SecurityFocus News
SecurityFocus Newsletter #506 Jun 26 2009 05:21PM
sfa securityfocus com
SecurityFocus Newsletter #506
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510135;37701660;s

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. BUGTRAQ SUMMARY
1. PinME! Joomla! Component 'task' Parameter SQL Injection Vulnerability
2. Joomla! 'com_amocourse' Component 'catid' Parameter SQL Injection Vulnerability
3. Cisco Video Surveillance 2500 Series IP Cameras Remote Information Disclosure Vulnerability
4. FreeBSD Direct Pipe Write Local Information Disclosure Vulnerability
5. F5 Networks FirePass SSL VPN Unspecified Cross-Site Scripting Vulnerability
6. 'Compress::Raw::Zlib' Perl Module Remote Code Execution Vulnerability
7. Gizmo5 for Linux MSN Authentication SSL Certificate Validation Security Bypass Vulnerability
8. aMSN SSL Certificate Validation Security Bypass Vulnerability
9. Aardvark Topsites PHP 'index.php' Cross Site Scripting Vulnerability
10. strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
11. Drupal Links Package 'Title' HTML Injection Vulnerability
12. chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
13. Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
14. Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
15. Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
16. PHPMailer Remote Shell Command Execution Vulnerability
17. Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
18. Basic Analysis And Security Engine 'readRoleCookie()' Authentication Bypass Vulnerability
19. Rasterbar Software libtorrent Arbitrary File Overwrite Vulnerability
20. MyBB 'birthdayprivacy' Parameter SQL Injection Vulnerability
21. Sun Solaris 'IP(7P)' Multicast Reception Local Denial Of Service Vulnerability
22. ImageMagick TIFF File Integer Overflow Vulnerability
23. Office OCX WordViewer.OCX Word Viewer ActiveX Multiple Vulnerabilities
24. Zen Cart 'admin/sqlpatch.php' SQL Injection Vulnerability
25. Zen Cart 'record_company.php' Remote Code Execution Vulnerability
26. PHPEcho CMS SQL Injection and HTML Injection Vulnerabilities
27. RETIRED: AN Guestbook 'flags.php' Local File Include Vulnerability
28. 2Bgal 'admin/phpinfo.php' Information Disclosure Vulnerability
29. Tor Denial of Service and DNS Spoofing Vulnerabilities
30. Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
31. phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
32. phpMyAdmin 'export page' Cross Site Scripting Vulnerability
33. Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security Bypass Vulnerability
34. Mozilla Firefox/Thunderbird/SeaMonkey Multiple JavaScript Engine Memory Corruption Vulnerabilities
35. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
36. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Browser Engine Memory Corruption Vulnerabilities
37. Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability
38. Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution Vulnerability
39. MyBB Multiple Cross Site Scripting Vulnerabilities
40. VLC Media Player 'smb://' URI Handling Remote Buffer Overflow Vulnerability
41. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
42. Cisco ASA Appliance WebVPN DOM Wrapper Cross Site Scripting Vulnerability
43. Cisco ASA Appliance HTML Rewriting Security Bypass Vulnerability
44. Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Vulnerability
45. Sun Solaris 'auditconfig(1M)' Command Local Privilege Escalation Vulnerability
46. Sun Solaris Virtual Network Terminal Server Daemon Unauthorized Access Vulnerability
47. MDPro Survey Module 'pollID' Parameter SQL Injection Vulnerability
48. PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
49. Net-SNMP GETBULK Divide By Zero Remote Denial of Service Vulnerability
50. Ruby BigDecimal Library Denial Of Service Vulnerability
51. Unisys Business Information Server Remote Stack Buffer Overflow Vulnerability
52. Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
53. Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
54. Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
55. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
56. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
57. OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
58. OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
59. WebKit DOM Event Handler Remote Memory Corruption Vulnerability
60. WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
61. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
62. WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
63. WebKit SVGList Objects Remote Memory Corruption Vulnerability
64. Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
65. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
66. Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
67. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
68. Samba Format String And Security Bypass Vulnerabilities
69. Moodle HotPot Module 'report.php' SQL Injection Vulnerability
70. Moodle 'Login As' Cross Site Scripting Vulnerability
71. Moodle Wiki Page Name Cross Site Scripting Vulnerability
72. Moodle Calendar Export Unspecified Information Disclosure Vulnerability
73. Linux Kernel i915 Driver 'drivers/char/drm/i915_dma.c' Memory Corruption Vulnerability
74. Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
75. Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
76. Moodle Log Table HTML Injection Vulnerability
77. Moodle TeX Filter Remote File Disclosure Vulnerability
78. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
79. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
80. Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
81. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
82. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
83. Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
84. Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
85. IBM WebSphere MQ Remote Buffer Overflow Vulnerability
86. Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
87. Apple Safari 'file://' Protocol Handler Information Disclosure and Denial of Service Vulnerability
88. Apple Safari 'CFCharacterSetInitInlineBuffer()' Remote Denial Of Service Vulnerability
89. Mozilla Firefox/SeaMonkey 'file://' URI Information Disclosure Vulnerability
90. Mozilla Firefox/Thunderbird/SeaMonkey Double Frame Construction Memory Corruption Vulnerability
91. Mozilla Thudnerbird/Seamonkey Multipart Alternative Message Memory Corruption Vulnerability
92. Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability
93. Mozilla Firefox and SeaMonkey Address Bar URI Spoofing Vulnerability
94. Mozilla Firefox 'NPObject' Access Remote Code Execution Vulnerability
95. Cisco Video Surveillance Stream Manager Firmware Denial of Service Vulnerability
96. Pidgin Multiple Buffer Overflow Vulnerabilities
97. Git Parameter Processing Remote Denial Of Service Vulnerability
98. Cisco Physical Access Gateway Malformed Packet Remote Denial of Service Vulnerability
99. International Components for Unicode Invalid Byte Sequence Handling Vulnerability
100. GStreamer gst-plugins-good 'gstpngdec.c' PNG Output Buffer Integer Overflow Vulnerability
III. SECURITYFOCUS NEWS
1. FTC persuades court to shutter rogue ISP
2. Obama launches cybersecurity initiative
3. Browsers bashed first in hacking contest
4. Experts: U.S. needs to defend its "cyber turf"
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
1. CHASE - 2009 Lahore Pakistan | Call for Papers
2. Hardening CentOS
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents.
http://www.securityfocus.com/columnists/501

II. BUGTRAQ SUMMARY
--------------------
1. PinME! Joomla! Component 'task' Parameter SQL Injection Vulnerability
BugTraq ID: 35493
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35493
Summary:
The PinME component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

2. Joomla! 'com_amocourse' Component 'catid' Parameter SQL Injection Vulnerability
BugTraq ID: 35489
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35489
Summary:
The Joomla! 'com_amocourse' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

3. Cisco Video Surveillance 2500 Series IP Cameras Remote Information Disclosure Vulnerability
BugTraq ID: 35478
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35478
Summary:
Cisco Video Surveillance 2500 Series IP Cameras are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue is tracked by Cisco Bug IDs CSCsu05515 and CSCsr96497.

Versions prior to Cisco Video Surveillance 2500 Series IP Camera firmware 2.1 are vulnerable.

4. FreeBSD Direct Pipe Write Local Information Disclosure Vulnerability
BugTraq ID: 35279
Remote: No
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35279
Summary:
FreeBSD is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

5. F5 Networks FirePass SSL VPN Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 35312
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35312
Summary:
F5 Networks FirePass SSL VPN is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

6. 'Compress::Raw::Zlib' Perl Module Remote Code Execution Vulnerability
BugTraq ID: 35307
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35307
Summary:
The 'Compress::Raw::Zlib' Perl module is prone to a remote code-execution vulnerability.

Successful exploits may allow remote attackers to execute arbitrary code or cause denial-of-service conditions in applications that use the vulnerable module.

Versions prior to 'Compress::Raw::Zlib' 2.017 are affected.

7. Gizmo5 for Linux MSN Authentication SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 35508
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35508
Summary:
Gizmo5 for Linux is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers. This will aid in further attacks.

Gizmo5 for Linux 3.1.0.79 is vulnerable; other versions may also be affected.

8. aMSN SSL Certificate Validation Security Bypass Vulnerability
BugTraq ID: 35507
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35507
Summary:
aMSN is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers. This will aid in further attacks.

aMSN 0.97.2 is vulnerable; other versions may also be affected.

9. Aardvark Topsites PHP 'index.php' Cross Site Scripting Vulnerability
BugTraq ID: 35506
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35506
Summary:
Aardvark Topsites PHP is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Aardvark Topsites PHP 5.2.0 is vulnerable; other versions may also be affected.

10. strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 35452
Remote: Yes
Last Updated: 2009-06-25
Relevant URL: http://www.securityfocus.com/bid/35452
Summary:
strongSwan is prone to multiple remote denial-of-service vulnerabilities.

Attackers can exploit these issues to crash the application, denying access to legitimate users.

Versions prior to strongSwan 2.8.10, 4.3.2, and 4.2.16 are vulnerable.

11. Drupal Links Package 'Title' HTML Injection Vulnerability
BugTraq ID: 35491
Remote: Yes
Last Updated: 2009-06-25
Relevant URL: http://www.securityfocus.com/bid/35491
Summary:
The Links Package module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Note that to exploit this issue, attackers would need to have content create privileges.

12. chuggnutt.com HTML to Plain Text Conversion Remote Code Execution Vulnerability
BugTraq ID: 32799
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/32799
Summary:
The 'HTML to Plain Text Conversion' class from chuggnutt.com is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to inject and execute malicious server-side script in the context of the application using the vulnerable class. Successful exploits will compromise the affected application and possibly the underlying computer.

The issue affects version 1.0 of the class; other versions may also be affected.

NOTE: This issue was initially reported in Roundcube Webmail. Note that RoundCube Webmail 0.2-1 alpha, 0.2-2 beta, and possibly other versions are vulnerable because they use the vulnerable 'HTML to Plain Text Conversion' class.

13. Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
BugTraq ID: 31862
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/31862
Summary:
Smarty Template Engine is prone to a security-bypass vulnerability that occurs when embedded variables are processed.

Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.

Smarty Template Engine 2.6.19 is vulnerable to the issue; other versions may also be affected.

14. Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
BugTraq ID: 34918
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/34918
Summary:
Smarty Template Engine is prone to a security-bypass vulnerability because it fails to adequately sanitize user-supplied input.

Attackers may exploit the issue to bypass certain security restrictions and execute arbitrary PHP code in the context of the application.

Smarty Template Engine 2.6.22 for Windows is vulnerable; other versions may also be affected.

15. Snoopy '_httpsrequest()' Arbitrary Command Execution Vulnerability
BugTraq ID: 31887
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/31887
Summary:
Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

An attacker may exploit this issue to execute arbitrary commands in the context of the vulnerable webserver.

This issue may be related to BID 15213 (Snoopy Arbitrary Command Execution Vulnerability); this has not been confirmed.

Versions prior to Snoopy 1.2.4 are affected. Additional applications that use the Snoopy library may also be vulnerable.

16. PHPMailer Remote Shell Command Execution Vulnerability
BugTraq ID: 24417
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/24417
Summary:
PHPMailer is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

This issue affects PHPMailer when configured to use sendmail.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application using the affected class utility.

PHPMailer 1.73 and prior versions are vulnerable to this issue.

17. Cyrus SASL 'sasl_encode64()' Remote Buffer Overflow Vulnerability
BugTraq ID: 34961
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/34961
Summary:
Cyrus SASL is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in denial-of-service conditions.

Versions prior to Cyrus SASL 2.1.23 are vulnerable.

18. Basic Analysis And Security Engine 'readRoleCookie()' Authentication Bypass Vulnerability
BugTraq ID: 35470
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/35470
Summary:
Basic Analysis And Security Engine (BASE) is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain unauthorized access to the affected application. Successfully exploiting this issue will lead to other attacks.

BASE 1.2.4 is vulnerable; prior versions are also affected.

19. Rasterbar Software libtorrent Arbitrary File Overwrite Vulnerability
BugTraq ID: 35262
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/35262
Summary:
The 'libtorrent' library is prone to a vulnerability that may allow remote attackers to overwrite arbitrary local files. This may result in a denial-of-service condition or aid in further attacks.

This issue affects versions prior to libtorrent 0.14.4.

20. MyBB 'birthdayprivacy' Parameter SQL Injection Vulnerability
BugTraq ID: 35458
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/35458
Summary:
MyBB (MyBulletinBoard) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to MyBB 1.4.7 are vulnerable.

21. Sun Solaris 'IP(7P)' Multicast Reception Local Denial Of Service Vulnerability
BugTraq ID: 35474
Remote: No
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/35474
Summary:
Sun Solaris is prone to a local denial-of-service vulnerability.

Local attackers may exploit this issue to cause the kernel to leak memory, denying service to legitimate users.

This issue affects the following on both SPARC and x86 platforms:

Solaris 10
OpenSolaris based upon builds snv_67 through snv_93

22. ImageMagick TIFF File Integer Overflow Vulnerability
BugTraq ID: 35111
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/35111
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input. The vulnerability occurs when handling malformed TIFF files.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.

ImageMagick 6.5.2-8 is vulnerable; other versions may be affected as well.

23. Office OCX WordViewer.OCX Word Viewer ActiveX Multiple Vulnerabilities
BugTraq ID: 23784
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/23784
Summary:
Word Viewer ActiveX control is prone to multiple denial-of-service and code-execution vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may also execute arbitrary code in the context of an affected user.

Word Viewer ActiveX Control 3.2.0.5 is reported vulnerable; other versions may also be affected.

24. Zen Cart 'admin/sqlpatch.php' SQL Injection Vulnerability
BugTraq ID: 35468
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/35468
Summary:
Zen Cart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Note that the issue exists only when the 'admin' directory was not properly renamed during the installation process.

25. Zen Cart 'record_company.php' Remote Code Execution Vulnerability
BugTraq ID: 35467
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/35467
Summary:
Zen Cart is prone to a remote code-execution vulnerability because the software fails to adequately sanitize user-supplied input.

Exploiting this issue could allow an attacker to execute arbitrary code within the context of the webserver process.

Note that the issue exists only when the 'admin' directory was not properly renamed during the installation process.

Zen Cart 1.3.8 is vulnerable; other versions may also be affected.

26. PHPEcho CMS SQL Injection and HTML Injection Vulnerabilities
BugTraq ID: 35488
Remote: Yes
Last Updated: 2009-06-24
Relevant URL: http://www.securityfocus.com/bid/35488
Summary:
PHPEcho CMS is prone to an HTML-injection vulnerability and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.

The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHPEcho CMS 2.0-rc3 is vulnerable; other versions may also be affected.

27. RETIRED: AN Guestbook 'flags.php' Local File Include Vulnerability
BugTraq ID: 35486
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35486
Summary:
AN Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

AN Guestbook 0.7.8 is vulnerable; other versions may also be affected.

NOTE (June 26, 2009): This BID is being retired because the vulnerability cannot be exploited as described; the specified script has protections in place to prevent it from being called directly.

28. 2Bgal 'admin/phpinfo.php' Information Disclosure Vulnerability
BugTraq ID: 35503
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35503
Summary:
2Bgal is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks.

2Bgal 3.1.2 is vulnerable; other versions may also be affected.

29. Tor Denial of Service and DNS Spoofing Vulnerabilities
BugTraq ID: 35505
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35505
Summary:
Tor is prone to multiple vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions or conduct spoofing attacks.

These issues affect versions prior to Tor 0.2.0.35.

30. Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
BugTraq ID: 34412
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34412
Summary:
The 'mod_jk' module for Apache Tomcat is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

This issue affects mod_jk 1.2.0 through 1.2.26.

31. phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
BugTraq ID: 34236
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34236
Summary:
phpMyAdmin is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.

32. phpMyAdmin 'export page' Cross Site Scripting Vulnerability
BugTraq ID: 34251
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34251
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.

33. Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security Bypass Vulnerability
BugTraq ID: 35377
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35377
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass the content-loading policies. The impact of this issue will depend on the reasons behind the content check.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

34. Mozilla Firefox/Thunderbird/SeaMonkey Multiple JavaScript Engine Memory Corruption Vulnerabilities
BugTraq ID: 35372
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35372
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

NOTE: These issues were previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but have been assigned their own record to better document them.

35. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
BugTraq ID: 34656
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34656
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.

36. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Browser Engine Memory Corruption Vulnerabilities
BugTraq ID: 35370
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35370
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

NOTE: In some cases, arbitrary code execution may not be possible.

NOTE: These issues were previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but have been assigned their own record to better document them.

37. Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability
BugTraq ID: 35373
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35373
Summary:
Mozilla Firefox and SeaMonkey are prone to a privilege-escalation vulnerability in the browser's sidebar and FeedWriter.

Attackers can exploit this issue to execute arbitrary code with the object's chrome privileges.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

38. Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution Vulnerability
BugTraq ID: 35383
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35383
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary JavaScript code with chrome privileges. This may result in elevated privileges or lead to a denial-of-service condition. Other attacks may also be possible.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

39. MyBB Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 35504
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35504
Summary:
MyBB is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to MyBB 1.4.8 are vulnerable.

40. VLC Media Player 'smb://' URI Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 35500
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35500
Summary:
VLC Media Player is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

VLC Media Player 0.9.9 for Windows is vulnerable; other versions may also be affected.

41. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
BugTraq ID: 35380
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35380
Summary:
Multiple web browsers are prone to a man-in-the-middle vulnerability.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how sites are rendered to the user. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

UPDATE (June 17, 2009): This BID had been updated to reflect that the issue affects multiple browsers, not just Mozilla products.

42. Cisco ASA Appliance WebVPN DOM Wrapper Cross Site Scripting Vulnerability
BugTraq ID: 35476
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35476
Summary:
Cisco ASA (Adaptive Security Appliance) is prone to a cross-site scripting vulnerability because its Web VPN fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

This issue is documented by Cisco Bug ID CSCsy80694.

Cisco ASA 8.0.(4), 8.1.2, and 8.2.1 are vulnerable.

43. Cisco ASA Appliance HTML Rewriting Security Bypass Vulnerability
BugTraq ID: 35480
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35480
Summary:
Cisco ASA is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass HTML rewrite rules. Successfully exploiting this issue will aid in cross-site scripting attacks.

This issue is documented by Cisco Bug ID CSCsy80705.

Cisco ASA 8.0.(4), 8.1.2, and 8.2.1 are vulnerable.

44. Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Vulnerability
BugTraq ID: 35475
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35475
Summary:
Cisco Adaptive Security Appliance (ASA) is prone to a vulnerability that can aid in phishing attacks.

An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users.

This issue is tracked by Cisco Bug ID CSCsy80709.

The attacker can exploit this issue to set up phishing attacks. Successful exploits could aid in further attacks.

Versions prior to ASA 8.0.4.34 and 8.1.2.25 are vulnerable.

45. Sun Solaris 'auditconfig(1M)' Command Local Privilege Escalation Vulnerability
BugTraq ID: 35501
Remote: No
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35501
Summary:
Sun Solaris is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to run arbitrary code with privileges specified in the RBAC profile.

This issue affects the following on both SPARC and x86 platforms:

Solaris 8
Solaris 9
Solaris 10
OpenSolaris based on builds snv_01 through snv_58

46. Sun Solaris Virtual Network Terminal Server Daemon Unauthorized Access Vulnerability
BugTraq ID: 35502
Remote: No
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35502
Summary:
Sun Solaris is prone to a local unauthorized-access vulnerability that affects the Virtual Network Terminal Server daemon ('vntsd(1M)') for Logical Domains ('LDoms').

Local attackers within the control domain can exploit this issue to gain unauthorized access to the console of a guest domain.

This issue affects Solaris 10 and OpenSolaris based on builds snv_41 through snv_108 on SPARC platforms.

47. MDPro Survey Module 'pollID' Parameter SQL Injection Vulnerability
BugTraq ID: 35495
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35495
Summary:
The Survey module for MDPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

48. PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
BugTraq ID: 35440
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35440
Summary:
PHP is prone to a denial-of-service vulnerability in its 'exif_read_data()' function.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable function.

Versions prior to PHP 5.2.10 are affected.

49. Net-SNMP GETBULK Divide By Zero Remote Denial of Service Vulnerability
BugTraq ID: 35492
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35492
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. To exploit this issue, an attacker must have read access to an SNMP community.

This issue affects Net-SNMP as distributed with Red Hat Enterprise Linux 3. Other distributions may also be affected.

50. Ruby BigDecimal Library Denial Of Service Vulnerability
BugTraq ID: 35278
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35278
Summary:
Ruby is prone to a denial-of-service vulnerability in its BigDecimal library.

Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable module.

Versions prior to Ruby 1.8.6-p369 and 1.8.7-p173 are affected.

51. Unisys Business Information Server Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35494
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35494
Summary:
Unisys Business Information Server (formerly known as MAPPER) is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of an affected server, possibly with SYSTEM-level privileges. Failed exploit attempts will result in denial-of-service conditions.

Business Information Server 10 and 10.1 are vulnerable; other versions may also be affected.

52. Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35496
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35496
Summary:
Motorola Timbuktu Pro for Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in denial-of-service conditions.

Versions prior to Timbuktu Pro 8.6.7 for Windows are vulnerable.

53. Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35282
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35282
Summary:
Adobe Reader and Acrobat are prone to a remote stack-based buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

54. Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
BugTraq ID: 35469
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35469
Summary:
Adobe Shockwave Player is prone to a remote code-execution vulnerability caused by a memory-dereferencing error while parsing Adobe Director files.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts may cause a denial-of-service condition.

Versions prior to Shockwave Player 11.5.0.600 for Microsoft Windows are vulnerable.

55. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
BugTraq ID: 35417
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35417
Summary:
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to OpenSSL 1.0.0 Beta 2 are vulnerable.

56. OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
BugTraq ID: 35138
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35138
Summary:
OpenSSL is prone to a vulnerability that may allow attackers to cause denial-of-service conditions.

OpenSSL 1.0.0 Beta 2 is vulnerable; other versions may also be affected.

57. OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
BugTraq ID: 35001
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35001
Summary:
OpenSSL is prone to multiple vulnerabilities that may allow attackers to cause denial-of-service conditions.

58. OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
BugTraq ID: 35174
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35174
Summary:
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference condition.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to OpenSSL 0.9.8i are vulnerable.

59. WebKit DOM Event Handler Remote Memory Corruption Vulnerability
BugTraq ID: 35271
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35271
Summary:
WebKit is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

60. WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
BugTraq ID: 35309
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35309
Summary:
WebKit is prone to a memory-corruption vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attack attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

61. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
BugTraq ID: 35318
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35318
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

62. WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
BugTraq ID: 35334
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35334
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

63. WebKit SVGList Objects Remote Memory Corruption Vulnerability
BugTraq ID: 34924
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34924
Summary:
WebKit is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

The issue also affects the following:

Apple Safari prior to 3.2.3
Apple Mac OS X v10.5 through v10.5.6,
Apple Mac OS X Server v10.5 through v10.5.6
Google Chrome prior to 1.0.154.65

64. Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
BugTraq ID: 34184
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34184
Summary:
Ghostscript is prone to multiple integer-overflow and input-validation vulnerabilities.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the user running the affected application. Failed attacks will cause denial-of-service conditions.

65. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
BugTraq ID: 34337
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34337
Summary:
Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

66. Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
BugTraq ID: 34340
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34340
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

Versions prior to Ghostscript 8.64 are affected.

67. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
BugTraq ID: 34445
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34445
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Ghostscript 8.64 is vulnerable; other versions may also be affected.

68. Samba Format String And Security Bypass Vulnerabilities
BugTraq ID: 35472
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35472
Summary:
Samba is prone to multiple vulnerabilities.

Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application or to bypass certain security restrictions.

Samba 3.0.31 through 3.3.5 are affected.

69. Moodle HotPot Module 'report.php' SQL Injection Vulnerability
BugTraq ID: 33878
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/33878
Summary:
The Moodle HotPot module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following versions are affected:

Moodle 1.6.x (prior to 1.6.7)
Moodle 1.7.x (prior to 1.7.5)
Moodle 1.8.x (prior to 1.8.6)
Moodle 1.9.x (prior to 1.9.2)

70. Moodle 'Login As' Cross Site Scripting Vulnerability
BugTraq ID: 33617
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/33617
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

The following versions are affected:

Moodle 1.9.x (prior to 1.9.4)
Moodle 1.8.x (prior to 1.8.8)
Moodle 1.7.x (prior to 1.7.7)
Moodle 1.6.x (prior to 1.6.9)

71. Moodle Wiki Page Name Cross Site Scripting Vulnerability
BugTraq ID: 32714
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/32714
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Moodle 1.6.8, 1.7.6, 1.8.7, and 1.9.3 are vulnerable.

72. Moodle Calendar Export Unspecified Information Disclosure Vulnerability
BugTraq ID: 33612
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/33612
Summary:
Moodle is prone to an unspecified information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks, including brute-force attacks against user accounts.

The following versions are affected:

Moodle 1.9.x (prior to 1.9.4)
Moodle 1.8.x (prior to 1.8.8)

73. Linux Kernel i915 Driver 'drivers/char/drm/i915_dma.c' Memory Corruption Vulnerability
BugTraq ID: 31792
Remote: No
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/31792
Summary:
The Linux kernel is prone to a memory-corruption vulnerability because of insufficient boundary checks in the i915 driver.

Local attackers could exploit this issue to cause denial-of-service conditions, bypass certain security restrictions, and potentially access sensitive information or gain elevated privileges.

This issue affects Linux kernel 2.6.24.6 and prior versions.

74. Moodle Forum Unspecified Cross-Site Request Forgery Vulnerability
BugTraq ID: 33615
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/33615
Summary:
Moodle is prone to a cross-site request-forgery vulnerability.

Attackers may exploit this issue to perform unauthorized actions on forum posts. Other attacks may also be possible.

The following versions are affected:

Moodle 1.9.x (prior to 1.9.4)
Moodle 1.8.x (prior to 1.8.8)
Moodle 1.7.x (prior to 1.7.7)

75. Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability
BugTraq ID: 32402
Remote: No
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/32402
Summary:
Moodle creates temporary files in an insecure manner.

An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Moodle 1.8.2 is vulnerable; other versions may also be affected.

76. Moodle Log Table HTML Injection Vulnerability
BugTraq ID: 33610
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/33610
Summary:
Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

The following Moodle branches and corresponding versions are affected:

1.9.x: prior to 1.9.4
1.8.x: prior to 1.8.8
1.7.x: prior to 1.7.7
1.6.x: prior to 1.6.9

77. Moodle TeX Filter Remote File Disclosure Vulnerability
BugTraq ID: 34278
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34278
Summary:
Moodle is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view local files in the context of the webserver process. This may aid in further attacks.

Versions prior to the following are vulnerable:

Moodle 1.6.9+
Moodle 1.7.7+
Moodle 1.8.9
Moodle 1.9.5

78. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

79. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
BugTraq ID: 32676
Remote: No
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/32676
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to go into an infinite loop, which may cause a denial-of-service condition.

80. Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
BugTraq ID: 35185
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35185
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue via crafted packets to cause a kernel panic, denying service to legitimate users.

81. Linux Kernel 'pppol2tp_recvmsg()' Remote Denial of Service Vulnerability
BugTraq ID: 29747
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/29747
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer on the local network, denying service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.26-rc6 are vulnerable.

82. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
BugTraq ID: 35281
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35281
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the system, denying service to legitimate users.
Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.30 are vulnerable.

83. Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
BugTraq ID: 35253
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35253
Summary:
Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause an affected application to consume memory, resulting in a denial-of-service condition.

Versions prior to 'APR-util' 1.3.7 are vulnerable.

84. Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
BugTraq ID: 35251
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35251
Summary:
Apache 'APR-util' is prone to an off-by-one vulnerability that may allow attackers to obtain sensitive information or trigger a denial-of-service condition.

Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of an application that uses the affected library, but this has not been confirmed.

Versions prior to 'APR-util' 1.3.5 on big-endian platforms are vulnerable.

85. IBM WebSphere MQ Remote Buffer Overflow Vulnerability
BugTraq ID: 35170
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35170
Summary:
IBM WebSphere MQ is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of an affected server. Failed exploit attempts will result in denial-of-service conditions.

The following are vulnerable:

WebSphere MQ 6.x (prior to 6.0.2.7)
WebSphere MQ 7.x (prior to 7.0.1.0)

86. Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
BugTraq ID: 35221
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35221
Summary:
Apache 'APR-util' is prone to an integer-underflow vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of an affected application. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.

Versions prior to 'APR-util' 1.3.5 are vulnerable.

87. Apple Safari 'file://' Protocol Handler Information Disclosure and Denial of Service Vulnerability
BugTraq ID: 35482
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35482
Summary:
Apple Safari is prone to an information-disclosure and denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to access local files. On Microsoft Windows platforms, the attacker may launch rogue instances of Windows Explorer, which may affect the computer's overall stability, leading to a denial-of-service.

This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft Windows XP and Vista.

88. Apple Safari 'CFCharacterSetInitInlineBuffer()' Remote Denial Of Service Vulnerability
BugTraq ID: 35481
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35481
Summary:
Apple Safari is prone to a denial-of-service vulnerability that stems from a NULL-pointer dereference.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Apple Safari 4 are vulnerable.

89. Mozilla Firefox/SeaMonkey 'file://' URI Information Disclosure Vulnerability
BugTraq ID: 35391
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35391
Summary:
Mozilla Firefox and SeaMonkey are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to bypass certain security restrictions and gain access to potentially sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

90. Mozilla Firefox/Thunderbird/SeaMonkey Double Frame Construction Memory Corruption Vulnerability
BugTraq ID: 35371
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35371
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a remote memory-corruption vulnerability.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

91. Mozilla Thudnerbird/Seamonkey Multipart Alternative Message Memory Corruption Vulnerability
BugTraq ID: 35461
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35461
Summary:
Mozilla Thunderbird and Seamonkey are prone to a vulnerability when handling malformed multipart/alternative email messages with a text/enhanced part. This can cause an application crash. The issue may also be exploitable to execute arbitrary code.

92. Mozilla Firefox/Thunderbird/SeaMonkey 'file://' URI Security Bypass Vulnerability
BugTraq ID: 35386
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35386
Summary:
Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass restrictions on reading local files, which may allow them to obtain sensitive information or launch other attacks.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

93. Mozilla Firefox and SeaMonkey Address Bar URI Spoofing Vulnerability
BugTraq ID: 35388
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35388
Summary:
Mozilla Firefox and SeaMonkey are affected by a URI-spoofing vulnerability because they fail to adequately handle user-supplied data.

An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be presented with a URI of a seemingly trusted site while interacting with the attacker's malicious site.

Versions *prior to* the following are affected:

Firefox 3.0.11
SeaMonkey 1.1.17

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

94. Mozilla Firefox 'NPObject' Access Remote Code Execution Vulnerability
BugTraq ID: 35360
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35360
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application or to obtain sensitive information.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

95. Cisco Video Surveillance Stream Manager Firmware Denial of Service Vulnerability
BugTraq ID: 35479
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35479
Summary:
Cisco Video Surveillance Stream Manager firmware is prone to a denial-of-service vulnerability when handling specially crafted UDP packets.

An attacker can exploit this issue to trigger an affected device to reboot, causing denial-of-service conditions.

This issue is documented by Cisco Bug ID CSCsj47924.

This issue affects Video Surveillance Stream Manager firmware running on versions prior to Video Surveillance Services Platform 5.3 and Video Surveillance Integrated Services Platform 5.3.

96. Pidgin Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 35067
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35067
Summary:
Pidgin is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software or cause denial-of-service conditions.

Versions prior to Pidgin 2.5.6 are vulnerable.

97. Git Parameter Processing Remote Denial Of Service Vulnerability
BugTraq ID: 35338
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35338
Summary:
Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests.

Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial-of-service condition.

Git 1.4.4.5 through 1.6.3.2 are vulnerable; other versions may also be affected.

98. Cisco Physical Access Gateway Malformed Packet Remote Denial of Service Vulnerability
BugTraq ID: 35477
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35477
Summary:
Cisco Physical Access Gateway is prone to a denial-of-service vulnerability when handling specially crafted TCP packets.

An attacker can exploit this issue to cause a memory leak, denying service to legitimate users.

This issue is documented by Cisco Bug ID CSCsu95864.

99. International Components for Unicode Invalid Byte Sequence Handling Vulnerability
BugTraq ID: 34974
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/34974
Summary:
The International Components for Unicode is prone to an input-validation vulnerability because the International Components for Unicode component may incorrectly convert some invalid byte sequences.

An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or allow the attacker to obtain sensitive information in some cases. Other attacks are also possible.

NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

100. GStreamer gst-plugins-good 'gstpngdec.c' PNG Output Buffer Integer Overflow Vulnerability
BugTraq ID: 35172
Remote: Yes
Last Updated: 2009-06-26
Relevant URL: http://www.securityfocus.com/bid/35172
Summary:
GStreamer 'gst-plugins-good' is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers.

Successful exploits will allow attacker-supplied code to run in the context of the user running the affected application. Failed attacks will result in denial-of-service conditions.

This issue affects gst-plugins-good 0.10.15; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. FTC persuades court to shutter rogue ISP
By: Robert Lemos
A federal district court shuts down Triple Fiber Network, after the Federal Trade Commission documents the Internet service provider's cooperation with online criminals and child pornographers.
http://www.securityfocus.com/news/11552

2. Obama launches cybersecurity initiative
By: Robert Lemos
The U.S. president announces that the nation's networks will be considered a "strategic national asset" and creates a top position in the White House to formulate a better cybersecurity policy.
http://www.securityfocus.com/news/11551

3. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

4. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. CHASE - 2009 Lahore Pakistan | Call for Papers
http://www.securityfocus.com/archive/91/504511

2. Hardening CentOS
http://www.securityfocus.com/archive/91/493893

X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510135;37701660;s

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus