SecurityFocus News
SecurityFocus Newsletter #496 Mar 26 2009 05:09PM
sfa securityfocus com
SecurityFocus Newsletter #496
----------------------------------------

This issue is sponsored by Entrust

Securing What's at Risk: A Common Sense Approach to Protecting Users Online

This white paper outlines issues with managing online identities across a diverse customer base when faced with increasing threats. It proposes a common sense approach that matches security to the assessed risk for users, actions and applications.

http://dinclinx.com/Redirect.aspx?36;3123;45;189;0;7;259;4e7f07a589d9493
8

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time to Shield Researchers
2. Contracting For Secure Code
II. BUGTRAQ SUMMARY
1. OpenSSL Multiple Vulnerabilities
2. IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
3. Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
4. Moodle Calendar Export Unspecified Information Disclosure Vulnerability
5. Moodle 'Login As' Cross Site Scripting Vulnerability
6. Moodle Log Table HTML Injection Vulnerability
7. Linux Kernel 'inotify_read()' Local Denial of Service Vulnerability
8. Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
9. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10. Netrw Vim Script Multiple Command Execution Vulnerabilities
11. Netrw Vim Script Information Disclosure Vulnerability
12. Vim Vim Script Multiple Command Execution Vulnerabilities
13. Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
14. Vim 'zip.vim' Plugin Arbitrary Command Execution Vulnerability
15. Vim 'tar.vim' Plugin Arbitrary Command Execution Vulnerability
16. HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability
17. RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
18. Rittal CMC-TC Processing Unit II Cross Site Scripting And HTML Injection Vulnerabilities
19. Rittal CMC-TC Processing Unit II Administrator Session ID Security Bypass Vulnerability
20. PHPizabi 'notepad_body' Parameter SQL Injection Vulnerability
21. PHPizabi 'modules/chat/dac.php' Local File Include Vulnerability
22. MLdonkey HTTP Request Arbitrary File Download Vulnerability
23. PHP Classifieds Arbitrary File Upload and Cross Site Scripting Vulnerabilities
24. POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability
25. ZyXEL G570S Crafted HTTP Requests Multiple Vulnerabilities
26. Siemens Gigaset SE461 WiMAX router Request Denial of Service Vulnerability
27. Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities
28. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
29. Foxit Reader PDF Handling Multiple Remote Vulnerabilities
30. phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
31. phpMyAdmin 'export page' Cross Site Scripting Vulnerability
32. phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
33. Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
34. Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
35. CCCP Community Clan Portal Multiple SQL Injection Vulnerabilities
36. PowerCHM '.HHP' File Stack Buffer Overflow Vulnerability
37. Blogplus Multiple Local File Include Vulnerabilities
38. Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
39. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
40. Jinzora 'name' Parameter Local File Include Vulnerability
41. PHPCMS2008 'ask/search_ajax.php' SQL Injection Vulnerability
42. eXeScope File Handling Remote Buffer Overflow Vulnerability
43. pam-krb5 Local Privilege Escalation Vulnerability
44. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
45. BlogEngine.NET 'search.aspx' Cross Site Scripting Vulnerability
46. SurfMyTv Script 'view.php' SQL Injection Vulnerability
47. Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
48. Cisco IOS Secure Copy Remote Privilege Escalation Vulnerability
49. Cisco IOS Multiple Features UDP Packet Denial of Service Vulnerability
50. Blogator-script 'init_pass2.php' SQL Injection Vulnerability
51. ClanSphere Multiple Information Disclosure Vulnerabilities
52. 6rbScript 'section.php' Local File Include Vulnerability
53. IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
54. Muttprint Insecure Temporary File Creation Vulnerability
55. Cisco IOS Cisco Tunneling Control Protocol Remote Denial of Service Vulnerability
56. Cisco IOS Multiple Features IP Sockets Denial Of Service Vulnerability
57. Zinf Multiple Playlist Files Buffer Overflow Vulnerability
58. Cisco IOS Multiple Features TCP Packet Denial of Service Vulnerability
59. Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
60. Cisco IOS Mobile IP/Mobile IPv6 Multiple Denial of Service Vulnerablities
61. Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities
62. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
63. Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability
64. Syzygy CMS SQL Injection and Local File Include Vulnerabilities
65. Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability
66. Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
67. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
68. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
69. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
70. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
71. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
72. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
73. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
74. Adobe Flash Player Unspecified Information Disclosure Vulnerability
75. NetworkManager Permission Enforcement Multiple Local Vulnrabilities
76. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
77. Adobe Acrobat and Reader JBIG2 Image Processing Multiple Remote Code Execution Vulnerabilities
78. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
79. Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability
80. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
81. Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
82. SystemTap Local Privilege Escalation Vulnerability
83. PHPizabi 'modules/interact/file.php' Arbitrary File Upload Vulnerability
84. WeBid 'upldgallery.php' Arbitrary File Upload Vulnerability
85. Drupal Token Authentication Module Authentication Bypass Vulnerability
86. Drupal Wikitools Module Multiple Unspecified Cross Site Scripting Vulnerabilities
87. Lua Unspecified Bytecode Verifier Security Vulnerability
88. Comparison Engine Power 'product.comparision.php' SQL Injection Vulnerability
89. Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
90. Tor Multiple Denial of Service Vulnerabilities
91. IBM Access Support ActiveX Control 'GetXMLValue()' Buffer Overflow Vulnerability
92. PADL nss_ldap '/etc/nss_ldapd.conf' Local Information Disclosure Vulnerability
93. Free Arcade Script SQL Injection and Arbitrary File Upload Vulnerabilities
94. Codice CMS 'index.php' SQL Injection Vulnerability
95. Pluck 'module_pages_site.php' Parameter Local File Include Vulnerability
96. Nucleus CMS Media Manager Unspecified Directory Traversal Vulnerability
97. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
98. Horde XSS Filter Cross Site Scripting Vulnerability
99. Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities
100. Horde Products Local File Include and Cross Site Scripting Vulnerabilities
III. SECURITYFOCUS NEWS
1. Browsers bashed first in hacking contest
2. Experts: U.S. needs to defend its "cyber turf"
3. Advisor: U.S. needs policy to defend cyberspace
4. Cabal forms to fight Conficker, offers bounty
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Shield Researchers
By Oliver Day
Research is the backbone of the security industry but the legal climate has become so adverse that researchers have had to worry about injunctions, FBI visits, and even arrest.
http://www.securityfocus.com/columnists/495

2. Contracting For Secure Code
By Chris Wysopal
Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab.
http://www.securityfocus.com/columnists/494

II. BUGTRAQ SUMMARY
--------------------
1. OpenSSL Multiple Vulnerabilities
BugTraq ID: 34256
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34256
Summary:
OpenSSL is prone to multiple vulnerabilities that may allow attackers to trigger denial-of-service conditions or bypass certain security checks.

Versions prior to OpenSSL 0.9.8k are vulnerable.

2. IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
BugTraq ID: 34259
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34259
Summary:
IBM WebSphere Application Server (WAS) for z/OS is prone to a cross-site scripting issue and a file-permission security issue.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The attacker can exploit the file-permission issue to gain write access to certain files, which could affect system integrity and lead to other attacks.

These issues affect WAS 7.0 for z/OS.

3. Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
BugTraq ID: 33615
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33615
Summary:
Moodle is prone to a cross-site request-forgery vulnerability.

Attackers may exploit this issue to perform unauthorized actions on forum posts. Other attacks may also be possible.

The following versions are affected:

Moodle 1.9.x (prior to 1.9.4)
Moodle 1.8.x (prior to 1.8.8)
Moodle 1.7.x (prior to 1.7.7)

4. Moodle Calendar Export Unspecified Information Disclosure Vulnerability
BugTraq ID: 33612
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33612
Summary:
Moodle is prone to an unspecified information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks, including brute-force attacks against user accounts.

The following versions are affected:

Moodle 1.9.x (prior to 1.9.4)
Moodle 1.8.x (prior to 1.8.8)

5. Moodle 'Login As' Cross Site Scripting Vulnerability
BugTraq ID: 33617
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33617
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

The following versions are affected:

Moodle 1.9.x (prior to 1.9.4)
Moodle 1.8.x (prior to 1.8.8)
Moodle 1.7.x (prior to 1.7.7)
Moodle 1.6.x (prior to 1.6.9)

6. Moodle Log Table HTML Injection Vulnerability
BugTraq ID: 33610
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33610
Summary:
Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

The following Moodle branches and corresponding versions are affected:

1.9.x: prior to 1.9.4
1.8.x: prior to 1.8.8
1.7.x: prior to 1.7.7
1.6.x: prior to 1.6.9

7. Linux Kernel 'inotify_read()' Local Denial of Service Vulnerability
BugTraq ID: 33624
Remote: No
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33624
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause an oops condition in the Linux kernel, which may cause a denial of service.

Versions prior to the Linux kernel 2.6.28.3 are vulnerable.

8. Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
BugTraq ID: 33961
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33961
Summary:
Opera Web Browser is prone to multiple security vulnerabilities.

Successful exploits may allow attackers to:
- execute arbitrary code in the context of the application
- execute arbitrary script code in the browser of an unsuspecting user in the context of certain sites
- cause denial-of-service conditions
- steal cookie-based authentication credentials
- obtain sensitive information
- carry out other attacks

Versions prior to Opera 9.64 are vulnerable.

9. Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
BugTraq ID: 29653
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/29653
Summary:
The Apache 'mod_proxy_http' module is prone to a denial-of-service vulnerability that affects the processing of interim responses.

Attackers may exploit this issue to cause denial-of-service conditions.

Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected.

10. Netrw Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 30115
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/30115
Summary:
Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Netrw 125 is vulnerable; other versions may also be affected.

11. Netrw Vim Script Information Disclosure Vulnerability
BugTraq ID: 30670
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/30670
Summary:
Netrw is prone to an information-disclosure vulnerability because the application fails to clear login credentials between FTP sessions.

Successfully exploiting this issue can allow an attacker to obtain login credentials form previous FTP sessions.

Netrw 131 is vulnerable; other versions may also be affected.

12. Vim Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 29715
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/29715
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.1.298 is vulnerable; other versions may also be affected.

13. Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
BugTraq ID: 34169
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34169
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects the following:

Reader and Acrobat 7.1 and prior
Reader and Acrobat 8.1.2 and prior
Reader and Acrobat 9

UPDATE (March 24, 2009): This BID was previously titled 'Adobe Acrobat and Reader Unspecified JavaScript Method Remote Code Execution Vulnerability', but it has been updated to better document the issue.

14. Vim 'zip.vim' Plugin Arbitrary Command Execution Vulnerability
BugTraq ID: 32463
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/32463
Summary:
The 'zip.vim' plugin for Vim is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.0 and 7.1 are vulnerable.

15. Vim 'tar.vim' Plugin Arbitrary Command Execution Vulnerability
BugTraq ID: 32462
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/32462
Summary:
The 'tar.vim' plugin for Vim is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.0 and 7.1 are vulnerable.

16. HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability
BugTraq ID: 34226
Remote: No
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34226
Summary:
HP-UX is prone to a local privilege-escalation vulnerability affecting VERITAS File System (VRTSvxfs) and VERITAS Oracle Disk Manager (VRTSodm).

Local attackers can exploit this issue to gain superuser privileges, completely compromising affected computers.

The following are vulnerable:

HP-UX B.11.11 running VRTSodm 3.5
HP-UX B.11.23 running VRTSodm 4.1 or VRTSvxfs 4.1 or both
HP-UX B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0 or both
HP-UX B.11.31 running VRTSodm 5.0

17. RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
BugTraq ID: 31681
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/31681
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-007.

The security update addresses a total of 11 new vulnerabilities that affect the ColorSync, CUPS, Finder, launchd, Networking, Postfix, PSNormalizer, rlogin, Script Editor, and Weblog components of Mac OS X. The advisory also contains security updates for 30 previously reported issues.

NOTE: This BID is being retired; the following individual records have been created to better document these issues:

31716 Apple Script Editor Unspecified Insecure Temporary File Creation Vulnerability
31718 Apple Mac OS X Server Weblog Access Control List Security Bypass Vulnerability
31708 Apple Mac OS X 'hosts.equiv' Security Bypass Vulnerability
31721 Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
31719 Apple PSNormalizer PostScript Buffer Overflow Vulnerability
31711 Apple Mac OS X 'configd' EAPOLController Plugin Local Heap Based Buffer Overflow Vulnerability
31715 Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow Vulnerability
31720 Apple Finder Denial of Service Vulnerability
31707 Apple OS X QuickLook Excel File Integer Overflow Vulnerability
31688 CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability
31722 Apple Mac OS X 10.5 'launchd' Unspecified Security Bypass Vulnerability

18. Rittal CMC-TC Processing Unit II Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 34215
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34215
Summary:
Rittal CMC-TC Processing Unit II is prone to multiple cross-site scripting and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to CMC-TC Processing Unit II 2.60a are vulnerable.

19. Rittal CMC-TC Processing Unit II Administrator Session ID Security Bypass Vulnerability
BugTraq ID: 34217
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34217
Summary:
Rittal CMC-TC Processing Unit II is prone to a vulnerability that can allow an attacker to predict the administrator session ID.

Attackers can exploit this issue to hijack administrator HTTP sessions, which can lead to further attacks.

The CMC-TC Processing Unit II 2.45 and 2.60a are vulnerable; other versions may also be affected.

20. PHPizabi 'notepad_body' Parameter SQL Injection Vulnerability
BugTraq ID: 34223
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34223
Summary:
PHPizabi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHPizabi 0.848b C1 HFP1 is vulnerable; other versions may also be affected.

21. PHPizabi 'modules/chat/dac.php' Local File Include Vulnerability
BugTraq ID: 34213
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34213
Summary:
PHPizabi is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view or execute local files within the context of the webserver process. Information harvested may aid in further attacks.

This issue affects PHPizabi 0.848b C1 HFP1 through 3; other versions may also be affected.

22. MLdonkey HTTP Request Arbitrary File Download Vulnerability
BugTraq ID: 33865
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33865
Summary:
MLdonkey is prone to a vulnerability that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary files within the context of the application. Information harvested may aid in launching further attacks.

MLdonkey 2.9.7 is vulnerable; other versions may also be affected.

23. PHP Classifieds Arbitrary File Upload and Cross Site Scripting Vulnerabilities
BugTraq ID: 34222
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34222
Summary:
PHP Classifieds is prone to a vulnerability that lets attackers upload and execute arbitrary code. The application is also prone to a cross-site scripting issue. These issues occur because the application fails to sufficiently sanitize user-supplied input.

Attackers can exploit these issues to steal cookie information, execute arbitrary client-side scripts in the context of the browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.

These issues affect PHP Classifieds 7.3; other versions may also be affected.

24. POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability
BugTraq ID: 34192
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34192
Summary:
POP Peeper is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

UPDATE (March 23, 2009): This issue may also be triggered by loading an '.eml' mail file that includes an overly long string as a 'From' mail header.

POP Peeper 3.4.0.0 is vulnerable; other versions may also be affected.

25. ZyXEL G570S Crafted HTTP Requests Multiple Vulnerabilities
BugTraq ID: 34221
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34221
Summary:
ZyXEL G570S is prone to multiple vulnerabilities, including security-bypass, denial-of-service, and information-disclosure issues.

Attackers can exploit these issues to bypass certain security restrictions, cause a denial-of-service condition, or obtain sensitive information.

26. Siemens Gigaset SE461 WiMAX router Request Denial of Service Vulnerability
BugTraq ID: 34220
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34220
Summary:
Gigaset SE461 WiMAX router is prone to a denial-of-service vulnerability because it fails to adequately handle malformed requests.

Successful exploits will deny service to legitimate users.

27. Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities
BugTraq ID: 34258
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34258
Summary:
Microsoft Windows Services for UNIX and Subsystem for UNIX-based Applications (SUA) are prone to multiple remote code-execution vulnerabilities.

Exploiting these issues can allow an attacker to execute arbitrary code within the context of the affected applications.

Various versions of Windows 2008, Windows Vista, and Windows Services for UNIX are affected.

28. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
BugTraq ID: 34044
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34044
Summary:
eZip Wizard is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

eZip Wizard 3.0 is vulnerable; other versions may also be affected.

29. Foxit Reader PDF Handling Multiple Remote Vulnerabilities
BugTraq ID: 34035
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34035
Summary:
Foxit Reader is prone to multiple remote vulnerabilities,

Attackers may leverage these issues to execute arbitrary code in the context of the application. Successful exploits may compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions.

The issues affect Foxit Reader 3.0.2009.1301, 3.0, and 2.3. Other versions may also be affected.

30. phpMyAdmin BLOB Streaming Multiple Input Validation Vulnerabilities
BugTraq ID: 34253
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34253
Summary:
phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTTP response-splitting vulnerability and a local file-include vulnerability.

These issues can be leveraged to view or execute arbitrary local scripts, or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. Other attacks are also possible.

Versions prior to phpMyAdmin 3.1.3.1 are vulnerable.

31. phpMyAdmin 'export page' Cross Site Scripting Vulnerability
BugTraq ID: 34251
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34251
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.

32. phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
BugTraq ID: 34236
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34236
Summary:
phpMyAdmin is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.

33. Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
BugTraq ID: 32712
Remote: No
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/32712
Summary:
Compiz Fusion is prone to a security-bypass vulnerability because of an issue with the 'Expo' plugin.

Attackers may be able to bypass certain security restrictions, which may allow them to bypass the screensaver protection and to access the locked desktop.

Versions prior to Compiz Fusion 0.5.2, 0.7.4, and 0.7.8 are vulnerable.

34. Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
BugTraq ID: 34184
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34184
Summary:
Ghostscript is prone to multiple integer-overflow and input-validation vulnerabilities.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the user running the affected application. Failed attacks will cause denial-of-service conditions.

35. CCCP Community Clan Portal Multiple SQL Injection Vulnerabilities
BugTraq ID: 34264
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34264
Summary:
CCCP Community Code Portal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to CCCP Community Clan Portal 2.80 are vulnerable.

36. PowerCHM '.HHP' File Stack Buffer Overflow Vulnerability
BugTraq ID: 34263
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34263
Summary:
PowerCHM is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

PowerCHM 5.7 is vulnerable; other versions may also be affected.

37. Blogplus Multiple Local File Include Vulnerabilities
BugTraq ID: 34261
Remote: Yes
Last Updated: 2009-03-26
Relevant URL: http://www.securityfocus.com/bid/34261
Summary:
Blogplus is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver process. A successful attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of the vulnerable server.

Blogplus 1.0 is vulnerable; other versions may also be affected.

38. Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
BugTraq ID: 34250
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34250
Summary:
Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019 ('Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability') is now provided in this BID.

39. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
BugTraq ID: 31019
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/31019
Summary:
Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

UPDATE (March 25, 2009): Further investigation reveals that technical details and an exploit regarding 'GpFont.SetData()', which were added to this BID on March 24, 2009, actually pertain to a new issue. Please see BID 34250 'Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability' for details.

40. Jinzora 'name' Parameter Local File Include Vulnerability
BugTraq ID: 34224
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34224
Summary:
Jinzora is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view or execute local files within the context of the webserver process. Information harvested may aid in further attacks.

Jinzora 2.8 is vulnerable; other versions may also be affected.

41. PHPCMS2008 'ask/search_ajax.php' SQL Injection Vulnerability
BugTraq ID: 34225
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34225
Summary:
PHPCMS2008 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to PHPCMS2008 2009.03.17 are vulnerable.

42. eXeScope File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 34219
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34219
Summary:
eXeScope is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

eXeScope 6.50 is vulnerable; other versions may be affected as well.

43. pam-krb5 Local Privilege Escalation Vulnerability
BugTraq ID: 33740
Remote: No
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33740
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system.

This issue affects pam-krb5 as shipped with Debian, Ubuntu, and Gentoo Linux releases; other versions may also be vulnerable.

44. pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 33741
Remote: No
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33741
Summary:
The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

A local attacker may exploit this to corrupt the credential cache. This may allow the attacker to gain elevated privileges or to create a denial-of-service condition.

Versions prior to pam-krb5 3.13 are vulnerable.

45. BlogEngine.NET 'search.aspx' Cross Site Scripting Vulnerability
BugTraq ID: 34227
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34227
Summary:
BlogEngine.NET is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

BlogEngine.NET 1.4 is vulnerable; other versions may also be affected.

46. SurfMyTv Script 'view.php' SQL Injection Vulnerability
BugTraq ID: 34230
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34230
Summary:
SurfMyTv Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SurfMyTv Script 1.0 is vulnerable; other versions may also be affected.

47. Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
BugTraq ID: 28973
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/28973
Summary:
Acritum Femitter Server is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

Femitter Server 1.03 is vulnerable; other versions may also be affected.

48. Cisco IOS Secure Copy Remote Privilege Escalation Vulnerability
BugTraq ID: 34247
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34247
Summary:
Cisco IOS is prone to a remote privilege-escalation vulnerability. This issue is tracked by Cisco Bug ID CSCsv38166.

Attackers may exploit this issue to obtain sensitive information or to create denial-of-service conditions. Successful exploits may also lead to further attacks.

49. Cisco IOS Multiple Features UDP Packet Denial of Service Vulnerability
BugTraq ID: 34245
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34245
Summary:
Multiple features of Cisco IOS (Internetwork Operating System) are prone to a denial-of-service vulnerability when handling specially crafted UDP packets.

An attacker can exploit this issue to trigger an affected device to block an interface and silently drop packets, causing denial-of-service conditions.

This issue is documented by Cisco Bug ID CSCsk64158.

The following features are affected:

IP Service Level Agreements (SLA) Responder
Session Initiation Protocol (SIP)
H.323 Annex E Call Signaling Transport
Media Gateway Control Protocol (MGCP)

50. Blogator-script 'init_pass2.php' SQL Injection Vulnerability
BugTraq ID: 28636
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/28636
Summary:
Blogator-script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Blogator-script 0.95 is vulnerable; other versions may also be affected.

51. ClanSphere Multiple Information Disclosure Vulnerabilities
BugTraq ID: 31293
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/31293
Summary:
ClanSphere is prone to multiple unspecified information-disclosure vulnerabilities.

An unprivileged attacker may exploit these issues to obtain sensitive information that may aid in launching further attacks.

Versions prior to ClanSphere 2008.2.1 are vulnerable.

52. 6rbScript 'section.php' Local File Include Vulnerability
BugTraq ID: 31299
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/31299
Summary:
6rbScript is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

6rbScript 3.3 is vulnerable; other versions may also be affected.

53. IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
BugTraq ID: 33065
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33065
Summary:
X.509 certificates are prone to a signature-collision attack when signed with the MD5 algorithm. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature.

An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible.

NOTE: This attack is an extension of the weakness covered in BID 11849 (MD5 Message Digest Algorithm Hash Collision Weakness).

54. Muttprint Insecure Temporary File Creation Vulnerability
BugTraq ID: 32743
Remote: No
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/32743
Summary:
Muttprint creates a temporary file in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Muttprint 0.72d; other versions may also be affected.

55. Cisco IOS Cisco Tunneling Control Protocol Remote Denial of Service Vulnerability
BugTraq ID: 34246
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34246
Summary:
Cisco IOS (Internetwork Operating System) is prone to a denial-of-service vulnerability.

A successful attack will cause an affected device to exhaust available memory, creating a denial-of-service condition.

This issue is documented by Cisco Bug IDs CSCsr16693 and CSCsu21828.

56. Cisco IOS Multiple Features IP Sockets Denial Of Service Vulnerability
BugTraq ID: 34242
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34242
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability that occurs when any of the following features are enabled:

- Cisco Unified Communications Manager Express (Cisco CME) using TCP port 3804
- Session Initiation Protocol (SIP) Gateway Signaling Support using TCP port 2443
- SIP Secure Signaling and Media Encryption using TCP ports 5060 and 5061
- Blocks Extensible Exchange Protocol (BEEP) using a configuration-defined TCP port
- Various Network Admission Control (NAC) Features using TCP ports 80 and 443
- Distributed Director with HTTP Redirects using TCP ports 53 and 80
- DNS using TCP port 53

A remote attacker may exploit this issue to consume excessive CPU or memory, to cause the affected device to reload, or to cause the device to refuse new connections. Successful attacks will result in denial-of-service conditions.

This issue is being tracked by Cisco Bug ID CSCsm27071.

57. Zinf Multiple Playlist Files Buffer Overflow Vulnerability
BugTraq ID: 33482
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33482
Summary:
Zinf is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts will likely crash the application.

Zinf 2.2.1 is vulnerable; other versions may also be affected.

58. Cisco IOS Multiple Features TCP Packet Denial of Service Vulnerability
BugTraq ID: 34238
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34238
Summary:
Multiple features of Cisco IOS (Internetwork Operating System) are prone to a denial-of-service vulnerability when handling specially crafted TCP packets.

An attacker can exploit this issue to trigger an affected device to reload, causing denial-of-service conditions.

This issue is documented by Cisco Bug ID CSCsr29468.

The following features are affected:

Airline Product Set (ALPS)
Serial Tunnel Code (STUN) and Block Serial Tunnel Code (BSTUN)
Native Client Interface Architecture support (NCIA)
Data-link switching (DLSw)
Remote Source-Route Bridging (RSRB)
Point to Point Tunneling Protocol (PPTP)
X.25 for Record Boundary Preservation (RBP)
X.25 over TCP (XOT)
X.25 Routing

59. Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
BugTraq ID: 34243
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34243
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability.

An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users.

This issue is being tracked by Cisco Bug ID CSCsu11522.

60. Cisco IOS Mobile IP/Mobile IPv6 Multiple Denial of Service Vulnerablities
BugTraq ID: 34241
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34241
Summary:
Cisco IOS is prone to multiple remote denial-of-service vulnerabilities.

Successfully exploiting these issues allows remote attackers to crash the targeted device, denying service to legitimate users.

These issues are tracked by Cisco Bug IDs CSCsm97220 and CSCso05337.

61. Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities
BugTraq ID: 34239
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34239
Summary:
Cisco IOS is prone to multiple remote denial-of-service vulnerabilities.

Successfully exploiting these issues allows remote attackers to cause targeted device to crash, denying service to legitimate users.

62. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 34240
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34240
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions *prior to* the following:

JDK and JRE 6 Update 13
JDK and JRE 5.0 Update 18
SDK and JRE 1.4.2_20
SDK and JRE 1.3.1_25

63. Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability
BugTraq ID: 34209
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34209
Summary:
Sysax Multi Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow a remote attacker to access arbitrary files outside of the FTP server root directory. This can expose sensitive information that could help the attacker launch further attacks.

Sysax Multi Server 4.3 is vulnerable; other versions may also be affected.

64. Syzygy CMS SQL Injection and Local File Include Vulnerabilities
BugTraq ID: 34210
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34210
Summary:
Syzygy CMS is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The attacker can exploit the local file-include issue to execute arbitrary local script code and obtain sensitive information that may aid in further attacks.

Syzygy CMS 0.3 is vulnerable; other versions may also be affected.

65. Mozilla Firefox XSL Parsing 'root' XML Tag Remote Memory Corruption Vulnerability
BugTraq ID: 34235
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34235
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.

66. Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
BugTraq ID: 34185
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34185
Summary:
Little CMS is prone to a denial-of-service vulnerability and multiple memory-corruption vulnerabilities because it fails to perform adequate checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application or launch denial-of-service attacks.

Versions prior to Little CMS 1.18beta2 are vulnerable.

NOTE: Other applications that use Little CMS (such as Mozilla Firefox, OpenJDK, and GIMP) are vulnerable to these issues as well.

67. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
BugTraq ID: 32892
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/32892
Summary:
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.

This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.

An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.

NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.

The following versions are affected:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

68. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions *prior to* the following:

JDK and JRE 6 Update 11
JDK and JRE 5.0 Update 17
SDK and JRE 1.4.2_19
SDK and JRE 1.3.1_24

69. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

The following versions are affected:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

70. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34100
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34100
Summary:
The GNOME glib library is prone to multiple integer-overflow vulnerabilities related to encoding and decoding Base64 data.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

The following are vulnerable:

GNOME glib 2.11
GNOME glib 2.12
GStreamer gst-plugins-base prior to 0.10.23
GNOME libsoup prior to 2.2.0
GNOME libsoup prior to 2.24
Evolution Data Server prior to 2.24.5

Additional applications and versions may also be affected.

71. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities
BugTraq ID: 33990
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33990
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.

72. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
BugTraq ID: 33598
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33598
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, bypass certain security settings, and execute arbitrary script code with elevated privileges; other attacks are also possible.

73. Adobe Flash Player Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 33890
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33890
Summary:
Adobe Flash Player is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

Versions prior to Flash Player 10.0.22.87 are vulnerable.

74. Adobe Flash Player Unspecified Information Disclosure Vulnerability
BugTraq ID: 33889
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33889
Summary:
Adobe Flash Player is prone to an information-disclosure vulnerability.

Successful exploits will allow an attacker to obtain potentially sensitive information that may be used to elevate privileges.

This issue affects Flash Player on Linux-based operating systems only.

75. NetworkManager Permission Enforcement Multiple Local Vulnrabilities
BugTraq ID: 33966
Remote: No
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33966
Summary:
NetworkManager is prone to multiple local vulnerabilities because the software fails to properly enforce permissions.

Local attackers can exploit these issue to perform dbus queries to view network connection passwords and pre-shared keys and to modify or delete network connections. Other attacks may also be possible.

76. Adobe Flash Player Invalid Object Reference Remote Code Execution Vulnerability
BugTraq ID: 33880
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33880
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Versions prior to Flash Player 10.0.12.36 are vulnerable.

77. Adobe Acrobat and Reader JBIG2 Image Processing Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 34229
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34229
Summary:
Adobe Acrobat and Reader are prone to multiple remote code-execution vulnerabilities.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

These issues affect Reader and Acrobat 7.1.0, 8.1.3, 9.0.0, and earlier.

78. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
BugTraq ID: 34090
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34090
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying service to legitimate users.

79. Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability
BugTraq ID: 26687
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/26687
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to perform boundary checks before copying user-supplied data into process buffers.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users. Attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects Squid 2.6.STABLE16 and prior versions. All Squid-3 snapshots and prereleases up to the November 28 snapshot are also vulnerable.

80. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
BugTraq ID: 33604
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/33604
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain HTTP requests.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

This issue affects versions prior to Squid 2.7.STABLE5, Squid 3.0.STABLE12, and Squid 3.1.0.4.

81. Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
BugTraq ID: 28693
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/28693
Summary:
Squid is prone to a remote denial-of-service vulnerability because of a flaw when processing HTTP headers for cached objects.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

NOTE: This vulnerability was caused by an incorrect fix for the issue described in BID 26687 (Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability; CVE-2007-6239).

This issue affects Squid 2.6 prior to 2.6.STABLE18.

82. SystemTap Local Privilege Escalation Vulnerability
BugTraq ID: 34260
Remote: No
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34260
Summary:
SystemTap is prone to a local privilege-escalation vulnerability because of a race condition error.

An attacker can exploit this vulnerability to run arbitrary code with elevated privileges.

This issue affects SystemTap 0.0.20080705 and 0.0.20090314.

83. PHPizabi 'modules/interact/file.php' Arbitrary File Upload Vulnerability
BugTraq ID: 34255
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34255
Summary:
PHPizabi is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

PHPizabi versions 0.848b C1 HFP1 to 0.848b C1 HFP3 are vulnerable; other versions may also be affected.

84. WeBid 'upldgallery.php' Arbitrary File Upload Vulnerability
BugTraq ID: 34254
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34254
Summary:
WeBid is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

WeBid 0.7.3 RC9 and prior versions are vulnerable.

85. Drupal Token Authentication Module Authentication Bypass Vulnerability
BugTraq ID: 34252
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34252
Summary:
The Token Authentication module for Durpal is prone to an authentication-bypass vulnerability.

Attackers can exploit this vulnerability to gain unauthorized access to sensitive information. This may aid in further attacks.

Token Authentication 6.x-1.x prior to 6.x-1.1 is vulnerable.

86. Drupal Wikitools Module Multiple Unspecified Cross Site Scripting Vulnerabilities
BugTraq ID: 34249
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34249
Summary:
Drupal Wikitools module is prone to multiple unspecified cross-site scripting vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

87. Lua Unspecified Bytecode Verifier Security Vulnerability
BugTraq ID: 34237
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34237
Summary:
Lua is prone to an unspecified security vulnerability. This issue is related to the bytecode verifier.

Very little information is known about this issue. We will update this BID as more information emerges.

Lua 5.1.4 is affected; other versions may also be vulnerable.

88. Comparison Engine Power 'product.comparision.php' SQL Injection Vulnerability
BugTraq ID: 34232
Remote: Yes
Last Updated: 2009-03-25
Relevant URL: http://www.securityfocus.com/bid/34232
Summary:
Comparison Engine Power is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Comparison Engine Power 1.0 is vulnerable; other versions may also be affected.

89. Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
BugTraq ID: 33751
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33751
Summary:
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

The issue affects Reader and Acrobat 9, 8.1.3 and prior, and 7.

UPDATE (February 24, 2009): Further reports suggest that this issue affects the vulnerable applications running on Apple Mac OS X and various Linux-based operating systems.

90. Tor Multiple Denial of Service Vulnerabilities
BugTraq ID: 33713
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33713
Summary:
Tor is prone to multiple vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions.

These issues affect versions prior to Tor 0.2.0.34.

91. IBM Access Support ActiveX Control 'GetXMLValue()' Buffer Overflow Vulnerability
BugTraq ID: 34228
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34228
Summary:
IBM Access Support ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

92. PADL nss_ldap '/etc/nss_ldapd.conf' Local Information Disclosure Vulnerability
BugTraq ID: 34211
Remote: No
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34211
Summary:
PADL's 'nss_ldap' library is prone to an information-disclosure vulnerability because it stores authentication credentials in an insecure manner.

An unprivileged local attacker may exploit this issue to obtain sensitive information that can aid in further attacks.

93. Free Arcade Script SQL Injection and Arbitrary File Upload Vulnerabilities
BugTraq ID: 34212
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34212
Summary:
Free Arcade Script is prone to an SQL-injection vulnerability and an arbitrary-file-upload vulnerability.

Exploiting these issues could allow an attacker to compromise the application, upload arbitrary files, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.

Free Arcade Script 1.0 is vulnerable; other versions may also be affected.

94. Codice CMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 34208
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34208
Summary:
Codice CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Codice CMS 2 is vulnerable; other versions may also be affected.

95. Pluck 'module_pages_site.php' Parameter Local File Include Vulnerability
BugTraq ID: 34207
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34207
Summary:
Pluck is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.

Pluck 4.6.1 is vulnerable; other versions may also be affected.

96. Nucleus CMS Media Manager Unspecified Directory Traversal Vulnerability
BugTraq ID: 34040
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34040
Summary:
Nucleus CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Versions prior to Nucleus CMS 3.40 are vulnerable.

97. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 33492
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33492
Summary:
Horde IMP Webmail Client is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to IMP 4.2.2 and 4.3.3 are affected.

98. Horde XSS Filter Cross Site Scripting Vulnerability
BugTraq ID: 33367
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33367
Summary:
Horde is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Note that this issue also affects Turba on Horde IMP.

Versions prior to Horde 3.2.3 and 3.3.1 are vulnerable.

99. Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities
BugTraq ID: 27223
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/27223
Summary:
Horde IMP and Groupware Webmail Edition are prone to multiple input-validation vulnerabilities because the software fails to sanitize certain HTML and HTTP data.

Attackers can leverage these issues to have malicious HTML rendered in the client, to delete arbitrary email messages, and to purge deleted email messages.

IMP 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 are vulnerable; other versions may also be affected.

100. Horde Products Local File Include and Cross Site Scripting Vulnerabilities
BugTraq ID: 33491
Remote: Yes
Last Updated: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/33491
Summary:
Horde products are prone to a local file-include vulnerability and a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.

The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

The issues affect versions prior to the following:

Horde 3.2.4 and 3.3.3
Horde Groupware 1.1.5

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

2. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

3. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

4. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Entrust

Securing What's at Risk: A Common Sense Approach to Protecting Users Online

This white paper outlines issues with managing online identities across a diverse customer base when faced with increasing threats. It proposes a common sense approach that matches security to the assessed risk for users, actions and applications.

http://dinclinx.com/Redirect.aspx?36;3123;45;189;0;7;259;4e7f07a589d9493
8

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus