SecurityFocus News
SecurityFocus Newsletter #497 Apr 06 2009 03:51PM
sfa securityfocus com
SecurityFocus Newsletter #497
----------------------------------------

This issue is sponsored by Tripwire

Configuration and Change Management for IT Compliance and Risk Management

Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these organizations are applying the resulting processes to enhance security and improve operational efficiency in order to increase their level of service delivery.

http://dinclinx.com/Redirect.aspx?36;1864;32;189;0;4;259;4d333dbf312ae38
9

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Act Locally, Pwn Globally
2. Time to Shield Researchers
II. BUGTRAQ SUMMARY
1. TYPO3 Visitor Tracking Extension Unspecified Cross Site Scripting Vulnerability
2. TYPO3 Versatile Calendar Extension Unspecified SQL Injection Vulnerability
3. ClamAV RAR File Scan Evasion Vulnerability
4. Sun Solaris 'dircmp(1)' Insecure Temporary File Creation Vulnerability
5. Sun Java System Calendar Server Duplicate URI Request Denial of Service Vulnerability
6. Atlassian JIRA Multiple Cross Site Scripting And HTML Injection Vulnerabilities
7. KoschtIT Image Gallery 'file' Parameter Multiple Local File Include Vulnerabilities
8. pam_ssh Existing/Non-Existing Username Enumeration Weakness
9. Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
10. OpenX 2.6.3 Multiple Input Validation Vulnerabilities
11. SAP Business Objects Crystal Reports 'viewreport.asp' Cross Site Scripting Vulnerability
12. MyioSoft Ajax Portal 'ajaxp_backend.php' SQL Injection Vulnerability
13. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
14. TinyPHPForum UpdatePF.PHP Authentication Bypass Vulnerability
15. TinyPHPForum 'index.php' Directory Traversal Vulnerability
16. BibTeX '.bib' File Handling Memory Corruption Vulnerability
17. OpenX Prior to 2.8 Multiple Input Validation Vulnerabilities
18. Xfig Multiple Insecure Temporary File Creation Vulnerabilities
19. Turnkey eBook Store 'keywords' Parameter Cross Site Scripting Vulnerability
20. AstonSoft DeepBurner DBR Compilation Buffer Overflow Vulnerability
21. QtWeb Browser Malformed HTML File Remote Denial of Service Vulnerability
22. Vim HelpTags Command Remote Format String Vulnerability
23. Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability
24. Vim Vim Script Multiple Command Execution Vulnerabilities
25. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
26. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
27. TYPO3 ultraCards Unspecified SQL Injection Vulnerability
28. TYPO3 A21glossary Advanced Output Unspecified SQL Injection Vulnerability
29. TYPO3 Frontend User Registration Information Disclosure Vulnerability
30. Podcast Generator 'core/admin/delete.php' Arbitrary File Deletion Vulnerability
31. VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
32. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
33. OpenSSL Multiple Vulnerabilities
34. Mozilla Firefox 'designMode' Null Pointer Dereference Denial of Service Vulnerability
35. RETIRED: Mozilla Firefox 'DesignMode' Denial of Service Vulnerability
36. glFusion 'SESS_getUserIdFromSession()' SQL Injection Vulnerability
37. TYPO3 Directory Listing Unspecified Directory Traversal Vulnerability
38. TYPO3 Store Locator Extension SQL Injection and Cross Site Scripting Vulnerabilities
39. TYPO3 ClickStream Analyzer Information Disclosure Vulnerability
40. TYPO3 Userdata Create/Edit Extension Unspecified Cross Site Scripting Vulnerability
41. mpg123 'store_id3_text()' Memory Corruption Vulnerability
42. WeeChat IRC Message Remote Denial Of Service Vulnerability
43. osCommerce 'oscid' Session Fixation Vulnerability
44. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
45. xine-lib STTS Quicktime Atom Remote Buffer Overflow Vulnerability
46. Asterisk Authentication SIP Response Remote Information Disclosure Vulnerability
47. XBMC Multiple Remote Buffer Overflow Vulnerabilities
48. Gnumeric 'PySys_SetArgv' Remote Command Execution Vulnerability
49. BlogMan 'Title' HTML Injection Vulnerability
50. TinyPHPForum Avatar Upload Arbitrary File Upload Vulnerability
51. Family Connections 'fcms/upload.php' Arbitrary File Upload Vulnerability
52. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
53. Openfire Multiple Input Validation Vulnerabilities
54. Libpng Library Unknown Chunk Handler Vulnerability
55. Openfire 'muc-room-edit-form.jsp' HTML Injection Vulnerability
56. Openfire 'log.jsp' Directory Traversal Vulnerability
57. Openfire 'group-summary.jsp' Cross-Site Scripting Vulnerability
58. Openfire 'logviewer.jsp' Cross-Site Scripting Vulnerability
59. Openfire 'user-properties.jsp' Cross-Site Scripting Vulnerability
60. Openfire 'audit-policy.jsp' Multiple Cross-Site Scripting Vulnerabilities
61. Openfire 'server-properties.jsp' HTML Injection Vulnerability
62. Openfire 'log.jsp' Cross-Site Scripting Vulnerability
63. 4CMS SQL Injection and Local File Include Vulnerabilities
64. ContentKeeper Versions 125.09 and Prior Multiple Remote Vulnerabilites
65. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
66. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
67. Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability
68. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
69. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
70. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
71. The Tricky.net Joomla! Messaging Component 'controller' Parameter Local File Include Vulnerability
72. Moodle TeX Filter Remote File Disclosure Vulnerability
73. UltraISO CCD and IMG File Buffer Overflow Vulnerability
74. Joomla! RD-Autos Component 'makeid' Parameter SQL Injection Vulnerability
75. Joomla! Prior to 1.5.10 Multiple Cross Site Scripting Vulnerabilities
76. IBM TXSeries for Multiplatforms 'forcepurge' Unspecified Security Vulnerability
77. Opera XML Parser Remote Denial of Service Vulnerability
78. ClamAV Multiple Remote Denial of Service Vulnerabilities
79. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
80. Autodesk IDrop ActiveX Control 'IDrop.ocx' Multiple Heap Memory Corruption Vulnerabilities
81. Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability
82. IBM DB2 Remote Denial of Service Vulnerabilities
83. IBM WebSphere Application Server File Permission Vulnerability
84. glFusion Unspecified Cross Site Scripting Vulnerability
85. AdaptBB 'topic_id' Parameter SQL Injection Vulnerability
86. Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution Vulnerability
87. Family Connections 'fcms_login_id' Cookie Parameter SQL Injection Vulnerability
88. form2list 'page.php' Parameter SQL Injection Vulnerability
89. ActiveKB 'Panel' Parameter Local File Include Vulnerability
90. Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
91. Q2 Solutions ConnX 'frmLoginPwdReminderPopup.aspx' SQL Injection Vulnerability
92. Asbru Web Content Management SQL Injection and Cross Site Scripting Vulnerabilities
93. glFusion Multiple SQL Injection Vulnerabilities
94. F-Prot Antivirus ZIP Attachment Version Scan Evasion Vulnerability
95. Fortinet FortiClient VPN Connection Name Local Format String Vulnerability
96. File Thingie '.sql' Extension Arbitrary File Upload Vulnerability
97. XOOPS Cube Legacy Multiple Cross Site Scripting Vulnerabilities
98. IBM Proventia RAR File Scan Evasion Vulnerability
99. International Components for Unicode Invalid ISO Character Handling Vulnerability
100. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. Browsers bashed first in hacking contest
2. Experts: U.S. needs to defend its "cyber turf"
3. Advisor: U.S. needs policy to defend cyberspace
4. Cabal forms to fight Conficker, offers bounty
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
1. EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009)
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009)
2. [tool] Unix auditing, Lynis 1.2.5
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Act Locally, Pwn Globally
By Jeffrey Carr
On December 24, 2008, the Pakistani Whackerz Cr3w defaced a part of India's critical infrastructure, the Eastern Railway system Web site. The defacement appeared on a scroll feed which read: .Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008)..
http://www.securityfocus.com/columnists/496

2. Time to Shield Researchers
By Oliver Day
Research is the backbone of the security industry but the legal climate has become so adverse that researchers have had to worry about injunctions, FBI visits, and even arrest.
http://www.securityfocus.com/columnists/495

II. BUGTRAQ SUMMARY
--------------------
1. TYPO3 Visitor Tracking Extension Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 34380
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34380
Summary:
TYPO3 Visitor Tracking ('ws_stats') extension is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Visitor Tracking 0.1.1 and prior versions are vulnerable.

2. TYPO3 Versatile Calendar Extension Unspecified SQL Injection Vulnerability
BugTraq ID: 34379
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34379
Summary:
TYPO3 Versatile Calendar Extension ('sk_calendar') is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects Versatile Calendar Extension 0.3.3 and prior versions.

3. ClamAV RAR File Scan Evasion Vulnerability
BugTraq ID: 34344
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34344
Summary:
ClamAV AntiVirus is prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

ClamAV 0.94 is vulnerable; prior versions may also be affected.

4. Sun Solaris 'dircmp(1)' Insecure Temporary File Creation Vulnerability
BugTraq ID: 34316
Remote: No
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34316
Summary:
Sun Solaris creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected software.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in privilege escalation or cause a denial-of-service condition. Other attacks may also be possible.

5. Sun Java System Calendar Server Duplicate URI Request Denial of Service Vulnerability
BugTraq ID: 34150
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34150
Summary:
Sun Java System Calendar Server is prone to a denial-of-service vulnerability because it fails to handle certain duplicate URI requests.

An attacker can exploit this issue to crash the Calendar Server, resulting in a denial-of-service condition.

6. Atlassian JIRA Multiple Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 34342
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34342
Summary:
Atlassian JIRA is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to Atlassian JIRA 3.13.3 are vulnerable. One of the issues affects the Charting plugin (prior to 1.4.1).

7. KoschtIT Image Gallery 'file' Parameter Multiple Local File Include Vulnerabilities
BugTraq ID: 34335
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34335
Summary:
KoschtIT Image Gallery is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

KoschtIT Image Gallery 1.82 is vulnerable; other versions may also be affected.

8. pam_ssh Existing/Non-Existing Username Enumeration Weakness
BugTraq ID: 34333
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34333
Summary:
The 'pam_ssh' module is prone to a username-enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

This issue affects pam_ssh 1.92; other versions may also be affected.

9. Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
BugTraq ID: 34340
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34340
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

Versions prior to Ghostscript 8.64 are affected.

10. OpenX 2.6.3 Multiple Input Validation Vulnerabilities
BugTraq ID: 33468
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/33468
Summary:
OpenX is prone to multiple input-validation vulnerabilities:

- Multiple cross-site scripting vulnerabilities
- Multiple HTML-injection vulnerabilities
- Multiple SQL-Injection vulnerabilities

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to OpenX 2.6.4 and 2.4.10 are vulnerable.

11. SAP Business Objects Crystal Reports 'viewreport.asp' Cross Site Scripting Vulnerability
BugTraq ID: 34341
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34341
Summary:
SAP Business Objects Crystal Reports is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

NOTE: This issue may be related to the one described in BID 12107 (Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability). We will update or retire this BID when more information emerges.

12. MyioSoft Ajax Portal 'ajaxp_backend.php' SQL Injection Vulnerability
BugTraq ID: 34338
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34338
Summary:
MyioSoft Ajax Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Ajax Portal 3.0 is vulnerable; other versions may also be affected.

13. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
BugTraq ID: 34337
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34337
Summary:
Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

14. TinyPHPForum UpdatePF.PHP Authentication Bypass Vulnerability
BugTraq ID: 19281
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/19281
Summary:
TinyPHPForum is prone to an authentication-bypass vulnerability because it fails to prevent an attacker from accessing admin scripts directly without requiring authentication.

A remote attacker can exploit this issue to perform administrative functions without requiring authentication. For example, the attacker may be able to create administrative users for the affected application.

15. TinyPHPForum 'index.php' Directory Traversal Vulnerability
BugTraq ID: 34339
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34339
Summary:
TinyPHPForum is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

TinyPHPForum 3.61 is vulnerable; other versions may also be affected.

16. BibTeX '.bib' File Handling Memory Corruption Vulnerability
BugTraq ID: 34332
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34332
Summary:
BibTeX is prone to a memory-corruption vulnerability because it fails to properly handle excessively large '.bib' files.

Remote attackers may leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute code, but this has not been confirmed.

NOTE: BibTeX may be shipped with various packages, such as TeTeX or TexLive, that may also be vulnerable.

17. OpenX Prior to 2.8 Multiple Input Validation Vulnerabilities
BugTraq ID: 34336
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34336
Summary:
OpenX is prone to multiple input-validation vulnerabilities:

- Multiple SQL-Injection vulnerabilities
- A cross-site-scripting vulnerability
- An arbitrary-file-deletion vulnerability
- A HTTP-header-injection vulnerability

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, exploit latent vulnerabilities in the underlying database, or delete arbitrary files on the affected computer. Other attacks are also possible.

Versions prior to OpenX 2.8 are vulnerable.

18. Xfig Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 34328
Remote: No
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34328
Summary:
Xfig creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

19. Turnkey eBook Store 'keywords' Parameter Cross Site Scripting Vulnerability
BugTraq ID: 34324
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34324
Summary:
Turnkey eBook Store is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Turnkey eBook Store 1.1 is vulnerable; other versions may also be affected.

20. AstonSoft DeepBurner DBR Compilation Buffer Overflow Vulnerability
BugTraq ID: 21657
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/21657
Summary:
AstonSoft DeepBurner is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

AstonSoft DeepBurner 1.8.0 and 1.9.0.228 are affected; previous versions may be vulnerable as well.

21. QtWeb Browser Malformed HTML File Remote Denial of Service Vulnerability
BugTraq ID: 34327
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34327
Summary:
QtWeb browser is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

QtWeb 2.0 is vulnerable; other versions may also be affected.

22. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts may cause denial-of-service conditions.

Vim 6.4 and 7.1 are vulnerable; other versions may also be affected.

23. Vim 'mch_expand_wildcards()' Heap Based Buffer Overflow Vulnerability
BugTraq ID: 30648
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/30648
Summary:
Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Vim 6.2.429 through 6.3.058.

24. Vim Vim Script Multiple Command Execution Vulnerabilities
BugTraq ID: 29715
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/29715
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.1.298 is vulnerable; other versions may also be affected.

25. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
BugTraq ID: 30795
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/30795
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Versions prior to Vim 7.2.010 are vulnerable.

26. Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
BugTraq ID: 33151
Remote: Yes
Last Updated: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/33151
Summary:
Multiple vendors' products using OpenSSL are prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

27. TYPO3 ultraCards Unspecified SQL Injection Vulnerability
BugTraq ID: 34378
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34378
Summary:
TYPO3 ultraCards ('th_ultracards') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects ultraCards 0.5.0 and prior versions.

28. TYPO3 A21glossary Advanced Output Unspecified SQL Injection Vulnerability
BugTraq ID: 34376
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34376
Summary:
TYPO3 A21glossary Advanced Output ('a21glossary_advanced_output') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects A21glossary Advanced Output 0.1.11 and prior versions.

29. TYPO3 Frontend User Registration Information Disclosure Vulnerability
BugTraq ID: 34374
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34374
Summary:
TYPO3 Frontend User Registration ('sr_feuser_register') is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks against the underlying system and other users.

Frontend User Registration 2.5.20 and earlier are affected.

30. Podcast Generator 'core/admin/delete.php' Arbitrary File Deletion Vulnerability
BugTraq ID: 34317
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34317
Summary:
Podcast Generator is prone to a vulnerability that lets attackers delete arbitrary files on the affected computer in the context of the webserver.

Successful attacks may aid in launching further attacks.

Podcast Generator 1.1 is vulnerable; prior versions may also be affected.

31. VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
BugTraq ID: 34373
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34373
Summary:
VMware hosted products are prone to multiple remote vulnerabilities:

- Multiple denial-of-service vulnerabilities
- A privilege-escalation vulnerability
- Multiple heap-based buffer-overflow vulnerabilities
- An unauthorized-access vulnerability
- An information-disclosure vulnerability

An attacker can exploit these issues to crash the affected applications, execute arbitrary code, compromise the affected applications, gain unauthorized access, and obtain sensitive information. Other attacks are also possible.

32. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

Releases prior to OpenSSL 0.9.8j are affected.

33. OpenSSL Multiple Vulnerabilities
BugTraq ID: 34256
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34256
Summary:
OpenSSL is prone to multiple vulnerabilities that may allow attackers to trigger denial-of-service conditions or bypass certain security checks.

Versions prior to OpenSSL 0.9.8k are vulnerable.

34. Mozilla Firefox 'designMode' Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 33154
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/33154
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.5, 3.0.6, 3.0.7, and 3.0.8 are vulnerable; other versions may also be affected.

35. RETIRED: Mozilla Firefox 'DesignMode' Denial of Service Vulnerability
BugTraq ID: 34372
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34372
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.8 is vulnerable; other versions may also be affected.

NOTE: The BID is being retired because the issue is described in BID 33154.

36. glFusion 'SESS_getUserIdFromSession()' SQL Injection Vulnerability
BugTraq ID: 34361
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34361
Summary:
glFusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

glFusion 1.1.2 and prior versions are vulnerable.

37. TYPO3 Directory Listing Unspecified Directory Traversal Vulnerability
BugTraq ID: 34387
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34387
Summary:
TYPO3 Directory Listing (dir_listing) is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

TYPO3 Directory Listing 1.1.0 is vulnerable; other versions may also be affected.

38. TYPO3 Store Locator Extension SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 34386
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34386
Summary:
The Store Locator ('locator') extension for TYPO3 is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect Store Locator 1.2.6 and prior.

39. TYPO3 ClickStream Analyzer Information Disclosure Vulnerability
BugTraq ID: 34385
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34385
Summary:
TYPO3 ClickStream Analyzer ('alternet_csa_out') is prone to an information-disclosure vulnerability.

Attackers may exploit this issue to harvest sensitive information that may lead to further attacks against the underlying system and other users.

ClickStream Analyzer 0.3.0 and prior are affected.

40. TYPO3 Userdata Create/Edit Extension Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 34382
Remote: Yes
Last Updated: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34382
Summary:
TYPO3 Userdata Create/Edit ('sg_userdata') extension is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Userdata Create/Edit 0.90.111 and prior are vulnerable.

41. mpg123 'store_id3_text()' Memory Corruption Vulnerability
BugTraq ID: 34381
Remote: Yes
Last Updated: 2009-04-05
Relevant URL: http://www.securityfocus.com/bid/34381
Summary:
mpg123 is prone to a memory-corruption vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to overwrite memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

mpg123 1.7.1 and prior are vulnerable.

42. WeeChat IRC Message Remote Denial Of Service Vulnerability
BugTraq ID: 34148
Remote: Yes
Last Updated: 2009-04-04
Relevant URL: http://www.securityfocus.com/bid/34148
Summary:
WeeChat is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue crash the application, resulting in a denial-of-service condition.

Versions prior to WeeChat 0.2.6.1 are vulnerable.

43. osCommerce 'oscid' Session Fixation Vulnerability
BugTraq ID: 34348
Remote: Yes
Last Updated: 2009-04-04
Relevant URL: http://www.securityfocus.com/bid/34348
Summary:
osCommerce is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

The following are vulnerable:

osCommerce 2.2
osCommerce 3.0 Beta

Other versions may also be affected.

44. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33405
Remote: Yes
Last Updated: 2009-04-04
Relevant URL: http://www.securityfocus.com/bid/33405
Summary:
GStreamer is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of applications that use the affected library. Failed attacks will cause denial-of-service conditions.

Versions prior to GStreamer 'gst-plugins-good' 0.10.12 are vulnerable. Applications using the library, such as Songbird, Totem, and Amarok, may also be affected.

45. xine-lib STTS Quicktime Atom Remote Buffer Overflow Vulnerability
BugTraq ID: 34384
Remote: Yes
Last Updated: 2009-04-04
Relevant URL: http://www.securityfocus.com/bid/34384
Summary:
The 'xine-lib' library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

This issue affects xine-lib 1.1.16.2 and prior.

46. Asterisk Authentication SIP Response Remote Information Disclosure Vulnerability
BugTraq ID: 34353
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34353
Summary:
Asterisk is prone to an information-disclosure vulnerability because it doesn't provide safe responses to failed authentication attempts.

Attackers can exploit this issue to discover whether specific usernames exist. Information harvested may aid in launching further attacks.

47. XBMC Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 34334
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34334
Summary:
XBMC is prone to multiple buffer-overflow vulnerabilities that occur because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

XBMC 8.10 Atlantis is vulnerable; other versions may also be affected.

48. Gnumeric 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33438
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/33438
Summary:
Gnumeric is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

49. BlogMan 'Title' HTML Injection Vulnerability
BugTraq ID: 34359
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34359
Summary:
BlogMan is prone to a HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or script code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to BlogMan 0.7 are vulnerable.

50. TinyPHPForum Avatar Upload Arbitrary File Upload Vulnerability
BugTraq ID: 34356
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34356
Summary:
TinyPHPForum is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

TinyPHPForum 3.61 is vulnerable; other versions may also be affected.

51. Family Connections 'fcms/upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 34368
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34368
Summary:
Family Connections is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately validate user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Family Connections 1.8.2 is vulnerable; other versions may also be affected.

52. Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
BugTraq ID: 33827
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/33827
Summary:
The 'libpng' library is prone to multiple memory-corruption vulnerabilities because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

These issues affect versions prior to 'libpng' 1.0.43 and 1.2.35.

53. Openfire Multiple Input Validation Vulnerabilities
BugTraq ID: 32189
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32189
Summary:
Openfire is prone to multiple input-validation vulnerabilities:

- An SQL-injection issue.
- Multiple cross-site scripting issues.
- An authentication-bypass issue.

A successful exploit of these issues may allow an attacker to gain unauthorized access to the affected application, compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute arbitrary script code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible.

Openfire 3.6.0a is vulnerable; other versions may also be affected.

54. Libpng Library Unknown Chunk Handler Vulnerability
BugTraq ID: 28770
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/28770
Summary:
The 'libpng' library is prone to a vulnerability that causes denial-of-service conditions or may allow code to run. The issue occurs because the software fails to properly handle unexpected chunk data in PNG files.

Successfully exploiting this issue allows remote attackers to trigger denial-of-service conditions or to possibly execute arbitrary machine code in the context of applications that use the library.

The following versions are affected:

libpng 1.0.6 through 1.0.32
libpng 1.2.0 through 1.2.26
libpng 1.4.0beta01 through 1.4.0beta19

55. Openfire 'muc-room-edit-form.jsp' HTML Injection Vulnerability
BugTraq ID: 32944
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32944
Summary:
Openfire is prone to a HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Openfire 3.6.2 is vulnerable; prior versions may also be affected.

56. Openfire 'log.jsp' Directory Traversal Vulnerability
BugTraq ID: 32945
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32945
Summary:
Openfire is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Openfire 3.6.2 is vulnerable; prior versions may also be affected.

57. Openfire 'group-summary.jsp' Cross-Site Scripting Vulnerability
BugTraq ID: 32937
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32937
Summary:
Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Openfire 3.6.2 is vulnerable; prior versions may also be affected.

58. Openfire 'logviewer.jsp' Cross-Site Scripting Vulnerability
BugTraq ID: 32935
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32935
Summary:
Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Openfire 3.6.2 is vulnerable; prior versions may also be affected.

59. Openfire 'user-properties.jsp' Cross-Site Scripting Vulnerability
BugTraq ID: 32938
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32938
Summary:
Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Openfire 3.6.2 is vulnerable; prior versions may also be affected.

60. Openfire 'audit-policy.jsp' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 32939
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32939
Summary:
Openfire is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Openfire 3.6.2 is vulnerable; prior versions may also be affected.

61. Openfire 'server-properties.jsp' HTML Injection Vulnerability
BugTraq ID: 32943
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32943
Summary:
Openfire is prone to a HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Openfire 3.6.2 is vulnerable; prior versions may also be affected.

62. Openfire 'log.jsp' Cross-Site Scripting Vulnerability
BugTraq ID: 32940
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/32940
Summary:
Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Openfire 3.6.2 is vulnerable; prior versions may also be affected.

63. 4CMS SQL Injection and Local File Include Vulnerabilities
BugTraq ID: 34355
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34355
Summary:
4CMS is prone to multiple SQL-injection vulnerabilities and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The attacker can exploit the local file-include issue to execute arbitrary local script code and obtain sensitive information that may aid in further attacks.

64. ContentKeeper Versions 125.09 and Prior Multiple Remote Vulnerabilites
BugTraq ID: 34354
Remote: No
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34354
Summary:
ContentKeeper is prone to multiple remote vulnerabilities:

- An unauthorized-access vulnerability
- An arbitrary-file-overwrite vulnerability
- A remote command-execution vulnerability
- A remote privilege-escalation vulnerability

Attackers can exploit these issues to gain unauthorized access to certain binaries, overwrite arbitrary files, execute arbitrary commands, and gain elevated access to the affected computer.

ContentKeeper 125.09 and earlier are vulnerable.

65. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 34240
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34240
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions *prior to* the following:

JDK and JRE 6 Update 13
JDK and JRE 5.0 Update 18
SDK and JRE 1.4.2_20
SDK and JRE 1.3.1_25

66. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
BugTraq ID: 33846
Remote: No
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/33846
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Versions prior to Linux Kernel 2.6.28.8 are vulnerable.

67. Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability
BugTraq ID: 34351
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34351
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

68. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
BugTraq ID: 33428
Remote: No
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/33428
Summary:
Linux Kernel is prone to two denial-of-service vulnerabilities.

A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.

These issues affect versions prior to Linux Kernel 2.6.27.13 and 2.6.28.2.

69. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

70. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
BugTraq ID: 33906
Remote: No
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/33906
Summary:
The Linux kernel is prone to an origin-validation weakness when dealing with signal handling.

This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals to the privileged parent process.

A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition. In some cases, other attacks may also be possible.

Linux kernel 2.6.28 is vulnerable; other versions may also be affected.

71. The Tricky.net Joomla! Messaging Component 'controller' Parameter Local File Include Vulnerability
BugTraq ID: 34365
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34365
Summary:
The Tricky.net Messaging component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may aid in other attacks.

Messaging component 1.5.0 is vulnerable; other versions may also be affected.

72. Moodle TeX Filter Remote File Disclosure Vulnerability
BugTraq ID: 34278
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34278
Summary:
Moodle is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view local files in the context of the webserver process. This may aid in further attacks.

Versions prior to the following are vulnerable:

Moodle 1.6.9+
Moodle 1.7.7+
Moodle 1.8.9
Moodle 1.9.5

73. UltraISO CCD and IMG File Buffer Overflow Vulnerability
BugTraq ID: 34363
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34363
Summary:
UltraISO is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

UltraISO 9.3.3.2685 is vulnerable; other versions may also be affected.

74. Joomla! RD-Autos Component 'makeid' Parameter SQL Injection Vulnerability
BugTraq ID: 34364
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34364
Summary:
The RD-Autos component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RD-Autos 1.5.7 is vulnerable; other versions may also be affected.

75. Joomla! Prior to 1.5.10 Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 34360
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34360
Summary:
Joomla! is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.

Versions prior to Joomla! 1.5.10 are vulnerable; other versions may also be affected.

76. IBM TXSeries for Multiplatforms 'forcepurge' Unspecified Security Vulnerability
BugTraq ID: 33883
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/33883
Summary:
IBM TXSeries for Multiplatforms is prone an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

IBM TXSeries for Multiplatforms 6.2 GA is vulnerable.

77. Opera XML Parser Remote Denial of Service Vulnerability
BugTraq ID: 34298
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34298
Summary:
Opera is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected browser to crash, effectively denying service. Arbitrary code execution is not considered possible.

Opera 9.64 is vulnerable; other versions may also be affected.

UPDATE (April 3, 2009): This issue was previously documented as a remote buffer-overflow issue, but further analysis reveals that code execution is likely not possible; successful exploits will only crash the browser.

78. ClamAV Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 34357
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34357
Summary:
ClamAV is prone to multiple denial-of-service vulnerabilities when handling malformed files.

Successfully exploiting these issues allows remote attackers to deny service to legitimate users.

Versions prior to ClamAV 0.95 are vulnerable.

79. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34100
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34100
Summary:
The GNOME glib library is prone to multiple integer-overflow vulnerabilities related to encoding and decoding Base64 data.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

The following are vulnerable:

GNOME glib 2.11
GNOME glib 2.12
GStreamer gst-plugins-base prior to 0.10.23
GNOME libsoup prior to 2.2.0
GNOME libsoup prior to 2.24
Evolution Data Server prior to 2.24.5

Additional applications and versions may also be affected.

80. Autodesk IDrop ActiveX Control 'IDrop.ocx' Multiple Heap Memory Corruption Vulnerabilities
BugTraq ID: 34352
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34352
Summary:
Autodesk IDrop ActiveX control is prone to multiple heap-based memory-corruption vulnerabilities.

An attacker can exploit these issues to execute arbitrary code within the context of the application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Autodesk IDrop ActiveX control 17.1.51.160 is vulnerable; other versions may also be affected.

81. Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability
BugTraq ID: 34181
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34181
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions.

Versions prior to Firefox 3.0.8 are vulnerable.

82. IBM DB2 Remote Denial of Service Vulnerabilities
BugTraq ID: 33258
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/33258
Summary:
IBM DB2 is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the server and deny service to legitimate users.

These issues affect versions prior to DB2 9.1 FP6a, 9.5 FP3a, and 8.1 FP17a.

83. IBM WebSphere Application Server File Permission Vulnerability
BugTraq ID: 34358
Remote: No
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34358
Summary:
IBM WebSphere Application Server (WAS) is prone to a file-permission security issue.

An attacker can exploit the file-permission issue to obtain write access to certain files, which could affect system integrity and lead to other attacks.

Note that this issue may be related to BID 34259.

This issue affects WAS 7.0.0.3 and earlier.

84. glFusion Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 34377
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34377
Summary:
glFusion is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

glFusion 1.1.2 and prior are vulnerable.

85. AdaptBB 'topic_id' Parameter SQL Injection Vulnerability
BugTraq ID: 34371
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34371
Summary:
AdaptBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

86. Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution Vulnerability
BugTraq ID: 34370
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34370
Summary:
Gravity Board X is prone to multiple SQL-injection vulnerabilities and a remote command-execution because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to execute arbitrary code, compromise the application. access or modify data, or exploit latent vulnerabilities in the underlying database.

Gravity Board X 2.0 is vulnerable; other versions may also be affected.

87. Family Connections 'fcms_login_id' Cookie Parameter SQL Injection Vulnerability
BugTraq ID: 34367
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34367
Summary:
Family Connections is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Family Connections 1.8.2 is vulnerable; other versions may also be affected.

88. form2list 'page.php' Parameter SQL Injection Vulnerability
BugTraq ID: 34366
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34366
Summary:
form2list is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

89. ActiveKB 'Panel' Parameter Local File Include Vulnerability
BugTraq ID: 34362
Remote: Yes
Last Updated: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34362
Summary:
ActiveKB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

90. Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
BugTraq ID: 34243
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34243
Summary:
Cisco IOS is prone to a remote denial-of-service vulnerability.

An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users.

This issue is being tracked by Cisco Bug ID CSCsu11522.

91. Q2 Solutions ConnX 'frmLoginPwdReminderPopup.aspx' SQL Injection Vulnerability
BugTraq ID: 34350
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34350
Summary:
Q2 Solutions ConnX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ConnX 4.0.20080606 is vulnerable; other versions may also be affected.

92. Asbru Web Content Management SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 34349
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34349
Summary:
Asbru Web Content Management is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Asbru Web Content Management 6.5 and 6.6.9 are vulnerable; other versions may also be affected.

93. glFusion Multiple SQL Injection Vulnerabilities
BugTraq ID: 34281
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34281
Summary:
glFusion is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

glFusion 1.1.2 and prior versions are vulnerable.

94. F-Prot Antivirus ZIP Attachment Version Scan Evasion Vulnerability
BugTraq ID: 15293
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/15293
Summary:
F-prot Antivirus is prone to a scan-evasion vulnerability when dealing with ZIP archive attachments. This issue stems from a design error in the application, which flags certain ZIP files as harmless when it can't decompress them.

An attacker can exploit this vulnerability by crafting a specially designed ZIP file containing malicious code that will bypass the antivirus software.

95. Fortinet FortiClient VPN Connection Name Local Format String Vulnerability
BugTraq ID: 34343
Remote: No
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34343
Summary:
Fortinet FortiClient is prone to a local format-string vulnerability because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function.

Successfully exploiting this issue will allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the computer. Failed exploit attempts will likely result in a denial of service.

FortiClient 3.0.614 is vulnerable; other versions may also be affected.

96. File Thingie '.sql' Extension Arbitrary File Upload Vulnerability
BugTraq ID: 34347
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34347
Summary:
File Thingie is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

File Thingie 2.5.4 is vulnerable; other versions may also be affected.

97. XOOPS Cube Legacy Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 34346
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34346
Summary:
XOOPS Cube Legacy is prone to multiple cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions prior to XOOPS Cube Legacy 2.1.6a are vulnerable.

98. IBM Proventia RAR File Scan Evasion Vulnerability
BugTraq ID: 34345
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34345
Summary:
IBM Proventia is prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

IBM Proventia 4.9.0.0.44 20081231 is vulnerable; other versions may also be affected.

99. International Components for Unicode Invalid ISO Character Handling Vulnerability
BugTraq ID: 29488
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/29488
Summary:
The International Components for Unicode (ICU) is prone to a vulnerability related to the handling of certain invalid character sequences.

An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or the disclosure of sensitive information in some cases. Other attacks are also possible.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities), but has been given its own record to better document the vulnerability.

NOTE: This BID was formerly titled 'Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability', but has been updated to better reflect the issue and the underlying vulnerable component.

100. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
BugTraq ID: 31872
Remote: Yes
Last Updated: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/31872
Summary:
freeSSHd is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects freeSSHd 1.2.1; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

2. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

3. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

4. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
1. EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009)
http://www.securityfocus.com/archive/75/502343

VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. EUSecWest 2009 CFP (May 27/28, Deadline April 7 2009)
http://www.securityfocus.com/archive/91/502340

2. [tool] Unix auditing, Lynis 1.2.5
http://www.securityfocus.com/archive/91/502245

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Tripwire

Configuration and Change Management for IT Compliance and Risk Management

Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these organizations are applying the resulting processes to enhance security and improve operational efficiency in order to increase their level of service delivery.

http://dinclinx.com/Redirect.aspx?36;1864;32;189;0;4;259;4d333dbf312ae38
9

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus