SecurityFocus News
SecurityFocus Newsletter #488 Jan 29 2009 09:17PM
sfa securityfocus com
SecurityFocus Newsletter #488
----------------------------------------

Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program
As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to...

http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92
e

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Take the Theoretical Seriously
2.The Drew Verdict Makes Us All Hackers
II. BUGTRAQ SUMMARY
1. VirtueMart Prior to 1.1.3 Multiple Security Vulnerabilities
2. Anantasoft Gazelle CMS Local File Include Vulnerability
3. Script Toko Online 'cat_id' Parameter SQL Injection Vulnerability
4. ElearningForce Flash Magazine Deluxe Joomla! Component SQL Injection Vulnerability
5. Groone GLinks 'cat' Parameter SQL Injection Vulnerability
6. SiteXS CMS 'type' Parameter Local File Include Vulnerability
7. COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability
8. NCTSoft NCTVideoStudio ActiveX Control 'CreateFile()' Heap Buffer Overflow Vulnerability
9. NCTsoft NCTAudioFile2 ActiveX Control NCTWMAFILE2.DLL Arbitrary File Overwrite Vulnerability
10. XChat 'PySys_SetArgv' Remote Command Execution Vulnerability
11. Csound 'PySys_SetArgv' Remote Command Execution Vulnerability
12. OpenOffice '.doc' File Remote Denial of Service Vulnerability
13. Lootan 'login.asp' SQL Injection Vulnerability
14. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
15. FlexCell Grid Control (ActiveX) Multiple Arbitrary File Overwrite Vulnerabilities
16. ITLPoll 'index.php' SQL Injection Vulnerability
17. eog 'PySys_SetArgv' Remote Command Execution Vulnerability
18. Gnumeric 'PySys_SetArgv' Remote Command Execution Vulnerability
19. MW6 Technologies Barcode ActiveX Control 'Supplement' Heap Buffer Overflow Vulnerability
20. LDF 'login.asp' SQL Injection Vulnerability
21. AyeView GIF Image Handling Denial of Service Vulnerability
22. MacsDesign Studio Web Help Desk Cross Site Scripting Vulnerability
23. Ewebb Web-Calendar Lite Multiple SQL Injection Vulnerabilities
24. Nautilus 'PySys_SetArgv' Remote Command Execution Vulnerability
25. Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability
26. ConPresso CMS Multiple 4.07 Multiple Remote Vulnerabilities
27. Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
28. Winamp MP3 and AIFF File Parsing Multiple Buffer Overflow Vulnerabilities
29. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability
30. W3C Amaya 'TtaWCToMBstring()' Multiple Stack Based Buffer Overflow Vulnerabilities
31. Shop-inet 'show_cat2.php' SQL Injection Vulnerability
32. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
33. Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
34. ActiveWebSoftwares Active Test Multiple SQL Injection Vulnerabilities
35. Linux Kernel 'hfsplus_find_cat()' Local Denial of Service Vulnerability
36. Linux Kernel 'inotify' Local Privilege Escalation Vulnerability
37. Linux Kernel 'qdisc_run()' Local Denial of Service Vulnerability
38. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
39. Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
40. Linux Kernel 'lbs_process_bss()' Remote Denial of Service Vulnerability
41. AXIS Camera Control ActiveX Control 'image_pan_tilt' Buffer Overflow Vulnerability
42. WFTPD Explorer Remote Buffer Overflow Vulnerability
43. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
44. Red Hat Certificate System Security Bypass Vulnerability
45. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
46. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
47. Red Hat Certificate System Multiple Local Information Disclosure Vulnerabilities
48. Apple QuickTime QTVR Movie Remote Buffer Overflow Vulnerability
49. GLPI Prior to 0.71.4 'ID' Parameter Multiple SQL Injection Vulnerabilities
50. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
51. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
52. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
53. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
54. Sun Solaris IPv6 'ipsec_needs_processing_v6()' Remote Denial of Service Vulnerability
55. Sun Solaris 'lpadmin' and 'ppdmgr' Local Denial Of Service Vulnerability
56. Sun Solaris Pseudo-terminal Driver (pty(7D)) Local Denial Of Service Vulnerability
57. OpenX 2.6.3 Multiple Input Validation Vulnerabilities
58. OpenX 'MAX_type' Parameter Local File Include Vulnerability
59. dBpowerAMP Audio Player '.pls' File Buffer Overflow Vulnerability
60. RETIRED: PHP 'dba_replace() ' File Corruption Vulnerability
61. phpMyAdmin 'table' Parameter SQL Injection Vulnerability
62. W3C Amaya HTML Tag Parameter Multiple Buffer Overflow Vulnerabilities
63. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
64. Sun Solaris 'in.iked(1M)' IKE Packet Handling Remote Denial Of Service Vulnerability
65. Sun Fire X2100/X2200 M2 Servers Security Bypass and Remote Command Execution Vulnerability
66. Sun Solaris ip(7P) Kernel Module IP-in-IP Packet Handling Local Denial Of Service Vulnerability
67. libxml XML Entity Name Heap Buffer Overflow Vulnerability
68. 'nfs-utils' Package for Fedora 9 and 10 TCP Wrappers Security Bypass Vulnerability
69. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
70. xine-lib 1.1.15 and Prior Multiple Remote Vulnerabilities
71. MoinMoin 'AttachFile.py' Cross-Site Scripting Vulnerability
72. MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
73. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
74. Coppermine Photo Gallery 'picEditor.php' Remote File Upload Vulnerability
75. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability
76. Personal Site Manager 0.3 Multiple Remote Vulnerabilities
77. Star Articles Multiple Administrative Scripts Authentication Bypass Vulnerabilities
78. htmLawed Multiple Unspecified Cross-Site Scripting Vulnerabilities
79. HP Select Access Unspecified Cross Site Scripting Vulnerability
80. Microsoft Excel Formula Handling Remote Code Execution Vulnerability
81. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
82. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
83. PHP Multiple Buffer Overflow Vulnerabilities
84. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
85. PHP cURL 'safe mode' Security Bypass Vulnerability
86. PHP 5 'php_sprintf_appendstring()' Remote Integer Overflow Vulnerability
87. PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
88. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
89. W3C Amaya HTML 'input' Tag Parameter Buffer Overflow Vulnerability
90. W3C Amaya Multiple Buffer Overflow Vulnerabilities
91. Multiple Ralinktech Wireless Drivers MAC/BSS/SSID Integer Overflow Vulnerability
92. E-Php Scripts CMS 'browsecats.php' SQL Injection Vulnerability
93. Computer Associates BrightStor ArcServe Media Server Multiple Remote Buffer Overflow Vulnerabilities
94. NewsCMSLite Insecure Cookie Authentication Bypass Vulnerability
95. Max.Blog 'show_post.php' SQL Injection Vulnerability
96. MODx Prior to 0.9.6.3 Multiple Cross Site Scripting Vulnerabilities
97. ShopSystem eSystem Multiple SQL Injection Vulnerabilities
98. Flaxweb Article Manager Avatar Arbitrary File Upload Vulnerability
99. winetricks 'x_showmenu.txt' Insecure Temporary File Creation Vulnerability
100. Wazzum Dating Software 'userid' Parameter SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Group releases list to kill most-dangerous bugs
2. Group attacks flaw in browser crypto security
3. Commission calls for cybersecurity czar
4. Microsoft hopes free security means less malware
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. customer user accounts and internal user accounts on same domain
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Time to Take the Theoretical Seriously
By Chris Wysopal
Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers
http://www.securityfocus.com/columnists/490

2.The Drew Verdict Makes Us All Hackers
By Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

II. BUGTRAQ SUMMARY
--------------------
1. VirtueMart Prior to 1.1.3 Multiple Security Vulnerabilities
BugTraq ID: 33480
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33480
Summary:
VirtueMart is prone to multiple security vulnerabilities, including local and remote file-include issues, SQL-injection issues, cross-site-scripting issues, a command-execution issue, and an information-disclosure issue.

Attackers can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, or execute arbitrary commands in the context of the webserver process.

2. Anantasoft Gazelle CMS Local File Include Vulnerability
BugTraq ID: 33483
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33483
Summary:
Gazelle CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

3. Script Toko Online 'cat_id' Parameter SQL Injection Vulnerability
BugTraq ID: 33462
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33462
Summary:
Script Toko Online is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Script Toko Online 5.01 is vulnerable; other versions may be affected as well.

4. ElearningForce Flash Magazine Deluxe Joomla! Component SQL Injection Vulnerability
BugTraq ID: 33455
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33455
Summary:
Flash Magazine Deluxe Joomla! component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

5. Groone GLinks 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 33460
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33460
Summary:
Groone GLinks is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

6. SiteXS CMS 'type' Parameter Local File Include Vulnerability
BugTraq ID: 33457
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33457
Summary:
SiteXS CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

SiteXS CMS 0.1.1 and prior versions are vulnerable.

7. COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 26069
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/26069
Summary:
jetAudio is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing M3U files.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.

jetAudio 7.0.3 is reported vulnerable; prior versions may also be affected.

8. NCTSoft NCTVideoStudio ActiveX Control 'CreateFile()' Heap Buffer Overflow Vulnerability
BugTraq ID: 33469
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33469
Summary:
NCTSoft NCTVideoStudio ActiveX control is prone to a heap-based buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

NCTVideoStudio 1.6 is vulnerable; other versions may also be affected.

9. NCTsoft NCTAudioFile2 ActiveX Control NCTWMAFILE2.DLL Arbitrary File Overwrite Vulnerability
BugTraq ID: 24613
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/24613
Summary:
NCTsoft NCTAudioFile2 ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

This issue affects NCTsoft 2.6.2.157; other versions may also be affected.

10. XChat 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33444
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33444
Summary:
XChat is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

11. Csound 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33446
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33446
Summary:
Csound is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

12. OpenOffice '.doc' File Remote Denial of Service Vulnerability
BugTraq ID: 33383
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33383
Summary:
OpenOffice is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.doc' file.

Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

13. Lootan 'login.asp' SQL Injection Vulnerability
BugTraq ID: 33439
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33439
Summary:
Lootan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

14. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33363
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33363
Summary:
easyHDR Pro is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

easyHDR Pro 1.60.2 is vulnerable; prior versions may also be affected.

15. FlexCell Grid Control (ActiveX) Multiple Arbitrary File Overwrite Vulnerabilities
BugTraq ID: 33453
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33453
Summary:
FlexCell Grid Control (ActiveX) is prone to two vulnerabilities that let attackers overwrite files with arbitrary, attacker-controlled content.

Successfully exploiting these issues will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

FlexCell Grid Control (ActiveX) 5.6.9 is vulnerable; other versions may also be affected.

16. ITLPoll 'index.php' SQL Injection Vulnerability
BugTraq ID: 33452
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33452
Summary:
ITLPoll is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ITLPoll 2.7 Stable 2 is vulnerable; other versions may also be affected.

17. eog 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33443
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33443
Summary:
The 'eog' (Eye of GNOME) program is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

18. Gnumeric 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33438
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33438
Summary:
Gnumeric is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

19. MW6 Technologies Barcode ActiveX Control 'Supplement' Heap Buffer Overflow Vulnerability
BugTraq ID: 33451
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33451
Summary:
MW6 Technologies Barcode ActiveX control is prone to a heap-based buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

20. LDF 'login.asp' SQL Injection Vulnerability
BugTraq ID: 33431
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33431
Summary:
LDF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

21. AyeView GIF Image Handling Denial of Service Vulnerability
BugTraq ID: 31572
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/31572
Summary:
AyeView is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected application, resulting in denial-of-service conditions.

AyeView 2.20 is vulnerable; other versions may also be affected.

22. MacsDesign Studio Web Help Desk Cross Site Scripting Vulnerability
BugTraq ID: 33429
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33429
Summary:
Web Help Desk is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Web Help Desk 9.1.18 are vulnerable.

23. Ewebb Web-Calendar Lite Multiple SQL Injection Vulnerabilities
BugTraq ID: 33423
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33423
Summary:
Ewebb Web-Calendar Lite is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Ewebb Web-Calendar Lite 1.0 is vulnerable; other versions may also be affected.

24. Nautilus 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33442
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33442
Summary:
Nautilus is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

25. Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33441
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33441
Summary:
Epiphany is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

26. ConPresso CMS Multiple 4.07 Multiple Remote Vulnerabilities
BugTraq ID: 33436
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33436
Summary:
ConPresso CMS is prone to multiple remote vulnerabilities:

- A cross-site scripting vulnerability
- A cross-domain scripting vulnerability
- A session-fixation vulnerability

An attacker can exploit these issues to execute arbitrary script code within the context of the affected browser or within the context of another frame, steal cookie-based authentication credentials, hijack a user's session, and gain unauthorized access to the affected application. Other attacks are also possible.

ConPresso CMS 4.07 is vulnerable; other versions may also be affected.

27. Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
BugTraq ID: 32533
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32533
Summary:
Multiple ActiveWebSoftwares products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

ActiveVotes 2.2
Active Force Matrix 2
Active Trade 2
Active Price Comparison 4
Active Test 2.1
eWebQuiz 8
Active Newsletter 4.3
Active Web Mail 4
Active Websurvey 9.1
Active Membership 2
Active Web Helpdesk 2
Active Photo Gallery 6.2
Active Time Billing 3.2

28. Winamp MP3 and AIFF File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33226
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33226
Summary:
Winamp is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions up to and including Winamp 5.541 are vulnerable.

29. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability
BugTraq ID: 33221
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33221
Summary:
Triologic Media Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Triologic Media Player 7 is vulnerable; other versions may also be affected.

30. W3C Amaya 'TtaWCToMBstring()' Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 32442
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32442
Summary:
W3C Amaya is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Amaya 10.1 is vulnerable; other versions may also be affected.

31. Shop-inet 'show_cat2.php' SQL Injection Vulnerability
BugTraq ID: 33471
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33471
Summary:
Shop-inet is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Shop-inet 4 is vulnerable; other versions may also be affected.

32. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
BugTraq ID: 32289
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32289
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.27.6.

33. Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
BugTraq ID: 32154
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32154
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

The Linux kernel 2.6.26 and prior versions are affected.

34. ActiveWebSoftwares Active Test Multiple SQL Injection Vulnerabilities
BugTraq ID: 32547
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32547
Summary:
ActiveWebSoftwares Active Test is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Active Test 2.1 is vulnerable; other versions may also be affected.

35. Linux Kernel 'hfsplus_find_cat()' Local Denial of Service Vulnerability
BugTraq ID: 32093
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32093
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.28-rc1.

36. Linux Kernel 'inotify' Local Privilege Escalation Vulnerability
BugTraq ID: 33503
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33503
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc5 are vulnerable.

37. Linux Kernel 'qdisc_run()' Local Denial of Service Vulnerability
BugTraq ID: 32985
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32985
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Local attackers can exploit this issue to cause a soft lockup, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25 are vulnerable.

38. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
BugTraq ID: 33003
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33003
Summary:
The Linux kernel is prone to a buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges or crash the affected computer, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc1 are vulnerable.

39. Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
BugTraq ID: 32516
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32516
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to create a soft lockup of the vulnerable kernel or to invoke the 'oom-killer' kernel functionality, which may halt unrelated processes. This may result in a denial-of-service condition.

NOTE: This issue was either caused or revealed by the fix for BID 32154 (Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability).

The Linux kernel 2.6.27 and prior versions are affected.

40. Linux Kernel 'lbs_process_bss()' Remote Denial of Service Vulnerability
BugTraq ID: 32484
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32484
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability because of a buffer-overflow error in the 'libertas' subsystem.

Successful exploits will allow attackers to crash the affected computer, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute code, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.27.5 are vulnerable.

41. AXIS Camera Control ActiveX Control 'image_pan_tilt' Buffer Overflow Vulnerability
BugTraq ID: 33408
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33408
Summary:
AXIS Camera Control ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Axis Camera Control 2.40.0.0 is vulnerable; other versions may also be vulnerable.

42. WFTPD Explorer Remote Buffer Overflow Vulnerability
BugTraq ID: 26935
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/26935
Summary:
WFTPD Explorer is prone to a remote heap-based buffer-overflow vulnerability.

The issue arises when the client handles excessive string data. By exploiting this issue, a remote attacker may gain unauthorized access in the context of the user running the application.

WFTPD Explorer 1.0 is reported vulnerable; other versions may be affected as well.

43. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
BugTraq ID: 32676
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32676
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to go into an infinite loop, which may cause a denial-of-service condition.

44. Red Hat Certificate System Security Bypass Vulnerability
BugTraq ID: 33508
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33508
Summary:
Red Hat Certificate System is prone to a security-bypass vulnerability because of an error in the Token Processing System (TPS) component.

Successfully exploiting this issue allows attackers to complete the token-enrollment procedure with a software-generated key instead of the key stored in the hardware token.

Red Hat Certificate System 7.3 is vulnerable; other versions may also be affected.

45. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 33426
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33426
Summary:
WFTPD Pro is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle specially crafted FTP commands in a proper manner.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users.

WFTPD Pro 3.30.0.1 is vulnerable; other versions may also be affected.

Update (29th January, 2009): This issue is reported to only affect servers which have the 'Enable Security' configuration option disabled.

46. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

Releases prior to OpenSSL 0.9.8j are affected.

47. Red Hat Certificate System Multiple Local Information Disclosure Vulnerabilities
BugTraq ID: 33288
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33288
Summary:
Red Hat Certificate System is prone to multiple information-disclosure vulnerabilities because it stores authentication credentials in an insecure manner.

An unprivileged local attacker may exploit these issues to obtain sensitive information that can aid in further attacks.

48. Apple QuickTime QTVR Movie Remote Buffer Overflow Vulnerability
BugTraq ID: 33384
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33384
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X.

49. GLPI Prior to 0.71.4 'ID' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 33477
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33477
Summary:
GLPI is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Versions prior to GLPI 0.71.4 are vulnerable.

50. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
BugTraq ID: 33494
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33494
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow an attacker to crash the browser, which will result in a denial-of-service condition.

Internet Explorer 7 on Windows XP SP3 is vulnerable; other versions running on different platforms may also be affected.

NOTE: This issue was originally published as a buffer-overflow vulnerability that could result in remote code execution. Further analysis and vendor reports, however, suggest that exploiting this issue may cause only a denial-of-service condition from stack exhaustion. This vulnerability cannot be exploited to execute arbitrary code.

51. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
BugTraq ID: 32892
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32892
Summary:
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.

This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.

An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.

NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

52. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

53. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions prior to the following:

JDK and JRE 6 Update 11 or later
JDK and JRE 5.0 Update 17 or later
SDK and JRE 1.4.2_19 or later
SDK and JRE 1.3.1_24 or later

54. Sun Solaris IPv6 'ipsec_needs_processing_v6()' Remote Denial of Service Vulnerability
BugTraq ID: 33435
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33435
Summary:
Sun Solaris is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

55. Sun Solaris 'lpadmin' and 'ppdmgr' Local Denial Of Service Vulnerability
BugTraq ID: 33269
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33269
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.

Local attackers may exploit this issue to cause the vulnerable services, and potentially the underlying system, to become unresponsive, effectively denying service to legitimate users.

56. Sun Solaris Pseudo-terminal Driver (pty(7D)) Local Denial Of Service Vulnerability
BugTraq ID: 33406
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33406
Summary:
Sun Solaris pseudo-terminal driver (pty(7D)) module is prone to an unspecified local denial-of-service vulnerability.

Local attackers may exploit this issue to panic a system, denying service to legitimate users.

57. OpenX 2.6.3 Multiple Input Validation Vulnerabilities
BugTraq ID: 33468
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33468
Summary:
OpenX is prone to multiple input-validation vulnerabilities, including:

- Multiple cross-site scripting vulnerabilities
- Multiple HTML-injection vulnerabilities
- Multiple SQL-Injection vulnerabilities

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.

OpenX 2.6.3 is vulnerable; other versions may also be affected.

58. OpenX 'MAX_type' Parameter Local File Include Vulnerability
BugTraq ID: 33458
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33458
Summary:
OpenX is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

OpenX 2.6.3 is affected; other versions may also be vulnerable.

59. dBpowerAMP Audio Player '.pls' File Buffer Overflow Vulnerability
BugTraq ID: 33239
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33239
Summary:
dBpowerAMP Audio Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

dBpowerAMP Audio Player 2.0.0 is vulnerable; other versions may also be affected.

60. RETIRED: PHP 'dba_replace() ' File Corruption Vulnerability
BugTraq ID: 33498
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33498
Summary:
PHP is prone to a vulnerability that may allow attackers to corrupt a database file. This issue occurs because the application fails to validate user-supplied input.

Attackers can exploit this issue to corrupt the database file. Successfully exploiting this issue may result in a denial-of-service condition and the loss of data.

PHP 5.2.6 is vulnerable; prior versions may also be affected.

This BID is being retired. To exploit this issue an attacker would need to control components that they should not be able to control under normal circumstances.

61. phpMyAdmin 'table' Parameter SQL Injection Vulnerability
BugTraq ID: 32720
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32720
Summary:
phpMyAdmin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Authentication is required to access these scripts, but attackers may also make use of cross-site-request-forgery attacks to exploit this issue.

This issue affects versions prior to phpMyAdmin 2.11.9.4 and 3.1.1.0.

62. W3C Amaya HTML Tag Parameter Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 32847
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/32847
Summary:
W3C Amaya is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Amaya 10.0.1 is vulnerable; other versions may also be affected.

UPDATE (Januray 29, 2009): Amaya 11.0 is also vulnerable.

63. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33405
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33405
Summary:
GStreamer is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of applications that use the affected library. Failed attacks will cause denial-of-service conditions.

Versions prior to GStreamer 'gst-plugins-good' 0.10.12 are vulnerable. Applications using the library, such as Songbird, Totem, and Amarok, may also be affected.

64. Sun Solaris 'in.iked(1M)' IKE Packet Handling Remote Denial Of Service Vulnerability
BugTraq ID: 33407
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33407
Summary:
Sun Solaris 'in.iked(1M)' is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue to crash the daemon and deny services to legitimate users.

65. Sun Fire X2100/X2200 M2 Servers Security Bypass and Remote Command Execution Vulnerability
BugTraq ID: 33506
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33506
Summary:
Sun Fire X2100 M2 and X2200 M2 Servers are prone to a security-bypass vulnerability and a remote command-execution vulnerability.

Successful exploits may allow attackers to gain unauthorized access or execute arbitrary commands on the Service Processor (SP). This may aid in further attacks.

Sun Fire X2100/X2200 M2 Servers with firmware prior to 3.20 are vulnerable.

66. Sun Solaris ip(7P) Kernel Module IP-in-IP Packet Handling Local Denial Of Service Vulnerability
BugTraq ID: 33504
Remote: No
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33504
Summary:
Sun Solaris 'ip(7P)' kernel module is prone to an unspecified local denial-of-service vulnerability.

Local attackers may exploit this issue to panic a system, denying service to legitimate users.

NOTE: Although Sun reported this issue as a local vulnerability, remote attackers could possibly exploit the issue as well. Symantec has not confirmed this possibility.

67. libxml XML Entity Name Heap Buffer Overflow Vulnerability
BugTraq ID: 31126
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/31126
Summary:
The 'libxml' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.

68. 'nfs-utils' Package for Fedora 9 and 10 TCP Wrappers Security Bypass Vulnerability
BugTraq ID: 33294
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33294
Summary:
The 'nfs-utils' package in Fedora 9 and 10 is prone to a security-bypass vulnerability because it wasn't built properly with support for TCP Wrappers.

Remote attackers can exploit this issue to bypass certain security restrictions and gain access to NFS services on vulnerable computers.

This issue affects versions *prior to* the following:

nfs-utils 1.1.2-9 on Fedora 9
nfs-utils 1.1.4-6 on Fedora 10

69. Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
BugTraq ID: 30131
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/30131
Summary:
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.

70. xine-lib 1.1.15 and Prior Multiple Remote Vulnerabilities
BugTraq ID: 30797
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/30797
Summary:
The 'xine-lib' library is prone to multiple remote vulnerabilities:

1. Eight heap-based buffer-overflow vulnerabilities
2. Seven denial-of-service vulnerabilities

Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library or cause a denial-of-service condition.

These issues affect xine-lib 1.1.15 and prior versions.

71. MoinMoin 'AttachFile.py' Cross-Site Scripting Vulnerability
BugTraq ID: 33365
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33365
Summary:
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to MoinMoin 1.8.1 are vulnerable.

72. MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
BugTraq ID: 33479
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33479
Summary:
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

MoinMoin 1.7.3 and 1.8.1 are vulnerable; other versions may also be affected

73. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
BugTraq ID: 33515
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33515
Summary:
Web on Windows (WOW) ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.

Successfully exploiting this issue will allow an attacker to overwrite arbitrary files and execute arbitrary code on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Web on Windows 2 is vulnerable; other versions may also be affected.

74. Coppermine Photo Gallery 'picEditor.php' Remote File Upload Vulnerability
BugTraq ID: 33514
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33514
Summary:
Coppermine Photo Gallery is prone to a remote file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Coppermine Photo Gallery 1.4.19 is vulnerable; other versions may also be affected.

75. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33513
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33513
Summary:
Thomson Demo mp3PRO Player/Encoder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Thomson Demo mp3PRO Player/Encoder 1.1.0 is vulnerable; other versions may also be affected.

76. Personal Site Manager 0.3 Multiple Remote Vulnerabilities
BugTraq ID: 33512
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33512
Summary:
Personal Site Manager is prone to multiple remote vulnerabilities, including:

- An arbitrary file-upload vulnerability
- An authentication-bypass vulnerability

An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the webserver process or gain unauthorized access to the affected application.

Personal Site Manager 0.3 is vulnerable; other versions may also be affected.

77. Star Articles Multiple Administrative Scripts Authentication Bypass Vulnerabilities
BugTraq ID: 33511
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33511
Summary:
Star Articles is prone to multiple authentication-bypass vulnerabilities because it fails to perform adequate authentication checks.

An attacker can exploit these issues to gain unauthorized access to the application and make arbitrary changes, including adding, modifying or deleting user data. This may lead to further attacks.

Star Articles 6.0 is vulnerable; other versions may also be affected.

78. htmLawed Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 33507
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33507
Summary:
htmLawed is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to htmLawed 1.1.4 are vulnerable.

79. HP Select Access Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 33505
Remote: Yes
Last Updated: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33505
Summary:
HP Select Access is prone to a cross-site scripting vulnerability due to an unspecified error.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects HP Select Access versions 6.1 and 6.2.

80. Microsoft Excel Formula Handling Remote Code Execution Vulnerability
BugTraq ID: 32621
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/32621
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

81. PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 29009
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/29009
Summary:
PHP 5.2.5 and prior versions are prone to multiple security vulnerabilities.

Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP 5.2.5 and prior versions.

82. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
BugTraq ID: 31612
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/31612
Summary:
PHP is prone to a denial-of-service vulnerability because the application fails to handle certain file requests.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

PHP 4.4 prior to 4.4.9 and PHP 5.2 through 5.2.6 are vulnerable.

83. PHP Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 30649
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/30649
Summary:
PHP is prone to multiple buffer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable PHP functions. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

Versions prior to PHP 4.4.9 and PHP 5.2.8 are vulnerable.

84. PHP 5.2.4 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 26403
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/26403
Summary:
PHP 5.2.4 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.

85. PHP cURL 'safe mode' Security Bypass Vulnerability
BugTraq ID: 27413
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/27413
Summary:
PHP cURL is prone to a 'safe mode' security-bypass vulnerability.

Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks.

The issue affects PHP 5.2.5 and 5.2.4.

86. PHP 5 'php_sprintf_appendstring()' Remote Integer Overflow Vulnerability
BugTraq ID: 28392
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/28392
Summary:
PHP 5 is prone to an integer-overflow vulnerability because the software fails to ensure that integer values are not overrun.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of a webserver affected by the issue. Failed attempts will likely result in denial-of-service conditions.

PHP 5.2.5 and prior versions are vulnerable.

87. PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
BugTraq ID: 33002
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33002
Summary:
PHP is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

PHP 5.2.8 and prior versions are vulnerable.

88. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
BugTraq ID: 33151
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33151
Summary:
Multiple vendors' products using OpenSSL are prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

89. W3C Amaya HTML 'input' Tag Parameter Buffer Overflow Vulnerability
BugTraq ID: 33046
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33046
Summary:
W3C Amaya is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Amaya 11.0 and prior are vulnerable.

90. W3C Amaya Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33047
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33047
Summary:
W3C Amaya is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to Amaya 11.1 are vulnerable.

91. Multiple Ralinktech Wireless Drivers MAC/BSS/SSID Integer Overflow Vulnerability
BugTraq ID: 33340
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33340
Summary:
Multiple Ralinktech wireless drivers are prone to an integer-overflow vulnerability because they fail to ensure that integer values aren't overrrun.

Successful exploits may allow remote attackers to execute arbitrary code with kernel-level privileges, resulting in the complete compromise of an affected device. Failed exploit attempts will likely cause denial-of-service conditions.

Ralink USB Wireless Adapter (RT73) 3.08 is affected. Other unspecified devices are also affected.

92. E-Php Scripts CMS 'browsecats.php' SQL Injection Vulnerability
BugTraq ID: 33470
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33470
Summary:
E-Php Scripts CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

93. Computer Associates BrightStor ArcServe Media Server Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 23635
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/23635
Summary:
Computer Associates BrightStor ARCServe Media Server is prone to multiple remote buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

A remote attacker may exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits can result in a complete compromise of affected computers. Failed exploit attempts will likely cause denial-of-service conditions.

94. NewsCMSLite Insecure Cookie Authentication Bypass Vulnerability
BugTraq ID: 33467
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33467
Summary:
NewsCMSLite is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.

95. Max.Blog 'show_post.php' SQL Injection Vulnerability
BugTraq ID: 33466
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33466
Summary:
Max.Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Max.Blog 1.0.6 is vulnerable; other versions may also be affected.

96. MODx Prior to 0.9.6.3 Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33184
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33184
Summary:
MODx is prone to multiple cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions prior to MODx 0.9.6.3 are vulnerable.

97. ShopSystem eSystem Multiple SQL Injection Vulnerabilities
BugTraq ID: 33463
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33463
Summary:
eSystem is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

98. Flaxweb Article Manager Avatar Arbitrary File Upload Vulnerability
BugTraq ID: 33476
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33476
Summary:
Flaxweb Article Manager is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

To exploit this issue, an attacker must register and log in to an affected site.

The attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Flaxweb Article Manager 1.1 is vulnerable; other versions may also be affected.

99. winetricks 'x_showmenu.txt' Insecure Temporary File Creation Vulnerability
BugTraq ID: 33474
Remote: No
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33474
Summary:
The 'winetricks' script creates a temporary file in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Versions prior to winetricks 20081223 are vulnerable.

100. Wazzum Dating Software 'userid' Parameter SQL Injection Vulnerability
BugTraq ID: 33461
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33461
Summary:
Wazzum Dating Software is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

2. Group attacks flaw in browser crypto security
By: Robert Lemos
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
http://www.securityfocus.com/news/11541

3. Commission calls for cybersecurity czar
By: Robert Lemos
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
http://www.securityfocus.com/news/11540

4. Microsoft hopes free security means less malware
By: Robert Lemos
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
http://www.securityfocus.com/news/11538

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. customer user accounts and internal user accounts on same domain
http://www.securityfocus.com/archive/88/500442

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program
As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to...

http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92
e

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus