTraq ID: 22476
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22476
Summary:
The Microsoft MFC component for Microsoft Windows and Microsoft Visual Studio .NET is prone to a remote code-execution vulnerability. This issue occurs when the application using the component attempts to parse malformed Rich Text Files (RTF).
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
50. Microsoft Office And Microsoft Windows RichEdit Component Remote Code Execution Vulnerability
BugTraq ID: 21876
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21876
Summary:
Microsoft Office and Microsoft Windows RichEdit component are prone to a remote code-execution vulnerability. This issue occurs when malformed Rich Text Files (RTF) are processed.
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
51. Samba Deferred CIFS File Open Denial of Service Vulnerability
BugTraq ID: 22395
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22395
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.6 through 3.0.23d, inclusive.
52. Aruba Mobility Controller Multiple Vulnerabilities
BugTraq ID: 22538
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22538
Summary:
Aruba Mobility Controller is prone to multiple vulnerabilities that may lead to authentication bypass, remote code execution, denial-of-service conditions.
Aruba Networks Mobility Controller devices with firmware version 2.0 or greater are vulnerable.
53. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 22478
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22478
Summary:
The Microsoft HTML Help ActiveX control is prone to a remote code-execution vulnerability.
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
54. Kiwi CatTools TFTP Directory Traversal Vulnerability
BugTraq ID: 22490
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22490
Summary:
Kiwi CatTools is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve or write arbitrary files on vulnerable computers in the context of the affected application. This may aid in further attacks.
This issue affects versions 2.0.0 through 3.2.8.
55. Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability
BugTraq ID: 21451
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21451
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
This issue is being actively exploited in the wild by two trojans.
56. Microsoft Word Code Execution Vulnerability
BugTraq ID: 21589
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21589
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.
Note that this issue is distinct from issues described in BID 21451 (Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability).
57. Microsoft Word Malformed Data Structures Code Execution Vulnerability
BugTraq ID: 21518
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21518
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.
This issue is being actively exploited in the wild in limited targeted attacks.
Note that this issue is distinct from BID 21451 (Microsoft Word Malformed String Arbitrary Remote Code Execution Vulnerability).
Update - February 1, 2007: A new variant of this issue has been detected in the wild. Please see the references for more information about this variant, which is referred to as Trojan.Mdropper.X. Note that Trojan.Mdropper.X was previously thought to be targeting a new vulnerability that was described in BID 22328 (Microsoft Word 2003 Unspecified Code Execution Vulnerability). However, further analysis and reports have revealed that it is not distinct from this vulnerability. BID 22328 has been retired.
58. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.
Other attacks may also be possible.
59. Xarancms Xarancms_haupt.PHP SQL Injection Vulnerability
BugTraq ID: 18520
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/18520
Summary:
Xarancms is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
60. Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 18228
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
The Mozilla Foundation has released thirteen security advisories specifying security vulnerabilities in Mozilla Firefox, SeaMonkey, Camino, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable application
- crash affected applications
- run JavaScript code with elevated privileges, potentially allowing the remote execution of machine code
- gain access to potentially sensitive information.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as further information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.4
- Mozilla Thunderbird version 1.5.0.4
- Mozilla SeaMonkey version 1.0.2
- Mozilla Camino 1.0.2
61. Linux Kernel Key_Alloc_Serial() Local Denial of Service Vulnerability
BugTraq ID: 22539
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A successful attack can allow local attackers to trigger a crash and deny service to legitimate users.
Kernel versions 2.6.x are vulnerable.
62. Sun Solaris Telnet Remote Authentication Bypass Vulnerability
BugTraq ID: 22512
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22512
Summary:
Sun Solaris 10 is prone to a vulnerability that allows remote attackers to bypass authentication.
Successfully exploiting this issue allows remote attackers to gain remote access to vulnerable computers. If the targeted computer is configured to allow non-console logins for superusers, then remote superuser access is possible.
63. Virtual Calendar Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 22536
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22536
Summary:
Virtual Calendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
64. TaskFreak! Error.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22537
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22537
Summary:
TaskFreak! is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
TaskFreak! 0.5.5 multiuser edition is reportedly vulnerable; other versions may be affected as well.
65. PHP Version 5.2.0 and Prior Multiple Vulnerabilities
BugTraq ID: 22496
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22496
Summary:
PHP version 5.2.0 and prior is prone to multiple security vulnerabilities. Successful exploits could allow an attacker to write files in unauthorized locations, cause a denial-of-service condition, and potentially execute code.
These issues are reported to affect PHP 4.4.4 and prior versions in the 4 branch, and 5.2.0 and prior versions in the 5 branch; other versions may also be vulnerable.
66. Samba NSS host lookup Winbind Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 22410
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22410
Summary:
Samba is prone to multiple remote buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit these issues to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will result in a denial of service.
These issues affects versions 3.0.21 to 3.0.23d.
67. Fetchmail Remote Denial of Service Vulnerability
BugTraq ID: 21902
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21902
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
68. Wordpress Templates.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22534
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22534
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
69. Radical Technologies Portal Search Multiple Input Validation Vulnerabilities
BugTraq ID: 22533
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22533
Summary:
Portal Search is reported prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include a cross-site scripting vulnerability, a remote URI-redirection vulnerability, and an information-disclosure vulnerability.
An attacker can exploit these issue to steal cookie-based authentication credentials, enhance phishing-style attacks, and gain access to sensitive information. This may lead to other attacks.
70. Philboard Philboard_forum.ASP SQL Injection Vulnerability
BugTraq ID: 22532
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22532
Summary:
Philboard is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
71. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability
BugTraq ID: 22531
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22531
Summary:
Microsoft Internet Explorer is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
This issue is similar to the one described in BID 22524 (Mozilla Firefox JavaScript Key Filtering Variant Vulnerability), and is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).
72. uTorrent Torrent File Handling Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 22530
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22530
Summary:
uTorrent is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the application.
This issue affects version 1.6; other versions may also be affected.
73. EWay Default.APSX Cross-Site Scripting Vulnerability
BugTraq ID: 22528
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22528
Summary:
eWay is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
74. GraphicsMagick PALM DCM Buffer Overflow Vulnerabilities
BugTraq ID: 20707
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
GraphicsMagick is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
GraphicsMagick 1.1.7 and prior versions are vulnerable.
75. Intertianews Inertianews_Main.PHP Remote File Include Vulnerability
BugTraq ID: 21713
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/21713
Summary:
Intertianews is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.
This issue affects version 0.02b; other versions may also be affected.
76. SMB4K Multiple Vulnerabilities
BugTraq ID: 22299
Remote: No
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22299
Summary:
The 'smb4k' is prone to multiple vulnerabilities, including:
- A buffer-overflow vulnerability
- A denial-of-service vulnerability
- An information-disclosure issue
- An insecure-temporary-file-creation issue.
An attacker can exploit this issue to completely compromise affected computers. This includes executing arbitrary code with superuser privileges, crashing arbitrary processes, gaining access to sensitive information, and writing to the 'sudoers' file.
These issues affect version 0.8.0; other versions may also be vulnerable.
77. FusionPHP Fusion News Index.PHP Remote File Include Vulnerability
BugTraq ID: 19546
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/19546
Summary:
Fusion News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to access the underlying system.
78. JBoss Portal Noproject Portal Cross-Site Scripting Vulnerability
BugTraq ID: 22526
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22526
Summary:
JBoss Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
79. Mozilla Firefox JavaScript Key Filtering Variant Vulnerability
BugTraq ID: 22524
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22524
Summary:
Mozilla Firefox is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
Mozilla Firefox 1.5.0.9 and 2.0.0.1 are vulnerable to this issue; other versions may also be affected. Applications based on the open-source Mozilla rendering engine may also be affected.
This issue is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).
80. Apache Stats Extract Function Multiple Input Validation Vulnerabilities
BugTraq ID: 22388
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22388
Summary:
Apache Stats is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issue could allow an attacker to compromise the application, execute arbitrary code in the context of the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Versions prior to 0.0.3 are vulnerable.
81. Fullaspsite Shop Listmain.ASP Multiple Input Validation Vulnerabilities
BugTraq ID: 22545
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22545
Summary:
Fullaspsite Shop is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
82. PollMentor Pollmentorres.ASP SQL Injection Vulnerability
BugTraq ID: 22542
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22542
Summary:
PollMentor is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects version 2.0; other versions may also be vulnerable.
83. phpCC Nickpage.PHP SQL Injection Vulnerability
BugTraq ID: 22540
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22540
Summary:
phpCC is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects version 4.2; prior versions may also be affected.
84. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability
BugTraq ID: 22477
Remote: Yes
Last Updated: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22477
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
85. RETIRED: LightTPD Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 22527
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22527
Summary:
lighttpd is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
UPDATE: This BID is being retired because the information shows that the application is not affected by this vulnerability.
86. Miniwebsvr Web Server Directory Traversal Vulnerability
BugTraq ID: 22523
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22523
Summary:
Miniwebsvr is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Note that the attacker can traverse to only one directory above the current working directory of the webserver application.
Version 0.0.6 is vulnerable to this issue; other versions may also be affected.
87. PHPPolls phpPollAdmin.PHP3 Administrative Authentication Bypass Vulnerability
BugTraq ID: 22522
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22522
Summary:
phpPolls is prone to a vulnerability that will let attackers gain administrative access to the application.
This is due to insufficient access validation.
This issue affects version 1.0.3; other versions may also be vulnerable.
88. Qdig QWD Variable Cross-Site Scripting Vulnerability
BugTraq ID: 22510
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22510
Summary:
Qdig is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
89. TagIt! TagBoard Multiple Remote File Include Vulnerabilities
BugTraq ID: 22518
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22518
Summary:
TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
TagBoard 2.1.b Build 2 and prior versions are vulnerable.
90. WebMatic Index_Album.PHP Multiple Remote File Include Vulnerabilities
BugTraq ID: 22444
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22444
Summary:
WebMatic is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
This issue affects version 2.6; other versions may also be affected.
91. Linux Kernel ISO9660 Denial of Service Vulnerability
BugTraq ID: 20920
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue affects the code that handles the ISO9660 filesystem.
An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
92. IP3 NetAccess Directory Traversal Vulnerability
BugTraq ID: 22513
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22513
Summary:
IP3 NetAccess is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker could exploit this vulnerability to reveal the contents of files that contain sensitive information that could aid in further attacks against the affected computer. An attacker can carry out this attack to obtain any arbitrary file on the affected system.
IP3 NetAccess devices with firmware versions earlier than 4.1.9.6 are vulnerable to this issue.
93. Linux Kernel ListXATTR Local Denial of Service Vulnerability
BugTraq ID: 22316
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
Successful exploits will result in denial-of-service conditions or potentially privilege escalation.
94. PHPMyVisites Multiple Input Validation Vulnerabilities
BugTraq ID: 22516
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22516
Summary:
phpMyVisites is prone to multiple input-validation vulnerabilities, including an HTTP-response-splitting issue, a cross-site scripting issue, and a local file-include issue, because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to:
- Influence or misrepresent how web content is served, cached, or interpreted
- Execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- Execute local script code in the context of the application.
This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to 2.2 Stable are vulnerable.
95. Linux Kernel ISDN PPP CCP Reset State Timer Denial of Service Vulnerability
BugTraq ID: 21883
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21883
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.
96. Linux Kernel MinCore User Space Access Locking Local Denial of Service Vulnerability
BugTraq ID: 21663
Remote: No
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability due to a design error.
A local attacker can exploit this issue to cause the kernel to become unresponsive, denying further service to legitimate users.
Linux Kernel versions prior to 2.4.33.6 are vulnerable.
97. Linux Kernel Multiple IPV6 Packet Filtering Bypass Vulnerabilities
BugTraq ID: 20955
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/20955
Summary:
The Linux kernel is prone to multiple IPv6 packet-filtering-bypass vulnerabilities because of insufficient handling of fragmented packets.
An attacker could exploit these issues to bypass ip6_table filtering rules. This could result in a false sense of security because filtering rules set up by system administrators can be bypassed in order to access services that are otherwise protected.
98. Oreon Remote File Include Vulnerability
BugTraq ID: 22107
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22107
Summary:
Oreon is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Oreon 1.2.3 RC4 and prior versions are vulnerable to this issue.
99. JBoss Java Class DeploymentFileRepository Directory Traversal Vulnerability
BugTraq ID: 21219
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/21219
Summary:
JBoss is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to read, create, delete, and overwrite arbitrary files from the vulnerable system in the context of the affected application. Successful exploits can result in a compromise of vulnerable applications.
JBoss Web Server 1.0.0.GA is vulnerable to this issue. Other applications that use the affected JBoss Java class may also be affected.
100. Trend Micro Antivirus UPX Compressed PE File Buffer Overflow Vulnerability
BugTraq ID: 22449
Remote: Yes
Last Updated: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22449
Summary:
Trend Micro Antivirus is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
This issue occurs when the application processes compressed UPX files.
Successsful exploits will result in attacker-supplied arbitrary code running with elevated privileges, resulting in the complete compromise of affected computers. Failed exploit attempts will likely cause denial-of-service conditions.
This issue affects all Trend Micro products and versions using the Scan Engine and Pattern File technology.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. U.S. calls for more organized cyber response
By: Robert Lemos
Federal officials renew calls for the private sector to help manage threats to critical infrastructure and the Internet.
http://www.securityfocus.com/news/11441
2. Security pros work to undo teacher's conviction
By: Robert Lemos
Researchers aim to recreate what caused a classroom PC to start displaying pornographic pop-ups, an incident that has led to four felony convictions for the substitute teacher involved.
http://www.securityfocus.com/news/11440
3. Vista raises the bar for flaw finders
By: Robert Lemos
Microsoft launches its latest operating system, Windows Vista--software that security researchers say will make finding exploitable vulnerabilities a lot harder.
http://www.securityfocus.com/news/11439
4. Fraud linked to TJX data heist spreads
By: Robert Lemos
Banks and retailers in the United States and Canada report an increasing amount of illicit transactions linked to a server breach at the company that owns retail chains in the U.S., Canada and Europe.
http://www.securityfocus.com/news/11438
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Security Consultant, Sunnyvayle
http://www.securityfocus.com/archive/77/459981
2. [SJ-JOB] Security Product Marketing Manager, Palo Alto
http://www.securityfocus.com/archive/77/459982
3. [SJ-JOB] Sr. Product Manager, Bay Area
http://www.securityfocus.com/archive/77/459959
4. [SJ-JOB] Senior Software Engineer, Austin
http://www.securityfocus.com/archive/77/459975
5. [SJ-JOB] Sales Engineer, Houston
http://www.securityfocus.com/archive/77/459942
6. [SJ-JOB] Sales Engineer, Austin
http://www.securityfocus.com/archive/77/459968
7. [SJ-JOB] Developer, Bay Area
http://www.securityfocus.com/archive/77/459972
8. [SJ-JOB] Sales Engineer, San Diego
http://www.securityfocus.com/archive/77/459941
9. [SJ-JOB] Manager, Information Security, Centennial
http://www.securityfocus.com/archive/77/459857
10. [SJ-JOB] Technical Support Engineer, Boston
http://www.securityfocus.com/archive/77/459858
11. [SJ-JOB] Sr. Security Engineer, Glenview
http://www.securityfocus.com/archive/77/459859
12. [SJ-JOB] Security Engineer, Centennial
http://www.securityfocus.com/archive/77/459860
13. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/459780
14. [SJ-JOB] Account Manager, South East
http://www.securityfocus.com/archive/77/459782
15. [SJ-JOB] Senior Software Engineer, Cupertino
http://www.securityfocus.com/archive/77/459781
16. [SJ-JOB] Jr. Security Analyst, Peterborough
http://www.securityfocus.com/archive/77/459601
17. [SJ-JOB] Information Assurance Analyst, Falls Church
http://www.securityfocus.com/archive/77/459602
18. [SJ-JOB] Security System Administrator, London
http://www.securityfocus.com/archive/77/459603
19. [SJ-JOB] Security Engineer, Baltimore
http://www.securityfocus.com/archive/77/459610
20. [SJ-JOB] Security Engineer, san francisco
http://www.securityfocus.com/archive/77/459599
21. [SJ-JOB] Security Engineer, Tel Aviv
http://www.securityfocus.com/archive/77/459600
22. [SJ-JOB] Sr. Security Analyst, Chantilly
http://www.securityfocus.com/archive/77/459575
23. [SJ-JOB] Security Consultant, Seattle
http://www.securityfocus.com/archive/77/459576
24. [SJ-JOB] Security Engineer, Baltimore
http://www.securityfocus.com/archive/77/459577
25. [SJ-JOB] Information Assurance Analyst, McLean
http://www.securityfocus.com/archive/77/459579
26. [SJ-JOB] Sales Engineer, Tampa
http://www.securityfocus.com/archive/77/459447
27. [SJ-JOB] Sr. Security Analyst, Winter Haven
http://www.securityfocus.com/archive/77/459383
28. [SJ-JOB] Sales Engineer, North London
http://www.securityfocus.com/archive/77/459350
29. [SJ-JOB] Forensics Engineer, Wales
http://www.securityfocus.com/archive/77/459351
30. [SJ-JOB] Security Consultant, London / Surrey
http://www.securityfocus.com/archive/77/459352
31. [SJ-JOB] Security Consultant, London
http://www.securityfocus.com/archive/77/459353
32. [SJ-JOB] Penetration Engineer, Manchester
http://www.securityfocus.com/archive/77/459368
33. [SJ-JOB] Security Engineer, London
http://www.securityfocus.com/archive/77/459349
34. [SJ-JOB] Sales Engineer, New York or Boston
http://www.securityfocus.com/archive/77/459291
35. [SJ-JOB] Security Engineer, Reston
http://www.securityfocus.com/archive/77/459292
V. INCIDENTS LIST SUMMARY
---------------------------
1. Tracking down random ICMP
http://www.securityfocus.com/archive/75/457701
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Linkifier Plus executing JS?
http://www.securityfocus.com/archive/82/459870
2. PAKCON III: Call for Papers [cfp]
http://www.securityfocus.com/archive/82/459868
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #328
http://www.securityfocus.com/archive/88/459485
2. Time Zone change and Kerberos Auth
http://www.securityfocus.com/archive/88/459446
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. Did I get hacked?
http://www.securityfocus.com/archive/91/459940
2. administrator permissions mail server
http://www.securityfocus.com/archive/91/459257
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiN
E
[ reply ]