SecurityFocus News
SecurityFocus Newsletter #494 Mar 11 2009 10:40PM
sfa securityfocus com
SecurityFocus Newsletter #494
----------------------------------------

This issue is sponsored by Sophos

Laws, regulations and compliance: Top tips for keeping your data under your control

http://dinclinx.com/Redirect.aspx?36;4035;35;189;0;5;259;787c0986ab9c445
a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Contracting For Secure Code
2. Free Market Filtering
II. BUGTRAQ SUMMARY
1. Movable Type Unspecified Security Vulnerability
2. Cisco Unified Communications Manager PAB Synchronizer Privilege Escalation Vulnerability
3. ZNC Webadmin Module Remote Privilege Escalation Vulnerability
4. RoomPHPlanning 'userform.php' Unauthorized Access Vulnerability
5. OptiPNG BMP Reader Buffer Overflow Vulnerability
6. OptiPNG GIF Image Handling Memory Corruption Vulnerability
7. libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
8. libmikmod '.XM' File Remote Denial of Service Vulnerability
9. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
10. Ganglia gmetad 'process_path()' Remote Stack Buffer Overflow Vulnerability
11. phpScheduleIt Multiple Remote PHP Code Injection Vulnerabilities
12. MySQL XPath Expression Remote Denial Of Service Vulnerability
13. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
14. Drupal Protected node Module 'Password page info' HTML Injection Vulnerability
15. VUPlayer '.CUE' File Buffer Overflow Vulnerability
16. Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
17. Microsoft Windows SChannel Authentication Spoofing Vulnerability
18. TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities
19. Multiple China-on-site.com Products Username and Password SQL Injection Vulnerabilities
20. Social Groupie 'create_album.php' Arbitrary File Upload Vulnerability
21. ImpressCMS 'rank_title' Parameter HTML Injection Vulnerability
22. Joomla! Multiple HTML Injection Vulnerabilities
23. Imera Systems ImeraIEPlugin ActiveX Control Arbitrary File Download Vulnerability
24. Sitoincludefile in PHP 'includefile.php' Local File Include Vulnerability
25. Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
26. Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
27. CS-Cart 'product_id' Parameter SQL Injection Vulnerability
28. PHP-Fusion Book Panel Module 'books.php' SQL Injection Vulnerability
29. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
30. OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
31. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
32. PHP Director 'cat' Parameter SQL Injection Vulnerability
33. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
34. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
35. VBook Multiple Cross Site Scripting Vulnerabilities
36. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
37. Simple Customer 'email' Parameter SQL Injection Vulnerability
38. Nucleus CMS Media Manager Unspecified Directory Traversal Vulnerability
39. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability
40. PHORTAIL 'poster.php' Multiple HTML Injection Vulnerabilities
41. CMS S.Builder 'index.php' Remote File Include Vulnerability
42. Foxit Reader PDF Handling Multiple Remote Vulnerabilities
43. Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
44. Multiple Cisco Wireless LAN Controllers Multiple Remote Vulnerabilities
45. WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability
46. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
47. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
48. University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
49. SMART Technologies SMART Board Unspecified Directory Traversal Vulnerability
50. cURL/libcURL HTTP 'Location:' Redirect Security Bypass Vulnerability
51. Hewlett-Packard WMI Mapper for HP Systems Insight Manager Unauthorized Access Vulnerabilities
52. Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
53. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
54. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
55. Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
56. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
57. Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
58. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
59. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
60. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
61. Sun xVM VirtualBox Local Privilege Escalation Vulnerability
62. Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation Vulnerability
63. openSUSE Linux gtk2 Package Search Path Remote Command Execution Vulnerability
64. Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability
65. Sun Java System Communications Express Multiple HTML Injection Vulnerabilities
66. Sun Solaris Doors Kernel Functionality Multiple Vulnerabilities
67. Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
68. xterm DECRQSS Remote Command Execution Vulnerability
69. pam-krb5 Local Privilege Escalation Vulnerability
70. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
71. Numara FootPrints HTML Injection and Remote Command Execution Vulnerabilities
72. QuoteBook Information Disclosure, SQL Injection and HTML Injection Vulnerabilities
73. Mozilla Firefox 'designMode' Null Pointer Dereference Denial of Service Vulnerability
74. Wesnoth PythonAI Remote Code Execution Vulnerability
75. libsndfile CAF Processing Buffer Overflow Vulnerability
76. Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
77. FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
78. Openswan IPsec Livetest Insecure Temporary File Creation Vulnerability
79. Webformatique Car Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability
80. Webformatique Reservation Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability
81. Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability
82. ReVou Login SQL Injection Vulnerability
83. Psi Malformed Packet Remote Denial of Service Vulnerability
84. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
85. IBM Tivoli Storage Manager Express and Enterprise Server Remote Buffer Overflow Vulnerability
86. DASH '.profile' Local Privilege Escalation Vulnerability
87. Drupal Forward Module Flood Control API Open Email Relay Vulnerability
88. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
89. Mandriva perl-MDK-Common Unspecified Privilege Escalation Vulnerability
90. OpenPHPnuke SQLite Abstraction Layer SQL Injection Vulnerability
91. Traidnt UP 'uploadcp/files.php' Insecure Cookie Authentication Bypass Vulnerability
92. Wesnoth Compressed Data Remote Denial of Service Vulnerability
93. Adobe Flash Player Clipboard Security Weakness
94. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
95. Adobe Flash Player Unspecified Information Disclosure Vulnerability
96. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
97. Adobe Flash Player Remote Command Execution Vulnerability
98. Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability
99. Adobe Flash Player Multiple Security Vulnerabilities
100. Multiple Linux Distributions 'login' Local Privilege Escalation Vulnerability
III. SECURITYFOCUS NEWS
1. Experts: U.S. needs to defend its "cyber turf"
2. Advisor: U.S. needs policy to defend cyberspace
3. Cabal forms to fight Conficker, offers bounty
4. Group releases list to kill most-dangerous bugs
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SQL Server stored procedure encryption
2. SecurityFocus Microsoft Newsletter #434
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Contracting For Secure Code
By Chris Wysopal
Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab.
http://www.securityfocus.com/columnists/494

2. Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material.
http://www.securityfocus.com/columnists/493

II. BUGTRAQ SUMMARY
--------------------
1. Movable Type Unspecified Security Vulnerability
BugTraq ID: 34050
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34050
Summary:
Movable Type is prone to an unspecified security vulnerability.

Very little information is known about this issue. We will update this BID as more information emerges.

Versions prior to Movable Type 4.24 are vulnerable.

2. Cisco Unified Communications Manager PAB Synchronizer Privilege Escalation Vulnerability
BugTraq ID: 34082
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34082
Summary:
Cisco Unified Communications Manager is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to gain administrative access to the affected device and completely compromise it.

This issue is tracked by Cisco Bug ID CSCso76587 and CSCso78528.

3. ZNC Webadmin Module Remote Privilege Escalation Vulnerability
BugTraq ID: 33899
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33899
Summary:
ZNC is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to gain administrative access to the affected application. Successful exploits will compromise the application and may lead to other attacks against the underlying computer.

Versions prior to ZNC 0.066 are affected.

4. RoomPHPlanning 'userform.php' Unauthorized Access Vulnerability
BugTraq ID: 29377
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/29377
Summary:
RoomPHPlanning is prone to an unauthorized-access vulnerability because it fails to adequately limit access to administrative scripts used for created accounts.

An attacker can exploit this vulnerability to gain unauthorized administrative access to the application; other attacks are also possible.

RoomPHPlanning 1.6 is vulnerable; other versions may also be vulnerable.

5. OptiPNG BMP Reader Buffer Overflow Vulnerability
BugTraq ID: 32248
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32248
Summary:
OptiPNG is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to OptiPNG 0.6.2 are vulnerable.

6. OptiPNG GIF Image Handling Memory Corruption Vulnerability
BugTraq ID: 33873
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33873
Summary:
OptiPNG is prone to a memory-corruption vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

OptiPNG 0.6.2 and prior versions are vulnerable.

7. libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
BugTraq ID: 33235
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33235
Summary:
The 'libmikmod' library is prone to a remote denial-of-service vulnerability because the software fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue by enticing an unsuspecting victim to open multiple specially crafted media files.

Successfully exploiting this issue will cause an affected application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects libmikmod 3.1.9 through 3.2.0; other versions or applications that use the library may also be affected.

8. libmikmod '.XM' File Remote Denial of Service Vulnerability
BugTraq ID: 33240
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33240
Summary:
The 'libmikmod' library is prone to a remote denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.XM' file.

Successfully exploiting this issue will cause an affected application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects libmikmod 3.1.9 through 3.2.0; other versions or applications that use the library may also be affected.

9. OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30925
Remote: No
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/30925
Summary:
OpenOffice creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

OpenOffice 2.4.1 is vulnerable; other versions may also be affected.

10. Ganglia gmetad 'process_path()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 33299
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33299
Summary:
Ganglia is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input.

Attackers can leverage this issue to execute arbitrary code in the context of the application. Successful exploits will compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions.

11. phpScheduleIt Multiple Remote PHP Code Injection Vulnerabilities
BugTraq ID: 33855
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33855
Summary:
phpScheduleIt is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

Versions prior to phpScheduleIt 1.2.11 are vulnerable.

12. MySQL XPath Expression Remote Denial Of Service Vulnerability
BugTraq ID: 33972
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33972
Summary:
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain XPath expressions.

An attacker can exploit this issue to crash the application, denying access to legitimate users.

This issue affects:

MySQL 5.1.31 and earlier
MySQL 6.0.9 and earlier

13. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
BugTraq ID: 33827
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33827
Summary:
The 'libpng' library is prone to multiple memory-corruption vulnerabilities because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

These issues affect versions prior to 'libpng' 1.0.43 and 1.2.35.

14. Drupal Protected node Module 'Password page info' HTML Injection Vulnerability
BugTraq ID: 33936
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33936
Summary:
The 'Protected node' module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Note that to exploit this issue, attackers require valid authentication credentials with 'administer site configuration' privileges.

Protected node 5.x-1.3 is vulnerable; other versions may also be affected.
http://drupal.org/node/207891

15. VUPlayer '.CUE' File Buffer Overflow Vulnerability
BugTraq ID: 33960
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33960
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VUPlayer 2.49 is vulnerable; other versions may also be affected.

16. Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 32598
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32598
Summary:
Z1Exchange is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Z1Exchange 1.0 is vulnerable; other versions may also be affected.

17. Microsoft Windows SChannel Authentication Spoofing Vulnerability
BugTraq ID: 34015
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34015
Summary:
Microsoft Windows SChannel is prone to an authentication-spoofing vulnerability because it fails to properly validate certain client-server certificate exchanges.

Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate user's credentials. This may aid in further attacks.

18. TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 33714
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33714
Summary:
TYPO3 is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.

19. Multiple China-on-site.com Products Username and Password SQL Injection Vulnerabilities
BugTraq ID: 32810
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32810
Summary:
Multiple China-on-site.com products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following products are affected:

FlexPHPNews 0.0.6
FlexPHPNews Pro 0.0.6
FlexPHPDirectory 0.0.1
FlexPHPSite 0.0.1
FlexPHPLink Pro 0.0.7
Flexcustomer 0.0.6
FlexPHPic 0.0.4
FlexPHPic Pro 0.0.3

Other versions may also be affected.

20. Social Groupie 'create_album.php' Arbitrary File Upload Vulnerability
BugTraq ID: 32795
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32795
Summary:
Social Groupie is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

21. ImpressCMS 'rank_title' Parameter HTML Injection Vulnerability
BugTraq ID: 32640
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32640
Summary:
ImpressCMS is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Versions prior to ImpressCMS 1.0.3 "Janus" RC 1 are affected. Other versions may also be vulnerable.

22. Joomla! Multiple HTML Injection Vulnerabilities
BugTraq ID: 32263
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32263
Summary:
Joomla! is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

These issues affect versions prior to Joomla! 1.5.8.

23. Imera Systems ImeraIEPlugin ActiveX Control Arbitrary File Download Vulnerability
BugTraq ID: 33993
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33993
Summary:
Imera Systems ImeraIEPlugin ActiveX control is prone to a vulnerability that can allow malicious files to be downloaded and saved to arbitrary locations on an affected computer.

This issue affects ImeraIEPlugin.dll 1.0.2.54; other versions may be affected as well.

24. Sitoincludefile in PHP 'includefile.php' Local File Include Vulnerability
BugTraq ID: 32111
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32111
Summary:
Sitoincludefile in PHP is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

25. Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
BugTraq ID: 32533
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32533
Summary:
Multiple ActiveWebSoftwares products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following applications are vulnerable:

ActiveVotes 2.2
Active Force Matrix 2
Active Trade 2
Active Price Comparison 4
Active Test 2.1
eWebQuiz 8
Active Newsletter 4.3
Active Web Mail 4
Active Websurvey 9.1
Active Membership 2
Active Web Helpdesk 2
Active Photo Gallery 6.2
Active Time Billing 3.2

26. Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
BugTraq ID: 33946
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33946
Summary:
Avahi is prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to crash the affected application, denying further service to legitimate users.

Avahi 0.6.23 is vulnerable; other versions may also be affected.

27. CS-Cart 'product_id' Parameter SQL Injection Vulnerability
BugTraq ID: 34048
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34048
Summary:
CS-Cart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CS-Cart 2.0.0 Beta 3 is vulnerable; prior versions may also be affected.

28. PHP-Fusion Book Panel Module 'books.php' SQL Injection Vulnerability
BugTraq ID: 34049
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34049
Summary:
The Book Panel module for PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

29. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
BugTraq ID: 29653
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/29653
Summary:
The Apache 'mod_proxy_http' module is prone to a denial-of-service vulnerability that affects the processing of interim responses.

Attackers may exploit this issue to cause denial-of-service conditions.

Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected.

30. OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
BugTraq ID: 31692
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/31692
Summary:
OpenSSL is prone to a remote denial-of-service vulnerability.

Attackers can cause an application that uses this library to crash by consuming available memory, denying service to legitimate users.

This issue affects OpenSSL 0.9.8f through 0.9.8h.

31. Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
BugTraq ID: 30560
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/30560
Summary:
The Apache 'mod_proxy_ftp' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue is reported to affect Apache 2.0.63 and 2.2.9; other versions may also be affected.

32. PHP Director 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 34047
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34047
Summary:
PHP Director is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

A successful exploit may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP Director 0.21 is vulnerable; other versions may also be affected.

33. Apache 'mod_proxy_balancer' Multiple Vulnerabilities
BugTraq ID: 27236
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/27236
Summary:
The Apache 'mod_proxy_balancer' module is prone to multiple vulnerabilities, including denial-of-service, memory-corruption, cross-site scripting, HTML-injection, and cross-site request-forgery issues.

Attackers can exploit these issues to inject arbitrary script code into vulnerable sections of the application, execute this script code in the browser of a user in the context of the affected site, and perform certain actions using the user's active session. Attackers can exploit the denial-of-service issue to deny further service to legitimate users. Exploiting the memory-corruption vulnerability is likely to cause a crash and could allow arbitrary code to run, but this has not been confirmed.

The issues affect Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0; other versions may also be vulnerable.

34. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
BugTraq ID: 26663
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/26663
Summary:
Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected.

35. VBook Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 34046
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34046
Summary:
VBook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

36. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
BugTraq ID: 34044
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34044
Summary:
eZip Wizard is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

eZip Wizard 3.0 is vulnerable; other versions may also be affected.

37. Simple Customer 'email' Parameter SQL Injection Vulnerability
BugTraq ID: 34043
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34043
Summary:
Simple Customer is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Simple Customer 1.2 is vulnerable; other versions may also be affected.

38. Nucleus CMS Media Manager Unspecified Directory Traversal Vulnerability
BugTraq ID: 34040
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34040
Summary:
Nucleus CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Versions prior to Nucleus CMS 3.40 are vulnerable.

39. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability
BugTraq ID: 34039
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34039
Summary:
The 'mks_vir' program is prone a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with elevated privileges; this may aid in further attacks.

Versions prior to mks_vir 9 Beta 1.2.0.0 build 297 are vulnerable.

40. PHORTAIL 'poster.php' Multiple HTML Injection Vulnerabilities
BugTraq ID: 34038
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34038
Summary:
PHORTAIL is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

PHORTAIL 1.2.1 is vulnerable; other versions may also be affected.

41. CMS S.Builder 'index.php' Remote File Include Vulnerability
BugTraq ID: 34037
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34037
Summary:
CMS S.Builder is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

CMS S.Builder 3.7 is vulnerable; other versions may also be affected.

42. Foxit Reader PDF Handling Multiple Remote Vulnerabilities
BugTraq ID: 34035
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34035
Summary:
Foxit Reader is prone to multiple remote vulnerabilities,

Attackers may leverage these issues to execute arbitrary code in the context of the application. Successful exploits may compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions.

The issues affect Foxit Reader 3.0.2009.1301, 3.0, and 2.3. Other versions may also be affected.

43. Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
BugTraq ID: 32926
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32926
Summary:
Courier-Authlib is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to Courier-Authlib 0.62.0 are vulnerable.

44. Multiple Cisco Wireless LAN Controllers Multiple Remote Vulnerabilities
BugTraq ID: 33608
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33608
Summary:
Multiple Cisco Wireless LAN Controllers are prone to these remote vulnerabilities:

- Multiple denial-of-service vulnerabilities
- A remote privilege-escalation vulnerability

Remote attackers can exploit these issues to gain administrative rights on an affected device or crash the device, denying service to legitimate users.

The following devices are affected:

Cisco 4400 Series Wireless LAN Controllers
Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (WiSM)
Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

45. WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability
BugTraq ID: 34075
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34075
Summary:
WordPress MU is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to WordPress MU 2.7 are vulnerable.

46. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

47. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

48. University of Washington IMAP 'tmail' and 'dmail' Local Buffer Overflow Vulnerabilities
BugTraq ID: 32072
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32072
Summary:
University of Washington IMAP 'tmail' and 'dmail' are prone to local buffer-overflow vulnerabilities because they fail to perform adequate boundary checks on user-supplied data.

The attacker can exploit this issue to execute arbitrary code within the context of the vulnerable application, possibly resulting in elevated privileges. Since 'tmail' is installed setuid root by default, this may result in a complete compromise of the vulnerable computer.

The following applications are vulnerable:

University of Washington imap-2007c and earlier
University of Washington Alpine 2.00
Panda Programming imap

49. SMART Technologies SMART Board Unspecified Directory Traversal Vulnerability
BugTraq ID: 34045
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34045
Summary:
SMART Technologies SMART Board is prone to an unspecified directory-traversal vulnerability because the device's webserver fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

We don't know which versions of SMART Board are affected. We will update this BID when more details emerge.

50. cURL/libcURL HTTP 'Location:' Redirect Security Bypass Vulnerability
BugTraq ID: 33962
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33962
Summary:
cURL/libcURL is prone to a security-bypass vulnerability.

Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks.

This issue affects cURL/libcURL 5.11 through 7.19.3. Other versions may also be vulnerable.

51. Hewlett-Packard WMI Mapper for HP Systems Insight Manager Unauthorized Access Vulnerabilities
BugTraq ID: 34078
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34078
Summary:
WMI Mapper for HP Systems Insight Manager is prone to multiple unspecified unauthorized-access vulnerabilities. Remote and local attackers may exploit these issues to gain unauthorized access to data.

Versions prior to WMI Mapper for SIM 2.5.2.0 are vulnerable.

52. Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
BugTraq ID: 30496
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/30496
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 4.1.0 through 4.1.37
Tomcat 5.5.0 through 5.5.26
Tomcat 6.0.0 through 6.0.16

53. Apache Tomcat WebDav Remote Information Disclosure Vulnerability
BugTraq ID: 26070
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/26070
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server.

54. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
BugTraq ID: 30494
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/30494
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.

The following versions are affected:

Tomcat 4.1.0 through 4.1.37
Tomcat 5.5.0 through 5.5.26
Tomcat 6.0.0 through 6.0.16

Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.

55. Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
BugTraq ID: 27706
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/27706
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data.

Attackers can exploit this issue to access potentially sensitive data that may aid in further attacks.

Versions prior to Apache Tomcat 6.0.16 and 5.5.26 are vulnerable.

NOTE: This vulnerability is caused by an incomplete fix for BID 25316 - Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities (CVE-2007-3385).

56. Apache Tomcat Host Manager Cross Site Scripting Vulnerability
BugTraq ID: 29502
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/29502
Summary:
Apache Tomcat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. The issue affects the Host Manager web application.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The issue affects the following versions:

Tomcat 5.5.9 through 5.5.26
Tomcat 6.0.0 through 6.0.16

57. Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
BugTraq ID: 27006
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/27006
Summary:
Apache Tomcat is prone to a vulnerability that can allow third-party web applications to write files to arbitrary locations with the privileges of Tomcat.

This issue stems from an inadequate default security policy.

Attackers can leverage this issue to write or overwrite arbitrary log file data in unauthorized locations.

Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 are vulnerable.

58. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions prior to the following:

JDK and JRE 6 Update 11 or later
JDK and JRE 5.0 Update 17 or later
SDK and JRE 1.4.2_19 or later
SDK and JRE 1.3.1_24 or later

59. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

60. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
BugTraq ID: 32892
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32892
Summary:
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.

This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.

An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.

NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

61. Sun xVM VirtualBox Local Privilege Escalation Vulnerability
BugTraq ID: 34080
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34080
Summary:
Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability.

An attacker can exploit this vulnerability to run arbitrary code with superuser privileges.

The following versions for the Linux platform are vulnerable:

Sun xVM VirtualBox 2.0
Sun xVM VirtualBox 2.1

62. Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation Vulnerability
BugTraq ID: 34010
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34010
Summary:
Linux-PAM is prone to a vulnerability related to the parsing of user names containing non-ASCII characters from PAM configuration files. Specifically, this issue is caused by an error in the '_pam_StrTok()' function, which may strip a single trailing non-ASCII character from user names before returning them as 'arg3'.

Note that root access is required to modify the affected configuration files.

A local attacker may exploit this issue to authenticate as additional users. The attacker may be able to create a denial-of-service condition or possibly to execute arbitrary code as the affected process, but this has not been confirmed.

Versions prior to Linux-PAM 1.0.4 are vulnerable.

63. openSUSE Linux gtk2 Package Search Path Remote Command Execution Vulnerability
BugTraq ID: 34068
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34068
Summary:
The openSUSE gtk2 package is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to run a vulnerable application in a directory containing a malicious module file with a specific name. A successful exploit will allow arbitrary commands to run with the privileges of the currently logged-in user.

openSUSE 11.0 and 11.1 are vulnerable.

64. Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability
BugTraq ID: 34084
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34084
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly flush the '/proc/net/rt_cache' file under some conditions.

Attackers can exploit this issue to cause the kernel to fail to respond to network traffic, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25 are vulnerable.

65. Sun Java System Communications Express Multiple HTML Injection Vulnerabilities
BugTraq ID: 34083
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34083
Summary:
Sun Java System Communications Express is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

We don't know which versions of Java System Communications Express are affected. We will update this BID when more details emerge.

66. Sun Solaris Doors Kernel Functionality Multiple Vulnerabilities
BugTraq ID: 34081
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34081
Summary:
The Doors subsystem of the Solaris kernel is prone to multiple vulnerabilities.

An attacker may exploit these issues to execute arbitrary code in the context of the Solaris kernel or cause denial-of-service conditions. Successful exploits may completely compromise the vulnerable system.

These issues affect the following on both x86 and SPARC platforms:

Solaris 8
Solaris 9
Solaris 10
OpenSolaris based on builds snv_01 through snv_93

67. Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
BugTraq ID: 33751
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33751
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects Reader and Acrobat 9, 8.1.3 and prior, and 7.

UPDATE (February 24, 2009): Further reports suggest that this issue affects the vulnerable applications running on Apple Mac OS X and various Linux-based operating systems.

68. xterm DECRQSS Remote Command Execution Vulnerability
BugTraq ID: 33060
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33060
Summary:
The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

The issue affects xterm with patch 237; other versions may also be affected.

69. pam-krb5 Local Privilege Escalation Vulnerability
BugTraq ID: 33740
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33740
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system.

This issue affects pam-krb5 as shipped with Debian, Ubuntu, and Gentoo Linux releases; other versions may also be vulnerable.

70. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 33741
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33741
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

A local attacker may exploit this to corrupt the credential cache. This may allow the attacker to gain elevated privileges or to create a denial-of-service condition.

Versions prior to pam-krb5 3.13 are vulnerable.

71. Numara FootPrints HTML Injection and Remote Command Execution Vulnerabilities
BugTraq ID: 28103
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/28103
Summary:
Numara FootPrints is prone to an HTML-injection vulnerability and a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.

Attackers can exploit these issues to execute arbitrary commands within the context of the webserver, execute arbitrary HTML or JavaScript code within the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Other attacks are also possible.

Numara FootPrints 8.1 for Linux is vulnerable; other versions running on different platforms may also be affected.

72. QuoteBook Information Disclosure, SQL Injection and HTML Injection Vulnerabilities
BugTraq ID: 33166
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33166
Summary:
QuoteBook is prone to an information-disclosure vulnerability, multiple SQL-injection vulnerabilities and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.

The attacker may exploit the information-disclosure issue to obtain database credentials. Information harvested can aid in launching further attacks.

The attacker may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

An attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.

73. Mozilla Firefox 'designMode' Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 33154
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33154
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.5 and 3.0.6 are vulnerable; other versions may also be affected.

74. Wesnoth PythonAI Remote Code Execution Vulnerability
BugTraq ID: 33971
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33971
Summary:
Wesnoth is prone to a remote code-execution vulnerability caused by a design error.

Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application.

Versions prior to Wesnoth 1.5.11 are affected.

75. libsndfile CAF Processing Buffer Overflow Vulnerability
BugTraq ID: 33963
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33963
Summary:
The 'libsndfile' library is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of an application using the library. This can compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

This issue affects libsndfile 1.0.18; previous versions may also be vulnerable.

76. Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
BugTraq ID: 33769
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33769
Summary:
Ruby is prone to an X.509 certificate-verification vulnerability.

Exploiting this issue may allow an attacker to have a revoked x.509 certificate accepted as valid. This may allow the attacker to conduct phishing attacks or to impersonate legitimate sites. Other attacks are also possible.

Ruby 1.8.7 and 1.9.1 are vulnerable; other versions may also be affected.

77. FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability
BugTraq ID: 33502
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33502
Summary:
FFmpeg is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to FFmpeg trunk revision 16846 are vulnerable.

78. Openswan IPsec Livetest Insecure Temporary File Creation Vulnerability
BugTraq ID: 31243
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/31243
Summary:
Openswan creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

UPDATE (March 9, 2009): The vendor disputes the validity of this issue, stating that the vulnerable code was incomplete and never run from within the application. The vendor also reports that the latest version of Openswan has disabled the offending code.

79. Webformatique Car Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability
BugTraq ID: 33978
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33978
Summary:
The Webformatique Car Manager component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Car Manager 2.1.0 is vulnerable; other versions may also be affected.

UPDATE (March 10, 2009): The vendor states that the application is not vulnerable.

80. Webformatique Reservation Manager Joomla! Component 'ItemID' Parameter SQL Injection Vulnerability
BugTraq ID: 33976
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33976
Summary:
The Webformatique Reservation Manager component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

UPDATE (March 10, 2009): The vendor states that the application is not vulnerable.

81. Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability
BugTraq ID: 33858
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33858
Summary:
Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the destination IP address.

Attackers may exploit this issue to obtain sensitive information such as internal intranet webpages. Additional attacks may also be possible.

The following products are vulnerable; additional applications or devices may also be affected:

Ziproxy 2.6.0
Smoothwall SmoothGuardian
QBIK WinGate 6.5.2
Squid 2.7 and 3.0

82. ReVou Login SQL Injection Vulnerability
BugTraq ID: 32525
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32525
Summary:
ReVou is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

83. Psi Malformed Packet Remote Denial of Service Vulnerability
BugTraq ID: 32987
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/32987
Summary:
Psi is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to crash, denying service to legitimate users.

This issue affects Psi 0.12; other versions may also be vulnerable.

84. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
BugTraq ID: 33846
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/33846
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Versions prior to Linux Kernel 2.6.28.6 are vulnerable.

85. IBM Tivoli Storage Manager Express and Enterprise Server Remote Buffer Overflow Vulnerability
BugTraq ID: 34077
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34077
Summary:
IBM Tivoli Storage Manager (TSM) Express and Enterprise servers are prone to a remote heap-based buffer-overflow vulnerability.

Successfully exploiting this issue would allow a remote attacker to corrupt memory and execute arbitrary code in the context of the vulnerable application.

86. DASH '.profile' Local Privilege Escalation Vulnerability
BugTraq ID: 34092
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34092
Summary:
DASH is prone to a local vulnerability that results in code execution with elevated privileges.

Successful exploits may allow attackers to execute arbitrary code within the context of the user running the affected application. This may allow local attackers to gain root-level privileges, resulting in a complete compromise of an affected computer.

87. Drupal Forward Module Flood Control API Open Email Relay Vulnerability
BugTraq ID: 34091
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34091
Summary:
Drupal Forward module is prone to an open-email-relay vulnerability.

An attacker could exploit this issue by constructing a script that would send unsolicited spam to an unrestricted amount of email addresses from a forged email address.

Versions prior to Drupal Forward 5.x-1.19 and 6.x-1.0 are vulnerable.

88. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
BugTraq ID: 34090
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34090
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying service to legitimate users.

89. Mandriva perl-MDK-Common Unspecified Privilege Escalation Vulnerability
BugTraq ID: 34089
Remote: No
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34089
Summary:
Mandriva perl-MDK-Common is prone to an unspecified privilege-escalation vulnerability due to a failure to properly validate user supplied input.

An attacker may exploit this issue to gain elevated privileges.

90. OpenPHPnuke SQLite Abstraction Layer SQL Injection Vulnerability
BugTraq ID: 34088
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34088
Summary:
OpenPHPnuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to OpenPHPnuke 2.4.16 are vulnerable.

91. Traidnt UP 'uploadcp/files.php' Insecure Cookie Authentication Bypass Vulnerability
BugTraq ID: 34087
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34087
Summary:
Traidnt UP is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.

Traidnt UP 2.0 is vulnerable; other versions may also be affected.

92. Wesnoth Compressed Data Remote Denial of Service Vulnerability
BugTraq ID: 34085
Remote: Yes
Last Updated: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34085
Summary:
Wesnoth is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to crash, denying service to legitimate users.

93. Adobe Flash Player Clipboard Security Weakness
BugTraq ID: 31117
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/31117
Summary:
Adobe Flash Player is prone to a security weakness that may allow attackers to inject arbitrary content into a user's clipboard.

Attackers can exploit this issue to overwrite content that is contained in a victim's clipboard. As a result, attacker-supplied URIs can persist in the victim's clipboard.

94. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 33890
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33890
Summary:
Adobe Flash Player is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

Versions prior to Flash Player 10.0.22.87 are vulnerable.

95. Adobe Flash Player Unspecified Information Disclosure Vulnerability
BugTraq ID: 33889
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33889
Summary:
Adobe Flash Player is prone to an information-disclosure vulnerability.

Successful exploits will allow an attacker to obtain potentially sensitive information that may be used to elevate privileges.

This issue affects Flash Player on Linux-based operating systems only.

96. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
BugTraq ID: 33880
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33880
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Versions prior to Flash Player 10.0.12.36 are vulnerable.

97. Adobe Flash Player Remote Command Execution Vulnerability
BugTraq ID: 32896
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32896
Summary:
Adobe Flash Player is prone to a remote command-execution vulnerability due to a failure to validate user supplied input to an internal function.

Remote attackers may exploit this vulnerability to compromise an affected computer.

This issue affects Flash Player on Linux platforms.

Versions prior to Flash Player 10.0.15.3 and 9.0.152.0 are vulnerable.

98. Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 31537
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/31537
Summary:
Adobe Flash Player Plugin is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue will allow attackers to crash the browser that uses the plugin, denying service to legitimate users.

The following versions of Adobe Flash Player Plugin are vulnerable:

9.0.45.0
9.0.112.0
9.0.124.0
10.0.12.10

99. Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 32129
Remote: Yes
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32129
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.

Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication credentials, control how webpages are rendered, execute arbitrary script code in the context of the application, and execute arbitrary code in the context of the application. Other attacks may also be possible.

These issues affect Flash Player 9.0.124.0 and prior versions.

100. Multiple Linux Distributions 'login' Local Privilege Escalation Vulnerability
BugTraq ID: 32552
Remote: No
Last Updated: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/32552
Summary:
Multiple Linux distributions a local privilege-escalation vulnerability because of an error in the 'login' program.

Local attackers in the UTMP group could exploit this issue to take ownership of arbitrary files on the vulnerable system. This may lead to a complete compromise of the system.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

2. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

3. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

4. Group releases list to kill most-dangerous bugs
By: Robert Lemos
Software makers, security vendors, and government agencies team up to create a list of the 25 most severe software issues, aiming to get developers to stop making mistakes.
http://www.securityfocus.com/news/11542

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SQL Server stored procedure encryption
http://www.securityfocus.com/archive/88/501582

2. SecurityFocus Microsoft Newsletter #434
http://www.securityfocus.com/archive/88/501511

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sophos

Laws, regulations and compliance: Top tips for keeping your data under your control

http://dinclinx.com/Redirect.aspx?36;4035;35;189;0;5;259;787c0986ab9c445
a

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus