SecurityFocus News
SecurityFocus Newsletter #484 Dec 31 2008 06:53PM
sfa securityfocus com
SecurityFocus Newsletter #484
----------------------------------------

This issue is sponsored by Purewire

NEW! White Paper:
"Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's.
Download this white paper now to mitigate your online security risks.
http://www.purewire.com/lp/sec

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Exclude Bad ISPs
2.Standing on Other's Shoulders
II. BUGTRAQ SUMMARY
1. QEMU Multiple Local Vulnerabilities
2. Adobe Flash Player Unspecified Remote Security Vulnerability
3. kses Multiple Input Validation Vulnerabilities
4. Userlocator 'y' Parameter SQL Injection Vulnerability
5. COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities
6. Pligg 'check_url.php' SQL Injection Vulnerability
7. Page Flip Image Gallery 'getConfig.php' Information Disclosure Vulnerability
8. OneOrZero Arbitrary File Upload Vulnerability
9. Constructr CMS 'show_page' Parameter SQL Injection Vulnerability
10. Moodle 'etitle' Parameter HTML Injection Vulnerability
11. Moodle Index.PHP Cross Site Scripting Vulnerability
12. SolarCMS 'cat' Parameter SQL Injection Vulnerability
13. Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
14. Blender 'BPY_interface.c' Remote Command Execution Vulnerability
15. Blender 'radiance_hdr.c' Remote Buffer Overflow Vulnerability
16. Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
17. 'imlib2' Library Multiple Buffer Overflow Vulnerabilities
18. Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
19. ReVou Arbitrary File Upload Vulnerability
20. Multiple China-on-site.com Products Username and Password SQL Injection Vulnerabilities
21. University of Washington IMAP c-client Buffer Overflow Vulnerability
22. BLOG 'image_upload.php' Arbitrary File Upload Vulnerability
23. Drupal Views Content Construction Kit SQL Injection Vulnerability
24. Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
25. Chipmunk Forum Multiple SQL Injection Vulnerabilities
26. Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
27. BulletProof FTP Client Bookmark File Heap Buffer Overflow Vulnerability
28. Personal Sticky Threads vBulletin Addon Unauthorized Access Vulnerability
29. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
30. PHP-Fusion TI Blog System Module 'blog.php' SQL Injection Vulnerability
31. MPlayer TwinVQ Handling Stack Buffer Overflow Vulnerability
32. OpenSSH CBC Mode Information Disclosure Vulnerability
33. Perl Archive::Tar Module Remote Directory Traversal Vulnerability
34. 'imlib2' Library 'load()' Function Buffer Overflow Vulnerability
35. W2B phpGreetCards 'category' Parameter Cross Site Scripting Vulnerability
36. W2B phpEmployment 'auth.php' Arbitrary File Upload Vulnerability
37. W2B phpAdBoard 'index.php' Arbitrary File Upload Vulnerability
38. W2B phpGreetCards 'index.php' Arbitrary File Upload Vulnerability
39. stormBoards 'thread.php' SQL Injection Vulnerability
40. Sun Fire Servers IP Spoofing Security Bypass Vulnerability
41. AIST Netcat 3.1.2 Multiple Input Validation Vulnerabilities
42. Getleft HTML Tags Multiple Buffer Overflow Vulnerabilities
43. AIST NetCat 'password_recovery.php' SQL Injection Vulnerability
44. Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
45. VLC Media Player Real demuxer Heap Buffer Overflow Vulnerability
46. VLC Media Player Multiple Stack Based Buffer Overflow Vulnerabilities
47. Psi Malformed Packet Remote Denial of Service Vulnerability
48. PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
49. Linux Kernel 'qdisc_run()' Local Denial of Service Vulnerability
50. WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability
51. WFTPD Server Multiple Buffer Overflow Vulnerabilities
52. ACLogic CesarFTP Multiple Commands Remote Buffer Overflow Vulnerability
53. GNU Enscript 'src/psgen.c' Stack Based Buffer Overflow Vulnerability
54. Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
55. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability
56. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
57. FreeBSD netgraph and bluetooth Local Privilege Escalation Vulnerabilities
58. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
59. MediaWiki Cross Site Scripting And Multiple HTML Injection Vulnerabilities
60. Sun SNMP Management Agent Insecure Temporary File Creation Vulnerability
61. MySQL Calendar 'username' Parameter SQL Injection Vulnerability
62. bloofoxCMS 'dialog.php' Local File Include Vulnerability
63. Acoustica Mixcraft '.mx4' Project File Buffer Overflow Vulnerability
64. SAWStudio '.prf' File Buffer Overflow Vulnerability
65. phpMyAdmin 'table' Parameter SQL Injection Vulnerability
66. suPHP 'suPHP_ConfigPath' Safe Mode Restriction-Bypass Vulnerability
67. TYPO3 Simple File Browser Unspecified Information Disclosure Vulnerability
68. Joomla! LiveTicker 'tid' Parameter SQL Injection Vulnerability
69. TYPO3 WEC Discussion Extension SQL Injection and Cross Site Scripting Vulnerabilities
70. Joomla! Ice Gallery Component 'catid' Parameter SQL Injection Vulnerability
71. ILIAS 'repository.php' SQL Injection Vulnerability
72. TYPO3 WEBERkommunal Facilities Extension Unspecified SQL Injection Vulnerability
73. TYPO3 Vox populi Unspecified Cross Site Scripting Vulnerability
74. doop Administration Page Arbitrary File Upload Vulnerability
75. PCRE Regular Expression Heap Based Buffer Overflow Vulnerability
76. GpsDrive Multiple Insecure Temporary File Creation Vulnerabilities
77. Nagios Web Interface Privilege Escalation Vulnerability
78. Verlihub Insecure Temporary File Creation Vulnerability
79. TYPO3 TU-Clausthal ODIN Extension Unspecified SQL Injection Vulnerability
80. Verlihub Trigger Remote Command Execution Vulnerability
81. TYPO3 SB Universal Plugin Unspecified Cross Site Scripting Vulnerability
82. TYPO3 TU-Clausthal Staff Extension Unspecified SQL Injection Vulnerability
83. IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
84. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
85. Ampache Insecure Temporary File Creation Vulnerability
86. PGP Desktop 'PGPweded.sys' Local Denial of Service Vulnerability
87. TYPO3 DR Wiki Extension Unspecified Cross Site Scripting Vulnerability
88. Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability
89. CUPS 'pstopdf' Insecure Temporary File Creation Vulnerability
90. chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
91. Joomla Apps Volunteer Management Component 'job_id' Parameter SQL Injection Vulnerability
92. freeSSHd SFTP Commands Multiple Remote Buffer Overflow Vulnerabilities
93. YourPlace 1.0.2 Multiple Remote Vulnerabilities
94. Git gitweb 'diff.external' Local Privilege Escalation Vulnerability
95. BitDefender 'pdf.xmd' Module PDF Parsing Remote Denial Of Service Vulnerability
96. Avahi Multicast DNS Denial Of Service Vulnerability
97. Text Lines Rearrange Script 'download.php' Information Disclosure Vulnerability
98. phpCollab Multiple Input Validation Vulnerabilities
99. phpg Multiple Input Validation Vulnerabilities
100. RSS Simple News 'news.php' SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Group attacks flaw in browser crypto security
2. Commission calls for cybersecurity czar
3. Microsoft hopes free security means less malware
4. Researchers find more flaws in wireless security
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #424
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Exclude Bad ISPs
By Oliver Day
In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam.
http://www.securityfocus.com/columnists/487

2. Standing on Other's Shoulders
By Chris Wysopal
"If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build.
http://www.securityfocus.com/columnists/486

II. BUGTRAQ SUMMARY
--------------------
1. QEMU Multiple Local Vulnerabilities
BugTraq ID: 23731
Remote: No
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/23731
Summary:
QEMU is prone to multiple locally exploitable buffer-overflow and denial-of-service vulnerabilities. The buffer-overflow issues occur because the software fails to properly check boundaries of user-supplied input when copying it to insufficiently sized memory buffers. The denial-of-service issues stem from design errors.

Attackers may be able to exploit these issues to escalate privileges, execute arbitrary code, or trigger denial-of-service conditions in the context of the affected applications.

2. Adobe Flash Player Unspecified Remote Security Vulnerability
BugTraq ID: 32896
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32896
Summary:
Adobe Flash Player is prone to an unspecified security vulnerability.

Remote attackers may exploit this vulnerability to compromise an affected computer.

No further technical details are currently available. We will update this BID as more information emerges.

This issue affects Flash Player on Linux platforms.

Versions prior to Flash Player 10.0.15.3 and 9.0.152.0 are vulnerable.

3. kses Multiple Input Validation Vulnerabilities
BugTraq ID: 28599
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/28599
Summary:
The kses HTML filter is prone to multiple input-validation vulnerabilities that can lead to client-side script execution.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. PHP code execution is also reportedly possible, but may be exploitable only in limited -- and unknown -- circumstances.

The issues are known to affect the following multiple projects that have incorporated kses:

Dokeos prior to 1.8.4 SP3
eGroupWare prior to 1.4.003
WordPress prior to 2.5
Moodle prior to 1.9

Other applications may also be affected.

NOTE: These issues were previously documented in the following BIDs:

28424 eGroupWare '_bad_protocol_once()' HTML Security Bypass Vulnerability
28121 Dokeos Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

Since these issues were determined to originate in the same kses-based source code, this BID has been created to cover all the affected packages.

4. Userlocator 'y' Parameter SQL Injection Vulnerability
BugTraq ID: 32960
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32960
Summary:
Userlocator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Userlocator 3.0 is vulnerable; other versions may also be affected.

5. COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities
BugTraq ID: 32975
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32975
Summary:
COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities:

- Multiple unauthorized-access vulnerabilities
- An information-disclosure vulnerability
- Multiple cross-site scripting vulnerabilities
- A denial-of-service vulnerability
- Multiple buffer-overflow vulnerabilities

Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.

CT-536 and FG-536 firmware A101-302JAZ-C01_R05 is vulnerable; other firmware versions may also be affected.

6. Pligg 'check_url.php' SQL Injection Vulnerability
BugTraq ID: 32970
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32970
Summary:
Pligg is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Pligg 9.9.5b is vulnerable; other versions may also be affected.

7. Page Flip Image Gallery 'getConfig.php' Information Disclosure Vulnerability
BugTraq ID: 32966
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32966
Summary:
Page Flip Image Gallery is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view arbitrary files in the context of the webserver process. This may aid in further attacks.

Page Flip Image Gallery 0.2.2 is vulnerable; other versions may also be affected.

8. OneOrZero Arbitrary File Upload Vulnerability
BugTraq ID: 32959
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32959
Summary:
OneOrZero is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

9. Constructr CMS 'show_page' Parameter SQL Injection Vulnerability
BugTraq ID: 32956
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32956
Summary:
Constructr CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Constructr CMS 3.02.5 and prior versions are vulnerable.

10. Moodle 'etitle' Parameter HTML Injection Vulnerability
BugTraq ID: 30348
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/30348
Summary:
Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

11. Moodle Index.PHP Cross Site Scripting Vulnerability
BugTraq ID: 24748
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/24748
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

This issue affects Moodle 1.7.1; other versions may also be vulnerable.

12. SolarCMS 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 32974
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32974
Summary:
SolarCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SolarCMS 0.53.3.8 is vulnerable; other versions may also be affected.

13. Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
BugTraq ID: 31887
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/31887
Summary:
Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary commands in the context of the vulnerable webserver.

This issue may be related to BID 15213 (Snoopy Arbitrary Command Execution Vulnerability); this has not been confirmed.

Versions prior to Snoopy 1.2.4 are affected. Additional applications that use the Snoopy library may also be vulnerable.

14. Blender 'BPY_interface.c' Remote Command Execution Vulnerability
BugTraq ID: 31931
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/31931
Summary:
Blender is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute Blender in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-in user.

Blender 2.48a is vulnerable; other versions may also be affected.

15. Blender 'radiance_hdr.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 28870
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/28870
Summary:
Blender is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The issue affects Blender 2.45; other versions may also be affected.

16. Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
BugTraq ID: 31862
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/31862
Summary:
Smarty Template Engine is prone to a security-bypass vulnerability that occurs when embedded variables are processed.

Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.

Smarty Template Engine 2.6.19 is vulnerable to the issue; other versions may also be affected.

17. 'imlib2' Library Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 29417
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/29417
Summary:
The 'imlib2' library is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data.

An attacker can exploit these issues to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

The issues affect imlib2 1.4.0; other versions may also be affected.

18. Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
BugTraq ID: 31587
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/31587
Summary:
Dovecot is prone to multiple security-bypass vulnerabilities affecting the ACL plugin.

Attackers can exploit these issues to bypass certain mailbox restrictions and obtain potentially sensitive data; other attacks are also possible.

These issues affect versions prior to Dovecot 1.1.4.

19. ReVou Arbitrary File Upload Vulnerability
BugTraq ID: 32954
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32954
Summary:
ReVou is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

20. Multiple China-on-site.com Products Username and Password SQL Injection Vulnerabilities
BugTraq ID: 32810
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32810
Summary:
Multiple China-on-site.com Products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following products are affected; other versions may also be affected:

FlexPHPNews 0.0.6
FlexPHPNews Pro 0.0.6
FlexPHPDirectory 0.0.1
FlexPHPSite 0.0.1
FlexPHPLink Pro 0.0.7
Flexcustomer 0.0.6
FlexPHPic 0.0.4
FlexPHPic Pro 0.0.3

21. University of Washington IMAP c-client Buffer Overflow Vulnerability
BugTraq ID: 32958
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32958
Summary:
University of Washington IMAP is prone to a buffer-overflow vulnerability.

A successful exploit may allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions.

The issue affects versions prior to IMAP 2007e.

22. BLOG 'image_upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 32953
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32953
Summary:
BLOG is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

BLOG 1.55b is affected; other versions may be vulnerable as well.

23. Drupal Views Content Construction Kit SQL Injection Vulnerability
BugTraq ID: 32895
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32895
Summary:
The Drupal Views module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Views 6.x-2.2 are vulnerable.

24. Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
BugTraq ID: 29605
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/29605
Summary:
Courier-Authlib is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Courier-Authlib 0.60.6 are vulnerable; other versions may also be affected.

25. Chipmunk Forum Multiple SQL Injection Vulnerabilities
BugTraq ID: 12456
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/12456
Summary:
Chipmunk Forum is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before being used in SQL queries.

These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of SQL query logic or other attacks.

Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

26. Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
BugTraq ID: 32926
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32926
Summary:
Courier-Authlib is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Courier-Authlib 0.62.0 are vulnerable.

27. BulletProof FTP Client Bookmark File Heap Buffer Overflow Vulnerability
BugTraq ID: 33007
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33007
Summary:
BulletProof FTP Client is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

BulletProof FTP Client 2.63 is vulnerable; other versions may also be affected.

28. Personal Sticky Threads vBulletin Addon Unauthorized Access Vulnerability
BugTraq ID: 33017
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33017
Summary:
Personal Sticky Threads is prone to an unauthorized-access vulnerability.

An attacker can exploit this vulnerability to gain unauthorized access to restricted threads. This may disclose potentially sensitive information that may aid in further attacks.

Personal Sticky Threads 1.0.3c is vulnerable; other versions may also be affected.

29. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
BugTraq ID: 31874
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/31874
Summary:
Microsoft Windows is prone to a remote-code execution vulnerability that affects RPC (Remote Procedure Call) handling in the Server service.

An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits. Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.

This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

30. PHP-Fusion TI Blog System Module 'blog.php' SQL Injection Vulnerability
BugTraq ID: 33019
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33019
Summary:
TI Blog System is prone to an SQL-injection vulnerability affecting the 'manuals' module because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

31. MPlayer TwinVQ Handling Stack Buffer Overflow Vulnerability
BugTraq ID: 32822
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32822
Summary:
MPlayer is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

This issue affects MPlayer 1.0rc2; other versions may also be affected.

32. OpenSSH CBC Mode Information Disclosure Vulnerability
BugTraq ID: 32319
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32319
Summary:
OpenSSH is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain four bytes of plaintext from an encrypted session.

OpenSSH 4.7p1 is vulnerable; other versions may also be affected. Various versions of SSH Tectia are also affected.

33. Perl Archive::Tar Module Remote Directory Traversal Vulnerability
BugTraq ID: 26355
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/26355
Summary:
Perl Archive::Tar module is prone to a directory-traversal vulnerability because it fails to validate user-supplied data.

A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.

Note that all applications using Perl Archive::Tar module may be affected.

34. 'imlib2' Library 'load()' Function Buffer Overflow Vulnerability
BugTraq ID: 32371
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32371
Summary:
The 'imlib2' library is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data.

An attacker can exploit this issue to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects imlib2 1.4.2; other versions may also be affected.

35. W2B phpGreetCards 'category' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 33001
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33001
Summary:
W2B phpGreetCards is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

phpGreetCards 3.7 is vulnerable; other versions may also be affected.

36. W2B phpEmployment 'auth.php' Arbitrary File Upload Vulnerability
BugTraq ID: 33000
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33000
Summary:
W2B phpEmployment is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

phpEmployment 1.8 is vulnerable; other versions may also be affected.

37. W2B phpAdBoard 'index.php' Arbitrary File Upload Vulnerability
BugTraq ID: 32998
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32998
Summary:
W2B phpAdBoard is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

phpAdBoard 1.8 is vulnerable; other versions may also be affected.

38. W2B phpGreetCards 'index.php' Arbitrary File Upload Vulnerability
BugTraq ID: 32995
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32995
Summary:
W2B phpGreetCards is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

phpGreetCards 3.7 is vulnerable; other versions may also be affected.

39. stormBoards 'thread.php' SQL Injection Vulnerability
BugTraq ID: 32993
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32993
Summary:
stormBoards is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

stormBoards 1.0.1 is vulnerable; other versions may also be affected.

40. Sun Fire Servers IP Spoofing Security Bypass Vulnerability
BugTraq ID: 32805
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32805
Summary:
Sun Fire Servers are prone to a security-bypass vulnerability.

Attackers can exploit this vulnerability to gain unauthorized access to the System Controller (SC) and possibly the host operating system. This may allow attackers to perform actions that will result in denial-of-service conditions and possibly other attacks.

41. AIST Netcat 3.1.2 Multiple Input Validation Vulnerabilities
BugTraq ID: 32992
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32992
Summary:
AIST Netcat is prone to multiple input-validation vulnerabilities:

- Multiple local file-include vulnerabilities
- Multiple cross-site scripting vulnerabilities
- Multiple HTTP response-splitting vulnerabilities
- A CRLF-injection vulnerability

Attackers can exploit these issues to compromise the affected application; misrepresent how web content is served, cached, or interpreted; execute arbitrary script code and PHP code within the context of the webserver process; and obtain sensitive information. Other attacks are also possible.

AIST Netcat 3.1.2 is vulnerable; other versions may also be affected.

42. Getleft HTML Tags Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 32994
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32994
Summary:
Getleft is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Getleft 1.2 is vulnerable; other versions may also be affected.

43. AIST NetCat 'password_recovery.php' SQL Injection Vulnerability
BugTraq ID: 32990
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32990
Summary:
AIST NetCat is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

NetCat 3.12 is vulnerable; other versions may also be affected.

44. Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 28928
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/28928
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers. Failed exploits can cause denial-of-service conditions.

Perl 5.8.8 is vulnerable to this issue; other versions may also be affected.

NOTE: This issue may be related to BID 26350 ('Perl Unicode Regular Expression Buffer Overflow Vulnerability').

45. VLC Media Player Real demuxer Heap Buffer Overflow Vulnerability
BugTraq ID: 32545
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32545
Summary:
VLC media player is prone to a heap buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

This issues affects VLC 0.9.0 through 0.9.6.

46. VLC Media Player Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 32125
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32125
Summary:
VLC media player is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to VLC media player 0.9.6 are vulnerable.

47. Psi Malformed Packet Remote Denial of Service Vulnerability
BugTraq ID: 32987
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32987
Summary:
Psi is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to crash, denying service to legitimate users.

This issue affects Psi 0.12; other versions may also be vulnerable.

48. PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
BugTraq ID: 27958
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/27958
Summary:
The Sections module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

49. Linux Kernel 'qdisc_run()' Local Denial of Service Vulnerability
BugTraq ID: 32985
Remote: No
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32985
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Local attackers can exploit this issue to cause a soft lockup, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25 are vulnerable.

50. WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability
BugTraq ID: 27633
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/27633
Summary:
WordPress is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.

This issue affects these versions:

WordPress 2.3.2 and earlier
WordPress MU 1.3.1 and earlier

51. WFTPD Server Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19617
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/19617
Summary:
WFTPD is prone to multiple buffer-overflow vulnerabilities because the application fails to do proper bounds checking on user-supplied data before storing it in finite-sized buffers.

An attacker can exploit these issues to execute arbitrary code and gain unauthorized remote access to a computer. Attack attempts may cause denial-of-service conditions as well.

WFTPD 3.23 is reported vulnerable; other versions may also be affected.

52. ACLogic CesarFTP Multiple Commands Remote Buffer Overflow Vulnerability
BugTraq ID: 18586
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/18586
Summary:
CesarFTP is prone to a buffer-overflow vulnerability when handling data through the MKD command.
Reportedly, passing excessive data may overflow a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.

This issue may lead to a denial-of-service condition or to the execution of arbitrary code.

CesarFTP 0.99g is vulnerable; other versions may also be affected.

53. GNU Enscript 'src/psgen.c' Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31858
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/31858
Summary:
GNU Enscript is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

GNU Enscript 1.6.1 and 1.6.4 (beta) are vulnerable; other versions may also be affected.

54. Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
BugTraq ID: 32710
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32710
Summary:
Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input.

Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

The issue affects the following:

Microsoft SQL Server 2000
Microsoft SQL Server 2005

55. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability
BugTraq ID: 32721
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32721
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

NOTE: Symantec has received reports that this issue is being actively exploited in the wild.

56. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30925
Remote: No
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/30925
Summary:
OpenOffice creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

OpenOffice 2.4.1 is vulnerable; other versions may also be affected.

57. FreeBSD netgraph and bluetooth Local Privilege Escalation Vulnerabilities
BugTraq ID: 32976
Remote: No
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32976
Summary:
FreeBSD is prone to multiple local privilege-escalation vulnerabilities.

An attacker can exploit these vulnerabilities to run arbitrary code with elevated privileges.

All versions of FreeBSD are considered vulnerable.

58. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 31962
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/31962
Summary:
OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files.

Remote attackers can exploit these issues by enticing victims into opening maliciously crafted EMF or WMF files.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issues affect OpenOffice 2 prior to 2.4.2.

59. MediaWiki Cross Site Scripting And Multiple HTML Injection Vulnerabilities
BugTraq ID: 32844
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32844
Summary:
MediaWiki is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to MediaWiki 1.13.3, 1.12.1, and 1.6.11 are vulnerable to these issues.

60. Sun SNMP Management Agent Insecure Temporary File Creation Vulnerability
BugTraq ID: 33014
Remote: No
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33014
Summary:
Sun SNMP Management Agent creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in privilege escalation or cause a denial-of-service condition. Other attacks may also be possible.

SNMP Management Agent 'SUNWmasf' 1.4u2 up to and including 1.5.4 are vulnerable.

61. MySQL Calendar 'username' Parameter SQL Injection Vulnerability
BugTraq ID: 32978
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32978
Summary:
MySQL Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The issue affects MySQL Calendar 1.2; other versions may also be vulnerable.

62. bloofoxCMS 'dialog.php' Local File Include Vulnerability
BugTraq ID: 33013
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33013
Summary:
bloofoxCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

bloofoxCMS 0.3.4 is affected; other versions may also be vulnerable.

63. Acoustica Mixcraft '.mx4' Project File Buffer Overflow Vulnerability
BugTraq ID: 33012
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33012
Summary:
Acoustica Mixcraft is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a malicious '.mx4' file. If successful, the attacker can execute arbitrary code in the context of the affected application.

Acoustica Mixcraft 4.2 is vulnerable; other versions may also be affected.

64. SAWStudio '.prf' File Buffer Overflow Vulnerability
BugTraq ID: 33011
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33011
Summary:
SAWStudio is prone a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

SAWStudio 3.9i is vulnerable; other versions may also be affected.

65. phpMyAdmin 'table' Parameter SQL Injection Vulnerability
BugTraq ID: 32720
Remote: Yes
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/32720
Summary:
phpMyAdmin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Authentication is required to access these scripts, but attackers may also make use of cross-site-request-forgery attacks to exploit this issue.

This issue affects versions prior to phpMyAdmin 2.11.9.4 and 3.1.1.0.

66. suPHP 'suPHP_ConfigPath' Safe Mode Restriction-Bypass Vulnerability
BugTraq ID: 33073
Remote: No
Last Updated: 2008-12-31
Relevant URL: http://www.securityfocus.com/bid/33073
Summary:
suPHP is prone to a 'safe_mode' restriction-bypass vulnerability.

Successful exploits may allow attackers to bypass arbitrary PHP configuration options, including the 'safe_mode' setting.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.

67. TYPO3 Simple File Browser Unspecified Information Disclosure Vulnerability
BugTraq ID: 32984
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32984
Summary:
TYPO3 Simple File Browser ('simplefilebrowser') is prone to an unspecified information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks.

Simple File Browser 1.0.2 is vulnerable; other versions may also be affected.

68. Joomla! LiveTicker 'tid' Parameter SQL Injection Vulnerability
BugTraq ID: 33010
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/33010
Summary:
The LiveTicker component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

LiveTicker 1.0.0 is vulnerable; other versions may also be affected.

69. TYPO3 WEC Discussion Extension SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 32977
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32977
Summary:
The 'wec_discussion' extension for TYPO3 is prone to multiple SQL-injection vulnerabilities and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect versions prior to 'wec_discussion' 1.7.1.

70. Joomla! Ice Gallery Component 'catid' Parameter SQL Injection Vulnerability
BugTraq ID: 33008
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/33008
Summary:
The Ice Gallery component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Ice Gallery 0.5 beta 2 is affected; other versions may also be vulnerable.

71. ILIAS 'repository.php' SQL Injection Vulnerability
BugTraq ID: 33006
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/33006
Summary:
ILIAS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ILIAS 3.7.4 is vulnerable; other versions may also be affected.

72. TYPO3 WEBERkommunal Facilities Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 32982
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32982
Summary:
TYPO3 WEBERkommunal Facilities ('wes_facilities') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WEBERkommunal Facilities 2.0.0 is vulnerable; other versions may also be affected.

73. TYPO3 Vox populi Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 32980
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32980
Summary:
Vox populi for TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to Vox populi 0.3.1 are vulnerable.

74. doop Administration Page Arbitrary File Upload Vulnerability
BugTraq ID: 33005
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/33005
Summary:
The 'doop' program is prone to a vulnerability that lets attackers upload arbitrary files because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute malicious code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects doop 1.4.0b; other versions may also be affected.

75. PCRE Regular Expression Heap Based Buffer Overflow Vulnerability
BugTraq ID: 30087
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/30087
Summary:
PCRE is prone to a heap-based buffer-overflow vulnerability because the library fails to properly handle user-supplied input before copying data to an internal memory buffer.

The impact of successful exploits of this vulnerability depends on the application and the privileges of the user running the vulnerable library. A successful attack may ultimately permit an attacker to control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations. This may allow the attacker to execute arbitrary code in the context of the application using the vulnerable library.

Versions up to and including PCRE 7.7 are vulnerable.

76. GpsDrive Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 32887
Remote: No
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32887
Summary:
GpsDrive creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of an affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

GpsDrive 2.10~pre4-6.dfsg-1 is vulnerable; other versions may also be affected.

77. Nagios Web Interface Privilege Escalation Vulnerability
BugTraq ID: 32156
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32156
Summary:
Nagios is prone to an unspecified privilege-escalation scripting vulnerability.

An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks.

Few technical details are available at this time; we will update this BID as more information emerges.

The issue affects versions prior to Nagios 3.0.5.

78. Verlihub Insecure Temporary File Creation Vulnerability
BugTraq ID: 32889
Remote: No
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32889
Summary:
Verlihub creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Verlihub 0.9.8d RC2 is vulnerable; other versions may also be affected.

79. TYPO3 TU-Clausthal ODIN Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 32986
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32986
Summary:
The TU-Clausthal ODIN ('tuc_odin') TYPO3 extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

80. Verlihub Trigger Remote Command Execution Vulnerability
BugTraq ID: 32420
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32420
Summary:
Verlihub is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

Verlihub 0.9.8d RC2 is vulnerable; other versions may also be affected.

81. TYPO3 SB Universal Plugin Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 32983
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32983
Summary:
SB Universal Plugin for TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

SB Universal Plugin 2.0.1 is vulnerable; other versions may also be affected.

82. TYPO3 TU-Clausthal Staff Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 32981
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32981
Summary:
The TU-Clausthal Staff ('tuc_staff') TYPO3 extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TU-Clausthal Staff 0.3.0 is vulnerable; other versions may also be affected.

83. IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
BugTraq ID: 33065
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/33065
Summary:
X.509 certificates are prone to a signature collision attack when signed with the MD5 algorithm. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates which share a common signature.

An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate websites by taking advantage of malicious certificates. Other attacks are likely to be possible.

Note: This attack is an extension of the weakness covered in BID 11849 (MD5 Message Digest Algorithm Hash Collision Weakness).

84. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions prior to the following:

JDK and JRE 6 Update 11 or later
JDK and JRE 5.0 Update 17 or later
SDK and JRE 1.4.2_19 or later
SDK and JRE 1.3.1_24 or later

85. Ampache Insecure Temporary File Creation Vulnerability
BugTraq ID: 30875
Remote: No
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/30875
Summary:
Ampache creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Ampache 3.4.1 is vulnerable; other versions may also be affected.

86. PGP Desktop 'PGPweded.sys' Local Denial of Service Vulnerability
BugTraq ID: 32991
Remote: No
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32991
Summary:
PGP Desktop is prone to a local denial-of-service vulnerability that occurs in the 'PGPweded.sys' driver.

A local attacker can exploit this issue to crash the affected computer, resulting in a denial-of-service condition. The attacker may be able to leverage this issue to execute arbitrary code with SYSTEM-level privileges, but this has not been confirmed.

PGP Desktop 9.0.6 build 6060 is vulnerable; other versions may also be affected.

87. TYPO3 DR Wiki Extension Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 32979
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32979
Summary:
DR Wiki for TYPO3 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to DR Wiki 1.7.2 are vulnerable.

88. Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability
BugTraq ID: 12767
Remote: No
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/12767
Summary:
Perl is reported prone to a local race-condition vulnerability. The issue resides in the 'rmtree()' function provided by the 'File::Path.pm' module.

A successful attack may allow an attacker to gain elevated privileges on a vulnerable computer.

UPDATE (December 2, 2008): This issue has been reported in Perl 5.8.8 and 5.10.

89. CUPS 'pstopdf' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32745
Remote: No
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32745
Summary:
CUPS creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible. Note that under certain circumstances, attackers may be able to write controlled content to arbitrary files, which will likely result in other attacks.

CUPS 1.3,8 is vulnerable; other versions may also be affected.

90. chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
BugTraq ID: 32799
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32799
Summary:
The HTML to Plain Text Conversion class from chuggnutt.com is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to inject and execute malicious server-side script in the context of the application using the vulnerable class. Successful exploits will compromise the affected application and possibly the underlying computer.

The issue affects version 1.0 of the class; other versions may also be affected.

Note that this issue was initially reported in Roundcube Webmail. RoundCube Webmail 0.2-1 alpha, 0.2-2 beta, and possibly other versions are vulnerable because they use the vulnerable HTML to Plain Text Conversion class.

91. Joomla Apps Volunteer Management Component 'job_id' Parameter SQL Injection Vulnerability
BugTraq ID: 32973
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32973
Summary:
The Volunteer Management component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Volunteer Management 2.0 is affected; other versions may also be vulnerable.

92. freeSSHd SFTP Commands Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 32972
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32972
Summary:
freeSSHd is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

These issues affect freeSSHd 1.2.1; other versions may also be affected.

93. YourPlace 1.0.2 Multiple Remote Vulnerabilities
BugTraq ID: 32971
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32971
Summary:
YourPlace is prone to multiple remote vulnerabilities:

- An arbitrary-file-upload vulnerability
- Multiple remote code-execution vulnerabilities
- A remote command-execution vulnerability
- A security-bypass vulnerability

Attackers can exploit these issues to upload and execute arbitrary PHP code within the context of the webserver, execute arbitrary commands, and gain unauthorized access to the affected application. Other attacks are also possible.

YourPlace 1.0.2 is vulnerable; other versions may also be affected.

94. Git gitweb 'diff.external' Local Privilege Escalation Vulnerability
BugTraq ID: 32967
Remote: No
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32967
Summary:
Git gitweb is prone to a local privilege-escalation vulnerability.

A local attacker may exploit this issue to gain elevated privileges.

Versions prior to Git 1.5.4.7, 1.5.5.6, 1.5.6.6, and 1.6.0.6 are vulnerable.

95. BitDefender 'pdf.xmd' Module PDF Parsing Remote Denial Of Service Vulnerability
BugTraq ID: 32396
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32396
Summary:
BitDefender is prone to a remote denial-of-service vulnerability that occurs when a malicious PDF file is scanned using BitDefender's command-line scanner 'bdc.exe'.

Attackers can exploit this issue to deny service to legitimate users.

UPDATE (November 25, 2008): Further reports indicate that the vulnerable module 'pdf.xmd' is used in other applications, rendering them vulnerable as well.

96. Avahi Multicast DNS Denial Of Service Vulnerability
BugTraq ID: 32825
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32825
Summary:
Avahi is prone to a denial-of-service vulnerability when processing multicast DNS data.

A remote attacker may exploit this issue to terminate the application, denying further service to legitimate users.

Versions prior to Avahi 0.6.24 are vulnerable.

97. Text Lines Rearrange Script 'download.php' Information Disclosure Vulnerability
BugTraq ID: 32968
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32968
Summary:
Text Lines Rearrange Script is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view arbitrary files in the context of the webserver process. This may aid in further attacks.

98. phpCollab Multiple Input Validation Vulnerabilities
BugTraq ID: 32964
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32964
Summary:
phpCollab is prone to multiple input-validation vulnerabilities:

- Multiple SQL-injection vulnerabilities
- A remote command-execution vulnerability
- A remote code-execution vulnerability

Successfully exploiting these issues may allow an attacker to compromise the application, execute arbitrary PHP code and shell commands, access or modify data, or exploit latent vulnerabilities in the underlying database.

99. phpg Multiple Input Validation Vulnerabilities
BugTraq ID: 32963
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32963
Summary:
The 'phpg' program is prone to multiple input-validation vulnerabilities:

- A script-injection vulnerability
- A denial-of-service vulnerability
- Multiple cross-site-scripting vulnerabilities

An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, or create a denial-of-service condition.

These issues affect phpg 1.6; other versions may also be affected.

100. RSS Simple News 'news.php' SQL Injection Vulnerability
BugTraq ID: 32962
Remote: Yes
Last Updated: 2008-12-30
Relevant URL: http://www.securityfocus.com/bid/32962
Summary:
RSS Simple News is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

2. Commission calls for cybersecurity czar
By: Robert Lemos
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
http://www.securityfocus.com/news/11540

3. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

4. Researchers find more flaws in wireless security
By: Robert Lemos
Two security experts plan to show a limited attack against the popular Wi-Fi Protected Access (WPA) -- a replacement for insecure WEP -- at a conference in Tokyo.
http://www.securityfocus.com/news/11537

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #424
http://www.securityfocus.com/archive/88/499615

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Purewire

NEW! White Paper:
"Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's.
Download this white paper now to mitigate your online security risks.
http://www.purewire.com/lp/sec

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus