ALERT: Learn to Think Like a Hacker - Simulate a Hacker Breaking into Your Web Apps
The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Cys
D
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime
II. BUGTRAQ SUMMARY
1. Live for Speed Replay File Buffer Overflow Vulnerability
2. IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability
3. Nullsoft Winamp M3U File Denial of Service Vulnerability
4. Sun Solaris DTrace Local Denial of Service Vulnerability
5. ArticleLive NX Multiple Unspecified Vulnerabilities
6. Apple iPhone Mobile Safari Browser Remote Heap Overflow Vulnerability
7. Apple Safari for Windows IDN URL Bar Spoofing Vulnerability
8. PHP-Nuke Search Module Cross-Site Scripting Vulnerability
9. WebDirector Index.PHP Cross Site Scripting Vulnerability
10. HP-UX ARPA Transport Unspecified Local Denial Of Service Vulnerability
11. BlueSkyChat ActiveX Control Buffer Overflow Vulnerability
12. WebEvent Webevent.CGI Cross-Site Scripting Vulnerability
13. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
14. Cisco Wireless LAN Control ARP Storm Multiple Denial Of Service Vulnerabilities
15. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
16. Apache Mod_Mem_Cache Information Disclosure Vulnerability
17. Joomla! GMaps Component Index.PHP SQL Injection Vulnerability
18. RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
19. RETIRED: Holotech Phorm FileUpload.PHP Arbitrary File Upload Vulnerability
20. Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
21. Hitachi JP1/Cm2/Hierarchical Viewer Unspecified Denial Of Service Vulnerability
22. PHP-Blogger Pref.DB Authentication Bypass Vulnerability
23. VMware Vielib.DLL ActiveX Control Multiple Remote Code Execution Vulnerabilities
24. iBON Search Field Local Denial Of Service Vulnerability
25. TIBCO Rendezvous RVD Daemon Unspecified Denial Of Service Vulnerability
26. IT!CMS Multiple Cross-Site Scripting Vulnerabilities
27. HP-UX ARPA Transport Unspecified Remote Denial Of Service Vulnerability
28. Atheros Wireless Drivers Denial of Service Vulnerability
29. OpenRat Index.PHP Multiple Cross-Site Scripting Vulnerabilities
30. Baidu Soba Search Bar BaiduBar.DLL ActiveX Control Remote Code Execution Vulnerability
31. WordPress Multiple Input Validation Vulnerabilities
32. WikiWebWeaver Index.PHP Arbitrary File Upload Vulnerability
33. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
34. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
35. Apple Mac OS X 2007-007 Multiple Security Vulnerabilities
36. Cscope Include Filename Buffer Overflow Vulnerability
37. Cscope Insecure Temporary File Creation Vulnerabilities
38. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
39. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
40. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
41. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
42. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
43. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
44. FreeBSD Jail RC.D Multiple Local Symbolic Link Vulnerabilities
45. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
46. ISC BIND 9 Remote Cache Poisoning Vulnerability
47. Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
48. GIMP PSD File Integer Overflow Vulnerability
49. Shadow-Utils UserAdd Local Insecure Permissions Vulnerability
50. X.Org XFS Init Script Insecure Temporary File Creation Vulnerability
51. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
52. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
53. Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
54. WordPress Upload.PHP Cross-Site Scripting Vulnerability
55. GD Graphics Library PNG File Processing Denial of Service Vulnerability
56. RadScripts RadLance Popup.PHP Local File Include Vulnerability
57. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
58. Apple WebKit Invalid Type Conversion Remote Code Execution Vulnerability
59. SquirrelMail Compose.PHP Multiple Information Disclosure and Data Modification Vulnerabilities
60. SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities
61. SquirrelMail Multiple Cross Site Scripting Vulnerabilities
62. SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting Vulnerability
63. Pluck Multiple Input Validation Vulnerabilities
64. PHP Arena paBugs Index.PHP SQL Injection Vulnerability
65. IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
66. Ipswitch IMail Server and Collaboration Suite (ICS) Multiple Buffer Overflow Vulnerabilities
67. Open Webmail Multiple Cross-Site Scripting Vulnerabilities
68. Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
69. Squirrelmail Redirect.PHP Local File Include Vulnerability
70. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
71. SquirrelMail Search.PHP Cross-Site Scripting Vulnerability
72. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
73. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
74. Multiple Browser URI Handlers Command Injection Vulnerabilities
75. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
76. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
77. Apache HTTP Server Tomcat Directory Traversal Vulnerability
78. Samba MS-RPC Remote Shell Command Execution Vulnerability
79. PHP Mail Function ASCIIZ Message Truncation Weakness
80. PHP Session_Decode Double Free Memory Corruption Vulnerability
81. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
82. PHP Session_Regenerate_ID Function Double Free Memory Corruption Vulnerability
83. PHP Array_User_Key_Compare Function Memory Corruption Vulnerability
84. PHP BZip2/Zip Wrappers Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
85. PHP GD Extension WBMP File Integer Overflow Vulnerabilities
86. Apple Safari Disable Java Preference Failure Weakness
87. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
88. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
89. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
90. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
91. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
92. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
93. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
94. Gzip Zgrep Arbitrary Command Execution Vulnerability
95. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability
96. Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability
97. Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability
98. Asterisk Multiple Remote Denial of Service Vulnerabilities
99. File Multiple Denial of Service Vulnerabilities
100. Visionsoft Audit Multiple Remote Vulnerabilities
III. SECURITYFOCUS NEWS
1. Will the iPhone be iPwned?
2. Firm finds new danger in dangling pointers
3. Newsmaker: <em>DCT, MPack developer</em>
4. Spammers dump images, switch to PDF files
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Director, Information Security, Sacramento
2. [SJ-JOB] Information Assurance Analyst, McLean
3. [SJ-JOB] Auditor, Charlotte
4. [SJ-JOB] Application Security Architect, Folsom
5. [SJ-JOB] Software Engineer, Columbia
6. [SJ-JOB] Technology Risk Consultant, Toronto
7. [SJ-JOB] Security Consultant, Central London
8. [SJ-JOB] Security Architect, Jersy city
9. [SJ-JOB] Security Engineer, Omaha
10. [SJ-JOB] Threat Analyst, Omaha
11. [SJ-JOB] Developer, Calgary
12. [SJ-JOB] Sr. Security Analyst, Woonsocket
13. [SJ-JOB] Security Consultant, Columbia
14. [SJ-JOB] Sr. Security Analyst, Providence
15. [SJ-JOB] Jr. Security Analyst, Providence
16. [SJ-JOB] Technical Support Engineer, Mountain View
17. [SJ-JOB] Sr. Security Analyst, Lyndhurst
18. [SJ-JOB] Penetration Engineer, Banglore
19. [SJ-JOB] Security Consultant, Boston, Multiple Locations
20. [SJ-JOB] Manager, Information Security, Lyndhurst
21. [SJ-JOB] Application Security Engineer, Riyadh
22. [SJ-JOB] Security Architect, Washington
23. [SJ-JOB] Security Architect, Columbus
24. [SJ-JOB] Penetration Engineer, London
25. [SJ-JOB] Security Architect, New York
26. [SJ-JOB] Information Assurance Analyst, Picatinny Arsenal--Morris County
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. "debug k" freezing Cisco routers?
2. Really, really, penultimate, PacSec CFP deadline, Aug 10.
3. error in my code
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #352
2. USB device control software
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449
2. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448
II. BUGTRAQ SUMMARY
--------------------
1. Live for Speed Replay File Buffer Overflow Vulnerability
BugTraq ID: 25168
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25168
Summary:
Live for Speed is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successfully exploiting this issue will result in a remote compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
2. IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 25167
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25167
Summary:
IBM Lotus Sametime Server is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Sametime Server 7.5.1; prior versions may also be affected.
3. Nullsoft Winamp M3U File Denial of Service Vulnerability
BugTraq ID: 25152
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25152
Summary:
Winamp is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, effectively denying service to legitimate users. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed.
This issue is reported to affect Winamp 5.35; other versions may also be vulnerable.
4. Sun Solaris DTrace Local Denial of Service Vulnerability
BugTraq ID: 25151
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25151
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.
Local attackers may exploit this issue to trigger kernel panics or system hangs, denying service to legitimate users. The vendor states that this issue may be less likely (or at least more difficult) to trigger on x86-based computers.
Solaris 10 SPARC and x86 are affected by this issue.
5. ArticleLive NX Multiple Unspecified Vulnerabilities
BugTraq ID: 25150
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25150
Summary:
ArticleLive NX is prone to multiple unspecified vulnerabilities. No further details are currently
available. We will update this BID as more information emerges.
Versions prior to ArticleLive NX 1.7 are vulnerable to these issues.
6. Apple iPhone Mobile Safari Browser Remote Heap Overflow Vulnerability
BugTraq ID: 25002
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25002
Summary:
Apple iPhone Mobile Safari Browser is prone to a remote heap-overflow vulnerability that can allow an attacker to gain unauthorized access to a device with administrative privileges.
The researchers responsible for discovering this issue have developed exploit code that can steal sensitive information from a vulnerable device and send it to a remote server. Another proof of concept that exploits the same issue can be used to perform physical actions on the phone such as making a sound or setting the phone to vibrate. The researchers have not yet disclosed the complete details of this vulnerability but will do so as part of a presentation for the BlackHat security conference on August 2, 2007.
This issue also affects Safari on other platforms including Windows and Mac OS X.
7. Apple Safari for Windows IDN URL Bar Spoofing Vulnerability
BugTraq ID: 24636
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24636
Summary:
Apple Safari is prone to a vulnerability that permits attackers to spoof URL bar content.
Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.
This issue affects Apple Safari 3.0.2 for Windows; other versions may also be affected.
The iPhone is reported to be affected in the APPLE-SA-2007-07-31 iPhone v1.0.1 Update security advisory.
8. PHP-Nuke Search Module Cross-Site Scripting Vulnerability
BugTraq ID: 25171
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25171
Summary:
PHP-Nuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
9. WebDirector Index.PHP Cross Site Scripting Vulnerability
BugTraq ID: 25166
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25166
Summary:
WebDirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
10. HP-UX ARPA Transport Unspecified Local Denial Of Service Vulnerability
BugTraq ID: 25165
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25165
Summary:
HP-UX running ARPA Transport software is prone to a local denial-of-service vulnerability.
Exploiting this issue allows local attackers to deny service to legitimate users.
This issue may be related to BID: 23410 - HP-UX ARPA Transport Unspecified Denial Of Service Vulnerability.
11. BlueSkyChat ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25149
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25149
Summary:
BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
BlueSkyChat ActiveX control 8.1.2.0 is vulnerable to this issue; other versions may also be affected.
12. WebEvent Webevent.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 25148
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25148
Summary:
WebEvent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
13. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.
An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.
14. Cisco Wireless LAN Control ARP Storm Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25043
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25043
Summary:
Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the device, denying service to legitimate users.
These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected.
15. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
16. Apache Mod_Mem_Cache Information Disclosure Vulnerability
BugTraq ID: 24553
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/24553
Summary:
Apache is prone to a path-information-disclosure vulnerability. Remote unauthorized attackers may be able to access sensitive data.
Information obtained may aid attackers in launching further attacks against an affected server.
Apache 2.2.4 is reported vulnerable to this issue; other versions may be affected as well.
17. Joomla! GMaps Component Index.PHP SQL Injection Vulnerability
BugTraq ID: 25146
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25146
Summary:
The Joomla! GMaps component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GMaps 1.00 is vulnerable; other versions may also be affected.
18. RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
BugTraq ID: 25141
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25141
Summary:
vBulletin is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.
vBulletin 3.6.5 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
19. RETIRED: Holotech Phorm FileUpload.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 25137
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25137
Summary:
Holotech Phorm is prone to a vulnerability that lets attackers upload arbitrary files.
This issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.
This issue affects Phorm 3.0; other versions may also be affected.
NOTE: This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
20. Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
BugTraq ID: 25145
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25145
Summary:
Hitachi uCosminexus Application Server is prone to a vulnerability where session data being used by one user might be used as the session data of another user.
An attacker can exploit this issue to gain unauthorized access to session information.
This issue affects the Hitachi uCosminexus Application Server, which is included in various Hitachi applications.
21. Hitachi JP1/Cm2/Hierarchical Viewer Unspecified Denial Of Service Vulnerability
BugTraq ID: 25144
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25144
Summary:
Hitachi JP1/Cm2/Hierarchical Viewer is prone to an unspecified denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions.
22. PHP-Blogger Pref.DB Authentication Bypass Vulnerability
BugTraq ID: 25143
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25143
Summary:
PHP-Blogger is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain unauthorized access to the application.
PHP-Blogger 2.2.7 is affected; previous versions may be affected as well.
23. VMware Vielib.DLL ActiveX Control Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 25131
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25131
Summary:
An ActiveX control installed with VMware is prone to multiple remote code-execution vulnerabilities.
An attacker can exploit these issues to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.
These issues affect VMware 6.0.0; other versions may also be affected.
24. iBON Search Field Local Denial Of Service Vulnerability
BugTraq ID: 25133
Remote: No
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25133
Summary:
iBON is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.
A successful exploit will consume CPU resources and cause the computer to become unresponsive.
NOTE: Attackers may be able to execute arbitrary code, but this hasn't been confirmed.
Versions prior to iBON 2007 are vulnerable.
25. TIBCO Rendezvous RVD Daemon Unspecified Denial Of Service Vulnerability
BugTraq ID: 25132
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25132
Summary:
The RVD daemon in TIBCO Rendezvous is prone to a remote denial-of-service vulnerability.
Specific details about this vulnerability are not currently available. We will update this BID as more information emerges.
Successfully exploiting this issue allows remote attackers to consume excessive memory, leading to denial-of-service conditions.
Rendezvous 7.5.2 is vulnerable to this issue; other versions may also be affected.
26. IT!CMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25129
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25129
Summary:
IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IT!CMS 0.2 is vulnerable to these issues; other versions may also be affected.
27. HP-UX ARPA Transport Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 25147
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25147
Summary:
HP-UX running ARPA Transport software is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows attackers to cause denial-of-service conditions.
28. Atheros Wireless Drivers Denial of Service Vulnerability
BugTraq ID: 25160
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25160
Summary:
Atheros wireless drivers are prone to a denial-of-service vulnerability because they fail to properly handle malformed wireless frames.
Remote attackers may exploit this issue to cause denial-of-service conditions.
Atheros drivers are also used by OEM (Original Equipment Manufacturer) wireless adapters. Therefore, various brands of wireless adapters using the Atheros chipset are affected by this vulnerability.
This issue is reported to affect drivers for the Windows operating system. Note that Linux, UNIX, and BSD computers may be vulnerable if using the NDISWrapper or similar technology to load an affected driver.
29. OpenRat Index.PHP Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25169
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25169
Summary:
OpenRat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects OpenRat 0.8-beta1 and earlier.
30. Baidu Soba Search Bar BaiduBar.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 25121
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25121
Summary:
An ActiveX control installed with Baidu Soba search bar is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.
This issue affects Baidu Soba 5.4; other versions may also be affected.
31. WordPress Multiple Input Validation Vulnerabilities
BugTraq ID: 25161
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25161
Summary:
WordPress is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include multiple cross-site scripting vulnerabilities, an HTML-injection vulnerability, and multiple SQL-injection vulnerabilities.
A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WordPress 2.2.1 is vulnerable; other versions may also be affected.
32. WikiWebWeaver Index.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 25164
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25164
Summary:
WikiWebWeaver is prone to a vulnerability that lets attackers upload arbitrary files.
This issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.
WikiWebWeaver 1.0 Beta 2 is vulnerable; other versions may also be affected.
33. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
BugTraq ID: 24653
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24653
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.
All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
Kerberos 5 'kadmind' 1.6.1, 1.5.3, and prior versions are vulnerable.
34. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.
Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.
OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.
35. Apple Mac OS X 2007-007 Multiple Security Vulnerabilities
BugTraq ID: 25159
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25159
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
36. Cscope Include Filename Buffer Overflow Vulnerability
BugTraq ID: 18050
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/18050
Summary:
Cscope is prone to a buffer-overflow vulnerability because it fails to properly validate the size of attacker-supplied data before copying it into a finite-sized buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.
37. Cscope Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 11697
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/11697
Summary:
Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it.
During execution, the utility reportedly creates temporary files in the system's temporary directory, '/tmp', with predictable names. This allows attackers to create malicious symbolic links that Cscope will write to when an unsuspecting user executes it.
Attackers may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
Versions up to and including Cscope 15.5 are reported vulnerable.
38. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
BugTraq ID: 25154
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25154
Summary:
Trolltech Qt is prone to multiple format-string vulnerabilities because it fails to securely display error messages.
Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application using the application framework or to cause denial-of-service conditions.
This issue affects Qt 3 only. KDE and other application using the affected application framework are inherently affected.
39. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
BugTraq ID: 24835
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24835
Summary:
GNU Image Manipulation Program (GIMP) is prone to multiple integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.
An attacker can exploit these vulnerabilities to execute arbitrary code with the privileges of the user running GIMP. Failed exploit attempts will likely cause denial-of-service conditions.
Versions prior to GIMP 2.2.16 are vulnerable.
40. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
BugTraq ID: 24946
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24946
Summary:
The Mozilla Foundation has released four security advisories specifying multiple vulnerabilities in Firefox 2.0.0.4.
These vulnerabilities allow attackers to:
- Execute arbitrary code
- Execute code with chrome privileges
- Perform cross-site scripting attacks
- Crash Firefox in a myriad of ways, with evidence of memory corruption.
Other attacks may also be possible.
41. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
BugTraq ID: 24831
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24831
Summary:
Mozilla Firefox is prone to a cache-zone-bypass vulnerability because the application fails to properly block remote access to special internally generated URIs containing cached data.
Exploiting this issue allows remote attackers to access potentially sensitive information and to place markers with similar functionality to cookies onto targeted users' computers, regardless of cookie security settings. Information harvested in successful exploits may aid in further attacks.
Attackers may also potentially exploit this issue to perform cache-poisoning or URL-spoofing attacks.
This issue is being tracked by Mozilla's Bugzilla Bug 387333.
42. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
BugTraq ID: 24447
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24447
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied input.
Attackers may exploit this issue by enticing victims into visiting a malicious site and followings links with improper file extensions.
Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application. Other attacks are also possible.
43. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.
A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.
This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.
Firefox 2.0.0.4 and prior versions are vulnerable.
44. FreeBSD Jail RC.D Multiple Local Symbolic Link Vulnerabilities
BugTraq ID: 22011
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/22011
Summary:
FreeBSD is prone to multiple local symbolic-link vulnerabilities because the jail startup 'rc.d' script fails to properly ensure that certain operations are not performed on symbolic links.
Successfully exploiting these issues allows users with superuser privileges inside jailed environments to overwrite arbitrary files in the host environment, overlay filesystems in arbitrary locations in the host filesystem, or to unmount filesystems in the host filesystem. These issues allow attackers to execute arbitrary machine code with superuser privileges in the host environment, escaping the jailed environment.
FreeBSD versions since version 5.3 are vulnerable to these issues.
45. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
BugTraq ID: 24965
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24965
Summary:
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.
This issue affects tcpdump 3.9.6 and prior versions.
46. ISC BIND 9 Remote Cache Poisoning Vulnerability
BugTraq ID: 25037
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25037
Summary:
BIND 9 is prone to a remote cache-poisoning vulnerability because of a weakness in its random number generator.
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
Versions up to BIND 9.4.1 are vulnerable to this issue.
47. Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25086
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25086
Summary:
Yahoo! Widgets Engine is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Yahoo! Widgets Engine 4.0.3 (build 178) is reported vulnerable; other versions may be affected as well.
48. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.
GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.
49. Shadow-Utils UserAdd Local Insecure Permissions Vulnerability
BugTraq ID: 18111
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/18111
Summary:
The useradd utility in shadow-utils is susceptible to a local insecure-permissions vulnerability. This issue is due to a race-condition between when user mailboxes are created and when permissions are set on the file.
A local, unprivileged attacker can exploit this issue to gain access to newly created mailbox files. This may allow them to directly inject forged email messages to aid them in social-engineering attacks. Attackers may also be able to inject data into the mailbox file that will cause mail applications to fail to access the file, denying email access to targeted users. Other attacks may also be possible.
Version 4.0.3 of shadow-utils is vulnerable to this issue; other versions may also be affected.
50. X.Org XFS Init Script Insecure Temporary File Creation Vulnerability
BugTraq ID: 24888
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24888
Summary:
The X Font Server (XFS) creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks to alter the permissions of an arbitrary attacker-supplied file.
51. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
52. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
BugTraq ID: 25142
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25142
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges.
A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could exploit this issue to execute hostile script code with privileges that exceed those that were intended. Certain Firefox extensions may not intend 'about:blank' to execute script code with Chrome privileges.
NOTE: This issue was introduced by the fix for MFSA 2007-20.
53. Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
BugTraq ID: 24837
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24837
Summary:
Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers.
Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' and 'navigator.exe' processes by employing the 'firefoxurl' and 'navigatorurl' handlers.
An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox and Netscape Navigator's resources.
Exploiting these issues would permit remote attackers to influence command options that can be called through the 'firefoxurl' and 'navigatorurl' handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.
54. WordPress Upload.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 25158
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25158
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects WordPress 2.2.1; prior versions may also be affected.
55. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.
GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.
56. RadScripts RadLance Popup.PHP Local File Include Vulnerability
BugTraq ID: 17975
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/17975
Summary:
RadLance is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
RadLance Gold 7.0 is reported affected by this issue; other versions may also be vulnerable.
57. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
BugTraq ID: 24052
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24052
Summary:
JasPer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted JP2 files.
An attacker may exploit this issue by enticing victims to open a maliciously crafted file.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
This issue affects JasPer 1.900 and 1.900.1; other versions may also be affected.
58. Apple WebKit Invalid Type Conversion Remote Code Execution Vulnerability
BugTraq ID: 24597
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24597
Summary:
Apple WebKit is prone to a remote code-execution vulnerability.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successful exploits can allow attackers to execute arbitrary code in the context of an application using the framework (typically Safari) or to cause denial-of-service conditions.
59. SquirrelMail Compose.PHP Multiple Information Disclosure and Data Modification Vulnerabilities
BugTraq ID: 19486
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/19486
Summary:
SquirrelMail is prone to multiple information-disclosure and data-modification vulnerabilities because the application fails to properly sanitize user-supplied input.
Successful exploits may allow an authenticated remote attacker to read and write email attachments or preferences from other users. This may lead to other attacks.
60. SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities
BugTraq ID: 21414
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/21414
Summary:
SquirrelMail is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to SquirrelMail 1.4.9a are vulnerable.
61. SquirrelMail Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 23910
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/23910
Summary:
SquirrelMail is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
62. SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14973
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/14973
Summary:
SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
63. Pluck Multiple Input Validation Vulnerabilities
BugTraq ID: 25179
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25179
Summary:
Pluck is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied data. These issues include a remote file-include vulnerability and a local file-include vulnerability.
An attacker can exploit these issues to execute arbitrary local and remote PHP code in the context of the webserver process. This may facilitate a remote compromise of the underlying system; other attacks are also possible.
Pluck 4.3 is vulnerable; other versions may also be affected.
64. PHP Arena paBugs Index.PHP SQL Injection Vulnerability
BugTraq ID: 25178
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25178
Summary:
paBugs is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects paBugs 2.0 Beta 3; other versions may also be vulnerable.
65. IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 25177
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25177
Summary:
Online DVD Rental System is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Online DVD Rental System 5.1 is vulnerable; other versions may also be affected.
66. Ipswitch IMail Server and Collaboration Suite (ICS) Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25176
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25176
Summary:
Ipswitch IMail Server and Collaboration Suite (ICS) are prone to multiple buffer-overflow vulnerabilities because these applications fail to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit these issues to execute arbitrary code in the context of the affected applications. Failed exploit attempts will likely result in denial-of-service conditions.
Ipswitch Collaboration Suite (ICS) 2006, IMail Premium 2006.2 and 2006.21 are reported vulnerable to these issues; other versions may also be affected.
67. Open Webmail Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25175
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25175
Summary:
Open Webmail is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
68. Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
BugTraq ID: 25174
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25174
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
This issue affects Tomcat 3.3 to 3.3.2.
69. Squirrelmail Redirect.PHP Local File Include Vulnerability
BugTraq ID: 18231
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/18231
Summary:
SquirrelMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit may allow unauthorized users to view files and to execute local scripts; other attacks are also possible.
70. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
BugTraq ID: 13873
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/13873
Summary:
Multiple vendors are prone to HTTP-request-smuggling issues. Attackers can piggyback an HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, attackers can launch cache-poisoning, cross-site scripting, session-hijacking, and other attacks.
71. SquirrelMail Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 18700
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/18700
Summary:
SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
72. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.
73. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
BugTraq ID: 25082
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25082
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including a denial-of-service issue and multiple memory-corruption issues.
An attacker can exploit these issues to execute arbitrary code within the context of the application or cause the affected application to crash.
These issues affect libvorbis 1.1.2; other versions of the library may also be affected.
74. Multiple Browser URI Handlers Command Injection Vulnerabilities
BugTraq ID: 25053
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25053
Summary:
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.
Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.
An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.
Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.
Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.
75. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
BugTraq ID: 24147
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24147
Summary:
Apache HTTP server running with the Tomcat JK Web Server Connector is prone to a security-bypass vulnerability because it decodes request URLs multiple times.
Exploiting this issue allows attackers to access restricted files in the Tomcat web directory. This can expose sensitive information that could help attackers launch further attacks.
This issue is present in versions prior to Apache Tomcat JK Connector 1.2.23.
76. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
BugTraq ID: 24524
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24524
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
This issue may have been reported as part of the vulnerabilities described in BID 24058 (Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities). Symantec has not been able to confirm this information. We will update this BID when more information emerges.
77. Apache HTTP Server Tomcat Directory Traversal Vulnerability
BugTraq ID: 22960
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/22960
Summary:
Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks.
Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable.
78. Samba MS-RPC Remote Shell Command Execution Vulnerability
BugTraq ID: 23972
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23972
Summary:
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application.
This issue affects Samba 3.0.0 to 3.0.25rc3.
79. PHP Mail Function ASCIIZ Message Truncation Weakness
BugTraq ID: 23146
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23146
Summary:
PHP is prone to a weakness that allows attackers to truncate email text.
Successful exploits may allow attackers to truncate email text to manipulate message content. This may potentially assist in phishing or other attacks.
This issue affects PHP 4 to 4.4.6 and PHP 5 to 5.2.1.
80. PHP Session_Decode Double Free Memory Corruption Vulnerability
BugTraq ID: 23121
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23121
Summary:
PHP is prone to a double-free memory-corruption vulnerability.
Attackers may be able to exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable. Remote attack vectors may also be possible, but this is yet to be confirmed.
This issue affects PHP versions 4.4.5 and 4.4.6.
81. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
BugTraq ID: 23016
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23016
Summary:
PHP is prone to a weakness that allows attackers to enable the 'register_globals' directive because the application fails to handle a memory-limit exception.
Enabling the PHP 'register_globals' directive may allow attackers to further exploit latent vulnerabilities in PHP scripts.
This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249 - PHP Parse_Str Register_Globals Activation Weakness.
This issue affects PHP 4 to 4.4.6 and 5 to 5.2.1.
82. PHP Session_Regenerate_ID Function Double Free Memory Corruption Vulnerability
BugTraq ID: 22968
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/22968
Summary:
PHP is prone to a double-free memory-corruption vulnerability.
Attackers may be able to exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable. Remote attack vectors may also be possible, but this is yet to be confirmed.
This issue affects PHP 5 to 5.2.1. Note that PHP 4 is vulnerable only if successful remote exploits are proven.
83. PHP Array_User_Key_Compare Function Memory Corruption Vulnerability
BugTraq ID: 22990
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/22990
Summary:
PHP is prone to a memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable.
The vulnerability affects these versions:
PHP 4.x but prior to 4.4.6
PHP 5.x but prior to 5.2.1
84. PHP BZip2/Zip Wrappers Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
BugTraq ID: 22954
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/22954
Summary:
PHP is prone to multiple 'safe_mode' and 'open_basedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations.
These vulnerabilities would be issues in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other.
PHP 5.2.1 and prior versions are vulnerable to these issues.
85. PHP GD Extension WBMP File Integer Overflow Vulnerabilities
BugTraq ID: 23357
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23357
Summary:
PHP's GD extension is prone to two integer-overflow vulnerabilities because it fails to ensure that integer values aren't overrun.
Successfully exploiting these issues allows attackers to crash the affected application, potentially denying service to legitimate users. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.
PHP 5.2.1 and prior versions are vulnerable.
86. Apple Safari Disable Java Preference Failure Weakness
BugTraq ID: 25157
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25157
Summary:
Apple Safari is prone to a weakness that may result in the execution of potentially malicious Java applets. This issue results from a design error.
This weakness arises because the application fails to properly check a security setting. Potentially malicious Java applets can be loaded from a web page regardless of the setting of the 'Enable Java' preference.
Versions prior to Safari 3.0.3 Beta and Safari 3.0.3 Beta for Windows are vulnerable to this issue.
87. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24198
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24198
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
88. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24196
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24196
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
89. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24197
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24197
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
90. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24195
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24195
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
91. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 23973
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23973
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
This BID previously documented multiple heap-based buffer-overflow vulnerabilities affecting Samba. Each issue has been assigned its own individual record. The issues are covered in this BID and the following records:
92. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
BugTraq ID: 24655
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24655
Summary:
MIT Kerberos 5 Administration Daemon ('kadmind') is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
This issue also affects third-party applications using the affected RPC library.
Versions prior to 'kadmind' krb5-1.6.1 are vulnerable.
93. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
BugTraq ID: 24657
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24657
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.
This issue also affects third-party applications using the affected RPC library.
All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
Kerberos 5 'kadmind' 1.6.1 and prior versions are vulnerable.
94. Gzip Zgrep Arbitrary Command Execution Vulnerability
BugTraq ID: 13582
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/13582
Summary:
The 'zgrep' utility is reportedly affected by an arbitrary command-execution vulnerability.
An attacker may execute arbitrary commands through zgrep command arguments to potentially gain unauthorized access to the affected computer. Note that this issue poses a security threat only if the arguments originate from a malicious source.
This issue affects zgrep 1.2.4; other versions may be affected as well.
95. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability
BugTraq ID: 24619
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24619
Summary:
Safari for Windows is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker entices a victim to bookmark a maliciously crafted site.
A remote attacker may exploit this issue to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
96. Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability
BugTraq ID: 24598
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24598
Summary:
Apple WebCore is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may exploit this issue by enticing victims into visiting a malicious website.
The attacker may leverage this issue to execute arbitrary script code in an application using the affected framework (typically Safari). This may help the attacker steal cookie-based authentication credentials and launch other attacks.
97. Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability
BugTraq ID: 24599
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24599
Summary:
Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions.
Exploiting this issue may allow attackers to access locations that a user visits, even if those locations are in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks.
This issue affects versions prior to Safari 3 Beta Update 3.0.2
98. Asterisk Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24950
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24950
Summary:
Asterisk is prone to multiple remote denial-of-service vulnerabilities.
Exploiting these issues allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
99. File Multiple Denial of Service Vulnerabilities
BugTraq ID: 24146
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24146
Summary:
The 'file' utility is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.
An attacker could exploit this issue by enticing a victim to open a specially crafted file. A denial-of-service condition can occur. Arbitrary code execution may be possible, but Symantec has not confirmed this.
100. Visionsoft Audit Multiple Remote Vulnerabilities
BugTraq ID: 25153
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25153
Summary:
Visionsoft Audit is prone to multiple remote vulnerabilities:
- A heap-based buffer-overflow issue
- Multiple information-disclosure issues
- A denial-of-service issue
- A password-disclosure issue
- Multiple arbitrary-file-overwrite issues
An attacker can exploit these issues to completely compromise the affected computer, crash the affected application, overwrite arbitrary files, gain unauthorized access to the affected application, and obtain sensitive information.
These issues affect Visionsoft Audit 12.4.0.0; other versions may also be affected.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Will the iPhone be iPwned?
By: Robert Lemos
Security experts' predictions for the sleek high-end device vary, but they agree that Apple's first phone will be scrutinized closely.
http://www.securityfocus.com/news/11478
2. Firm finds new danger in dangling pointers
By: Robert Lemos
The common software flaw should be considered a security threat, not a quality control issue, researchers say.
http://www.securityfocus.com/news/11477
3. Newsmaker: <em>DCT, MPack developer</em>
By: Robert Lemos
One of the three Russian developers behind the MPack infection kit virtually sits down with <cite>SecurityFocus</cite> to discuss the program and making a business out of cybercrime.
http://www.securityfocus.com/news/11476
4. Spammers dump images, switch to PDF files
By: Robert Lemos
A wave of spam e-mail messages carrying attachments in the Portable Document Format gathers speed, hitting companies and consumers worldwide.
http://www.securityfocus.com/news/11475
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Director, Information Security, Sacramento
http://www.securityfocus.com/archive/77/475371
2. [SJ-JOB] Information Assurance Analyst, McLean
http://www.securityfocus.com/archive/77/475348
3. [SJ-JOB] Auditor, Charlotte
http://www.securityfocus.com/archive/77/475367
24. [SJ-JOB] Penetration Engineer, London
http://www.securityfocus.com/archive/77/475330
25. [SJ-JOB] Security Architect, New York
http://www.securityfocus.com/archive/77/475331
26. [SJ-JOB] Information Assurance Analyst, Picatinny Arsenal--Morris County
http://www.securityfocus.com/archive/77/475236
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. "debug k" freezing Cisco routers?
http://www.securityfocus.com/archive/82/475258
2. Really, really, penultimate, PacSec CFP deadline, Aug 10.
http://www.securityfocus.com/archive/82/475262
3. error in my code
http://www.securityfocus.com/archive/82/474873
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #352
http://www.securityfocus.com/archive/88/475053
2. USB device control software
http://www.securityfocus.com/archive/88/472910
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: Learn to Think Like a Hacker - Simulate a Hacker Breaking into Your Web Apps
The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Cys
D
----------------------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: Learn to Think Like a Hacker - Simulate a Hacker Breaking into Your Web Apps
The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Cys
D
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime
II. BUGTRAQ SUMMARY
1. Live for Speed Replay File Buffer Overflow Vulnerability
2. IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability
3. Nullsoft Winamp M3U File Denial of Service Vulnerability
4. Sun Solaris DTrace Local Denial of Service Vulnerability
5. ArticleLive NX Multiple Unspecified Vulnerabilities
6. Apple iPhone Mobile Safari Browser Remote Heap Overflow Vulnerability
7. Apple Safari for Windows IDN URL Bar Spoofing Vulnerability
8. PHP-Nuke Search Module Cross-Site Scripting Vulnerability
9. WebDirector Index.PHP Cross Site Scripting Vulnerability
10. HP-UX ARPA Transport Unspecified Local Denial Of Service Vulnerability
11. BlueSkyChat ActiveX Control Buffer Overflow Vulnerability
12. WebEvent Webevent.CGI Cross-Site Scripting Vulnerability
13. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
14. Cisco Wireless LAN Control ARP Storm Multiple Denial Of Service Vulnerabilities
15. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
16. Apache Mod_Mem_Cache Information Disclosure Vulnerability
17. Joomla! GMaps Component Index.PHP SQL Injection Vulnerability
18. RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
19. RETIRED: Holotech Phorm FileUpload.PHP Arbitrary File Upload Vulnerability
20. Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
21. Hitachi JP1/Cm2/Hierarchical Viewer Unspecified Denial Of Service Vulnerability
22. PHP-Blogger Pref.DB Authentication Bypass Vulnerability
23. VMware Vielib.DLL ActiveX Control Multiple Remote Code Execution Vulnerabilities
24. iBON Search Field Local Denial Of Service Vulnerability
25. TIBCO Rendezvous RVD Daemon Unspecified Denial Of Service Vulnerability
26. IT!CMS Multiple Cross-Site Scripting Vulnerabilities
27. HP-UX ARPA Transport Unspecified Remote Denial Of Service Vulnerability
28. Atheros Wireless Drivers Denial of Service Vulnerability
29. OpenRat Index.PHP Multiple Cross-Site Scripting Vulnerabilities
30. Baidu Soba Search Bar BaiduBar.DLL ActiveX Control Remote Code Execution Vulnerability
31. WordPress Multiple Input Validation Vulnerabilities
32. WikiWebWeaver Index.PHP Arbitrary File Upload Vulnerability
33. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
34. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
35. Apple Mac OS X 2007-007 Multiple Security Vulnerabilities
36. Cscope Include Filename Buffer Overflow Vulnerability
37. Cscope Insecure Temporary File Creation Vulnerabilities
38. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
39. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
40. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
41. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
42. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
43. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
44. FreeBSD Jail RC.D Multiple Local Symbolic Link Vulnerabilities
45. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
46. ISC BIND 9 Remote Cache Poisoning Vulnerability
47. Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
48. GIMP PSD File Integer Overflow Vulnerability
49. Shadow-Utils UserAdd Local Insecure Permissions Vulnerability
50. X.Org XFS Init Script Insecure Temporary File Creation Vulnerability
51. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
52. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
53. Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
54. WordPress Upload.PHP Cross-Site Scripting Vulnerability
55. GD Graphics Library PNG File Processing Denial of Service Vulnerability
56. RadScripts RadLance Popup.PHP Local File Include Vulnerability
57. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
58. Apple WebKit Invalid Type Conversion Remote Code Execution Vulnerability
59. SquirrelMail Compose.PHP Multiple Information Disclosure and Data Modification Vulnerabilities
60. SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities
61. SquirrelMail Multiple Cross Site Scripting Vulnerabilities
62. SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting Vulnerability
63. Pluck Multiple Input Validation Vulnerabilities
64. PHP Arena paBugs Index.PHP SQL Injection Vulnerability
65. IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
66. Ipswitch IMail Server and Collaboration Suite (ICS) Multiple Buffer Overflow Vulnerabilities
67. Open Webmail Multiple Cross-Site Scripting Vulnerabilities
68. Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
69. Squirrelmail Redirect.PHP Local File Include Vulnerability
70. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
71. SquirrelMail Search.PHP Cross-Site Scripting Vulnerability
72. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
73. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
74. Multiple Browser URI Handlers Command Injection Vulnerabilities
75. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
76. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
77. Apache HTTP Server Tomcat Directory Traversal Vulnerability
78. Samba MS-RPC Remote Shell Command Execution Vulnerability
79. PHP Mail Function ASCIIZ Message Truncation Weakness
80. PHP Session_Decode Double Free Memory Corruption Vulnerability
81. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
82. PHP Session_Regenerate_ID Function Double Free Memory Corruption Vulnerability
83. PHP Array_User_Key_Compare Function Memory Corruption Vulnerability
84. PHP BZip2/Zip Wrappers Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
85. PHP GD Extension WBMP File Integer Overflow Vulnerabilities
86. Apple Safari Disable Java Preference Failure Weakness
87. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
88. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
89. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
90. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
91. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
92. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
93. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
94. Gzip Zgrep Arbitrary Command Execution Vulnerability
95. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability
96. Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability
97. Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability
98. Asterisk Multiple Remote Denial of Service Vulnerabilities
99. File Multiple Denial of Service Vulnerabilities
100. Visionsoft Audit Multiple Remote Vulnerabilities
III. SECURITYFOCUS NEWS
1. Will the iPhone be iPwned?
2. Firm finds new danger in dangling pointers
3. Newsmaker: <em>DCT, MPack developer</em>
4. Spammers dump images, switch to PDF files
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Director, Information Security, Sacramento
2. [SJ-JOB] Information Assurance Analyst, McLean
3. [SJ-JOB] Auditor, Charlotte
4. [SJ-JOB] Application Security Architect, Folsom
5. [SJ-JOB] Software Engineer, Columbia
6. [SJ-JOB] Technology Risk Consultant, Toronto
7. [SJ-JOB] Security Consultant, Central London
8. [SJ-JOB] Security Architect, Jersy city
9. [SJ-JOB] Security Engineer, Omaha
10. [SJ-JOB] Threat Analyst, Omaha
11. [SJ-JOB] Developer, Calgary
12. [SJ-JOB] Sr. Security Analyst, Woonsocket
13. [SJ-JOB] Security Consultant, Columbia
14. [SJ-JOB] Sr. Security Analyst, Providence
15. [SJ-JOB] Jr. Security Analyst, Providence
16. [SJ-JOB] Technical Support Engineer, Mountain View
17. [SJ-JOB] Sr. Security Analyst, Lyndhurst
18. [SJ-JOB] Penetration Engineer, Banglore
19. [SJ-JOB] Security Consultant, Boston, Multiple Locations
20. [SJ-JOB] Manager, Information Security, Lyndhurst
21. [SJ-JOB] Application Security Engineer, Riyadh
22. [SJ-JOB] Security Architect, Washington
23. [SJ-JOB] Security Architect, Columbus
24. [SJ-JOB] Penetration Engineer, London
25. [SJ-JOB] Security Architect, New York
26. [SJ-JOB] Information Assurance Analyst, Picatinny Arsenal--Morris County
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. "debug k" freezing Cisco routers?
2. Really, really, penultimate, PacSec CFP deadline, Aug 10.
3. error in my code
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #352
2. USB device control software
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449
2. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448
II. BUGTRAQ SUMMARY
--------------------
1. Live for Speed Replay File Buffer Overflow Vulnerability
BugTraq ID: 25168
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25168
Summary:
Live for Speed is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Successfully exploiting this issue will result in a remote compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
2. IBM Lotus Sametime Server Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 25167
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25167
Summary:
IBM Lotus Sametime Server is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Sametime Server 7.5.1; prior versions may also be affected.
3. Nullsoft Winamp M3U File Denial of Service Vulnerability
BugTraq ID: 25152
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25152
Summary:
Winamp is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, effectively denying service to legitimate users. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed.
This issue is reported to affect Winamp 5.35; other versions may also be vulnerable.
4. Sun Solaris DTrace Local Denial of Service Vulnerability
BugTraq ID: 25151
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25151
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.
Local attackers may exploit this issue to trigger kernel panics or system hangs, denying service to legitimate users. The vendor states that this issue may be less likely (or at least more difficult) to trigger on x86-based computers.
Solaris 10 SPARC and x86 are affected by this issue.
5. ArticleLive NX Multiple Unspecified Vulnerabilities
BugTraq ID: 25150
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25150
Summary:
ArticleLive NX is prone to multiple unspecified vulnerabilities. No further details are currently
available. We will update this BID as more information emerges.
Versions prior to ArticleLive NX 1.7 are vulnerable to these issues.
6. Apple iPhone Mobile Safari Browser Remote Heap Overflow Vulnerability
BugTraq ID: 25002
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25002
Summary:
Apple iPhone Mobile Safari Browser is prone to a remote heap-overflow vulnerability that can allow an attacker to gain unauthorized access to a device with administrative privileges.
The researchers responsible for discovering this issue have developed exploit code that can steal sensitive information from a vulnerable device and send it to a remote server. Another proof of concept that exploits the same issue can be used to perform physical actions on the phone such as making a sound or setting the phone to vibrate. The researchers have not yet disclosed the complete details of this vulnerability but will do so as part of a presentation for the BlackHat security conference on August 2, 2007.
This issue also affects Safari on other platforms including Windows and Mac OS X.
7. Apple Safari for Windows IDN URL Bar Spoofing Vulnerability
BugTraq ID: 24636
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24636
Summary:
Apple Safari is prone to a vulnerability that permits attackers to spoof URL bar content.
Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.
This issue affects Apple Safari 3.0.2 for Windows; other versions may also be affected.
The iPhone is reported to be affected in the APPLE-SA-2007-07-31 iPhone v1.0.1 Update security advisory.
8. PHP-Nuke Search Module Cross-Site Scripting Vulnerability
BugTraq ID: 25171
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25171
Summary:
PHP-Nuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
9. WebDirector Index.PHP Cross Site Scripting Vulnerability
BugTraq ID: 25166
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25166
Summary:
WebDirector is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
10. HP-UX ARPA Transport Unspecified Local Denial Of Service Vulnerability
BugTraq ID: 25165
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25165
Summary:
HP-UX running ARPA Transport software is prone to a local denial-of-service vulnerability.
Exploiting this issue allows local attackers to deny service to legitimate users.
This issue may be related to BID: 23410 - HP-UX ARPA Transport Unspecified Denial Of Service Vulnerability.
11. BlueSkyChat ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25149
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25149
Summary:
BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
BlueSkyChat ActiveX control 8.1.2.0 is vulnerable to this issue; other versions may also be affected.
12. WebEvent Webevent.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 25148
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25148
Summary:
WebEvent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
13. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.
An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.
14. Cisco Wireless LAN Control ARP Storm Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25043
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25043
Summary:
Cisco Wireless LAN Controller (WLC) is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the device, denying service to legitimate users.
These issues affect Cisco Wireless LAN Control 3.2, 4.0, and 4.1; other versions may also be affected.
15. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
16. Apache Mod_Mem_Cache Information Disclosure Vulnerability
BugTraq ID: 24553
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/24553
Summary:
Apache is prone to a path-information-disclosure vulnerability. Remote unauthorized attackers may be able to access sensitive data.
Information obtained may aid attackers in launching further attacks against an affected server.
Apache 2.2.4 is reported vulnerable to this issue; other versions may be affected as well.
17. Joomla! GMaps Component Index.PHP SQL Injection Vulnerability
BugTraq ID: 25146
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25146
Summary:
The Joomla! GMaps component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GMaps 1.00 is vulnerable; other versions may also be affected.
18. RETIRED: vBulletin Multiple Remote File Include Vulnerabilities
BugTraq ID: 25141
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25141
Summary:
vBulletin is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.
vBulletin 3.6.5 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
19. RETIRED: Holotech Phorm FileUpload.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 25137
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25137
Summary:
Holotech Phorm is prone to a vulnerability that lets attackers upload arbitrary files.
This issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.
This issue affects Phorm 3.0; other versions may also be affected.
NOTE: This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
20. Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
BugTraq ID: 25145
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25145
Summary:
Hitachi uCosminexus Application Server is prone to a vulnerability where session data being used by one user might be used as the session data of another user.
An attacker can exploit this issue to gain unauthorized access to session information.
This issue affects the Hitachi uCosminexus Application Server, which is included in various Hitachi applications.
21. Hitachi JP1/Cm2/Hierarchical Viewer Unspecified Denial Of Service Vulnerability
BugTraq ID: 25144
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25144
Summary:
Hitachi JP1/Cm2/Hierarchical Viewer is prone to an unspecified denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions.
22. PHP-Blogger Pref.DB Authentication Bypass Vulnerability
BugTraq ID: 25143
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25143
Summary:
PHP-Blogger is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain unauthorized access to the application.
PHP-Blogger 2.2.7 is affected; previous versions may be affected as well.
23. VMware Vielib.DLL ActiveX Control Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 25131
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25131
Summary:
An ActiveX control installed with VMware is prone to multiple remote code-execution vulnerabilities.
An attacker can exploit these issues to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.
These issues affect VMware 6.0.0; other versions may also be affected.
24. iBON Search Field Local Denial Of Service Vulnerability
BugTraq ID: 25133
Remote: No
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25133
Summary:
iBON is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.
A successful exploit will consume CPU resources and cause the computer to become unresponsive.
NOTE: Attackers may be able to execute arbitrary code, but this hasn't been confirmed.
Versions prior to iBON 2007 are vulnerable.
25. TIBCO Rendezvous RVD Daemon Unspecified Denial Of Service Vulnerability
BugTraq ID: 25132
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25132
Summary:
The RVD daemon in TIBCO Rendezvous is prone to a remote denial-of-service vulnerability.
Specific details about this vulnerability are not currently available. We will update this BID as more information emerges.
Successfully exploiting this issue allows remote attackers to consume excessive memory, leading to denial-of-service conditions.
Rendezvous 7.5.2 is vulnerable to this issue; other versions may also be affected.
26. IT!CMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25129
Remote: Yes
Last Updated: 2007-07-31
Relevant URL: http://www.securityfocus.com/bid/25129
Summary:
IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IT!CMS 0.2 is vulnerable to these issues; other versions may also be affected.
27. HP-UX ARPA Transport Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 25147
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25147
Summary:
HP-UX running ARPA Transport software is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows attackers to cause denial-of-service conditions.
28. Atheros Wireless Drivers Denial of Service Vulnerability
BugTraq ID: 25160
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25160
Summary:
Atheros wireless drivers are prone to a denial-of-service vulnerability because they fail to properly handle malformed wireless frames.
Remote attackers may exploit this issue to cause denial-of-service conditions.
Atheros drivers are also used by OEM (Original Equipment Manufacturer) wireless adapters. Therefore, various brands of wireless adapters using the Atheros chipset are affected by this vulnerability.
This issue is reported to affect drivers for the Windows operating system. Note that Linux, UNIX, and BSD computers may be vulnerable if using the NDISWrapper or similar technology to load an affected driver.
29. OpenRat Index.PHP Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25169
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25169
Summary:
OpenRat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects OpenRat 0.8-beta1 and earlier.
30. Baidu Soba Search Bar BaiduBar.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 25121
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25121
Summary:
An ActiveX control installed with Baidu Soba search bar is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.
This issue affects Baidu Soba 5.4; other versions may also be affected.
31. WordPress Multiple Input Validation Vulnerabilities
BugTraq ID: 25161
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25161
Summary:
WordPress is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These issues include multiple cross-site scripting vulnerabilities, an HTML-injection vulnerability, and multiple SQL-injection vulnerabilities.
A successful exploit may allow an attacker to steal cookie-based authentication credentials, execute malicious script code, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WordPress 2.2.1 is vulnerable; other versions may also be affected.
32. WikiWebWeaver Index.PHP Arbitrary File Upload Vulnerability
BugTraq ID: 25164
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25164
Summary:
WikiWebWeaver is prone to a vulnerability that lets attackers upload arbitrary files.
This issue occurs because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.
WikiWebWeaver 1.0 Beta 2 is vulnerable; other versions may also be affected.
33. MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability
BugTraq ID: 24653
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24653
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.
All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
Kerberos 5 'kadmind' 1.6.1, 1.5.3, and prior versions are vulnerable.
34. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.
Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.
OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.
35. Apple Mac OS X 2007-007 Multiple Security Vulnerabilities
BugTraq ID: 25159
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25159
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
36. Cscope Include Filename Buffer Overflow Vulnerability
BugTraq ID: 18050
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/18050
Summary:
Cscope is prone to a buffer-overflow vulnerability because it fails to properly validate the size of attacker-supplied data before copying it into a finite-sized buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.
37. Cscope Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 11697
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/11697
Summary:
Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it.
During execution, the utility reportedly creates temporary files in the system's temporary directory, '/tmp', with predictable names. This allows attackers to create malicious symbolic links that Cscope will write to when an unsuspecting user executes it.
Attackers may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
Versions up to and including Cscope 15.5 are reported vulnerable.
38. Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
BugTraq ID: 25154
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25154
Summary:
Trolltech Qt is prone to multiple format-string vulnerabilities because it fails to securely display error messages.
Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application using the application framework or to cause denial-of-service conditions.
This issue affects Qt 3 only. KDE and other application using the affected application framework are inherently affected.
39. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
BugTraq ID: 24835
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24835
Summary:
GNU Image Manipulation Program (GIMP) is prone to multiple integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.
An attacker can exploit these vulnerabilities to execute arbitrary code with the privileges of the user running GIMP. Failed exploit attempts will likely cause denial-of-service conditions.
Versions prior to GIMP 2.2.16 are vulnerable.
40. Mozilla Firefox 2.0.0.4 Multiple Remote Vulnerabilities
BugTraq ID: 24946
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24946
Summary:
The Mozilla Foundation has released four security advisories specifying multiple vulnerabilities in Firefox 2.0.0.4.
These vulnerabilities allow attackers to:
- Execute arbitrary code
- Execute code with chrome privileges
- Perform cross-site scripting attacks
- Crash Firefox in a myriad of ways, with evidence of memory corruption.
Other attacks may also be possible.
41. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
BugTraq ID: 24831
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24831
Summary:
Mozilla Firefox is prone to a cache-zone-bypass vulnerability because the application fails to properly block remote access to special internally generated URIs containing cached data.
Exploiting this issue allows remote attackers to access potentially sensitive information and to place markers with similar functionality to cookies onto targeted users' computers, regardless of cookie security settings. Information harvested in successful exploits may aid in further attacks.
Attackers may also potentially exploit this issue to perform cache-poisoning or URL-spoofing attacks.
This issue is being tracked by Mozilla's Bugzilla Bug 387333.
42. Mozilla Firefox URLBar Null Byte File Remote Code Execution Vulnerability
BugTraq ID: 24447
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24447
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied input.
Attackers may exploit this issue by enticing victims into visiting a malicious site and followings links with improper file extensions.
Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application. Other attacks are also possible.
43. Mozilla Firefox About:Blank IFrame Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24286
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24286
Summary:
Mozilla Firefox is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.
A malicious site may be able to modify the iframe of a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks are also possible, such as executing script code in other browser security zones.
This issue is being tracked by Bugzilla Bug 382686 and is reportedly related to Bug 343168.
Firefox 2.0.0.4 and prior versions are vulnerable.
44. FreeBSD Jail RC.D Multiple Local Symbolic Link Vulnerabilities
BugTraq ID: 22011
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/22011
Summary:
FreeBSD is prone to multiple local symbolic-link vulnerabilities because the jail startup 'rc.d' script fails to properly ensure that certain operations are not performed on symbolic links.
Successfully exploiting these issues allows users with superuser privileges inside jailed environments to overwrite arbitrary files in the host environment, overlay filesystems in arbitrary locations in the host filesystem, or to unmount filesystems in the host filesystem. These issues allow attackers to execute arbitrary machine code with superuser privileges in the host environment, escaping the jailed environment.
FreeBSD versions since version 5.3 are vulnerable to these issues.
45. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
BugTraq ID: 24965
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24965
Summary:
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running the affected application. Failed exploit attempts will likely crash the affected application.
This issue affects tcpdump 3.9.6 and prior versions.
46. ISC BIND 9 Remote Cache Poisoning Vulnerability
BugTraq ID: 25037
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25037
Summary:
BIND 9 is prone to a remote cache-poisoning vulnerability because of a weakness in its random number generator.
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
Versions up to BIND 9.4.1 are vulnerable to this issue.
47. Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25086
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25086
Summary:
Yahoo! Widgets Engine is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Yahoo! Widgets Engine 4.0.3 (build 178) is reported vulnerable; other versions may be affected as well.
48. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.
GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.
49. Shadow-Utils UserAdd Local Insecure Permissions Vulnerability
BugTraq ID: 18111
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/18111
Summary:
The useradd utility in shadow-utils is susceptible to a local insecure-permissions vulnerability. This issue is due to a race-condition between when user mailboxes are created and when permissions are set on the file.
A local, unprivileged attacker can exploit this issue to gain access to newly created mailbox files. This may allow them to directly inject forged email messages to aid them in social-engineering attacks. Attackers may also be able to inject data into the mailbox file that will cause mail applications to fail to access the file, denying email access to targeted users. Other attacks may also be possible.
Version 4.0.3 of shadow-utils is vulnerable to this issue; other versions may also be affected.
50. X.Org XFS Init Script Insecure Temporary File Creation Vulnerability
BugTraq ID: 24888
Remote: No
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24888
Summary:
The X Font Server (XFS) creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks to alter the permissions of an arbitrary attacker-supplied file.
51. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
52. Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability
BugTraq ID: 25142
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25142
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges.
A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could exploit this issue to execute hostile script code with privileges that exceed those that were intended. Certain Firefox extensions may not intend 'about:blank' to execute script code with Chrome privileges.
NOTE: This issue was introduced by the fix for MFSA 2007-20.
53. Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
BugTraq ID: 24837
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24837
Summary:
Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers.
Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' and 'navigator.exe' processes by employing the 'firefoxurl' and 'navigatorurl' handlers.
An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox and Netscape Navigator's resources.
Exploiting these issues would permit remote attackers to influence command options that can be called through the 'firefoxurl' and 'navigatorurl' handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.
54. WordPress Upload.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 25158
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25158
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects WordPress 2.2.1; prior versions may also be affected.
55. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.
GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.
56. RadScripts RadLance Popup.PHP Local File Include Vulnerability
BugTraq ID: 17975
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/17975
Summary:
RadLance is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
RadLance Gold 7.0 is reported affected by this issue; other versions may also be vulnerable.
57. JasPer JPC_QCX_GetCompParm Function JP2 File Handling Remote Denial of Service Vulnerability
BugTraq ID: 24052
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24052
Summary:
JasPer is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted JP2 files.
An attacker may exploit this issue by enticing victims to open a maliciously crafted file.
Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.
This issue affects JasPer 1.900 and 1.900.1; other versions may also be affected.
58. Apple WebKit Invalid Type Conversion Remote Code Execution Vulnerability
BugTraq ID: 24597
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/24597
Summary:
Apple WebKit is prone to a remote code-execution vulnerability.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successful exploits can allow attackers to execute arbitrary code in the context of an application using the framework (typically Safari) or to cause denial-of-service conditions.
59. SquirrelMail Compose.PHP Multiple Information Disclosure and Data Modification Vulnerabilities
BugTraq ID: 19486
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/19486
Summary:
SquirrelMail is prone to multiple information-disclosure and data-modification vulnerabilities because the application fails to properly sanitize user-supplied input.
Successful exploits may allow an authenticated remote attacker to read and write email attachments or preferences from other users. This may lead to other attacks.
60. SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities
BugTraq ID: 21414
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/21414
Summary:
SquirrelMail is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to SquirrelMail 1.4.9a are vulnerable.
61. SquirrelMail Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 23910
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/23910
Summary:
SquirrelMail is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
62. SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14973
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/14973
Summary:
SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
63. Pluck Multiple Input Validation Vulnerabilities
BugTraq ID: 25179
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25179
Summary:
Pluck is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied data. These issues include a remote file-include vulnerability and a local file-include vulnerability.
An attacker can exploit these issues to execute arbitrary local and remote PHP code in the context of the webserver process. This may facilitate a remote compromise of the underlying system; other attacks are also possible.
Pluck 4.3 is vulnerable; other versions may also be affected.
64. PHP Arena paBugs Index.PHP SQL Injection Vulnerability
BugTraq ID: 25178
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25178
Summary:
paBugs is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects paBugs 2.0 Beta 3; other versions may also be vulnerable.
65. IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 25177
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25177
Summary:
Online DVD Rental System is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Online DVD Rental System 5.1 is vulnerable; other versions may also be affected.
66. Ipswitch IMail Server and Collaboration Suite (ICS) Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25176
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25176
Summary:
Ipswitch IMail Server and Collaboration Suite (ICS) are prone to multiple buffer-overflow vulnerabilities because these applications fail to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit these issues to execute arbitrary code in the context of the affected applications. Failed exploit attempts will likely result in denial-of-service conditions.
Ipswitch Collaboration Suite (ICS) 2006, IMail Premium 2006.2 and 2006.21 are reported vulnerable to these issues; other versions may also be affected.
67. Open Webmail Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25175
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25175
Summary:
Open Webmail is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
68. Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
BugTraq ID: 25174
Remote: Yes
Last Updated: 2007-08-02
Relevant URL: http://www.securityfocus.com/bid/25174
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
This issue affects Tomcat 3.3 to 3.3.2.
69. Squirrelmail Redirect.PHP Local File Include Vulnerability
BugTraq ID: 18231
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/18231
Summary:
SquirrelMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit may allow unauthorized users to view files and to execute local scripts; other attacks are also possible.
70. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
BugTraq ID: 13873
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/13873
Summary:
Multiple vendors are prone to HTTP-request-smuggling issues. Attackers can piggyback an HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, attackers can launch cache-poisoning, cross-site scripting, session-hijacking, and other attacks.
71. SquirrelMail Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 18700
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/18700
Summary:
SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
72. KDE KPDF/KWord/XPDF StreamPredictor Function Stack Buffer Overflow Vulnerability
BugTraq ID: 25124
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25124
Summary:
KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.
73. Libvorbis Denial Of Service And Memory Corruption Vulnerabilities
BugTraq ID: 25082
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25082
Summary:
Applications that use the libvorbis library are prone to multiple remote vulnerabilities, including a denial-of-service issue and multiple memory-corruption issues.
An attacker can exploit these issues to execute arbitrary code within the context of the application or cause the affected application to crash.
These issues affect libvorbis 1.1.2; other versions of the library may also be affected.
74. Multiple Browser URI Handlers Command Injection Vulnerabilities
BugTraq ID: 25053
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25053
Summary:
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.
Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.
An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.
Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.
Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.
75. Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
BugTraq ID: 24147
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24147
Summary:
Apache HTTP server running with the Tomcat JK Web Server Connector is prone to a security-bypass vulnerability because it decodes request URLs multiple times.
Exploiting this issue allows attackers to access restricted files in the Tomcat web directory. This can expose sensitive information that could help attackers launch further attacks.
This issue is present in versions prior to Apache Tomcat JK Connector 1.2.23.
76. Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
BugTraq ID: 24524
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24524
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.
This issue may have been reported as part of the vulnerabilities described in BID 24058 (Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities). Symantec has not been able to confirm this information. We will update this BID when more information emerges.
77. Apache HTTP Server Tomcat Directory Traversal Vulnerability
BugTraq ID: 22960
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/22960
Summary:
Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks.
Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable.
78. Samba MS-RPC Remote Shell Command Execution Vulnerability
BugTraq ID: 23972
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23972
Summary:
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application.
This issue affects Samba 3.0.0 to 3.0.25rc3.
79. PHP Mail Function ASCIIZ Message Truncation Weakness
BugTraq ID: 23146
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23146
Summary:
PHP is prone to a weakness that allows attackers to truncate email text.
Successful exploits may allow attackers to truncate email text to manipulate message content. This may potentially assist in phishing or other attacks.
This issue affects PHP 4 to 4.4.6 and PHP 5 to 5.2.1.
80. PHP Session_Decode Double Free Memory Corruption Vulnerability
BugTraq ID: 23121
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23121
Summary:
PHP is prone to a double-free memory-corruption vulnerability.
Attackers may be able to exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable. Remote attack vectors may also be possible, but this is yet to be confirmed.
This issue affects PHP versions 4.4.5 and 4.4.6.
81. PHP Mb_Parse_Str Function Register_Globals Activation Weakness
BugTraq ID: 23016
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23016
Summary:
PHP is prone to a weakness that allows attackers to enable the 'register_globals' directive because the application fails to handle a memory-limit exception.
Enabling the PHP 'register_globals' directive may allow attackers to further exploit latent vulnerabilities in PHP scripts.
This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249 - PHP Parse_Str Register_Globals Activation Weakness.
This issue affects PHP 4 to 4.4.6 and 5 to 5.2.1.
82. PHP Session_Regenerate_ID Function Double Free Memory Corruption Vulnerability
BugTraq ID: 22968
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/22968
Summary:
PHP is prone to a double-free memory-corruption vulnerability.
Attackers may be able to exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable. Remote attack vectors may also be possible, but this is yet to be confirmed.
This issue affects PHP 5 to 5.2.1. Note that PHP 4 is vulnerable only if successful remote exploits are proven.
83. PHP Array_User_Key_Compare Function Memory Corruption Vulnerability
BugTraq ID: 22990
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/22990
Summary:
PHP is prone to a memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions.
This issue is proven to be locally exploitable.
The vulnerability affects these versions:
PHP 4.x but prior to 4.4.6
PHP 5.x but prior to 5.2.1
84. PHP BZip2/Zip Wrappers Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
BugTraq ID: 22954
Remote: No
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/22954
Summary:
PHP is prone to multiple 'safe_mode' and 'open_basedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations.
These vulnerabilities would be issues in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other.
PHP 5.2.1 and prior versions are vulnerable to these issues.
85. PHP GD Extension WBMP File Integer Overflow Vulnerabilities
BugTraq ID: 23357
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23357
Summary:
PHP's GD extension is prone to two integer-overflow vulnerabilities because it fails to ensure that integer values aren't overrun.
Successfully exploiting these issues allows attackers to crash the affected application, potentially denying service to legitimate users. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.
PHP 5.2.1 and prior versions are vulnerable.
86. Apple Safari Disable Java Preference Failure Weakness
BugTraq ID: 25157
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25157
Summary:
Apple Safari is prone to a weakness that may result in the execution of potentially malicious Java applets. This issue results from a design error.
This weakness arises because the application fails to properly check a security setting. Potentially malicious Java applets can be loaded from a web page regardless of the setting of the 'Enable Java' preference.
Versions prior to Safari 3.0.3 Beta and Safari 3.0.3 Beta for Windows are vulnerable to this issue.
87. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24198
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24198
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
88. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24196
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24196
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
89. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24197
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24197
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
90. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24195
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24195
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
91. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 23973
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/23973
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects Samba 3.0.25rc3 and prior versions.
This BID previously documented multiple heap-based buffer-overflow vulnerabilities affecting Samba. Each issue has been assigned its own individual record. The issues are covered in this BID and the following records:
BID 24195 - Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
BID 24196 - Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BID 24197 - Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
BID 24198 - Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
92. MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability
BugTraq ID: 24655
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24655
Summary:
MIT Kerberos 5 Administration Daemon ('kadmind') is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
This issue also affects third-party applications using the affected RPC library.
Versions prior to 'kadmind' krb5-1.6.1 are vulnerable.
93. MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability
BugTraq ID: 24657
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24657
Summary:
Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.
This issue also affects third-party applications using the affected RPC library.
All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.
Kerberos 5 'kadmind' 1.6.1 and prior versions are vulnerable.
94. Gzip Zgrep Arbitrary Command Execution Vulnerability
BugTraq ID: 13582
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/13582
Summary:
The 'zgrep' utility is reportedly affected by an arbitrary command-execution vulnerability.
An attacker may execute arbitrary commands through zgrep command arguments to potentially gain unauthorized access to the affected computer. Note that this issue poses a security threat only if the arguments originate from a malicious source.
This issue affects zgrep 1.2.4; other versions may be affected as well.
95. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability
BugTraq ID: 24619
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24619
Summary:
Safari for Windows is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker entices a victim to bookmark a maliciously crafted site.
A remote attacker may exploit this issue to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
96. Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability
BugTraq ID: 24598
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24598
Summary:
Apple WebCore is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may exploit this issue by enticing victims into visiting a malicious website.
The attacker may leverage this issue to execute arbitrary script code in an application using the affected framework (typically Safari). This may help the attacker steal cookie-based authentication credentials and launch other attacks.
97. Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability
BugTraq ID: 24599
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24599
Summary:
Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions.
Exploiting this issue may allow attackers to access locations that a user visits, even if those locations are in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks.
This issue affects versions prior to Safari 3 Beta Update 3.0.2
98. Asterisk Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24950
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24950
Summary:
Asterisk is prone to multiple remote denial-of-service vulnerabilities.
Exploiting these issues allows remote attackers to cause the application to crash, effectively denying service to legitimate users.
99. File Multiple Denial of Service Vulnerabilities
BugTraq ID: 24146
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/24146
Summary:
The 'file' utility is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.
An attacker could exploit this issue by enticing a victim to open a specially crafted file. A denial-of-service condition can occur. Arbitrary code execution may be possible, but Symantec has not confirmed this.
100. Visionsoft Audit Multiple Remote Vulnerabilities
BugTraq ID: 25153
Remote: Yes
Last Updated: 2007-08-01
Relevant URL: http://www.securityfocus.com/bid/25153
Summary:
Visionsoft Audit is prone to multiple remote vulnerabilities:
- A heap-based buffer-overflow issue
- Multiple information-disclosure issues
- A denial-of-service issue
- A password-disclosure issue
- Multiple arbitrary-file-overwrite issues
An attacker can exploit these issues to completely compromise the affected computer, crash the affected application, overwrite arbitrary files, gain unauthorized access to the affected application, and obtain sensitive information.
These issues affect Visionsoft Audit 12.4.0.0; other versions may also be affected.
III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Will the iPhone be iPwned?
By: Robert Lemos
Security experts' predictions for the sleek high-end device vary, but they agree that Apple's first phone will be scrutinized closely.
http://www.securityfocus.com/news/11478
2. Firm finds new danger in dangling pointers
By: Robert Lemos
The common software flaw should be considered a security threat, not a quality control issue, researchers say.
http://www.securityfocus.com/news/11477
3. Newsmaker: <em>DCT, MPack developer</em>
By: Robert Lemos
One of the three Russian developers behind the MPack infection kit virtually sits down with <cite>SecurityFocus</cite> to discuss the program and making a business out of cybercrime.
http://www.securityfocus.com/news/11476
4. Spammers dump images, switch to PDF files
By: Robert Lemos
A wave of spam e-mail messages carrying attachments in the Portable Document Format gathers speed, hitting companies and consumers worldwide.
http://www.securityfocus.com/news/11475
IV. SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Director, Information Security, Sacramento
http://www.securityfocus.com/archive/77/475371
2. [SJ-JOB] Information Assurance Analyst, McLean
http://www.securityfocus.com/archive/77/475348
3. [SJ-JOB] Auditor, Charlotte
http://www.securityfocus.com/archive/77/475367
4. [SJ-JOB] Application Security Architect, Folsom
http://www.securityfocus.com/archive/77/475368
5. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/475359
6. [SJ-JOB] Technology Risk Consultant, Toronto
http://www.securityfocus.com/archive/77/475363
7. [SJ-JOB] Security Consultant, Central London
http://www.securityfocus.com/archive/77/475369
8. [SJ-JOB] Security Architect, Jersy city
http://www.securityfocus.com/archive/77/475350
9. [SJ-JOB] Security Engineer, Omaha
http://www.securityfocus.com/archive/77/475372
10. [SJ-JOB] Threat Analyst, Omaha
http://www.securityfocus.com/archive/77/475347
11. [SJ-JOB] Developer, Calgary
http://www.securityfocus.com/archive/77/475358
12. [SJ-JOB] Sr. Security Analyst, Woonsocket
http://www.securityfocus.com/archive/77/475362
13. [SJ-JOB] Security Consultant, Columbia
http://www.securityfocus.com/archive/77/475342
14. [SJ-JOB] Sr. Security Analyst, Providence
http://www.securityfocus.com/archive/77/475349
15. [SJ-JOB] Jr. Security Analyst, Providence
http://www.securityfocus.com/archive/77/475360
16. [SJ-JOB] Technical Support Engineer, Mountain View
http://www.securityfocus.com/archive/77/475340
17. [SJ-JOB] Sr. Security Analyst, Lyndhurst
http://www.securityfocus.com/archive/77/475341
18. [SJ-JOB] Penetration Engineer, Banglore
http://www.securityfocus.com/archive/77/475333
19. [SJ-JOB] Security Consultant, Boston, Multiple Locations
http://www.securityfocus.com/archive/77/475343
20. [SJ-JOB] Manager, Information Security, Lyndhurst
http://www.securityfocus.com/archive/77/475346
21. [SJ-JOB] Application Security Engineer, Riyadh
http://www.securityfocus.com/archive/77/475332
22. [SJ-JOB] Security Architect, Washington
http://www.securityfocus.com/archive/77/475344
23. [SJ-JOB] Security Architect, Columbus
http://www.securityfocus.com/archive/77/475329
24. [SJ-JOB] Penetration Engineer, London
http://www.securityfocus.com/archive/77/475330
25. [SJ-JOB] Security Architect, New York
http://www.securityfocus.com/archive/77/475331
26. [SJ-JOB] Information Assurance Analyst, Picatinny Arsenal--Morris County
http://www.securityfocus.com/archive/77/475236
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. "debug k" freezing Cisco routers?
http://www.securityfocus.com/archive/82/475258
2. Really, really, penultimate, PacSec CFP deadline, Aug 10.
http://www.securityfocus.com/archive/82/475262
3. error in my code
http://www.securityfocus.com/archive/82/474873
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #352
http://www.securityfocus.com/archive/88/475053
2. USB device control software
http://www.securityfocus.com/archive/88/472910
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
XI. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: Learn to Think Like a Hacker - Simulate a Hacker Breaking into Your Web Apps
The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Cys
D
[ reply ]