SecurityFocus News
SecurityFocus Newsletter #500 Apr 24 2009 09:18PM
sfa securityfocus com
SecurityFocus Newsletter #500
----------------------------------------

This issue is sponsored by Webex

Desktop Security On Demand

Today, the pressures of technology threats, regulatory compliance, and cost control have combined to force a renewed focus on corporate IT management. As a result, security and system management are top-of-mind considerations for IT managers within businesses of all sizes. Learn more today!

http://dinclinx.com/Redirect.aspx?36;4905;35;189;0;3;259;0e72602f272b1d7
e

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Celebrity Viruses Improve Security
2.Good Obfuscation, Bad Code
II. BUGTRAQ SUMMARY
1. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
2. Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
3. Symantec Brightmail Gateway Control Center Remote Privilege Escalation Vulnerability
4. OAuth Session-Fixation Vulnerability
5. PastelCMS Local File Include and SQL Injection Vulnerabilities
6. Oracle April 2009 Critical Patch Update Multiple Vulnerabilities
7. Dojo 'dijit.Editor' Cross Site Scripting Vulnerability
8. Dojo Multiple Cross Site Scripting Vulnerabilities
9. AbleSpace Multiple Input Validation Vulnerabilities
10. I-RATER Photo Rating Script Pro 'admin/login.php' SQL Injection Vulnerability
11. I-RATER Platinum 'platinumadmin.html' SQL Injection Vulnerability
12. Avaya Communication Manager Multiple Security Vulnerabilities
13. xine-lib STTS QuickTime Atom Remote Buffer Overflow Vulnerability
14. Citrix XenApp Unspecified Security Bypass Vulnerability
15. Novell Access Manager Local Browser Security Bypass Vulnerability
16. Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability
17. Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
18. OCS Inventory NG Server Prior to 1.02 Multiple Unspecified Vulnerabilities
19. Recover Data for Novell Netware '.SAV' File Remote Denial of Service Vulnerability
20. FOWLCMS Multiple SQL Injection Vulnerabilities
21. MemeCode Software i.Scribe Remote Format String Vulnerability
22. chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
23. The S.T.A.L.K.E.R. game server is prone to a remote denial-of-service vulnerability
24. S.T.A.L.K.E.R Shadow of Chernobyl Multiple Remote Vulnerabilities
25. cpCommerce 'document.php' SQL Injection Vulnerability
26. Trend Micro OfficeScan Client Denial of Service Vulnerability
27. Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass Vulnerability
28. Xitami HTTP Server Multiple Socket HEAD Request Remote Denial Of Service Vulnerability
29. WebPortal CMS Multiple Remote and Local File Include Vulnerabilities
30. New5starRating 'admin/control_panel_sample.php' SQL Injection Vulnerability
31. Mahara User Profile Cross Site Scripting Vulnerability
32. Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
33. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
34. Elkagroup Image Gallery 'upload.php' Arbitrary File Upload Vulnerability
35. 010 Editor File Parsing Multiple Buffer Overflow Vulnerabilities
36. Plone PlonePAS Unspecified Authentication Bypass Vulnerability
37. TYPO3 JobControl Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerabilities
38. Microsoft Internet Explorer File Download Denial of Service Vulnerability
39. HP Deskjet 6840 'refresh_rate.htm' Cross Site Scripting Vulnerability
40. TYPO3 CoolURI Extension SQL Injection Vulnerability
41. TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting Vulnerability
42. TYPO3 nepa-design.de Spam Protection Extension Unspecified Setting Manipulation Vulnerability
43. Google Chrome 'chromehtml:' Protocol Handler Same Origin Policy Bypass Vulnerability
44. Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability
45. SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability
46. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
47. CS Whois Lookup 'ip' Parameter Remote Command Execution Vulnerability
48. Aruba Mobility Controller Public Key Based SSH Authentication Security Bypass Vulnerability
49. Juniper Networks ScreenOS 'about.html' Information Disclosure Vulnerability
50. Photo-Rigma.BiZ SQL Injection and Cross Site Scripting Vulnerabilities
51. FormShield 'CAPTCHA' Replay Security Bypass Vulnerability
52. Pragyan CMS Multiple SQL Injection Vulnerabilities
53. Absolute Form Processor XE 'userid' Parameter Authentication Bypass Vulnerability
54. PuterJam's Blog PJBlog3 'action.asp' SQL Injection Vulnerability
55. TYPO3 Diocese of Portsmouth Calendar Today Extension SQL Injection Vulnerability
56. TYPO3 Diocese of Portsmouth Training Courses Extension SQL Injection Vulnerability
57. TYPO3 Download system Extension SQL Injection Vulnerability
58. TYPO3 Random Prayer Extension SQL Injection Vulnerability
59. TYPO3 TIMTAB Social Bookmark Icons Extension SQL Injection Vulnerability
60. TYPO3 Fussballtippspiel Extension SQL Injection Vulnerability
61. TYPO3 TARGET-E WorldCup Bets Extension Multiple Unspecified Input Validation Vulnerabilities
62. TYPO3 Resource Library Extension Unspecified Cross-Site Scripting Vulnerability
63. CoolPlayer Skin File Buffer Overflow Vulnerability
64. CUPS Insufficient 'Host' Header Validation Weakness
65. CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
66. CoolPlayer M3U File Buffer Overflow Vulnerability
67. Libungif Colormap Handling Memory Corruption Vulnerability
68. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
69. Libungif Null Pointer Dereference Denial of Service Vulnerability
70. mpg123 'store_id3_text()' Memory Corruption Vulnerability
71. FreeType Multiple Integer Overflow Vulnerabilities
72. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
73. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
74. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
75. SLURM 'sbcast' and 'strigger' Group Permissions Local Privilege Escalation Vulnerability
76. eLitius 'database-backup.php' Information Disclosure Vulnerability
77. CRE Loaded 'product_info.php' SQL Injection Vulnerability
78. Quick.CMS.Lite 'id' Parameter SQL Injection Vulnerability
79. MixedCMS 1.0 Beta Multiple Remote Vulnerabilities
80. Microsoft Internet Explorer Marquee Tag Handling Remote Code Execution Vulnerability
81. DirectAdmin '/CMD_DB' Restore Action Local Privilege Escalation Vulnerability
82. DirectAdmin '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability
83. Dokeos 'user_portal.php' Local File Include Vulnerability
84. Symantec Norton Ghost 'EasySetupInt.dll' ActiveX Multiple Remote Denial of Service Vulnerabilities
85. Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
86. Dokeos 'whoisonline.php' Remote Code Execution Vulnerability
87. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
88. Linux Kernel 'CAP_FS_SET' Incomplete Capabilities List Access Validation Vulnerability
89. VS Panel 'showcat.php' SQL Injection Vulnerability
90. Mozilla Firefox International Domain Name Subdomain URI Spoofing Vulnerability
91. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
92. Epona IP Address Information Disclosure Vulnerability
93. Zervit HTTP Server Malformed URI Remote Denial Of Service Vulnerability
94. Adam Patterson Addess Book Multiple Script Authentication Bypass Vulnerability
95. SunGard Banner Student 'twbkwbis.P_SecurityQuestion' HTML Injection Vulnerability
96. NotFTP 'config.php' Local File Include Vulnerability
97. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
98. Download Center Lite Unspecified Security Vulnerability
99. Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability
100. Symantec Brightmail Gateway Control Center Cross Site Scripting Vulnerability
III. SECURITYFOCUS NEWS
1. Browsers bashed first in hacking contest
2. Experts: U.S. needs to defend its "cyber turf"
3. Advisor: U.S. needs policy to defend cyberspace
4. Cabal forms to fight Conficker, offers bounty
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #440
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. curuncula dbr rootkit detection tool
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Celebrity Viruses Improve Security
By Adam O'Donnell
Every so often, a computer virus becomes more than just a novelty for anti-virus researchers and moves into the consciousness of the mass media, even if it's not a grave threat.
http://www.securityfocus.com/columnists/499

2.Good Obfuscation, Bad Code
Antivirus analysts and security testers have to deal with a fundamental question every day: Is obfuscated code good or bad?
http://www.securityfocus.com/columnists/498

II. BUGTRAQ SUMMARY
--------------------
1. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
BugTraq ID: 34337
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34337
Summary:
Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

2. Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
BugTraq ID: 34184
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34184
Summary:
Ghostscript is prone to multiple integer-overflow and input-validation vulnerabilities.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the user running the affected application. Failed attacks will cause denial-of-service conditions.

3. Symantec Brightmail Gateway Control Center Remote Privilege Escalation Vulnerability
BugTraq ID: 34639
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34639
Summary:
Symantec Brightmail Gateway is prone to a remote privilege-escalation vulnerability.

Remote authorized attackers who have access to the targeted host's local network can exploit this issue to gain elevated access. Successful exploits may compromise the affected computer and may aid in other attacks.

Versions prior to Brightmail Gateway 8.0.1 are vulnerable.

4. OAuth Session-Fixation Vulnerability
BugTraq ID: 34682
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34682
Summary:
OAuth is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

NOTE (April 23, 2009): This record was previously titled 'OAuth Unspecified Information Disclosure Vulnerability'. Due to the availability of more information, multiple details have been updated.

5. PastelCMS Local File Include and SQL Injection Vulnerabilities
BugTraq ID: 34635
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34635
Summary:
PastelCMS is prone to a local file-include vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view or execute local files within the context of the webserver process.

The attacker can exploit the SQL-injection vulnerability to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PastelCMS 0.8.0 is vulnerable; other versions may also be affected.

6. Oracle April 2009 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 34461
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34461
Summary:
Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:

Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit

7. Dojo 'dijit.Editor' Cross Site Scripting Vulnerability
BugTraq ID: 34661
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34661
Summary:
Dojo is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions prior to Dojo 1.1 are vulnerable.

8. Dojo Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 34660
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34660
Summary:
Dojo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Dojo 0.4.1 and 0.4.2 are affected.

9. AbleSpace Multiple Input Validation Vulnerabilities
BugTraq ID: 34512
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34512
Summary:
AbleSpace is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.

AbleSpace 1.0 is vulnerable; other versions may also be affected.

10. I-RATER Photo Rating Script Pro 'admin/login.php' SQL Injection Vulnerability
BugTraq ID: 34646
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34646
Summary:
I-RATER Photo Rating Script Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

11. I-RATER Platinum 'platinumadmin.html' SQL Injection Vulnerability
BugTraq ID: 34645
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34645
Summary:
I-RATER Platinum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

I-RATER Platinum 4 is vulnerable. other versions may also be affected.

12. Avaya Communication Manager Multiple Security Vulnerabilities
BugTraq ID: 29939
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29939
Summary:
Avaya Communication Manager is prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, elevate privileges, obtain sensitive information, or compromise vulnerable computers.

13. xine-lib STTS QuickTime Atom Remote Buffer Overflow Vulnerability
BugTraq ID: 34384
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34384
Summary:
The 'xine-lib' library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

This issue affects xine-lib 1.1.16.2 and earlier.

14. Citrix XenApp Unspecified Security Bypass Vulnerability
BugTraq ID: 34691
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34691
Summary:
Citrix XenApp (formerly Presentation Server) is prone to an unspecified security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions and gain unauthorized access to the resources.

This issue affects Citrix XenApp 4.5 with Hotfix Rollup Pack 3 installed.

15. Novell Access Manager Local Browser Security Bypass Vulnerability
BugTraq ID: 32121
Remote: No
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/32121
Summary:
Novell Access Manager is prone to a local security-bypass vulnerability because it fails to adequately clean up the browser's SSL cache during logout operations.

Successfully exploiting this issue allows an attacker with physical access to the computer to take over the previous user's session without being prompted to log in again. This can aid in launching further attacks.

16. Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 34699
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34699
Summary:
Popcorn is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

Popcorn 1.87 is vulnerable; other versions may also be affected.

17. Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
BugTraq ID: 34698
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34698
Summary:
Home Web Server is prone to a denial-of-service vulnerability because it fails to adequately handle malformed HTTP requests.

Attackers can exploit this issue to cause the graphical interface of the server to stop responding, denying service to the administrator.

Home Web Server 1.7.1.147 is vulnerable; other versions may also be affected.

18. OCS Inventory NG Server Prior to 1.02 Multiple Unspecified Vulnerabilities
BugTraq ID: 34694
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34694
Summary:
OCS Inventory NG Server is prone to multiple unspecified vulnerabilities.

Very few details are available. We will update this BID as more information emerges.

Versions prior to OCS Inventory NG Server 1.02 are vulnerable.

19. Recover Data for Novell Netware '.SAV' File Remote Denial of Service Vulnerability
BugTraq ID: 34693
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34693
Summary:
Recover Data for Novell Netware is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

Recover Data for Novell Netware 1.0 is vulnerable; other versions may also be affected.

20. FOWLCMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 34690
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34690
Summary:
FOWLCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

FOWLCMS 1.1 is vulnerable; other versions may also be affected.

21. MemeCode Software i.Scribe Remote Format String Vulnerability
BugTraq ID: 32497
Remote: Yes
Last Updated: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/32497
Summary:
MemeCode Software i.Scribe is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

i.Scribe 1.88 and 2.00 beta are vulnerable; other versions may also be affected.

22. chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
BugTraq ID: 32799
Remote: Yes
Last Updated: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/32799
Summary:
The 'HTML to Plain Text Conversion' class from chuggnutt.com is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to inject and execute malicious server-side script in the context of the application using the vulnerable class. Successful exploits will compromise the affected application and possibly the underlying computer.

The issue affects version 1.0 of the class; other versions may also be affected.

NOTE: This issue was initially reported in Roundcube Webmail. Note that RoundCube Webmail 0.2-1 alpha, 0.2-2 beta, and possibly other versions are vulnerable because they use the vulnerable 'HTML to Plain Text Conversion' class.

23. The S.T.A.L.K.E.R. game server is prone to a remote denial-of-service vulnerability
BugTraq ID: 29723
Remote: Yes
Last Updated: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/29723
Summary:
S.T.A.L.K.E.R. game servers are prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions when processing user nicknames.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

24. S.T.A.L.K.E.R Shadow of Chernobyl Multiple Remote Vulnerabilities
BugTraq ID: 29997
Remote: Yes
Last Updated: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/29997
Summary:
S.T.A.L.K.E.R is prone to multiple remote vulnerabilities:

- A stack-based buffer-overflow vulnerability
- An integer-overflow vulnerability
- A denial-of-service vulnerability

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

S.T.A.L.K.E.R Shadow of Chernobyl 1.0006 is vulnerable; other versions may also be affected.

25. cpCommerce 'document.php' SQL Injection Vulnerability
BugTraq ID: 34556
Remote: Yes
Last Updated: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/34556
Summary:
cpCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

cpCommerce 1.2.8 is vulnerable; other versions may also be affected.

UPDATE (April 21, 2009): The vendor refutes this issue, stating that the vulnerability described does not affect cpCommerce 1.2.8. However, versions prior to 1.2.7 are affected.

26. Trend Micro OfficeScan Client Denial of Service Vulnerability
BugTraq ID: 34642
Remote: Yes
Last Updated: 2009-04-22
Relevant URL: http://www.securityfocus.com/bid/34642
Summary:
The Trend Micro OfficeScan Client is prone to a denial-of-service vulnerability because it fails to handle nested directories with excessively long names.

Successfully exploits will crash the affected application, resulting in a denial-of-service condition. Given the nature of this issue, code execution may be possible, but has not been confirmed.

OfficeScan 8.0 SP1 is vulnerable; other versions may also be affected.

27. Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass Vulnerability
BugTraq ID: 34705
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34705
Summary:
Multiple Samsung devices are prone to an authentication-bypass vulnerability.

Attackers can exploit this vulnerability to modify a device's configuration and to carry out other attacks.

Samsung M8800 Innov8 and Samsung SGH-J750 are affected.

28. Xitami HTTP Server Multiple Socket HEAD Request Remote Denial Of Service Vulnerability
BugTraq ID: 34681
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34681
Summary:
Xitami HTTP server is prone to a denial-of-service vulnerability because it fails to adequately handle multiple socket requests.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Xitami 5.0 is vulnerable; other versions may also be affected.

29. WebPortal CMS Multiple Remote and Local File Include Vulnerabilities
BugTraq ID: 34687
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34687
Summary:
WebPortal CMS is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues using directory-traversal strings to execute local script code in the context of the application or to execute remote scripts in the context of the webserver process. This may allow the attacker to access sensitive information that may aid in further attacks or to compromise the application.

WebPortal CMS 0.8-beta is vulnerable; other versions may also be affected.

30. New5starRating 'admin/control_panel_sample.php' SQL Injection Vulnerability
BugTraq ID: 34680
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34680
Summary:
New5starRating is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

New5starRating 1.0 is vulnerable; other versions may also be affected.

31. Mahara User Profile Cross Site Scripting Vulnerability
BugTraq ID: 34677
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34677
Summary:
Mahara is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

32. Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
BugTraq ID: 34340
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34340
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

Versions prior to Ghostscript 8.64 are affected.

33. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
BugTraq ID: 34445
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34445
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Ghostscript 8.64 is vulnerable; other versions may also be affected.

34. Elkagroup Image Gallery 'upload.php' Arbitrary File Upload Vulnerability
BugTraq ID: 34679
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34679
Summary:
Elkagroup Image Gallery is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Image Gallery 1.0 is vulnerable; other versions may also be affected.

35. 010 Editor File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 34662
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34662
Summary:
010 Editor is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

UPDATE (April 22, 2009): Since script files and templates may include script code used to automate editor functions, the privilege gained by a successful exploit is disputed. Please see the references for more information. We will update this BID as more information emerges.

Versions prior to 010 Editor 3.0.5 are vulnerable.

36. Plone PlonePAS Unspecified Authentication Bypass Vulnerability
BugTraq ID: 34664
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34664
Summary:
Plone is prone to an authentication-bypass vulnerability.

Attackers can exploit this vulnerability to gain unauthorized access to another user's account, which may aid in further attacks.

All versions of Plone 3.x running versions prior to PlonePAS 3.9, 3.9 egg, and 3.2.2 are vulnerable.

37. TYPO3 JobControl Extension Unspecified Cross-Site Scripting and SQL-Injection Vulnerabilities
BugTraq ID: 29828
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/29828
Summary:
The JobControl extension for TYPO3 is prone to a cross-site scripting vulnerability and an sql-injection vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to JobControl 1.15.1 are vulnerable.

38. Microsoft Internet Explorer File Download Denial of Service Vulnerability
BugTraq ID: 34478
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34478
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to hang the affected browser, resulting in denial-of-service conditions.

39. HP Deskjet 6840 'refresh_rate.htm' Cross Site Scripting Vulnerability
BugTraq ID: 34480
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34480
Summary:
HP Deskjet 6840 is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

This issue is present in firmware XF1M131A of HP Deskjet 6840 printers, but may be present elsewhere if other printers use the same code.

40. TYPO3 CoolURI Extension SQL Injection Vulnerability
BugTraq ID: 29821
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/29821
Summary:
TYPO3 CoolURI extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 CoolURI 1.0.11 and prior versions are vulnerable.

41. TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29815
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/29815
Summary:
The DCD GoogleMap extension for TYPO3 is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to DCD GoogleMap 1.1.1 are vulnerable.

42. TYPO3 nepa-design.de Spam Protection Extension Unspecified Setting Manipulation Vulnerability
BugTraq ID: 29833
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/29833
Summary:
TYPO3 nepa-design.de Spam Protection extension is prone to a vulnerability that results in the manipulation of external settings.

Attackers can leverage the issue to make unauthorized changes that may aid in further attacks.

nepa-design.de Spam Protection 0.1.3 is vulnerable; prior versions may also be affected.

43. Google Chrome 'chromehtml:' Protocol Handler Same Origin Policy Bypass Vulnerability
BugTraq ID: 34704
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34704
Summary:
Google Chrome is prone to a vulnerability that allows attackers to bypass the same-origin policy and obtain sensitive information, including authentication credentials for web applications. Other attacks are also possible.

Google Chrome 1.0.154.55 and prior versions are vulnerable.

44. Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability
BugTraq ID: 34307
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34307
Summary:
Cisco ASA is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Cisco ASA software versions 8.0.4(2B) and prior running on ASA 5500 Series Adaptive Security Appliances are vulnerable.

45. SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability
BugTraq ID: 34524
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34524
Summary:
SAP AG SAPgui KWEdit ActiveX control is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows an attacker to execute arbitrary code in the context of the application running the affected control (typically Internet Explorer).

This issue affects the following:

SAPgui 6.40 Patch Level 29 with KWEDIT.DLL 6400.1.1.41
SAPgui 7.10 Patch Level 5 with KWEDIT.DLL 7100.1.1.43

Other versions may be vulnerable as well.

46. GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34100
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34100
Summary:
The GNOME glib library is prone to multiple integer-overflow vulnerabilities related to encoding and decoding Base64 data.

Successful exploits may allow remote attackers to cause denial-of-service conditions or potentially execute arbitrary code on computers running the affected library.

The following are vulnerable:

GNOME glib 2.11
GNOME glib 2.12
GStreamer gst-plugins-base prior to 0.10.23
GNOME libsoup prior to 2.2.0
GNOME libsoup prior to 2.24
Evolution Data Server prior to 2.24.5

Additional applications and versions may also be affected.

47. CS Whois Lookup 'ip' Parameter Remote Command Execution Vulnerability
BugTraq ID: 34700
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34700
Summary:
CS Whois Lookup is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected software and possibly the computer.

48. Aruba Mobility Controller Public Key Based SSH Authentication Security Bypass Vulnerability
BugTraq ID: 34711
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34711
Summary:
Aruba Mobility Controllers are prone to a security-bypass vulnerability. This issue affects devices which are configured to authenticate users using public key based SSH authentication.

Attackers may exploit this issue to gain administrative access to vulnerable devices; this may aid in further attacks.

This issue affects Aruba Mobility Controllers running versions of ArubaOS prior to the following:

ArubaOS 3.3.1.24
ArubaOS 3.3.2.11
ArubaOS 3.3.2.8-rn-2.1_20469

49. Juniper Networks ScreenOS 'about.html' Information Disclosure Vulnerability
BugTraq ID: 34710
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34710
Summary:
Juniper Networks ScreenOS is prone to a remote information-disclosure vulnerability.

A remote attacker can exploit this issue to retrieve potentially sensitive information that may aid in further attacks.

50. Photo-Rigma.BiZ SQL Injection and Cross Site Scripting Vulnerabilities
BugTraq ID: 34709
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34709
Summary:
Photo-Rigma.BiZ is prone to multiple SQL-injection vulnerabilities and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Photo-Rigma.BiZ 30 is vulnerable, other versions may also be affected.

51. FormShield 'CAPTCHA' Replay Security Bypass Vulnerability
BugTraq ID: 34708
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34708
Summary:
FormShield is prone to a security-bypass vulnerability.

Successfully exploiting this issue will allow an attacker to reuse CAPTCHA images. This may lead to other attacks.

Versions prior to FormShield 2.0 are vulnerability.

52. Pragyan CMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 34707
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34707
Summary:
Pragyan CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Pragyan CMS 2.6.4 is vulnerable; other versions may also be affected.

53. Absolute Form Processor XE 'userid' Parameter Authentication Bypass Vulnerability
BugTraq ID: 34706
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34706
Summary:
Absolute Form Processor XE is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for authentication.

Attackers can exploit this vulnerability to gain administrative access, which may aid in further attacks.

Absolute Form Processor XE 1.5 is vulnerable; other versions may also be affected.

54. PuterJam's Blog PJBlog3 'action.asp' SQL Injection Vulnerability
BugTraq ID: 34701
Remote: Yes
Last Updated: 2009-04-24
Relevant URL: http://www.securityfocus.com/bid/34701
Summary:
PJBlog3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

55. TYPO3 Diocese of Portsmouth Calendar Today Extension SQL Injection Vulnerability
BugTraq ID: 29819
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29819
Summary:
TYPO3 Diocese of Portsmouth Calendar Today extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Diocese of Portsmouth Calendar Today 0.0.3 and prior versions are vulnerable.

56. TYPO3 Diocese of Portsmouth Training Courses Extension SQL Injection Vulnerability
BugTraq ID: 29822
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29822
Summary:
TYPO3 Diocese of Portsmouth Training Courses extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Diocese of Portsmouth Training Courses 0.1.1 is vulnerable; other versions may also be affected.

57. TYPO3 Download system Extension SQL Injection Vulnerability
BugTraq ID: 29825
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29825
Summary:
TYPO3 Download system extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Download system 0.1.4 is vulnerable; prior versions may also be affected.

58. TYPO3 Random Prayer Extension SQL Injection Vulnerability
BugTraq ID: 29827
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29827
Summary:
TYPO3 Random Prayer extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Random Prayer 0.0.1 is vulnerable.

59. TYPO3 TIMTAB Social Bookmark Icons Extension SQL Injection Vulnerability
BugTraq ID: 29823
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29823
Summary:
TYPO3 TIMTAB - social bookmark icons extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 TIMTAB - social bookmark icons 2.0.4 and prior versions are vulnerable.

60. TYPO3 Fussballtippspiel Extension SQL Injection Vulnerability
BugTraq ID: 29824
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29824
Summary:
TYPO3 Fussballtippspiel extension is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TYPO3 Fussballtippspiel 0.1.1 and prior versions are vulnerable.

61. TYPO3 TARGET-E WorldCup Bets Extension Multiple Unspecified Input Validation Vulnerabilities
BugTraq ID: 29826
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29826
Summary:
The TARGET-E WorldCup Bets extension for TYPO3 is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

TARGET-E WorldCup Bets extension 2.0.0 is vulnerable; other versions may also be affected.

62. TYPO3 Resource Library Extension Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29832
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/29832
Summary:
The Resource Library extension for TYPO3 is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Resource Library 0.10 is vulnerable; prior versions may also be affected.

63. CoolPlayer Skin File Buffer Overflow Vulnerability
BugTraq ID: 32947
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/32947
Summary:
CoolPlayer is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

The issue occurs when handling specially crafted skin files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects CoolPlayer 219; other versions may be vulnerable as well.

64. CUPS Insufficient 'Host' Header Validation Weakness
BugTraq ID: 34665
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34665
Summary:
CUPS is prone to an insufficient 'Host' header validation weakness.

An attacker can use this weakness to carry out certain attacks such as DNS rebinding against the vulnerable server.

65. CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
BugTraq ID: 34571
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34571
Summary:
CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied TIFF image sizes before using them to allocate memory buffers.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to CUPS 1.3.10 are vulnerable.

66. CoolPlayer M3U File Buffer Overflow Vulnerability
BugTraq ID: 30418
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/30418
Summary:
CoolPlayer is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

The issue occurs when handling specially crafted M3U files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

We don't know which versions of CoolPlayer are affected. We will update this BID as more information emerges.

67. Libungif Colormap Handling Memory Corruption Vulnerability
BugTraq ID: 15299
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/15299
Summary:
The libungif library is prone to a memory-corruption vulnerability.

Reports indicate that due to the library's improper handling of colormaps in GIF files, an attacker can trigger out-of-bounds writes and corrupt memory.

This may lead to a denial-of-service condition.

This issue affects libungif 4.1.3 and earlier.

68. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
BugTraq ID: 34568
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34568
Summary:
Xpdf is prone to multiple security vulnerabilities.

Exploiting these issues may allow remote attackers to execute arbitrary code in the context of an affected application. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect multiple applications on multiple platforms that use the affected library.

69. Libungif Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 15304
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/15304
Summary:
The 'libungif' library is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.

Successful exploitation of this vulnerability will cause the application using the affected library to crash, effectively denying service to legitimate users.

This issue affects libungif 4.1.3 and earlier.

70. mpg123 'store_id3_text()' Memory Corruption Vulnerability
BugTraq ID: 34381
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34381
Summary:
The 'mpg123' program is prone to a memory-corruption vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow a remote attacker to overwrite memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application and to compromise the affected computer.

This issue affects mpg123 1.7.1 and earlier.

71. FreeType Multiple Integer Overflow Vulnerabilities
BugTraq ID: 34550
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34550
Summary:
FreeType is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect FreeType 2.3.9; other versions may also be affected.

72. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

The following versions are affected:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

73. Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
BugTraq ID: 32892
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/32892
Summary:
Sun Java Web Start and Java Plug-in are prone to a privilege-escalation vulnerability.

This issue occurs when the affected applications parse a JAR file that is also a legitimate GIF image file.

An attacker may exploit this issue to obtain sensitive information (such as HTTP session cookies) or to perform actions as legitimate users of a web application. This may aid in further attacks.

NOTE: This issue was previously covered in BID 32620 (Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities), but has been given its own record to better document the issue.

The following versions are affected:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

74. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions *prior to* the following:

JDK and JRE 6 Update 11
JDK and JRE 5.0 Update 17
SDK and JRE 1.4.2_19
SDK and JRE 1.3.1_24

75. SLURM 'sbcast' and 'strigger' Group Permissions Local Privilege Escalation Vulnerability
BugTraq ID: 34638
Remote: No
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34638
Summary:
SLURM (Simple Linux Utility for Resource Management) is prone to a privilege-escalation vulnerability because it fails to properly drop group privileges.

A local attacker with sufficient privileges to interact with SLURM may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the affected computer.

Versions prior to SLURM 1.3.14 are vulnerable.

76. eLitius 'database-backup.php' Information Disclosure Vulnerability
BugTraq ID: 34659
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34659
Summary:
eLitius is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks.

eLitius 1.0 is vulnerable; other versions may also be affected.

77. CRE Loaded 'product_info.php' SQL Injection Vulnerability
BugTraq ID: 34640
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34640
Summary:
CRE Loaded is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CRE Loaded 6.2 is vulnerable.

78. Quick.CMS.Lite 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 34647
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34647
Summary:
Quick.CMS.Lite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

79. MixedCMS 1.0 Beta Multiple Remote Vulnerabilities
BugTraq ID: 34649
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34649
Summary:
MixedCMS is prone to multiple remote vulnerabilities:

- A local file-include vulnerability
- An arbitrary-file-upload vulnerability
- An authentication-bypass vulnerability
- A directory-traversal vulnerability

An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the webserver process, view or execute arbitrary local files, or gain unauthorized access to the affected application.

MixedCMS 1.0 Beta is vulnerable; other versions may also be affected.

80. Microsoft Internet Explorer Marquee Tag Handling Remote Code Execution Vulnerability
BugTraq ID: 34426
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34426
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

81. DirectAdmin '/CMD_DB' Restore Action Local Privilege Escalation Vulnerability
BugTraq ID: 34678
Remote: No
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34678
Summary:
DirectAdmin is prone to a local privilege-escalation vulnerability because it fails to sufficiently validate user-supplied data.

An attacker can exploit this issue to execute arbitrary commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to DirectAdmin 1.33.4 are vulnerable.

82. DirectAdmin '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability
BugTraq ID: 34676
Remote: No
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34676
Summary:
DirectAdmin creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files. This could facilitate a complete compromise of the affected computer.

Versions prior to DirectAdmin 1.33.4 are vulnerable.

83. Dokeos 'user_portal.php' Local File Include Vulnerability
BugTraq ID: 30150
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/30150
Summary:
Dokeos is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view local files or execute arbitrary local scripts on the vulnerable computer in the context of the webserver process.

Please note that this issue affects only Dokeos running on Windows.

Dokeos 1.8.5 is vulnerable; other versions may also be affected.

84. Symantec Norton Ghost 'EasySetupInt.dll' ActiveX Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 34696
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34696
Summary:
Symantec Norton Ghost EasySetup Wizard ActiveX control is prone to multiple denial-of-service vulnerabilities.

A successful attack allows an attacker to crash the application using the affected control (typically Internet Explorer), causing denial-of-service conditions. The attacker may also be able to run arbitrary code, but this has not been confirmed.

These issues are reported to affect 'EasySetupInt.dll' 14.0.4.30167; other versions may also be affected.

85. Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
BugTraq ID: 34412
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34412
Summary:
The 'mod_jk' module for Apache Tomcat is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue affects mod_jk 1.2.0 through 1.2.26.

86. Dokeos 'whoisonline.php' Remote Code Execution Vulnerability
BugTraq ID: 34633
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34633
Summary:
Dokeos is prone to a remote code-execution vulnerability because the software fails to adequately sanitize user-supplied input.

Exploiting this issue could allow an attacker to execute arbitrary code in the context of the vulnerable application.

Dokeos 1.8.5 is vulnerable; other versions may also be affected.

87. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
BugTraq ID: 34205
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34205
Summary:
The Linux Kernel is prone to an unauthorized-access vulnerability that can occur when users with certain capabilities connect to the 'nfsd' service.

An attacker with authenticated access to the affected application can exploit this issue to perform privileged operations on a vulnerable computer; this may aid in further attacks.

88. Linux Kernel 'CAP_FS_SET' Incomplete Capabilities List Access Validation Vulnerability
BugTraq ID: 34695
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34695
Summary:
The Linux Kernel is prone to an unauthorized-access vulnerability because of an error in the definition of the 'CAP_FS_SET' capabilities mask.

This issue has been demonstrated to impact the NFS and VFS filesystems; other applications or kernel components may provide additional attack vectors.

An attacker can exploit this issue to perform privileged operations on a vulnerable computer, which may aid in further attacks.

89. VS Panel 'showcat.php' SQL Injection Vulnerability
BugTraq ID: 34648
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34648
Summary:
VS Panel is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

VS Panel 7.3.6 is vulnerable; other versions may also be affected.

90. Mozilla Firefox International Domain Name Subdomain URI Spoofing Vulnerability
BugTraq ID: 33837
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/33837
Summary:
Mozilla Firefox is affected by a URI-spoofing vulnerability because it fails to adequately handle specific characters in international domain name (IDN) subdomains.

An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Firefox 3.0.6 is vulnerable; other versions may also be affected.

91. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
BugTraq ID: 34656
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34656
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.

92. Epona IP Address Information Disclosure Vulnerability
BugTraq ID: 34651
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34651
Summary:
Epona is prone to an information disclosure vulnerability.

An attacker can exploit this vulnerability to retrieve the IP address of other users. Information obtained may aid in further attacks.

Versions prior to Epona 1.5rc3 are vulnerable.

93. Zervit HTTP Server Malformed URI Remote Denial Of Service Vulnerability
BugTraq ID: 34637
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34637
Summary:
Zervit HTTP server is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Zervit 0.3 is vulnerable; other versions may also be affected.

94. Adam Patterson Addess Book Multiple Script Authentication Bypass Vulnerability
BugTraq ID: 34652
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34652
Summary:
Adam Patterson Address Book is prone to a vulnerability that allows an attacker to bypass authentication and gain unauthorized access to the affected application.

Attackers may exploit this issue to connect to the application without proper authentication, which may lead to a compromise of the application or may aid in further attacks.

Address Book 2.5 is vulnerable; other versions may also be affected.

95. SunGard Banner Student 'twbkwbis.P_SecurityQuestion' HTML Injection Vulnerability
BugTraq ID: 34620
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34620
Summary:
SunGard Banner Student is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Banner Student 7.4 is vulnerable; other versions may also be affected.

96. NotFTP 'config.php' Local File Include Vulnerability
BugTraq ID: 34636
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34636
Summary:
NotFTP is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

NotFTP 1.3.1 is vulnerable; other versions may also be affected.

97. Mod_Perl Path_Info Remote Denial Of Service Vulnerability
BugTraq ID: 23192
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/23192
Summary:
The 'mod_perl' module is prone to a remote denial-of-service vulnerability.

Successful exploits may allow remote attackers to cause denial-of-service conditions on the webserver running the mod_perl module.

98. Download Center Lite Unspecified Security Vulnerability
BugTraq ID: 34653
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34653
Summary:
Download Center Lite is prone to an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

Versions prior to Download Center Lite 2.1 are vulnerable.

99. Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability
BugTraq ID: 34460
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34460
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle compressed media files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.

100. Symantec Brightmail Gateway Control Center Cross Site Scripting Vulnerability
BugTraq ID: 34641
Remote: Yes
Last Updated: 2009-04-23
Relevant URL: http://www.securityfocus.com/bid/34641
Summary:
Symantec Brightmail Gateway is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions prior to Brightmail Gateway 8.0.1 are vulnerable.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

2. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

3. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

4. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #440
http://www.securityfocus.com/archive/88/502793

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. curuncula dbr rootkit detection tool
http://www.securityfocus.com/archive/91/502934

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Webex

Desktop Security On Demand

Today, the pressures of technology threats, regulatory compliance, and cost control have combined to force a renewed focus on corporate IT management. As a result, security and system management are top-of-mind considerations for IT managers within businesses of all sizes. Learn more today!

http://dinclinx.com/Redirect.aspx?36;4905;35;189;0;3;259;0e72602f272b1d7
e

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus