SecurityFocus

SecurityFocus Newsletter #308 2005-07-18->2005-07-22 Nov 25 2005 08:22AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 308 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Tue, 26 Jul 2005 16:27:34 -0600
Message-ID: <42E6B8D6.1000206 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #308
-----------------------------

This Issue is Sponsored By: CrossTec

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Identifying P2P users using traffic analysis
2. Interview with Dan Kaminsky on Microsoft's security
II. BUGTRAQ SUMMARY
1. Macromedia JRun Unauthorized Session Access Vulnerability
2. Oracle HTTP Server Unspecified Malformed Request Denial Of Service Vulnerability
3. Oracle HTTP Server MOD_OSSO Partner Application Cookie Expiration Weakness
4. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
5. Oracle HTTP Server MOD_ORADAV ORAALTPASSWORD Obfuscation Weakness
6. Clever Copy Calendar.PHP Cross-Site Scripting Vulnerability
7. Oracle Webcache SSL Encryption Downgrade Weakness
8. MooseGallery Display.PHP File Include Vulnerability
9. Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site Scripting Vulnerability
10. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
11. Hosting Controller Multiple Remote Vulnerabilities
12. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability
13. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability
14. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability
15. Sybase EAServer Remote Buffer Overflow Vulnerability
16. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability
17. Invision PowerBoard SQL Injection Privilege Escalation Vulnerability
18. PowerDNS LDAP Backend Query Escape Failure Vulnerability
19. PowerDNS Recursive Query Denial of Service Vulnerability
20. Shorewall MACLIST Firewall Rules Bypass Vulnerability
21. Skype Technologies Skype Insecure Temporary File Creation Vulnerability
22. OSCommerce Update.PHP Information Disclosure Vulnerability
23. VP-ASP Shopaddtocart.ASP SQL Injection Vulnerability
24. CaLogic Multiple Remote File Include Vulnerabilities
25. KDE Kate, KWrite Local Backup File Information Disclosure Vulnerability
26. Y.SAK Scripts Multiple Remote Arbitrary Command Execution Vulnerabilities
27. MRV Communications In-Reach Console Servers Access Control Bypass Vulnerability
28. e107 Website System Nested BBCode URL Tag Script Injection Vulnerability
29. Hosting Controller Multiple Remote Access Control and SQL Injection Vulnerabilities
30. tForum Member.PHP Cross-Site Scripting Vulnerability
31. ToCA Race Driver Multiple Remote Format String And Buffer Overflow Vulnerabilities
32. VP-ASP Shopproductselect.ASP SQL Injection Vulnerability
33. VP-ASP Shopaddtocartnodb.ASP SQL Injection Vulnerability
34. EKG Insecure Temporary File Creation Vulnerability
35. EKG Unspecified Command Execution Vulnerability
36. Oracle Reports Server DESName Remote File Overwrite Vulnerability
37. Novell GroupWise WebAccess HTML Injection Vulnerability
38. Oracle Reports Server XML File Disclosure Vulnerability
39. Oracle Reports Server Arbitrary File Disclosure Vulnerability
40. Oracle Reports Server Multiple Cross-Site Scripting Vulnerabilities
41. PHPPageProtect Admin.PHP Cross Site Scripting Vulnerability
42. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
43. Oracle Reports Server Unauthorized Report Execution Vulnerability
44. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow Vulnerability
45. PHPPageProtect Login.PHP Cross Site Scripting Vulnerability
46. Oracle Forms Services Unauthorized Form Execution Vulnerability
47. SEO-Board Smilies_popup.PHP Cross Site Scripting Vulnerability
48. Apple Mac OS X AirPort Card Automatic Network Association Vulnerability
49. PHPFinance Inc.login.PHP Authentication Bypass Vulnerability
50. Form Sender Processform.PHP3 Name Cross Site Scripting Vulnerability
51. Mozilla Firefox Weak Authentication Mechanism Vulnerability
52. Form Sender Processform.PHP3 Failed Cross Site Scripting Vulnerability
53. MediaWiki Unspecified Remote Cross-Site Scripting Vulnerability
54. CuteNews Search.PHP Cross-Site Scripting Vulnerability
55. PHP Surveyor Multiple Cross-Site Scripting Vulnerabilities
56. Oray PeanutHull Local Privilege Escalation Vulnerability
57. PHP Surveyor Multiple SQL Injection Vulnerabilities
58. PHP-Fusion BBcode Color Tag Code Injection Vulnerability
59. PHPNews Auth.PHP SQL Injection Vulnerability
60. FreeBSD Jail() Devfs Ruleset Bypass Vulnerability
61. ReviewPost Showproduct.PHP Sort SQL Injection Vulnerability
62. Greasemonkey Multiple Remote Information Disclosure Vulnerabilities
63. Website Generator Remote Code Execution Vulnerability
64. Website Generator Multiple Remote Cross Site Scripting Vulnerabilities
65. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow Vulnerability
66. Zlib Compression Library Decompression Denial Of Service Vulnerability
67. DXXO Count Web Statistics Multiple SQL Injection Vulnerabilities
68. Alwil Software Avast! Antivirus Multiple Vulnerabilities
69. Pyrox Search Newsearch.PHP Whatdoreplace Cross-Site Scripting Vulnerability
70. PHPSiteSearch Search.PHP Query Cross-Site Scripting Vulnerability
71. EKG LIbGadu Multiple Remote Integer Overflow Vulnerabilities
72. CMSimple Index.PHP Search Cross-Site Scripting Vulnerability
73. Intruder Client Remote Denial of Service Vulnerability
74. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
75. Fetchmail POP3 Client Buffer Overflow Vulnerability
76. Ultimate PHP Remote Injection Vulnerabilities
77. Sendcard Sendcard.PHP SQL Injection Vulnerability
78. Contrexx Multiple Input Validation Vulnerabilities
79. PHP TopSites Setup.PHP Authentication Bypass Vulnerability
80. Veritas NetBackup Access Violation Vulnerability
81. ASN Guestbook Multiple Cross-Site Scripting Vulnerabilities
III. SECURITYFOCUS NEWS
1. 3Com launches vulnerability-buying program
2. Oracle taken to task for time to fix vulnerabilities
3. Report: Squatters a major problem for credit-report site
4. Desktop port proliferation a security risk?
5. Spyware 'calling home' volumes soar
6. UK war driver fined £500
7. Dell rejects spyware charge
8. Phlooding attack could leave enterprises high and dry

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------------

II.BUGTRAQ SUMMARY
------------------
1. Macromedia JRun Unauthorized Session Access Vulnerability
BugTraq ID: 14271
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14271
$BMWLs(B:
Macromedia JRun $B$O!"$"$k%f!<%6%;%C%7%g%s$,JL$N%f!<%6$H6&M-$5$l$k$3$H$r5v(B
$B$7$F$7$^$&2DG=@-$N$"$kLdBj$N1F6A$r<u$1$^$9!#(B

$BFCDj$N>u672<$G$O!"F1$8%;%C%7%g%s$r(B 2 $B?M$N%f!<%6$,6&M-$7!"%f!<%6%"%+%&%s(B
$B%H$KBP$9$k6<0R$r>7$/$J$I$N967b$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O967b<T$K$h$C$F0z$-5/$3$5$l$k$3$H$O$J$/!"5)$K$7$+H/@8$7$J$$$
3$H(B
$B$KN10U$9$k$Y$-$G$9!#(B

JRun 4.0$B!"(BColdFusion MX 7.0 Enterprise Multi-Server Edition$B!"$*$h$S(B
ColdFusion MX 6.1 Enterprise with JRun $B$,$3$NLdBj$N1F6A$r<u$1$^$9!#(B

2. Oracle HTTP Server Unspecified Malformed Request Denial Of Service Vulnerability
BugTraq ID: 14272
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14272
$BMWLs(B:
Oracle HTTP Server $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$KF1:-$5$l$F$$$k(B
Readme $B$K5-=R$5$l$F$$$^$7$?!#(BOracle $B$O!"$3$NLdBj$K4XO"$9$k>\:Y>pJs$r8x3+(B
$B$7$F$$$^$;$s!#(B

3. Oracle HTTP Server MOD_OSSO Partner Application Cookie Expiration Weakness
BugTraq ID: 14273
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14273
$BMWLs(B:
Oracle HTTP Server $B$N(B mod_osso $B%7%s%0%k%5%$%s%*%s%b%8%e!<%k$G$O!"%Q!<%H(B
$B%J!<%"%W%j%1!<%7%g%s$N(B Cookie $B$,E,@Z$K<:8z$7$^$;$s!#0-0U$N$"$k%f!<%6$,%Q!<(B
$B%H%J!<%"%W%j%1!<%7%g%s$N(B Cookie $B$KBP$7$FIT@5$K%"%/%;%9$9$kJ}K!$,$"$k>l9g(B
$B$K$O!"$3$l$O%;%-%e%j%F%#>e$N6<0R$H$J$k2DG=@-$,$"$j$^$9!#%"%W%j%1!<%7%
g%s(B
$B$N(B Cookie $B$,<:8z$9$k$3$H$,K\Mh$"$k$Y$-?6$kIq$$$G$9!#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$KF1:-$5$l$F$$$k(B
Readme $B$K5-=R$5$l$F$$$^$7$?!#(BOracle $B$O!"$3$NLdBj$K4XO"$9$k>\:Y>pJs$r8x3+(B
$B$7$F$$$^$;$s!#$3$NLdBj$O!"(B7 $B7n$N(B Critical Patch Update $B$K$"$k(B DB 10 $B$NLd(B
$BBj$K4XO"$7$F$$$k2DG=@-$,$"$j$^$9$,!"$3$l$OL$8!>Z$G$9!#>\:Y>pJs$,8x3+$
5$l(B
$B<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

4. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
BugTraq ID: 14276
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14276
$BMWLs(B:
Winamp $B$K$O!"(BID3v2 $B5!G=$K$*$$$F%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"F~NO%G!<%?$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$
K!"(B
$B6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O!"0-0U$N$"$k(B MP3 $B%U%!%$%k$rG[?.$7$F5?$$$r;}$?$J$$%f!<%6$KLdBj$N(B
$B$"$k%"%W%j%1!<%7%g%s$G$3$l$i$N%U%!%$%k$r=hM}$5$;$k<jK!$K$h$j!"%j%b!<%
H$+(B
$B$i$3$NLdBj$,MxMQ$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%
6$N(B
$B8"8B$GG$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

$B%P!<%8%g%s(B 5.03a$B!"(B5.09$B!"$*$h$S(B 5.091 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3(B
$B$H$,Js9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$
9!#(B

5. Oracle HTTP Server MOD_ORADAV ORAALTPASSWORD Obfuscation Weakness
BugTraq ID: 14277
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14277
$BMWLs(B:
Oracle HTTP Server $B$N(B mod_oradav $B%b%8%e!<%k$K$O%;%-%e%j%F%#>e$NLdBj$,B8(B
$B:_$7$^$9!#$3$NLdBj$O!"(BORAALTPASSWORD $B$N0E9f2=$N:]$KIT6q9g$rH/@8$5$;$k$b(B
$B$N$G$9!#0-0U$"$k%f!<%6$O!"0E9f2=$KIT6q9g$N$"$k%Q%9%o!<%I$K%"%/%;%9$G$
-$k(B
$B>l9g!"7k2L$H$7$FMF0W$K%Q%9%o!<%I$rI|9f$9$k$3$H$,2DG=$G$9!#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$KF1:-$5$l$F$$$k(B
Readme $B$K5-=R$5$l$F$$$^$7$?!#(BOracle $B$O!"$3$NLdBj$K4XO"$9$k>\:Y>pJs$r8x3+(B
$B$7$F$$$^$;$s!#(B

6. Clever Copy Calendar.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14278
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14278
$BMWLs(B:
Clever Copy $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3$N(B
$BLdBj$O!"F0E*$K@8@.$5$l$k(B Web $B%Z!<%8$N%3%s%F%s%D$KDI2C$5$l$k%f!<%6$,;XDj(B
$B$7$?(B URI $BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

7. Oracle Webcache SSL Encryption Downgrade Weakness
BugTraq ID: 14279
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14279
$BMWLs(B:
Oracle Webcache $B$K%;%-%e%j%F%#LdBj$,B8:_$9$k$3$H$,Js9p$5$l$F$$$^$9!#$3$N(B
$BLdBj$O!"(BOracle HTTP Server $B$G@_Dj$5$l$F$$$k0E9f6/EY$h$j$b<e$$(B SSL $B0E9f2=(B
$BJ}K!$K$h$j%I%-%e%a%s%H$,Ds6!$5$l$k2DG=@-$,$"$k$G$9!#(B

$B$3$N$?$a$K!"$"$?$+$b0BA4$G$"$k$+$N$h$&$J8m2r$r>7$/2DG=@-$,$"$j$^$9!#
(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$KF1:-$5$l$F$$$k(B
Readme $B$K5-=R$5$l$F$$$^$7$?!#(BOracle $B$O!"$3$NLdBj$K4XO"$9$k>\:Y>pJs$r8x3+(B
$B$7$F$$$^$;$s!#(B

8. MooseGallery Display.PHP File Include Vulnerability
BugTraq ID: 14280
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14280
$BMWLs(B:
MooseGallery $B$O!"%j%b!<%H$+$i(B PHP $B%U%!%$%k$r%$%s%/%k!<%I2DG=$JLdBj$N1F6A(B
$B$r<u$1$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%
:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h(B
$B$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

9. Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 14281
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14281
$BMWLs(B:
Single Sign-On Server (SSO) for Oracle Database Server $B$K$O!"L$FCDj$N%/(B
$B%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,B8:_$7$^$9!#(B

$B0-0U$"$k(B HTML $B$d%9%/%j%W%H%3!<%I$r4^$`%j%s%/$r%/%j%C%/$9$k$h$&$K%f!<%6$r(B
$BM6F3$9$k$3$H$G!"$3$NLdBj$,MxMQ$5$l$k2DG=@-$,$"$j$^$9!#$3$N967b$K$h$j!
"@5(B
$B5,%f!<%6$+$i$N(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$,0z$-5/$3$5$l$k2DG=(B
$B@-$,$"$j$^$9!#$=$NB>$N967b$,9T$o$l$k2DG=@-$b$"$j$^$9!#(B

$B$3$NLdBj$O!"(B7 $B7n$N(B Oracle Critical Patch Update $B$N%Q%C%A$KF1:-$5$l$F$$$k(B
Readme $B$K5-=R$5$l$F$$$^$7$?!#(BOracle $B$O!"$3$NLdBj$K4XO"$9$k>\:Y>pJs$r8x3+(B
$B$7$F$$$^$;$s!#(B

10. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
BugTraq ID: 14282
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14282
$BMWLs(B:
Microsoft Internet Explorer $B$G;HMQ$5$l$F$$$k(B JPEG $B2hA|%l%s%@%j%s%0%i%$%V(B
$B%i%j$K$O!"%P%C%U%!%*!<%P!<%U%m!<$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NL
dBj(B
$B$O!"F~NOCM$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%A%'%C%/$,E,@
Z$K(B
$B<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"%V%i%&%6$K%i%s%@%`$JF~NOCM$r:n@.$9$k$3$H$G<1JL$5$l$^$7$?$
,!"(B
$B8=;~E@$G>\:Y$OD4::$5$l$F$$$^$;$s!#>\:Y>pJs$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99(B
$B?7$5$l$kM=Dj$G$9!#(B

$B$3$NLdBj$NMxMQ$,@.8y$9$k$H!"LdBj$N$"$k%V%i%&%6$r<B9T$7$F$$$k%f!<%6$N%
;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$F$7$^$$$^$9!#(B

$B$3$NLdBj$O!"(BInternet Explorer 6 SP2 $B$GJs9p$5$l$^$7$?!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

11. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 14283
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14283
$BMWLs(B:
Hosting Controller $B$K$O!"%;%-%e%j%F%#>e$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$k(B
$B$HJs9p$5$l$F$$$^$9!#$3$l$i$NLdBj$K$h$j!"(BSQL $B9=J8$rCmF~$9$k967b!"%9%/%j%W(B
$B%H$X$NIT@5$J%"%/%;%9!"IT@5$J8"8B>:3J!"%5!<%S%9ITG=>uBV$K4Y$i$;$k967b$
r96(B
$B7b<T$,<B9T$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

Hosting Controller 6.1 Hotfix 2.1 $B$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$^$9!#(B

12. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability
BugTraq ID: 14284
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14284
$BMWLs(B:
Microsoft Internet Explorer $B$G;HMQ$5$l$F$$$k(B JPEG $B%l%s%@%j%s%0%i%$%V%i%j(B
$B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$
NLd(B
$BBj$O!"(BBID 14282 $B$G@bL@$5$l$F$$$kLdBj$H;w$F$$$k$3$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"%V%i%&%6$K%i%s%@%`$JF~NOCM$r:n@.$9$k$3$H$G<1JL$5$l$^$7$?$
,!"(B
$B8=;~E@$G>\:Y$OD4::$5$l$F$$$^$;$s!#>\:Y>pJs$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99(B
$B?7$5$l$kM=Dj$G$9!#(B

$B$3$N967b$K@.8y$9$k$H!"LdBj$N$"$k(B Web $B%V%i%&%6$,%/%i%C%7%e$7$^$9!#G$0U$N(B
$B%3!<%I$,<B9T$5$l$k2DG=@-$b$"$j$^$9$,!"$3$l$K$D$$$F$OL$8!>Z$G$9!#(B

$B$3$NLdBj$O!"(BInternet Explorer 6 SP2 $B$GJs9p$5$l$^$7$?!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

13. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 14285
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14285
$BMWLs(B:
Microsoft Internet Explorer $B$G;HMQ$5$l$F$$$k(B JPEG $B2hA|%l%s%@%j%s%0%i%$%V(B
$B%i%j$K$O!"%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!
#(B

$B$3$NLdBj$O!"%V%i%&%6$K%i%s%@%`$JF~NOCM$r:n@.$9$k$3$H$G<1JL$5$l$^$7$?$
,!"(B
$B8=;~E@$G>\:Y$OD4::$5$l$F$$$^$;$s!#>\:Y>pJs$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99(B
$B?7$5$l$kM=Dj$G$9!#(B

$B$3$N967b$K@.8y$9$k$H!"2a>j$K%a%b%j$,>CHq$5$l!"LdBj$N$"$k(B Web $B%V%i%&%6$,(B
$B%/%i%C%7%e$7$^$9!#(B

$B$3$NLdBj$O!"(BInternet Explorer 6 SP2 $B$GJs9p$5$l$^$7$?!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

14. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability
BugTraq ID: 14286
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14286
$BMWLs(B:
Microsoft Internet Explorer $B$G;HMQ$5$l$F$$$k(B JPEG $B2hA|%l%s%@%j%s%0%i%$%V(B
$B%i%j$K$O!"%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!
#(B

$B$3$NLdBj$O!"%V%i%&%6$K%i%s%@%`$JF~NOCM$r:n@.$9$k$3$H$G<1JL$5$l$^$7$?$
,!"(B
$B8=;~E@$G>\:Y$OD4::$5$l$F$$$^$;$s!#>\:Y>pJs$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99(B
$B?7$5$l$kM=Dj$G$9!#(B

$B$3$N967b$K@.8y$9$k$H!"LdBj$N$"$k(B Web $B%V%i%&%6$,%/%i%C%7%e$7$^$9!#$3$NLd(B
$BBj$K$h$j(B CPU $B%j%=!<%9$,2a>j$K>CHq$5$l$k$3$H$bJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"(BInternet Explorer 6 SP2 $B$GJs9p$5$l$^$7$?!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

15. Sybase EAServer Remote Buffer Overflow Vulnerability
BugTraq ID: 14287
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14287
$BMWLs(B:
Sybase EAServer$B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N(B
$B1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%5!<%P$N(B WebConsole $B$KB8:_$7$^$9!#$3$N967b$K@.8y$9$k$H!"8GDj(B
$B%5%$%:$N%P%C%U%!$,%*!<%P!<%U%m!<$7!":G=*E*$K$O(B 'jagsrv.exe' $B%W%m%;%9$N%;(B
$B%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$F$7$^$$$^$9!#$3$NLdB
j$K(B
$B$h$j!"967b<T$O8"8B>:3J$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B967b$r<B9T$9$kA0$K!"967b<T$OG'>Z>pJs$r;XDj$9$kI,MW$,$"$kE@$KN10U$9$k$
Y$-(B
$B$G$9!#(B

16. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability
BugTraq ID: 14288
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14288
$BMWLs(B:
$B0-0U$N$"$k(B ICC $B%W%m%U%!%$%k%G!<%?$,Kd$a9~$^$l$?2hA|%G!<%?$,(B Microsoft
Internet Explorer $B$*$h$S(B MSN Instant Messenger $B$G=hM}$5$l$?>l9g!"$3$l$i(B
$B$N%"%W%j%1!<%7%g%s$,%/%i%C%7%e$9$k$3$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$N>u67$O@0?t=hM}%(%i!<$KM3Mh$7$F$$$k2DG=@-$,9b$$$H?dB,$5$l$^$9!#(B

$B3NG'$5$l$?%/%i%C%7%e$N>u67$O!"%a%b%j$NFI$_<h$j;~$K$*$1$k%"%/%;%90cH?$
K$h(B
$B$k$b$N$G$"$j!"6-3&30$NG[Ns$K%"%/%;%9$7$?$?$a$KH/@8$7$?2DG=@-$,$"$k$H!
"Cx(B
$B<T$O=R$Y$F$$$^$9!#$D$^$j!"%G!<%?$r=q$-9~$`<jK!$,B8:_$9$k$+$b$7$l$^$;$
s$,!"(B
$B$3$NLdBj$OD>$A$K967b$KMxMQ$5$l$k$b$N$G$O$J$$$3$H$r0UL#$7$F$$$^$9!#(B

17. Invision PowerBoard SQL Injection Privilege Escalation Vulnerability
BugTraq ID: 14289
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14289
$BMWLs(B:
Invision PowerBoard $B$K$O%;%-%e%j%F%#LdBj$,B8:_$9$k$3$H$,Js9p$5$l$F$$$^$9!#(B
SQL $B9=J8$rCmF~$9$k967b$K$h$j!"967b<T$,B>$N%f!<%6%"%+%&%s%H$r%O%$%8%c%C%/
(B
$B$9$k$3$H$,2DG=$G$9!#<B>ZMQ%3!<%I$,Ds6!$5$l$F$$$^$9!#(B

18. PowerDNS LDAP Backend Query Escape Failure Vulnerability
BugTraq ID: 14290
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14290
$BMWLs(B:
PowerDNS 2.9.18 $B$h$jA0$N(B LDAP $B%P%C%/%(%s%I$O!"%j%/%(%9%H$KBP$9$k%(%9%1!<(B
$B%W=hM}$rE,@Z$K9T$C$F$$$J$+$C$?$?$a$K!"7k2L$H$7$F<ALd$KBP$9$k2sEz$r9T$
o$:(B
$B$K%j%/%(%9%H$,<:GT$9$k2DG=@-$,$"$j$^$7$?!#(B

PowerDNS $B$H(B LDAP $B$,;HMQ$5$l$F$$$k%7%9%F%`4D6-$G$O!"$3$l$O%;%-%e%j%F%#>e(B
$B$NLdBj$H$J$k2DG=@-$,$"$j$^$9!#%Y%s%@$O!"(B2.9.18 $B$G$3$NLdBj$r=$@5$7$F$$$^(B
$B$9!#(B

19. PowerDNS Recursive Query Denial of Service Vulnerability
BugTraq ID: 14291
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14291
$BMWLs(B:
PowerDNS $B$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r<u$1$^$9!#30It%M%C%H%o!<(B
$B%/$KB8:_$9$k%j%b!<%H$N967b<T$K$3$NLdBj$,MxMQ$5$l$k$H!"G'>Z$5$l$F$$$k%
[%9(B
$B%H$N8!:w$r<:GT$5$;$k$3$H$r5v$7$F$7$^$$$^$9!#$3$NLdBj$N5;=QE*$J>\:Y$OL
$$@(B
$B8x3+$5$l$F$$$^$;$s!#$3$N>u67$O!"(BPowerDNS $B$,FCDj$N(B IP $B%"%I%l%9$NHO0OFb$K(B
$B$"$k%[%9%H$N$_$,:F5"E*$J%/%(%j$r<B9T$9$k$3$H$r5v2D$7$F$$$k>l9g$KH/@8$
7$^(B
$B$9!#(B

20. Shorewall MACLIST Firewall Rules Bypass Vulnerability
BugTraq ID: 14292
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14292
$BMWLs(B:
Shorewall $B$O!"%U%!%$%"%&%)!<%k$N%k!<%k$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"(BMac $B%"%I%l%9$r4p=`$H$9$k%U%#%k%?%j%s%0=hM}$G;HMQ$5$l(B
$B$kI,MW$,$"$k%U%!%$%"%&%)!<%k%k!<%k$,E,@Z$K<BAu$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

'MACLIST_TTL' $B$,(B 0 $B$h$j$bBg$-$$!"$^$?$O(B 'MACLIST_DISPOSITION' $B$,(B 'ACCEPT'
$B$H$7$F@_Dj$5$l$F$$$k>l9g$K!"$3$NLdBj$,H/@8$7$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"967b<T$,%U%!%$%"%&%)!<%k%k!<%k$r2sHr$7!"@)Ls$
r<u(B
$B$1$:$KJ]8n$5$l$F$$$k%5!<%S%9$d%3%s%T%e!<%?$KBP$9$k967b$r9T$&$3$H$r5v$
7$F(B
$B$7$^$$$^$9!#(B

$B$^$?!"$3$NLdBj$K$h$j%U%!%$%"%&%)!<%k$N4IM}<T$r$"$?$+$b0BA4$G$"$k$H8m2
r$5(B
$B$;$F$7$^$$$^$9!#(B

21. Skype Technologies Skype Insecure Temporary File Creation Vulnerability
BugTraq ID: 14293
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14293
$BMWLs(B:
Skype $B$K$O%;%-%e%j%F%#>eITE,@Z$K0l;~%U%!%$%k$,:n@.$5$l$kLdBj$N1F6A$r<u$1(B

$B$^$9!#(B

$B$3$N967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$k>l9g!"%G!<%?$,GK2u$5$l$k$^$
?$O(B
$B%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,9b$$$H?dB,$5$l$^$9!#$=$NB>$N967b$,<B9T$
5$l(B
$B$k2DG=@-$b$"$j$^$9!#(B

Skype 1.1.0.20 $B0JA0$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

22. OSCommerce Update.PHP Information Disclosure Vulnerability
BugTraq ID: 14294
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14294
$BMWLs(B:
osCommerce $B$K$O!">pJs$,O31L$9$k5?$$$,$"$j$^$9!#967b<T$O$3$NLdBj$rMxMQ$7(B
$B$F!"(BWeb $B%5!<%P%W%m%;%9$K$h$jDL>oFI$_<h$k$3$H$,2DG=$JG$0U$N%U%!%$%k$NFbMF(B
$B$rI=<($9$k2DG=@-$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!">pJs$,O31L$9$k2DG=@-$,$"$j$^$9!#<}=8$5$l$?>pJs$O!"%
P%C(B
$B%/%(%s%I%7%9%F%`$KBP$9$k99$J$k967b$K;HMQ$5$l$k2DG=@-$,$"$j$^$9!#$^$?!
"$=(B
$B$NB>$N967b$b9T$o$l$k2DG=@-$,$"$j$^$9!#(B

osCommerce 2.2 $B%^%$%k%9%H!<%s(B 2$B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5(B
$B$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

23. VP-ASP Shopaddtocart.ASP SQL Injection Vulnerability
BugTraq ID: 14295
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14295
$BMWLs(B:
VP-ASP Shopping Cart $B$K$O!"%j%b!<%H$+$i(B SQL $B9=J8$rCmF~$5$l$kLdBj$,B8:_$9(B
$B$k5?$$$N$"$k$3$H$,3NG'$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOC
M$r(B
SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H
(B
$B$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"%f!<%6%Q%9%o!<%I%O%C%7%e$d%G!<%?%Y!<%9Fb$
N=E(B
$BMW$J>pJs$r3+<($9$k2DG=@-$,$"$j$^$9!#$^$?!"%P%C%/%(%s%I%G!<%?%Y!<%9<BA
u$K(B
$B$*$1$k@x:_E*$JLdBj$rMxMQ$5$l$k2DG=@-$b$"$j$^$9!#(B

24. CaLogic Multiple Remote File Include Vulnerabilities
BugTraq ID: 14296
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14296
$BMWLs(B:
CaLogic $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I2DG=$JJ#?t$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

CaLogic 1.2.2 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#$=$NB>(B
$B$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

25. KDE Kate, KWrite Local Backup File Information Disclosure Vulnerability
BugTraq ID: 14297
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14297
$BMWLs(B:
KDE Kate $B$*$h$S(B Kwrite $B$K$O!"%m!<%+%k$G>pJs$,3+<($5$l$kLdBj$,B8:_$9$k5?(B
$B$$$,$"$j$^$9!#$3$NLdBj$O!"%P%C%/%"%C%W%U%!%$%k$N:n@.;~$K%U%!%$%k$N%Q!
<%_(B
$B%7%g%s$,0BA4$KJ]<i$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"%m!<%+%k$N967b<T$,@x:_E*$K=EMW$J%U%!%$%k$NFbMF$K%"%/%;%9$
9$k(B
$B$3$H$r5v$7$F$7$^$$$^$9!#(B

$B%a%b(B: $B$3$l$i$N%"%W%j%1!<%7%g%s$O%M%C%H%o!<%/$KBP1~$7$F$$$k$?$a!"FCDj$N>u(B

$B672<$G$O$3$NLdBj$O%m!<%+%k$N967b<T$K8BDj$5$l$J$$2DG=@-$,$"$j$^$9!#(B

26. Y.SAK Scripts Multiple Remote Arbitrary Command Execution Vulnerabilities
BugTraq ID: 14299
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14299
$BMWLs(B:
Y.SAK Scripts $B$K$O!"%j%b!<%H$+$i%3%^%s%I$,<B9T$5$l$kJ#?t$NLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM
}$,(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#%f!<%6$,;XDj$7$?%G!<%?$,E,@Z$K%5%
K%?(B
$B%$%:=hM}$5$l$:$K(B Perl $B$N(B open() $B%k!<%A%s$K6!5k$5$l$k>l9g$K!"$3$l$i$NLdBj(B
$B$,H/@8$7$^$9!#(B

$B$3$l$i$NLdBj$N$$$:$l$+$rMxMQ$7$?967b$K@.8y$9$k$H!"(BWeb $B%5!<%P$N%;%-%e%j%F%#(B
$B%3%s%F%-%9%HFb$GLdBj$N$"$k%3%s%T%e!<%?$K%j%b!<%H$+$iIT@5$K%"%/%;%9$5$
l$k(B
$B2DG=@-$,$"$j$^$9!#(B

27. MRV Communications In-Reach Console Servers Access Control Bypass Vulnerability
BugTraq ID: 14300
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14300
$BMWLs(B:
In-Reach $B%3%s%=!<%k%5!<%P$O!"%"%/%;%9%3%s%H%m!<%k$,2sHr$5$l$kLdBj$N1F6A(B
$B$r<u$1$^$9!#(B

$BFCDj$N>u672<$G$O!"LdBj$N$"$k%G%P%$%9$,%]!<%H$r4p=`$H$7$?%"%/%;%9%3%s%
H%m!<(B
$B%k$r8!>Z$G$-$:$K!"%f!<%6$,%]!<%H$d%3%s%=!<%k$K%"%/%;%9$9$k$3$H$r5v$7$
F$7(B
$B$^$$$^$9!#(B

$B%=%U%H%&%'%"(B 3.5.0 $B$r<B9T$9$k(B In-Reach LX-8000$B!"(B4000 $B$*$h$S(B 1000 $B%7%j!<(B
$B%:$,$3$NLdBj$N1F6A$r<u$1$^$9!#B>$N%b%G%k$b1F6A$r<u$1$k2DG=@-$,$"$j$^$
9!#(B

28. e107 Website System Nested BBCode URL Tag Script Injection Vulnerability
BugTraq ID: 14301
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14301
$BMWLs(B:
e107 Website System $B$K$O!"%9%/%j%W%H$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

29. Hosting Controller Multiple Remote Access Control and SQL Injection Vulnerabilities
BugTraq ID: 14302
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14302
$BMWLs(B:
Hosting Controller $B$K$O!"J#?t$N%;%-%e%j%F%#>e$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$K$h$j!"967b<T$O(B SQL $B9=J8$rCmF~$9$k967b$r<B9T$7!"%9%/(B
$B%j%W%H$KIT@5$K%"%/%;%9$9$k$3$H$r5v$7$F$$$^$9!#(B

Hosting Controller 6.1 Hotfix 2.2 $B$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$k$H(B
$BJs9p$5$l$F$$$^$9!#(B

30. tForum Member.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14303
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14303
$BMWLs(B:
tForum $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$
3$H(B
$B$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

31. ToCA Race Driver Multiple Remote Format String And Buffer Overflow Vulnerabilities
BugTraq ID: 14304
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14304
$BMWLs(B:
ToCA Race Driver $B$K$O!"%j%b!<%H$h$jMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$*$h(B
$B$S%U%)!<%^%C%H%9%H%j%s%0$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$iN
>J}(B
$B$NLdBj$O!"(B'sprintf()' $B4X?t$NITE,@Z$J;HMQ$K5/0x$9$k$b$N$G$9!#(B

$B$3$N%2!<%`$G$O!"%W%l!<%d!<$K%F%-%9%H%G!<%?$rI=<($9$k$?$a$NJ8;zNs$r(B

'sprintf()' $B$r;HMQ$7$F9=C[$5$l$F$$$^$9!#0lHL$N%A%c%C%H5!G=$H%2!<%`%5!<%P(B
$B%V%i%&%6$G$3$N4X?t$,@5$7$/;HMQ$5$l$F$$$J$$$?$a!"967b$,2DG=$H$J$C$F$$$
^$9!#(B
$B$=$NB>$N>l=j$G$b$3$l$i$NLdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%/%i%$%"%s%H%"%W%
j%1!<(B
$B%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k2DG=@
-$,(B
$B$"$j$^$9!#$3$l$O!"%V%m!<%I%-%c%9%H$^$?$O%f%K%-%c%9%H$N$$$:$l$+$NJ}K!$
GH/(B
$B@8$9$k2DG=@-$,$"$j$^$9!#(B

32. VP-ASP Shopproductselect.ASP SQL Injection Vulnerability
BugTraq ID: 14305
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14305
$BMWLs(B:
VP-ASP Shopping Cart $B$K$O!"%j%b!<%H$+$i(B SQL $B9=J8$rCmF~$5$l$kLdBj$,B8:_$9(B
$B$k5?$$$N$"$k$3$H$,3NG'$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOC
M$r(B
SQL $B%/%(%j$G;HMQ$9$kA0$K!"%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7
(B
$B$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"%f!<%6%Q%9%o!<%I%O%C%7%e$d%G!<%?%Y!<%9Fb$
N=E(B
$BMW$J>pJs$r3+<($9$k2DG=@-$,$"$j$^$9!#$^$?!"%P%C%/%(%s%I%G!<%?%Y!<%9<BA
u$K(B
$B$*$1$k@x:_E*$JLdBj$rMxMQ$5$l$k2DG=@-$b$"$j$^$9!#(B

33. VP-ASP Shopaddtocartnodb.ASP SQL Injection Vulnerability
BugTraq ID: 14306
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14306
$BMWLs(B:
VP-ASP Shopping Cart $B$K$O!"%j%b!<%H$+$i(B SQL $B9=J8$rCmF~$5$l$kLdBj$,B8:_$9(B
$B$k5?$$$N$"$k$3$H$,3NG'$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOC
M$r(B
SQL $B%/%(%j$G;HMQ$9$kA0$K!"%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7
(B
$B$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"%f!<%6%Q%9%o!<%I%O%C%7%e$d%G!<%?%Y!<%9Fb$
N=E(B
$BMW$J>pJs$r3+<($9$k2DG=@-$,$"$j$^$9!#$^$?!"%P%C%/%(%s%I%G!<%?%Y!<%9<BA
u$K(B
$B$*$1$k@x:_E*$JLdBj$rMxMQ$5$l$k2DG=@-$b$"$j$^$9!#(B

34. EKG Insecure Temporary File Creation Vulnerability
BugTraq ID: 14307
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14307
$BMWLs(B:
ekg $B$K$O%;%-%e%j%F%#>eITE,@Z$K0l;~%U%!%$%k$,:n@.$5$l$kL$FCDj$NLdBj$,B8:_
(B
$B$9$k5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"@_7W>e$NITHw$K$h$j!"%U%
!%$(B
$B%k$X$N=q$-9~$_A0$K%U%!%$%k$NB8:_$N3NG'$K<:GT$7$F$7$^$&$3$H$KM3Mh$9$k2
DG=(B
$B@-$,$"$j$^$9!#(B

$B$3$NLdBj$K4X$9$k8=;~E@$G$N>\:Y>pJs$G$O!">\:Y$J5;=QE*@bL@$ODs6!$G$-$^$
;$s!#(B
$B>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k5?$$$
r;}(B
$B$?$J$$%f!<%6$N8"8B$G!"G$0U$N%U%!%$%k$r>e=q$-$9$k2DG=@-$,$"$j$^$9!#(B

35. EKG Unspecified Command Execution Vulnerability
BugTraq ID: 14308
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14308
$BMWLs(B:
ekg $B$O!"%3%^%s%I$,<B9T$5$l$kL$FCDj$NLdBj$N1F6A$r<u$1$^$9!#(B

$B967b$K@.8y$9$k$H!"%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G(B $B%7%'%k(B
$B%3%^%s%I$,<B9T$5$l$F$7$^$$$^$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$
k%3(B
$B%s%T%e!<%?$KIT@5%"%/%;%9$9$k2DG=@-$,$"$j$^$9!#(B

36. Oracle Reports Server DESName Remote File Overwrite Vulnerability
BugTraq ID: 14309
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14309
$BMWLs(B:
Oracle Reports Server $B$N(B Web $B%$%s%?%U%'!<%9$K$O!"G$0U$N%U%!%$%k$,>e=q$-(B
$B$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

Microsoft Windows $B%W%i%C%H%U%)!<%`$G$O!"967b<T$O$3$NLdBj$rMxMQ$7$F!"(B
Local System $B8"8B$GG$0U$N%U%!%$%k$r>e=q$-$9$k2DG=@-$,$"$j$^$9!#967b<T$O(B
$B=EMW$J%7%9%F%`%U%!%$%k$r>e=q$-$9$k2DG=@-$,$"$j!"$=$N>l9g$K$O!"%7%9%F%
`A4(B
$BBN$G>c32$,H/@8$9$k2DG=@-$,$"$j$^$9!#(B

$B$=$NB>$N%W%i%C%H%U%)!<%`$G$O!"967b<T$O$3$NLdBj$rMxMQ$7$F!"(BOracle
Application Server $B%f!<%6$N8"8B$GG$0U$N%U%!%$%k$r>e=q$-$9$k2DG=@-$,$"$j(B
$B$^$9!#967b<T$O=EMW$J(B Oracle $B%U%!%$%k$r>e=q$-$9$k2DG=@-$,$"$j!"$=$N>l9g$K(B
$B$O!"%"%W%j%1!<%7%g%s%l%Y%k$G>c32$,H/@8$9$k2DG=@-$,$"$j$^$9!#(B

$B%G!<%?%Y!<%9>c32$r0z$-5/$3$9967b!"%G!<%?$NGK2u!"$^$?$=$NB>$N967b$,9T$
o$l(B
$B$k2DG=@-$,$"$j$^$9!#(B

37. Novell GroupWise WebAccess HTML Injection Vulnerability
BugTraq ID: 14310
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-15
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14310
$BMWLs(B:
Novell GroupWise WebAccess $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$,MxMQ$5$l$k$H!"(BWeb $B%a!<%k%"%W%j%1!<%7%g%s$K0-0U$N$"(B
$B$k(B HTML $B$*$h$S%9%/%j%W%H%3!<%I$rA^F~$5$l$k2DG=@-$,$"$j$^$9!#%f!<%6$,0-0U(B
$B$N$"$k%3!<%I$,4^$^$l$F$$$kEE;R%a!<%k$r3+$/$H!"%V%i%&%6$G%l%s%@%j%s%0$
5$l(B
$B$k2DG=@-$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=(B
$B@-$,$"$j$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

38. Oracle Reports Server XML File Disclosure Vulnerability
BugTraq ID: 14311
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14311
$BMWLs(B:
Oracle Reports Server $B$O!"%j%b!<%H$N967b<T$K$h$jG$0U$N(B XML $B%U%!%$%k$N0l(B
$BIt$,3+<($5$l$k2DG=@-$,$"$j$^$9!#(B

$B0U?^E*$K:n@.$5$l$?(B HTTP GET $B%j%/%(%9%H$r=hM}$9$k:]$K!"G$0U$N(B XML $B%U%!%$(B
$B%k$N0lIt$K%f!<%6$,%"%/%;%9$9$k$3$H$r%5!<%P$,E,@Z$K@)8B$G$-$J$$$3$H$,J
s9p(B
$B$5$l$F$$$^$9!#(B

Oracle Reports Server $B$N$9$Y$F$N%P!<%8%g%s$,$3$NLdBj$N1F6A$r<u$1$k$3$H$,(B
$BJs9p$5$l$F$$$^$9!#(B

39. Oracle Reports Server Arbitrary File Disclosure Vulnerability
BugTraq ID: 14312
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14312
$BMWLs(B:
Oracle Reports Server $B$O!"%j%b!<%H$N967b<T$K$h$jG$0U$N%U%!%$%k$N0lIt$,3+(B
$B<($5$l$k2DG=@-$,$"$j$^$9!#(B

$B0U?^E*$K:n@.$5$l$?(B HTTP GET $B%j%/%(%9%H$r=hM}$9$k:]$K!"G$0U$N%U%!%$%k$N0l(B
$BIt$K%f!<%6$,%"%/%;%9$9$k$3$H$r%5!<%P$,E,@Z$K@)8B$G$-$J$$$3$H$,Js9p$5$
l$F(B
$B$$$^$9!#(B

Oracle Reports Server $B$N$9$Y$F$N%P!<%8%g%s$,$3$NLdBj$N1F6A$r<u$1$k$3$H$,(B
$BJs9p$5$l$F$$$^$9!#(B

40. Oracle Reports Server Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14313
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14313
$BMWLs(B:
Oracle Reports Server $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$k%j%b!<%H(B
$B$+$i<B9T2DG=$JJ#?t$NLdBj$N1F6A$r<u$1$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$
N%9(B
$B%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$k(B
$BG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

patchset 2 $B$,E,MQ$5$l$?(B Oracle Reports Server 9.0.2 $B$,1F6A$r<u$1$k$3$H$,(B
$BJs9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#
(B

41. PHPPageProtect Admin.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14314
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14314
$BMWLs(B:
PHPPageProtect $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#(B
$B$3$NLdBj$O!"F0E*$K@8@.$5$l$k(B Web $B%Z!<%8=PNO$KDI2C$5$l$k%f!<%6;XDj$N(B URI
$B$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

42. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
BugTraq ID: 14315
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14315
$BMWLs(B:
Alt-N MDaemon IMAP Server $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<(B
$B$NLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"G'>Z$7$?8e$K!"(BCREATE $B%3%^%s%IL>$r2p$7$F967b<T$,2aEY$KBg$-$J(B
$B%G!<%?$rAw?.$9$k:]$K0z$-5/$3$5$l$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!
<%I(B
$B$,<B9T$5$l!"LdBj$N$"$k%3%s%T%e!<%?$KIT@5%"%/%;%9$5$l$k2DG=@-$,$"$j$^$
9!#(B

Alt-N MDaemon 8.03 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#(B
$B$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

43. Oracle Reports Server Unauthorized Report Execution Vulnerability
BugTraq ID: 14316
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14316
$BMWLs(B:
Oracle Reports Server $B$O!"K\Mh5v2D$5$l$F$$$J$$%l%]!<%H$,<B9T$5$l$kLdBj$N(B
$B1F6A$r<u$1$^$9!#(B

$B0lHL%f!<%6$,%"%/%;%9$G$-$k>l=j$K%l%]!<%H%U%!%$%k$rCV$/$3$H$G!"$3$N%U%
!%$(B
$B%k$X$N40A4$J%Q%9$r4^$`LdBj$N$"$k%5!<%V%l%C%H$K(B HTTP GET $B%j%/%(%9%H$rAw?.(B
$B$9$k$3$H$G!"%f!<%6$O%l%]!<%H$N<B9T$r%H%j%,$9$k>l9g$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"G$0U$N%3%^%s%I$r<B9T$9$k!"%5!<%P$,2TF0$7$
F$$(B
$B$k4D6-$K$*$1$k(B Oracle $B%"%+%&%s%H$N8"8B$GG$0U$N%U%!%$%k$KBP$9$kFI$_<h$j(B/
$B=q$-9~$_$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

$B967b<T$,!"%m!<%+%k$+$i%"%/%;%9$7$J$/$F$b!"%5!<%S%9$,2TF0$7$F$$$k%3%s%
T%e!<(B
$B%?$X$N%U%!%$%k$K%j%b!<%H$+$i=q$-9~$`$3$H$,2DG=$J>l9g(B (WebDAV$B!"(BFTP$B!"(BCIFS
$B$J$I$r;HMQ$7$F$$$k>l9g(B)$B!"$3$NLdBj$O%j%b!<%H$+$i<B9T$5$l$k2DG=@-
$,$"$kE@(B
$B$KN10U$9$k$Y$-$G$9!#(B

44. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow
Vulnerability
BugTraq ID: 14317
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14317
$BMWLs(B:
Alt-N MDaemon IMAP Server $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<(B
$B$NLdBj$N1F6A$r<u$1$^$9!#(B

$B0U?^E*$K:n@.$5$l$?%j%/%(%9%H$K$h$j!"%W%m%;%9%a%b%j$,GK2u$5$l!"%*!<%P!
<%U(B
$B%m!<$,0z$-5/$3$5$l$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!
<(B
$B%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$X$
NIT(B
$B@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

Alt-N MDaemon 8.03 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#(B
$B$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

45. PHPPageProtect Login.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14318
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14318
$BMWLs(B:
PHPPageProtect $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#(B
$B$3$NLdBj$O!"F0E*$K@8@.$5$l$k(B Web $B%Z!<%8=PNO$KDI2C$5$l$k%f!<%6;XDj$N(B URI
$B$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

46. Oracle Forms Services Unauthorized Form Execution Vulnerability
BugTraq ID: 14319
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14319
$BMWLs(B:
Oracle Forms Services $B$O!"K\Mh5v2D$5$l$F$$$J$$%U%)!<%`$,<B9T$5$l$kLdBj$N(B
$B1F6A$r<u$1$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"%5!<%P$,2TF0$7$F$$$k4D6-$K$*$1$k(B Oracle $B%"%+(B
$B%&%s%H$N8"8B$GG$0U$N%3%^%s%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

$B967b<T$,!"%m!<%+%k$+$i%"%/%;%9$7$J$/$F$b!"%5!<%S%9$,2TF0$7$F$$$k%3%s%
T%e!<(B
$B%?$X$N%U%!%$%k$K%j%b!<%H$+$i=q$-9~$`$3$H$,2DG=$J>l9g(B (WebDAV$B!"(BFTP$B!"(BCIFS
$B$J$I$r;HMQ$7$F$$$k>l9g(B)$B!"$3$NLdBj$O%j%b!<%H$+$i<B9T$5$l$k2DG=@-
$,$"$kE@(B
$B$KN10U$9$k$Y$-$G$9!#(B

47. SEO-Board Smilies_popup.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14320
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14320
$BMWLs(B:
SEO-Board $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3$NLd(B
$BBj$O!"F0E*$K@8@.$5$l$k(B Web $B%Z!<%8=PNO$KDI2C$5$l$k%f!<%6;XDj$N(B URI $B$N%5%K(B
$B%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

48. Apple Mac OS X AirPort Card Automatic Network Association Vulnerability
BugTraq ID: 14321
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14321
$BMWLs(B:
Apple Mac OS X $B$O!";vA0$KDLCN$5$l$:$K!"0-0U$"$k2DG=@-$N$"$k%M%C%H%o!<%/(B
$B$K%3%s%T%e!<%?$,@\B3$7$F$7$^$&LdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$KBP$7$F99$J$k967b$,0z$-5/$3$5$
l$k(B
$B2DG=@-$,$"$j$^$9!#(B

AirPort Extreme $B$O!"$3$NLdBj$N1F6A$r<u$1$^$;$s!#(B

49. PHPFinance Inc.login.PHP Authentication Bypass Vulnerability
BugTraq ID: 14322
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14322
$BMWLs(B:
PHPFinance $B$K$O!"G'>Z$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#G'>Z5!9=(B
$B$K%(%i!<$,B8:_$9$k$?$a!"967b<T$,G'>Z$r2sHr$7$FLdBj$N$"$k%"%W%j%1!<%7%
g%s(B
$B$K%"%/%;%9$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

$B0-0U$N$"$k%f!<%6$,0lEY%"%W%j%1!<%7%g%s$K%"%/%;%9$9$k$H!"%"%W%j%1!<%7%
g%s(B
$B$,40A4$K@)8f$5$l$^$9!#$3$l$O!"%P%C%/%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$
r;n(B
$B$_$k$?$a$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#(B

50. Form Sender Processform.PHP3 Name Cross Site Scripting Vulnerability
BugTraq ID: 14324
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14324
$BMWLs(B:
Form Sender $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3$N(B
$BLdBj$O!"F0E*$K@8@.$5$l$k(B Web $B%Z!<%8=PNO$KDI2C$5$l$k%f!<%6;XDj$N(B URI $B$N%5(B
$B%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k(B
$B2DG=@-$,$"$j$^$9!#(B

51. Mozilla Firefox Weak Authentication Mechanism Vulnerability
BugTraq ID: 14325
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14325
$BMWLs(B:
Firefox $B$O!"7k2L$H$7$F%M%C%H%o!<%/$KJ?J8$N7A<0$GG'>ZMQ>pJs$rAw?.$7$F$7$^(B
$B$&LdBj$N1F6A$r<u$1$^$9!#(B

$B%V%i%&%6$G%@%$%8%'%9%H$^$?$O(B NTLM $B$J$I$NB>$NG'>Z%9%-!<%^$,%5!<%P$GMxMQ$G(B
$B$-$k>l9g$G$"$C$F$b!"%G%U%)%k%H$G$O4pK\G'>Z$,A*Br$5$l$F$$$^$9!#(B

Windows $B>e$G2TF0$9$k(B Mozilla Firefox 1.0.4 $B$*$h$S(B 1.0.5 $B$,LdBj$,$"$k$3$H(B
$B$,3NG'$5$l$F$$$^$9!#0[$J$k%W%i%C%H%U%)!<%`MQ$N$=$NB>$N%P!<%8%g%s$b1F6
A$r(B
$B<u$1$k2DG=@-$,$"$j$^$9!#(B

52. Form Sender Processform.PHP3 Failed Cross Site Scripting Vulnerability
BugTraq ID: 14326
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14326
$BMWLs(B:
Form Sender $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3$N(B
$BLdBj$O!"F0E*$K@8@.$5$l$k(B Web $B%Z!<%8=PNO$KDI2C$5$l$k%f!<%6;XDj$N(B URI $B$N%5(B
$B%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k(B
$B2DG=@-$,$"$j$^$9!#(B

53. MediaWiki Unspecified Remote Cross-Site Scripting Vulnerability
BugTraq ID: 14327
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14327
$BMWLs(B:
MediaWiki $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kLdBj$,B8:_$9$k5?(B
$B$$$,$"$j$^$9!#(B

$B$3$NLdBj$N1F6A$r<u$1$kFCDj$N%9%/%j%W%H$*$h$S%Q%i%a!<%?$O8=;~E@$G$OITL
@$G(B
$B$9!#>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$
N%9(B
$B%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$k(B
$BG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

MediaWiki 1.4.6 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

54. CuteNews Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14328
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14328
$BMWLs(B:
CuteNews $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"(B'search.php' $B%9%/%j%W%H$r2p$7$F!"%"%W%j%1!<%7%g%s$K0-0U$"$k(B
HTML $B$d%9%/%j%W%H%3!<%I$,Aw?.$5$l$k:]$K0z$-5/$3$5$l$^$9!#(B

$B$3$NLdBj$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

$B%P!<%8%g%s(B 1.3.6 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B
CuteNews $B$N$3$l$h$jA0$N%P!<%8%g%s$bF1MM$K1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

55. PHP Surveyor Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14329
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14329
$BMWLs(B:
PHP Surveyor $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t$NLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%
?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

56. Oray PeanutHull Local Privilege Escalation Vulnerability
BugTraq ID: 14330
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14330
$BMWLs(B:
PeanutHull $B$O!"%m!<%+%k$G$N8"8B>:3J$NLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$O!"%m!<%+%k%f!<%6$,(B SYSTEM $B8"8B$GG$0U$N<B9T2DG=%U%!(B
$B%$%k$r5/F0$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

PeanutHull 3.0 Beta 5 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

57. PHP Surveyor Multiple SQL Injection Vulnerabilities
BugTraq ID: 14331
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14331
$BMWLs(B:
PHP Surveyor $B$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

58. PHP-Fusion BBcode Color Tag Code Injection Vulnerability
BugTraq ID: 14332
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14332
$BMWLs(B:
PHPFusion$B$O!"%a%C%;!<%8%]%9%H$K$*$1$k(B BBCode '[color]' $B%?%0$rE,@Z$K%5%K(B
$B%?%$%:=hM}$7$^$;$s!#$3$NLdBj$rMxMQ$9$k$H!"FCDj$N(B CSS ($B%+%9%1!<%G%#%s%0%9(B
$B%?%$%k%7!<%H(B) $B%3!<%I$rA^F~$9$k$3$H$,2DG=$H$J$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"%3%s%F%s%D$rA`:n$9$k!"$"$k$$$O$=$NB>$N967
b$r(B
$B9T$&$3$H$,2DG=@-$,$"$j$^$9!#(B

59. PHPNews Auth.PHP SQL Injection Vulnerability
BugTraq ID: 14333
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14333
$BMWLs(B:
PHPNews $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~NOCM$
rEO(B
$B$7!"%/%(%j$NO@M}9=B$$rA`:n$9$k$J$I$N967b$,5v$5$l$F$7$^$&2DG=@-$,$"$j$
^$9!#(B

60. FreeBSD Jail() Devfs Ruleset Bypass Vulnerability
BugTraq ID: 14334
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14334
$BMWLs(B:
FreeBSD $B$K$O!"%3%s%T%e!<%?>e$K$"$kK\Mh%"%/%;%9$,@)8B$5$l$F$$$k%j%=!<%9$K(B
$BBP$7$FIT@5$K%"%/%;%9$9$k$3$H$r%m!<%+%k$N967b<T$K5v$7$F$7$^$&LdBj$,B8:
_$9(B
$B$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!"%m!<%+%k$N967b<T$,%8%'%$%kFb$+$i!"(Bdevfs $B%U%!%$%k%7%9%F%`(B
$B$K$"$kHsI=<($N%G%P%$%9%N!<%I$K%"%/%;%9$9$k$3$H$r5v$7$F$7$^$$$^$9!#967
b<T(B
$B$O!"%G%U%)%k%H$N%"%/%;%9%Q!<%_%C%7%g%s$r;HMQ$7$F%8%'%$%kFb$N=EMW$J%G%
P%$(B
$B%9%N!<%I$r:n@.$9$k$3$H$,2DG=$G$9!#(B

$B$3$N967b$K@.8y$9$k$H!">pJsO3$($$$d8"8B>:3J$,0z$-5/$3$5$l$^$9!#(B

61. ReviewPost Showproduct.PHP Sort SQL Injection Vulnerability
BugTraq ID: 14335
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14335
$BMWLs(B:
ReviewPost $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~NOCM$
rEO(B
$B$7!"%/%(%j$NO@M}9=B$$rA`:n$9$k$J$I$N967b$,5v$5$l$F$7$^$&2DG=@-$,$"$j$
^$9!#(B

62. Greasemonkey Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 14336
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14336
$BMWLs(B:
Greasemonkey $B$K$O!"%j%b!<%H$+$i>pJs$,3+<($5$l$kJ#?t$NLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#0BA4$G$O$J$$(B JavaScript $B$N4X?t$,%j%b!<%H$N(B Web $B%5%$%H$+$i<B(B
$B9T$5$l$k$3$H$r5v$7$F$7$^$&@_7W>e$NITHw$KM3Mh$7$^$9!#(B

$B$3$l$i$NLdBj$O!"(B'GM_xmlhttpRequest()'$B!"(B'GM_setValue()'$B!"$
*$h$S(B
'GM_scripts()' $B4X?t$KB8:_$7$^$9!#(B

GM_* $B4X?t$b$3$NLdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^$9$,!"8=;~E@$G1F6A$r<u$1(B

$B$k$3$H$,J,$+$C$F$$$k4X?t$O$"$j$^$;$s!#(B

$B%j%b!<%H$N967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"G$0U$N%U%!%$%k$NFbMF$rFI$_=
P$9!"(B
$BG$0U$N>l=j$N%G%#%l%/%H%j>pJs$rFI$_=P$9!"$*$h$S$5$^$6$^$J8D?MMQ$N(B
Greasemonkey $B%G!<%?9=B$$K$"$kFbMF$rFI$_=P$9$3$H$,2DG=$G$9!#$3$NLdBj$O!"(B
$B99$J$k967b$r;E3]$1$k$?$a$N<j=u$1$H$J$j$^$9!#(B

63. Website Generator Remote Code Execution Vulnerability
BugTraq ID: 14337
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14337
$BMWLs(B:
Website Generator $B$O!"%j%b!<%H$+$i%9%/%j%W%H%3!<%I$,<B9T$5$l$kLdBj$N1F6A(B
$B$r<u$1$^$9!#$3$NLdBj$O!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k(B Web $B%V%i%&%6$r<B9T$9$k!"5?$$$r;}(B
$B$?$J$$%f!<%6$N8"8B$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!
#(B

64. Website Generator Multiple Remote Cross Site Scripting
Vulnerabilities...
BugTraq ID: 14338
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14338
$BMWLs(B:
Website Generator $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$r<u$1$kJ#?t$NLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

65. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow
Vulnerability
BugTraq ID: 14339
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14339
$BMWLs(B:
WhitSoft Development SlimFTPd $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<(B
$B%U%m!<$NLdBj$N1F6A$r<u$1$^$9!#(B

$BG'>Z$5$l$?%f!<%6$,%Q%i%a!<%?$H$7$F2aEY$KD9$$J8;zNs$r%3%^%s%I$H0l=o$KH
/9T(B
$B$7$?$H$-$K!"$3$NLdBj$,0z$-5/$3$5$l$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k(B FTP $B%5!<%P$N8"8B$GG$0U$N%^%7%s%3!<(B
$B%I$r<B9T$7!"LdBj$N$"$k%3%s%T%e!<%?$KIT@5%"%/%;%9$r9T$&2DG=@-$,$"$j$^$
9!#(B

66. Zlib Compression Library Decompression Denial Of Service Vulnerability
BugTraq ID: 14340
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14340
$BMWLs(B:
Zlib $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"2rE`%k!<(B

$B%A%s$K$*$$$FM=4|$7$J$$F~NOCM$r%i%$%V%i%j$,E,@Z$K=hM}$7$J$$$3$H$KM3Mh$
7$^(B
$B$9!#(B

$B2rE`Cf$K;HMQ$5$l$kFCDj$NCM$,L58z$JA}Bg$7$?F~NOCM$rIT@5$K;XDj$5$l!"%i%
$%V(B
$B%i%j$,%/%i%C%7%e$7$^$9!#(B

$B$3$NLdBj$K$h$j!"967b<T$,LdBj$N$"$k%i%$%V%i%j$r;HMQ$9$k%"%W%j%1!<%7%g%
s$r(B
$B%/%i%C%7%e$5$;$k$3$H$r5v$7$F$7$^$$$^$9!#(B

67. DXXO Count Web Statistics Multiple SQL Injection Vulnerabilities
BugTraq ID: 14341
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14341
$BMWLs(B:
dxxo Count Web Statistics $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;H(B
$BMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+(B
$B<($5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%
I%G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

68. Alwil Software Avast!Antivirus Multiple Vulnerabilities
BugTraq ID: 14342
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14342
$BMWLs(B:
Avast! $B$O!"%j%b!<%H$+$i<B9T2DG=$JJ#?t$NLdBj$N1F6A$r<u$1$^$9!#$3$l$i$NLd(B
$BBj$K$h$j!"967b<T$,G$0U$N%G%#%l%/%H%j$K%U%!%$%k$r=q$-9~$`$3$H!"$*$h$S%
P%C(B
$B%U%!%*!<%P!<%U%m!<$NLdBj$rMxMQ$7$FG$0U$N%3!<%I$r<B9T$9$k$3$H$r5v$7$F$
7$^(B
$B$$$^$9!#(B

$B$3$l$i$NLdBj$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$N5!G=$,40A4$KB;$J$o$l$k2DG
=@-(B
$B$,$"$j$^$9!#(B

69. Pyrox Search Newsearch.PHP Whatdoreplace Cross-Site Scripting Vulnerability
BugTraq ID: 14343
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14343
$BMWLs(B:
Pyrox Search $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?(B URI $BF~NOCM$rF0E*$K@8@.$5$l$k(B Web $B%Z!<%8$N%3%s(B
$B%F%s%D$KDI2C$9$kA0$K!"%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$
^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

70. PHPSiteSearch Search.PHP Query Cross-Site Scripting Vulnerability
BugTraq ID: 14344
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14344
$BMWLs(B:
PHPSiteSearch $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?(B URI $BF~NOCM$rF0E*$K@8@.$5$l$k(B Web $B%Z!<%8$N%3%s(B
$B%F%s%D$KDI2C$9$kA0$K!"%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$
^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

71. EKG LIbGadu Multiple Remote Integer Overflow Vulnerabilities.
BugTraq ID: 14345
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14345
$BMWLs(B:
EKG libgadu $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j@0?t%*!<%P!<%U%m!<$,H/@8$9$kJ#(B
$B?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~N
OCM(B
$B$r%a%b%j$N3d$jEv$FA`:n$*$h$S%3%T!<A`:n$G;HMQ$9$kA0$K!"%5%K%?%$%:=hM}$
,E,(B
$B@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%i%$%V%i%j$r;HMQ$9$k%"%W%j%
1!<(B
$B%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k2DG=@
-$,(B
$B$"$j$^$9!#%3!<%I$N<B9T$K<:GT$9$k>l9g$G$b!"%"%W%j%1!<%7%g%s$,%/%i%C%7%
e$9(B
$B$k2DG=@-$,$"$j$^$9!#(B

72. CMSimple Index.PHP Search Cross-Site Scripting Vulnerability
BugTraq ID: 14346
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14346
$BMWLs(B:
CMSimple $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3$NLd(B
$BBj$O!"%f!<%6$,;XDj$7$?(B URI $BF~NOCM$rF0E*$K@8@.$5$l$k(B Web $B%Z!<%8$N%3%s%F%s(B
$B%D$KDI2C$9$kA0$K!"%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!
#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

73. Intruder Client Remote Denial of Service Vulnerability
BugTraq ID: 14347
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14347
$BMWLs(B:
Intruder $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$ONc30E*$J>u67$N=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B%"%W%j%1!<%7%g%s$O!"@5$7$$J}K!$G<u?.$7$?%G!<%?$rE,@Z$K=hM}$G$-$J$$>l9
g$,(B
$B$"$j$^$9!#967b<T$O$3$NLdBj$rMxMQ$7!"0-0U$N$"$k%G!<%?$r%"%W%j%1!<%7%g%
s$K(B
$BAw$j$D$1$k$3$H$G!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r%/%i%C%7%e$5$;$k!"$"$k$
$$O!"(B
$B7k2LE*$K@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#LdBj$N$"$k%
^%7(B
$B%s>e$NG$0U$N%U%!%$%k$NL>A0$rJQ99$9$k$3$H$b2DG=$G$"$k$3$H$,Js9p$5$l$F$
$$^(B
$B$9!#$=$NB>$N967b$b<u$1$k2DG=@-$b$"$j$^$9!#(B

74. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14348
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14348
$BMWLs(B:
Ultimate PHP Board $B$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$N1F6A$r<u$1$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?(B URI $BF~NOCM$rF0E*$K@8@.$5$l$k(B Web $B%Z!<%8(B
$B$N%3%s%F%s%D$KDI2C$9$kA0$K!"%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N%9%
/%j(B
$B%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

75. Fetchmail POP3 Client Buffer Overflow Vulnerability
BugTraq ID: 14349
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14349
$BMWLs(B:
Fetchmail POP3 $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?%G!<%?$r=EMW$J%W%m%;%9%P%C%U%!$K%3%T!<$9$k:
]$K!"(B
$B6-3&%A%'%C%/$,<:GT$9$k$3$H$KM3Mh$7$^$9!#$3$l$K$O!"(BAPOP $B$J$I$N(B POP $B$NJQ<o(B
$B$b4^$^$l$^$9!#(B

$B$3$N967b$K@.8y$9$k$H!"8GDj%5%$%:$N%P%C%U%!$,%*!<%P!<%U%m!<$7!"7k2LE*$
K(B
fetchmail $B%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$k(B
$B$3$H$K$J$j$^$9!#$3$NLdBj$K$h$j!"967b<T$,8"8B>:3J$r0z$-5/$3$92DG=@-$"$
j$^(B
$B$9!#(B

76. Ultimate PHP Remote Injection Vulnerabilities
BugTraq ID: 14350
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14350
$BMWLs(B:
Ultimate PHP $B$O!"(BHTML $B%?%0$rA^F~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$
kA0(B
$B$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

77. Sendcard Sendcard.PHP SQL Injection Vulnerability
BugTraq ID: 14351
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14351
$BMWLs(B:
Sendcard $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLd(B
$BBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?(B
$B%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

Sendcard 3.2.3 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#$=$N(B
$BB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

78. Contrexx Multiple Input Validation Vulnerabilities
BugTraq ID: 14352
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14352
$BMWLs(B:
Contrexx $B$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$N1F6A$r<u$1$^$9!#$3(B
$B$l$i$NLdBj$rMxMQ$9$k967b<T$K$h$j!"(BHTML $B%?%0$NA^F~!"(BSQL $B9=J8$NCmF~!"$*$h(B
$B$S>pJsO3$($$$N967b$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#(B

Contrexx 1.0.5 $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

79. PHP TopSites Setup.PHP Authentication Bypass Vulnerability
BugTraq ID: 14353
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14353
$BMWLs(B:
PHP TopSites$B$O!"G'>Z$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#967b<T$O!"
(B
$BG'>Z$r2sHr$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$KIT@5$K%"%/%;%9$9$k2DG=@-$
,$"(B
$B$j$^$9!#(B

$B0-0U$N$"$k%f!<%6$,%"%W%j%1!<%7%g%s$K0lEY%"%/%;%9$7$F$7$^$&$H!"%"%W%j%
1!<(B
$B%7%g%s$,40A4$K@)8f$5$l$F$7$^$$$^$9!#$3$l$O!"LdBj$N$"$k%3%s%T%e!<%?$KB
P$7(B
$B$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#(B

80. Veritas NetBackup Access Violation Vulnerability
BugTraq ID: 14355
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14355
$BMWLs(B:
Veritas NetBackup $B$K$O!"%"%/%;%90cH?%(%i!<$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BNULL $B%]%$%s%?$K$h$k;2>HFI$_=P$7$K$h$jH/@8$9$k$H?dB,$5$l$F$$(B
$B$^$9$,!"$3$l$OL$8!>Z$G$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"@x:_E*$K=EMW$J%
G!<(B
$B%?$r3+<($9$k!"$"$k$$$O%"%W%j%1!<%7%g%s$r%/%i%C%7%e$5$;$k2DG=@-$,$"$j$
^$9!#(B

Microsoft Windows $B%W%i%C%H%U%)!<%`$G2TF0$9$k(B Veritas NetBackup 5.1 $B$,$3(B
$B$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

81. ASN Guestbook Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14356
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14356
$BMWLs(B:
ASN Guestbook $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$r<u$1$kJ#?t$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%
:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

III.SECURITYFOCUS NEWS
----------------------
1. 3Com launches vulnerability-buying program
$BCx<T(B: Robert Lemos
$B99?7(B: 3Com $B$O!"@H<e@->pJs$N%;%-%e%j%F%#8&5f<T$KBP$7$FJs=7$rDs6!$7!"=EBg(B
$B$J7g4Y$rH/8+$7$?>l9g$K$O>^M?$r;YJ'$&7W2h$H$9$k(B Zero Day Initiative $B%W%m(B
$B%0%i%`$r<B;\$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11253

2. Oracle taken to task for time to fix vulnerabilities
$BCx<T(B: Robert Lemos
$B%Q%C%A$rH/9T$9$k$?$a$N(B650 $BF|0J>e$N4|4V$,$"$C$?$K$b$+$+$o$i$:!"2q<RB&$O(B 6
$B$D$NLdBj$r=$@5$$$F$$$J$$$H$7$F!"(BRed Database $B$N%;%-%e%j%F%#$N8&5f<T$O!"(B
$BLdBj$N>\:Y$r8x3+$7$^$7$?!#(B

http://www.securityfocus.com/news/11252

3. Report: Squatters a major problem for credit-report site
$BCx<T(B: Robert Lemos
$B@/I\$N(B AnnualCreditReport.com $B%5%$%H$GL5NA$N?.MQ%l%]!<%H$r<hF@$7$h$&$H$9(B
$B$k>CHq<T$O!"%9%Z%k%_%9$N$?$a$K6bA,E*B;<:$rHo$C$?$j8D?M>pJs$,O31L$7$?$
j$9(B
$B$k2DG=@-$,$"$k$3$H$,Js9p$5$l$F$$$^$9!#(B

http://www.securityfocus.com/news/11251

4. Desktop port proliferation a security risk?
$BCx<T(B: Robert Lemos
$B%f!<%6$,%U%!%$%"%&%)!<%k$N%]!<%H$r3+$/I,MW$N$"$k(B Peer-to-Peer $B%=%U%H%&%'(B
$B%"%"%W%j%1!<%7%g%s$,0lHLE*$K$J$C$F$-$F$$$^$9!#$7$+$7!"%G%9%/%H%C%W$N%
;%-%e(B
$B%j%F%#$X$N1F6A$O!"$^$@ITF)L@$G$9!#(B

http://www.securityfocus.com/news/11248

5. Spyware 'calling home' volumes soar
$BCx<T(B: John Leyden
$B46@w$7$?%^%7%s$+$iAw?.$5$l$k%9%Q%$%&%'%"4X78$NAw?.%G!<%?$O!"?7$7$$%9%
Q%$(B
$B%&%'%"%9%/%j!<%K%s%0%5!<%S%9$N%Q%$%m%C%H%F%9%H$G!"AmAw?.(B Web $B%H%i%U%#%C(B
$B%/$N:GBg(B 8% $B$r@j$a$F$$$k$3$H$,;;=P$5$l$^$7$?!#(B

http://www.securityfocus.com/news/11254

6. UK war driver fined £500
$BCx<T(B: John Leyden
$B1Q9q$NGf?30w$O!"5v2D$J$/6aNY$K$"$k%o%$%d%l%9%V%m!<%I%P%s%I@\B3$rMxMQ$
7$?(B
$B$H$7$F!"$"$kCK$K(B 500$B%]%s%I$NH36b$r2J$7$^$7$?!#(B

http://www.securityfocus.com/news/11255

7. Dell rejects spyware charge
$BCx<T(B: John Leyden
Dell $B$O!"%f!<%6$N1\Mw798~$rC5$kHQ$o$7$$%"%W%j%1!<%7%g%s$r%3%s%T%e!<%?$K(B

$B%$%s%9%H!<%k$7$F=P2Y$7$F$$$k$N$G$O$J$$$+$H$$$&5?OG$rH]Dj$7$^$7$?!#(B

http://www.securityfocus.com/news/11250

8. Phlooding attack could leave enterprises high and dry
$BCx<T(B: John Leyden
$B%;%-%e%j%F%#$N6<0R$K$D$$$F0u>]E*$JMQ8l$r?7$7$/:n$j=P$9(B IT $B%;%-%e%j%F%#6H(B
$B3&$NG=NO$OBg$7$?$b$N$G$9!#(B

http://www.securityfocus.com/news/11249

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html

[ reply ]