SecurityFocus

SecurityFocus Newsletter #322 2005-10-24->2005-10-28 Feb 17 2006 08:25AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 322 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Tue, 01 Nov 2005 21:28:29 -0700
Message-ID: <4368406D.1050203 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #322
-----------------------------

This Issue is Sponsored By: Watchfire AppScan

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Balancing surveillance
II. BUGTRAQ SUMMARY
1. BMC Control M Agent Insecure File Permission Vulnerability
2. Zomplog Detail.PHP HTML Injection Vulnerability
3. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
4. phpBB Avatar Upload HTML Injection Vulnerability
5. eBASEweb Unspecified SQL Injection Vulnerability
6. FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
7. TriggerTG TClanPortal Index.PHP SQL Injection Vulnerability
8. Platinum DBoardGear Multiple SQL Injection Vulnerabilities
9. PunBB Common.PHP Remote File Include Vulnerability
10. FlatNuke Index.PHP Cross-Site Scripting Vulnerability
11. PHP Apache 2 Local Denial of Service Vulnerability
12. PHPNuke Multiple Modules SQL Injection Vulnerabilities
13. Fetchmail's FetchmailConf Utility Local Information Disclosure Vulnerability
14. Nuked Klan Multiple SQL Injection Vulnerabilities
15. SUSE Linux Permissions Package CHKSTAT Insecure Permissions Handling Vulnerability
16. DCP-Portal Multiple Input Validation Vulnerabilities
17. SAPHP Lesson Multiple Input Validation Vulnerabilities
18. SiteTurn Domain Manager Pro Admin Panel Cross-Site Scripting Vulnerability
19. PHP-Fusion Message Post HTML Injection Vulnerability
20. Symantec Discovery Web Accounts Default Password Vulnerability
21. Multiple Vendor Anti-Virus Magic Byte Detection Evasion Vulnerability
22. Skype Technologies Skype Multiple Buffer Overflow Vulnerabilities
23. Todd Miller Sudo Local Privilege Escalation Vulnerability
24. Skype Technologies Skype Networking Routine Heap Overflow Vulnerability
25. PHP ICalendar Default_View Remote File Include Vulnerability
26. Platinum DBoardGear Theme Import SQL Injection Vulnerability
27. XOOPS Multiple HTML Injection Vulnerabilities
28. Network Appliance iSCSI Authentication Bypass Vulnerability
29. Basic Analysis And Security Engine Base_qry_main.PHP SQL Injection Vulnerability
30. LibGDA Multiple Format String Vulnerabilities
31. AR-Blog Comment HTML Injection Vulnerability
32. SparkleBlog Multiple HTML Injection Vulnerabilities
33. AR-Blog Remote Authentication Bypass Vulnerability
34. MyBulletinBoard Usercp.PHP SQL Injection Vulnerability
35. IPBProArcade GameID Parameter Remote SQL Injection Vulnerability
36. RSA ACE Agent Image Cross-Site Scripting Vulnerability
37. Belchior Foundry VCard Remote File Include Vulnerability
38. Microsoft Internet Explorer Java Applet Denial of Service Vulnerability
39. Flyspray Multiple Cross-Site Scripting Vulnerabilities
40. Mantis Multiple Unspecified SQL Injection Vulnerabilities
41. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
42. Mantis Bug_sponsorship_list_view_inc.PHP File Include Vulnerability
43. Snoopy Arbitrary Command Execution Vulnerability
44. Woltlab Info-DB Info_db.PHP Multiple SQL Injection Vulnerabilities
45. Techno Dreams Multiple Scripts Multiple SQL Injection Vulnerabilities
46. GCards News.PHP SQL Injection Vulnerability
47. PAM Unix_Chkpwd Unauthorized Access Vulnerability
48. Search Enhanced Module for PHP-Nuke HTML Injection Vulnerability
49. Ethereal IRC Protocol Dissector Denial of Service Vulnerability
50. Novell ZENworks Patch Management Multiple SQL Injection Vulnerabilities
51. ATutor Multiple Input Validation Vulnerabilities
52. Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability
53. PBLang Multiple Cross-Site Scripting Vulnerabilities
54. Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
55. Hasbani Web Server Malformed HTTP GET Request Remote Denial of Service Vulnerability
56. GNU gnump3d Error Page Cross-Site Scripting Vulnerability
57. Mantis Multiple Remote Vulnerabilities
58. GNU gnump3d Directory Traversal Vulnerability
59. Rockliffe MailSite Express Arbitrary Script File Upload Vulnerability
60. Rockliffe MailSite Express Information Disclosure Vulnerability
61. PHPESP Multiple Unspecified Input Validation Vulnerabilities
62. ASP Fast Forum Error.ASP Cross-Site Scripting Vulnerability
63. Jed Wing CHM Lib _chm_find_in_PMGL Stack Buffer Overflow Vulnerability
64. MG2 Authentication Bypass Vulnerability
65. Hyper Estraier Remote Information Disclosure Vulnerability
66. PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability
67. Subdreamer Multiple Remote SQL Injection Vulnerabilities
III. SECURITYFOCUS NEWS
1. U.S. makes securing SCADA systems a priority
2. Web defacer sentenced, facing deportation
3. Snort vulnerability "wormable" but not widespread
4. Worm worries don't wait for Windows exploits
5. Say hello to the Skype Trojan
6. Shared music abuse bug hits iTunes
7. US cybersecurity all at sea
8. Worm fears over MS October patch batch

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------

II.BUGTRAQ SUMMARY
--------------------
1. BMC Control M Agent Insecure File Permission Vulnerability
BugTraq ID: 15167
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15167
$BMWLs(B:
BMC Control M Agent $B$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$o$l(B
$B$^$;$s!#(B

$B$3$N%"%W%j%1!<%7%g%s$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$
o$l(B
$B$^$;$s!#%m!<%+%k$K%"%/%;%9$,2DG=$J967b<T$O$3$NLdBj$r;HMQ$9$k$3$H$K$h$
j!"(B
$B%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%U%!%$%k$r>e=q$-$9$k2DG
=@-(B
$B$,$"$j$^$9!#(B

$B$3$N967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$k>l9g!"%G!<%?$,GK2u$5$l$k$^$
?$O(B
$B%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,9b$$$H?dB,$5$l$^$9!#$=$NB>$N967b$,<B9T$
5$l(B
$B$k2DG=@-$b$"$j$^$9!#(B

BMC Control M Agent 6.1.03 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#$3$l$h$j(B
$BA0$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

2. Zomplog Detail.PHP HTML Injection Vulnerability
BugTraq ID: 15168
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15168
$BMWLs(B:
Zomplog $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLd(B
$BBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!
"F~(B
$BNOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

Zomplog 3.4 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

3. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
BugTraq ID: 15169
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15169
$BMWLs(B:
phpMyAdmin $B$K$O!"%m!<%+%k$G%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

phpMyAdmin 2.6.4-pl2 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$H(B
$BJs9p$5$l$F$$$^$9!#(B

4. phpBB Avatar Upload HTML Injection Vulnerability
BugTraq ID: 15170
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15170
$BMWLs(B:
phpBB $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!"F
~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

Web $B%V%i%&%6$H$7$F(B Microsoft Internet Explorer $B$r;HMQ$7$F$$$k>l9g$K$N$_!"(B
$B$3$NLdBj$,H/@8$7$^$9!#(B

5. eBASEweb Unspecified SQL Injection Vulnerability
BugTraq ID: 15171
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15171
$BMWLs(B:
eBASEweb $B$K$O!"(BSQL $B9=J8$rCmF~$5$l$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

$B$3$l0J>e$N>\:Y$ODs6!$5$l$F$$$^$;$s!#(B

6. FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
BugTraq ID: 15172
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15172
$BMWLs(B:
FlatNuke $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I2DG=$JJ#?t$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%
:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N8"8B$GLdBj$N$"$k%3%s(B
$B%T%e!<%?>e$GG$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$
^$9!#(B
$B$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$rMxMQ$9$k$K$O!"0-0U$"$k%f!<%6$,%"%+%&%s%H$r;}$C$F$*$j%"%
W%j(B
$B%1!<%7%g%s$K%m%0%$%s$9$kI,MW$,$"$kE@$KN10U$9$k$Y$-$G$9!#(B

7. TriggerTG TClanPortal Index.PHP SQL Injection Vulnerability
BugTraq ID: 15173
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15173
$BMWLs(B:
TClanPortal $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K(B
$B%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

8. Platinum DBoardGear Multiple SQL Injection Vulnerabilities
BugTraq ID: 15174
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15174
$BMWLs(B:
DBoardGear $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~N
OCM(B
$B$rEO$7!"%/%(%j$NO@M}9=B$$rA`:n$9$k$J$I$N967b$r2C$($k$3$H$,5v$5$l$F$7$
^$&(B
$B2DG=@-$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

9. PunBB Common.PHP Remote File Include Vulnerability
BugTraq ID: 15175
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15175
$BMWLs(B:
PunBB $B$O!"%U%!%$%k$r%$%s%/%k!<%I$5$l$kLdBj$N1F6A$r<u$1$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$NLdBj$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!
#$^(B
$B$?!"$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

BID 10760 (Nucleus CMS/Blog: CMS/PunBB Common.PHP Remote File Include
Vulnerability) $B$G@bL@$5$l$F$$$kLdBj$H$3$NLdBj$,F10l$G$"$k$3$H$,L@$i$+$K(B
$B$J$C$F$$$^$9!#$3$N(B BID $B$OGK4~$5$l$k$3$H$K$J$j$^$9!#(B

10. FlatNuke Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15176
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15176
$BMWLs(B:
FlatNuke $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

11. PHP Apache 2 Local Denial of Service Vulnerability
BugTraq ID: 15177
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15177
$BMWLs(B:
PHP $B$K$O!"(BApache 2 $B$N%b%8%e!<%k$H$7$F;HMQ$5$l$k>l9g!"%m!<%+%k$G%5!<%S%9(B
$BITG=>uBV$K4Y$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

'sapi_apache2.c' $B%U%!%$%k$N(Bapache2handler SAPI $B$K$"$k%P%0$N$?$a$K!"$3$N(B
$BLdBj$O%;%0%a%s%F!<%7%g%s0cH?$r0z$-5/$3$7!"%5!<%P$r%/%i%C%7%e$5$;$k$3$
H$r(B
$B%l%]!<%H$O<(:6$7$F$$$^$9!#(B

PHP 5.1.0 $B:G=*HG$*$h$S(B 4.4.1$B:G=*HG$h$jA0$N%P!<%8%g%s$,$3$NLdBj$N1F6A$r<u(B
$B$1$^$9!#(B

12. PHPNuke Multiple Modules SQL Injection Vulnerabilities
BugTraq ID: 15178
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15178
$BMWLs(B:
PHPNuke $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM(B
$B$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

13. Fetchmail's FetchmailConf Utility Local Information Disclosure Vulnerability
BugTraq ID: 15179
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15179
$BMWLs(B:
Fetchmail $B$K$O!">pJs$,O31L$9$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"(B
'fetchmailconf' $B@_Dj%f!<%F%#%j%F%#$G6%9g>uBV$,H/@8$9$k$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$K$h$j%m!<%+%k$N967b<T$O!"EE;R%a!<%k$NG'>ZMQ>pJs$J$I$N@x:_E*$
K=E(B
$BMW$J>pJs$K%"%/%;%9$7!"99$J$k967b$N<j=u$1$H$7$F;HMQ$9$k$3$H$,$G$-$^$9!
#(B

Fetchmail 6.2.9-rc6 $B$h$jA0$N%P!<%8%g%s$K!"LdBj$N$"$k%P!<%8%g%s$N(B
'fetchmailconf' $B$,4^$^$l$^$9!#(B'fetchmailconf' 1.43.2 $B$*$h$S(B 1.49 $B$h$jA0(B
$B$N%P!<%8%g%s$KLdBj$,$"$j$^$9!#(B

14. Nuked Klan Multiple SQL Injection Vulnerabilities
BugTraq ID: 15181
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15181
$BMWLs(B:
Nuked Klan $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$l$i$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~N
OCM(B
$B$rEO$7!"%/%(%j$NO@M}9=B$$rA`:n$9$k$J$I$N967b$r2C$($k$3$H$,5v$5$l$F$7$
^$&(B
$B2DG=@-$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

15. SUSE Linux Permissions Package CHKSTAT Insecure Permissions Handling Vulnerability
BugTraq ID: 15182
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15182
$BMWLs(B:
SUSE Linux $B$N(B 'permissions' $B%Q%C%1!<%8$K$O!"%m!<%+%k$G>pJs$,3+<($5$l$kLd(B
$BBj$,B8:_$9$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"(B'chkstat' $B%f!<%F%#%j%F%#$K$h$j(B
$BE,@Z$K%U%!%$%k%Q!<%_%C%7%g%s$,=hM}$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"$9$Y$F$N%f!<%6$,=q$-9~$_2DG=$J%G%#%l%/%H%j$K4^$^$l$k%U%!%
$%k(B
$B$KBP$7$FJQ99$,?^$l$k$H$$$&@8$^$l$J$,$i$K;}$DIT0B46$,GX7J$H$7$FB8:_$7$
^$9!#(B

$B%m!<%+%k$N967b<T$O@x:_E*$K=EMW$J%U%!%$%k$NFbMF$K%"%/%;%9$7!"99$J$k967
b$K(B
$BMxMQ$9$k2DG=@-$,$"$j$^$9!#(B

16. DCP-Portal Multiple Input Validation Vulnerabilities
BugTraq ID: 15183
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15183
$BMWLs(B:
DCP-Portal $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kLdBj$*$h$S(B SQL
$B9=J8$rCmF~$5$l$kJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$BLdBj$,MxMQ$5$l$k$3$H$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$d%G!<%?%Y!<(B
$B%9$N%G!<%?$KBP$9$kIT@5%"%/%;%9$J$I$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$
=$N(B
$BB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

17. SAPHP Lesson Multiple Input Validation Vulnerabilities
BugTraq ID: 15185
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15185
$BMWLs(B:
saphp Lesson $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

18. SiteTurn Domain Manager Pro Admin Panel Cross-Site Scripting
Vulnerability
BugTraq ID: 15186
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15186
$BMWLs(B:
Domain Manager Pro $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

19. PHP-Fusion Message Post HTML Injection Vulnerability
BugTraq ID: 15187
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-24
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15187
$BMWLs(B:
PHP-Fusion $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$
K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

20. Symantec Discovery Web Accounts Default Password Vulnerability
BugTraq ID: 15188
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15188
$BMWLs(B:
Symantec Discovery $B$K$O!"%$%s%9%H!<%k%Q%9%o!<%I$K4XO"$9$kLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#(B

$B%j%b!<%H$*$h$S%m!<%+%k$N967b<T$O!"$3$NLdBj$rMxMQ$7$FM-8z$J%Q%9%o!<%I$
,$J(B
$B$/$F$b%G!<%?%Y!<%9$K%"%/%;%9$9$k$3$H$,2DG=$G$9!#$3$l$O!"%G!<%?%Y!<%9$
d%P%C(B
$B%/%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$J$k2DG=@-$,$
"$j(B
$B$^$9!#(B

21. Multiple Vendor Anti-Virus Magic Byte Detection Evasion Vulnerability
BugTraq ID: 15189
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15189
$BMWLs(B:
$BJ#?t$N%Y%s%@$,Ds6!$7$F$$$k%"%s%A%&%$%k%9%=%U%H%&%'%"$K$O!"8!=P$,2sHr$
5$l(B
$B$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%9%-%c%s$7$F$$$k%U%!%$%k$N7A<0$r%"%s%A%&%$%k%9%=%U%H%&%'%
"$,(B
$B7hDj$9$kMM!9$JJ}K!<+BN$KB8:_$7$^$9!#(B

$B967b<T$O!"$3$NLdBj$rMxMQ$7$F%"%s%A%&%$%k%9%=%U%H%&%'%"$r2sHr$7$F0-0U$
"$k(B
$B%U%!%$%k$rEO$9$3$H$,2DG=$G$9!#$3$l$O!"$"$?$+$b0BA4$G$"$k$H$N8m2r$r>7$
-!"(B
$B:G=*E*$KI8E*%f!<%6$N%^%7%s>e$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$
9!#(B

22. Skype Technologies Skype Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 15190
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15190
$BMWLs(B:
Skype $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$NMxMQ$,@.8y$9$k$H!"%5!<%S%9ITG=>uBV$r>7$/!"$"$k$$$O$3$N%
"%W(B
$B%j%1!<%7%g%s$r<B9T$7$F$$$k%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%
3!<(B
$B%I$r<B9T$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

Skype for Windows $B%j%j!<%9(B 1.1.*.0 $B$+$i(B 1.4.*.83 $B$,$3$l$i$NLdBj$N1F6A$r(B
$B<u$1$^$9!#(B

23. Todd Miller Sudo Local Privilege Escalation Vulnerability
BugTraq ID: 15191
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15191
$BMWLs(B:
Sudo $B$K$O!"%m!<%+%k$G8"8B>:3J$,0z$-5/$3$5$l$k5?$$$,$"$j$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$,4D6-JQ?t$r2p$7$FDs6!$5$l$?0-0U$"$k%G!<%?$KBP$7$
F%5(B
$B%K%?%$%:=hM}$rE,@Z$K9T$o$J$$$?$a$K!"$3$NLdBj$,H/@8$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%3%s%T%e!<%?$N5!G=$,40A4$KB;$J$o$l$k2DG=@-$,$"$j$^$
9!#(B

24. Skype Technologies Skype Networking Routine Heap Overflow Vulnerability
BugTraq ID: 15192
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15192
$BMWLs(B:
Skype $B$N%M%C%H%o!<%/%k!<%A%s$K$O%R!<%WNN0h$G%*!<%P!<%U%m!<$,H/@8$9$k5?$$(B

$B$,$"$j$^$9!#LdBj$NMxMQ$,@.8y$9$k$H!"%5!<%S%9ITG=>uBV$r>7$/!"$"$k$$$OL
dBj(B
$B$N$"$k%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9
T$5(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

$B%Y%s%@$G$O!"$3$NLdBj$K$h$jG$0U$N%3!<%I$,<B9T$5$l$k$3$H$K$D$$$F$O:F8=$
7$F(B
$B$$$J$$$HJs9p$7$F$$$^$9$,!"$3$NLdBj$NJs9p<T$O(B Microsoft Windows $B$*$h$S(B
Linux $B>e$N%/%i%$%"%s%H%"%W%j%1!<%7%g%s$KBP$9$k<B>ZMQ%3!<%I$N:n@.$K@.8y$7(B

$B$?$H=R$Y$F$$$^$9!#(B

Skype for Windows 1.4.*.83 $B0JA0!"(BSkype for Mac OS X 1.3.*.16 $B0JA0!"(BSkype
for Linux 1.2.*.17 $B0JA0!"$*$h$S(B Skype for Pocket PC 1.1.*.6 $B0JA0$,$3$NLd(B
$BBj$N1F6A$r<u$1$^$9!#(B

25. PHP ICalendar Default_View Remote File Include Vulnerability
BugTraq ID: 15193
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15193
$BMWLs(B:
PHP iCalendar $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r%j%b!<%H$+$i<B9T$9$k2DG=@-$,$"$j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

26. Platinum DBoardGear Theme Import SQL Injection Vulnerability
BugTraq ID: 15194
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15194
$BMWLs(B:
DBoardGear $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r%F!<%^$,%$%s%]!<%H$5$l$k$H$-$K(B
SQL
$B%/%(%j$G;HMQ$9$kA0$K!"%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$
^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

27. XOOPS Multiple HTML Injection Vulnerabilities
BugTraq ID: 15195
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15195
$BMWLs(B:
XOOPS $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$
9$k(B
$BA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
l$i(B
$B$NLdBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG
=@-(B
$B$b$"$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

28. Network Appliance iSCSI Authentication Bypass Vulnerability
BugTraq ID: 15197
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15197
$BMWLs(B:
Network Appliance $B$K$*$1$k(B iSCSI $B<BAu$O!"G'>Z$,2sHr$5$l$kLdBj$N1F6A$r<u(B
$B$1$^$9!#(B

$B$3$NLdBj$O!"967b<T$,(B iSCSI $BG'>Z$r2sHr$9$k$3$H$r5v$7$F$7$^$&$?$a!"(BiSCSI
$B%\%j%e!<%`$GG$0U$N%G!<%?$NFI$_<h$j$*$h$S=q$-9~$_$r9T$&$3$H$r5v$7$F$7$
^$$(B
$B$^$9!#@x:_E*$K=EMW$J>pJs$K%"%/%;%9$9$k$3$H$K$h$j!"99$J$k967b$r;n$_$k$
?$a(B
$B$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#967b<T$O!"%G!<%?$rGK2u$*$h$S2~JQ$9$k$
3$H(B
$B$b2DG=$G$9!#(B

$B%^%C%T%s%0$5$l$F$$$J$$(B LUN $B$*$h$S%U%!%$%P%A%c%M%k%$%K%7%(!<%?$N$_$G;HMQ(B
$B$5$l$k$h$&$K%^%C%T%s%0$5$l$F$$$k(B LUN $B$O$3$NLdBj$N1F6A$r<u$1$^$;$s!#(B

$B%P!<%8%g%s(B 6.4$B!"(B6.5$B!"$*$h$S(B 7.0 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js(B
$B9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

29. Basic Analysis And Security Engine Base_qry_main.PHP SQL Injection Vulnerability
BugTraq ID: 15199
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15199
$BMWLs(B:
Basic Analysis And Security Engine $B$O!"(BSQL $B9=J8$rCmF~$5$l$kLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

30. LibGDA Multiple Format String Vulnerabilities
BugTraq ID: 15200
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15200
$BMWLs(B:
libgda $B$K$O!"J#?t$N%U%)!<%^%C%H%9%H%j%s%0$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?%G!<%?$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B$3$l$iLdBj$K4X$9$k>pJs$O$[$H$s$I8x3+$5$l$F$$$^$;$s!#?7$?$J>pJs$,8x3+$
5$l(B
$B<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

31. AR-Blog Comment HTML Injection Vulnerability
BugTraq ID: 15201
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15201
$BMWLs(B:
ar-blog $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLd(B
$BBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!
"F~(B
$BNOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(B Cookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

32. SparkleBlog Multiple HTML Injection Vulnerabilities
BugTraq ID: 15202
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15202
$BMWLs(B:
SparkleBlog $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$
G;H(B
$BMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(B Cookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
l$i(B
$B$NLdBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG
=@-(B
$B$b$"$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

33. AR-Blog Remote Authentication Bypass Vulnerability
BugTraq ID: 15203
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-25
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15203
$BMWLs(B:
ar-blog $B$K$O!"G'>Z$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$OG'>Z%W%m%;%9$r2sHr$7$F!"%V%m%04IM}<T$NM-8z$J8"8B$GEj9FFbMF$NJ
Q99(B
$B$r9T$&2DG=@-$,$"$j$^$9!#(B

5.2 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#
(B

34. MyBulletinBoard Usercp.PHP SQL Injection Vulnerability
BugTraq ID: 15204
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15204
$BMWLs(B:
MyBulletinBoard $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~NOCM$
rEO(B
$B$7!"%/%(%j$NO@M}9=B$$rA`:n$9$k$J$I$N967b$,5v$5$l$F$7$^$&2DG=@-$,$"$j$
^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#9
67b(B
$B<T$O$3$NLdBj$rMxMQ$7$F4IM}<T%"%/%;%98"8B$r<hF@$G$-$k$3$H$,!"%l%]!<%H$
K$h(B
$B$j<(:6$5$l$F$$$^$9!#(B

35. IPBProArcade GameID Parameter Remote SQL Injection Vulnerability
BugTraq ID: 15205
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15205
$BMWLs(B:
ipbProArcade $B$O%j%b!<%H$+$i(B SQL $B9=J8$rCmF~$5$l$kLdBj$N1F6A$r<u$1$k$3$H$,(B
$BJs9p$5$l$F$$$^$9!#(B

'gameid' $B%Q%i%a!<%?$,$3$NLdBj$N1F6A$r<u$1$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BSQL $B%/%(%j$NJ8;zNs$rA`:n$7!"G$0U$N%G!<%?%Y!<(B
$B%9%/%(%j$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"%G!<%?%Y!<%9$N=EMW>pJ
s$,(B
$B3+<($5$l$?$jGK2u$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#(B

36. RSA ACE Agent Image Cross-Site Scripting Vulnerability
BugTraq ID: 15206
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15206
$BMWLs(B:
RSA ACE Agent $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

37. Belchior Foundry VCard Remote File Include Vulnerability
BugTraq ID: 15207
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15207
$BMWLs(B:
vCard $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#$3$N(B

$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r%j%b!<%H$+$i<B9T$9$k2DG=@-$,$"$j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

38. Microsoft Internet Explorer Java Applet Denial of Service Vulnerability
BugTraq ID: 15208
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15208
$BMWLs(B:
Microsoft Internet Explorer $B$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r<u$1$^(B
$B$9!#$3$NLdBj$ONc30E*$J>u67$N=hM}$,E,@Z$K<B9T$5$l$J$$$?$a$KH/@8$7$^$9!
#(B
J2SE Java $B%i%s%?%$%`4D6-$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$N$_$3$NLdBj$OH/@8(B
$B$7$^$9!#(B

$B967b<T$O!"0-0U$"$k%5%$%H$K%"%/%;%9$9$k$h$&$K%f!<%6$rM6F3$9$k$3$H$K$h$
j$3(B
$B$NLdBj$rMxMQ$7!"7k2L$H$7$F%"%W%j%1!<%7%g%s$r%5!<%S%9ITG=>uBV$K4Y$i$;$
k2D(B
$BG=@-$,$"$j$^$9!#(B

Microsoft Internet Explorer 6 SP2 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

39. Flyspray Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15209
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15209
$BMWLs(B:
Flyspray $B$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM
}$,(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

40. Mantis Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 15210
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15210
$BMWLs(B:
Mantis $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

$B%P!<%8%g%s(B 0.19.2 $B$*$h$S(B 1.0.0rc2 $B$,$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l(B
$B$F$$$^$9!#(B0.19.3 $B$K%"%C%W%0%l!<%I$9$k$3$H$,$G$-$^$9!#(B

41. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
BugTraq ID: 15211
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15211
$BMWLs(B:
CHM Lib $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kLdBj$N1F6A$r<u$1$^$9!#$3$N(B
$BLdBj$O!"F~NO%G!<%?$rIT==J,$J%5%$%:$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6
-3&(B
$B%A%'%C%/$,%i%$%V%i%j$K$h$jE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"$3$N(B CHM lib $B%i%$%V%i%j$r;HMQ$9$k%"%W%j%1!<%7%g%s$N%;%-%e%j(B
$B%F%#%3%s%F%-%9%HFb$G967b<T$,G$0U$N%^%7%s%3!<%I$r<B9T$9$k$3$H$r5v$7$F$
7$^(B
$B$$$^$9!#(B

$B$3$NLdBj$O!"$3$N%i%$%V%i%j$N%P!<%8%g%s(B 0.36 $B0JA0$GH/@8$7$^$9!#(B

42. Mantis Bug_sponsorship_list_view_inc.PHP File Include Vulnerability
BugTraq ID: 15212
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15212
$BMWLs(B:
Mantis $B$K$O!"%j%b!<%H$*$h$S%m!<%+%k$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$
K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r%j%b!<%H$*$h$S%m!<%+%k$+$i<B9T$9$k(B
$B2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$
j$^(B
$B$9!#(B

$B%P!<%8%g%s(B 0.19.2 $B$*$h$S(B 1.0.0rc2 $B$,$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l(B
$B$F$$$^$9!#(B0.19.3 $B$K%"%C%W%0%l!<%I$9$k$3$H$,$G$-$^$9!#(B

43. Snoopy Arbitrary Command Execution Vulnerability
BugTraq ID: 15213
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15213
$BMWLs(B:
Snoopy $B$K$O!"G$0U$N%3%^%s%I$,<B9T$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<(B
$B%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B$3$NLdBj$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$N(B Web $B%5!<%P$N%;%-%e%j%F%#%3%s%F(B
$B%-%9%HFb$G!"%j%b!<%H$+$i$NIT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$
9!#(B

44. Woltlab Info-DB Info_db.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 15214
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15214
$BMWLs(B:
Info-DB $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM(B
$B$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

45. Techno Dreams Multiple Scripts Multiple SQL Injection Vulnerabilities
BugTraq ID: 15215
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15215
$BMWLs(B:
Techno Dreams $B$NJ#?t$N%9%/%j%W%H$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8(B
$B:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%((B
$B%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3M
h$7(B
$B$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

46. GCards News.PHP SQL Injection Vulnerability
BugTraq ID: 15216
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15216
$BMWLs(B:
gCards $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

47. PAM Unix_Chkpwd Unauthorized Access Vulnerability
BugTraq ID: 15217
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15217
$BMWLs(B:
PAM unix_chkpwd $B%3%^%s%I$K$O!"K\Mh5v2D$5$l$F$$$J$$%"%/%;%9$,9T$o$l$kLdBj(B
$B$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B%m!<%+%k$N967b<T$O$3$NLdBj$rMxMQ$7$F!"%V%k!<%H%U%)!<%9967b(B ($BAmEv$j967b(B)
$B$r<B9T$7$FB>$N%m!<%+%k%f!<%6$NM-8z$J%Q%9%o!<%I$r<hF@$9$k$3$H$,2DG=$G$
9!#(B

48. Search Enhanced Module for PHP-Nuke HTML Injection Vulnerability
BugTraq ID: 15218
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15218
$BMWLs(B:
PHP-Nuke $B$N(B Search Enhanced$B%b%8%e!<%k$K$O(B SQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$
?%3(B
$B%s%F%s%D$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(B Cookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

49. Ethereal IRC Protocol Dissector Denial of Service Vulnerability
BugTraq ID: 15219
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15219
$BMWLs(B:
Ethereal IRC $B$N%W%m%H%3%k$N2r@OIt$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9(B
$BITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#(B

$B0U?^E*$K:n@.$7$?%Q%1%C%H$r(B Ethereal $B$K=hM}$5$;$k$3$H$G!"$3$NLdBj$,MxMQ$5(B
$B$l$k2DG=@-$,$"$j$^$9!#967b$,@.8y$9$k$H!"(BEthereal $B%"%W%j%1!<%7%g%s$,%5!<(B
$B%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#(B

$B99$J$k>\:Y$O!"8=;~E@$G$O8xI=$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!Bh!"$3$N
(B BID
$B$O99?7$5$l$kM=Dj$G$9!#(B

50. Novell ZENworks Patch Management Multiple SQL Injection Vulnerabilities
BugTraq ID: 15220
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-27
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15220
$BMWLs(B:
ZENworks Patch Management $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;H(B
$BMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

$B$3$l$i$NLdBj$O!"8"8B$,M?$($i$l$F$$$J$$%"%+%&%s%H$,:n@.$5$l$F$$$k>l9g$
K$N(B
$B$_MxMQ$5$l$kE@$KN10U$9$Y$-$G$9!#4IM}<T$@$1$,$3$N$h$&$J%"%+%&%s%H$r:n@
.$G(B
$B$-$^$9!#(B

51. ATutor Multiple Input Validation Vulnerabilities
BugTraq ID: 15221
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-27
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15221
$BMWLs(B:
ATutor $B$K$O!"J#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,G$0U$N(B PHP $B%3%^%s%I$r<B9T$7$?$j!"(B
$B%m!<%+%k$K$*$1$k%U%!%$%k%$%s%/%k!<%I$r<B9T$7$?$j!"%/%m%9%5%$%H%9%/%j%
W%F%#(B
$B%s%0967b$r<B9T$7$?$j$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

ATutor 1.5.1-pl1 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

52. Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability
BugTraq ID: 15222
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-26
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15222
$BMWLs(B:
Sun Solaris Management Console $B$K$O!">pJs$,O31L$9$k5?$$$,$"$j$^$9!#(B

$B%5!<%P$,(B HTTP TRACE $BMW5a$K%G%U%)%k%H$G1~Ez$9$k$h$&$K$J$C$F$$$k$?$a$K!"$3(B
$B$NLdBj$,H/@8$7$^$9!#(B

$B%G%U%)%k%H$G(B HTTP TRACE $B5!G=$rM-8z$K$9$k$H!"967b<T$,=EMW$J%X%C%@>pJs$K%"(B
$B%/%;%9$9$k$3$H$,$G$-$k$h$&$K$J$j!"%f!<%6%"%+%&%s%H$KBP$9$k6<0R$r>7$/2
DG=(B
$B@-$,$"$j$^$9!#$3$NLdBj$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$J$I$NB>$N9
67b(B
$B$HAH$_9g$o$;$FMxMQ$5$l!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l(B
$B$k2DG=@-$,$"$j$^$9!#(B

53. PBLang Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15223
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-27
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15223
$BMWLs(B:
PBLang $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

PBLang 4.65 $B$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#$=$N(B
$BB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

54. Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
BugTraq ID: 15224
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-27
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15224
$BMWLs(B:
mod_auth_shadow $B$K$O!"K\MhE,MQ$5$l$kG'>Z%k!<%A%s$,2sHr$5$l$kLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F%;%-%e%j%F%#$N@)8B$r2sHr$7!"=EMW$J>pJs$^$?$
OK\(B
$BMh8"8B$,I,MW$H$5$l$k>pJs$X$N%"%/%;%98"8B$r<hF@$9$k$3$H$,2DG=$G$9!#<hF
@$5(B
$B$l$?>pJs$O!"%P%C%/%(%s%I%7%9%F%`$KBP$9$k99$J$k967b$N<j=u$1$H$J$k2DG=@
-$,(B
$B$"$j$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

55. Hasbani Web Server Malformed HTTP GET Request Remote Denial of Service Vulnerability
BugTraq ID: 15225
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-27
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15225
$BMWLs(B:
Hasbani Web Server $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLd(B
$BBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?(B HTTP GET $BMW5a$,%5!<%P$K$h$j=hM}$5$l$k:]$K(B
$B0z$-5/$3$5$l$^$9!#(B

$B967b$,@.8y$9$k$H!"%5!<%P$,=*N;$7!"@55,%f!<%6$X$N%5!<%S%95qH]$,0z$-5/$
3$5(B
$B$l$^$9!#(B

56. GNU gnump3d Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 15226
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15226
$BMWLs(B:
GNU gnump3d $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

57. Mantis Multiple Remote Vulnerabilities
BugTraq ID: 15227
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15227
$BMWLs(B:
Mantis $B$K$O!"%j%b!<%H$+$iMxMQ$5$l$k%;%-%e%j%F%#>e$NJ#?t$NLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"=EMW$J>pJs$r3+<($9$k!
"G$(B
$B0U$N(B PHP $B%9%/%j%W%H$r<B9T$9$k!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r9T$&!"(B
$B$*$h$S(B SQL $B9=J8$rCmF~$9$k2DG=@-$,$"$j$^$9!#(B

Mantis 0.19.3 $B$h$jA0$N%P!<%8%g%s$G$3$l$i$NLdBj$,H/@8$7$^$9!#(B

58. GNU gnump3d Directory Traversal Vulnerability
BugTraq ID: 15228
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15228
$BMWLs(B:
GNU gnump3d $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#<h(B
$BF@$5$l$?>pJs$O99$J$k967b$K;HMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

59. Rockliffe MailSite Express Arbitrary Script File Upload Vulnerability
BugTraq ID: 15230
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15230
$BMWLs(B:
MailSite Express $B$K$O!"G$0U$N%U%!%$%k$,%"%C%W%m!<%I$5$l$kLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#%"%C%W%m!<%I$5$l$?%U%!%$%k$N%5%K%?%$%:%W%m%;%9$K!"$3$
NLd(B
$BBj$,B8:_$7$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$O!"0-0U$"$k%9%/%j%W%H$r4^$`G$0U$N%U%!%$%k$r%
"%C(B
$B%W%m!<%I$7$F!"LdBj$N$"$k%5!<%P>e$G$=$N%9%/%j%W%H$r<B9T$9$k2DG=@-$,$"$
j$^(B
$B$9!#(B

$B$3$NLdBj$K$h$j!":G=*E*$K(B Web $B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GIT@5%"(B
$B%/%;%9$r>7$/2DG=@-$,$"$j$^$9!#(B

60. Rockliffe MailSite Express Information Disclosure Vulnerability
BugTraq ID: 15231
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15231
$BMWLs(B:
MailSite Express $B$K$O!">pJs$,O31L$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6(B
$B$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!
#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%H(B
$BFb$GG$0U$N%U%!%$%k$rFI$_=P$92DG=@-$,$"$j$^$9!#<hF@$5$l$?>pJs$O!"%P%C%
/%((B
$B%s%I%7%9%F%`$KBP$9$k99$J$k967b$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#$=$NB>$
N96(B
$B7b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

61. PHPESP Multiple Unspecified Input Validation Vulnerabilities
BugTraq ID: 15232
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15232
$BMWLs(B:
phpESP $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$K$O!"L$FCDj$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$
*$h(B
$B$S(B SQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$K4X$9$k>pJs$O$[$H$s$I8x3+$5$l$F$$$^$;$s!#?7$?$J>pJs$,8x3
+$5(B
$B$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

62. ASP Fast Forum Error.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 15233
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15233
$BMWLs(B:
ASP Fast Forum $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

63. Jed Wing CHM Lib _chm_find_in_PMGL Stack Buffer Overflow Vulnerability
BugTraq ID: 15234
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15234
$BMWLs(B:
CHM lib $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k2DG=@-$,$"$j$^$9!#$3$NLdBj(B
$B$O!"F~NO%G!<%?$rIT==J,$J%5%$%:$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%
A%'%C(B
$B%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"$3$N(B CHM lib $B%i%$%V%i%j$r;HMQ$9$k%"%W%j%1!<%7%g%s$N%;%-%e%j(B
$B%F%#%3%s%F%-%9%HFb$G967b<T$,G$0U$N%^%7%s%3!<%I$r<B9T$9$k$3$H$r5v$7$F$
7$^(B
$B$$$^$9!#(B

$B%P!<%8%g%s(B 0.35 $B$K$*$$$F!"$3$NLdBj$,B8:_$7$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A(B
$B$r<u$1$k2DG=@-$,$"$j$^$9!#(B

64. MG2 Authentication Bypass Vulnerability
BugTraq ID: 15235
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15235
$BMWLs(B:
MG2 $B$O!"G'>Z$,2sHr$5$l$kLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$K$h$j!"%j%b!<%H$N
(B
$B967b<T$,%Q%9%o!<%I$GJ]8n$5$l$F$$$k2hA|%.%c%i%j$K%"%/%;%9$9$k$3$H$,5v$
5$l(B
$B$F$7$^$$$^$9!#(B

$B8=;~E@$G$O!"(BMG2 $B$N$9$Y$F$N%P!<%8%g%s$KLdBj$,B8:_$9$k$H9M$($i$l$^$9!#(B
Minigal B13 $B$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

65. Hyper Estraier Remote Information Disclosure Vulnerability
BugTraq ID: 15236
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15236
$BMWLs(B:
Hyper Estraier $B$K$O!"%j%b!<%H$N967b<T$,@)8B$5$l$F$$$k%U%!%$%k$r3+<($9$k(B
$B$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$rMxMQ$7$F<}=8$5$l$?>pJs$O!"$=$NB>$N967b$r;n$_$k$?$a$N<j=u$1$
H$J(B
$B$k2DG=@-$,$"$j$^$9!#(B

Windows $B%W%i%C%H%U%)!<%`$G<B9T$7$F$$$k(B Hyper Estraier 1.0.1 $B0JA0$K$*$$$F!"(B
$B$3$NLdBj$,B8:_$7$^$9!#(B

66. PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability
BugTraq ID: 15237
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15237
$BMWLs(B:
PHP Advanced Transfer Manager $B$K$O!"%j%b!<%H$N967b<T$,IT@5$J%"%/%;%98"8B(B
$B$r<hF@$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$BG'>ZMQ>pJs$r4^$`=EMW$J%U%!%$%k$X$N%"%/%;%9$O@)8B$5$l$F$$$J$$$?$a!"967
b<T(B
$B$OC1$K(B GET $B%j%/%(%9%H$K$h$j%f!<%6$N%Q%9%o!<%I%O%C%7%e$r<hF@$9$k$3$H$,2D(B
$BG=$G$9!#967b<T$O$3$N>pJs$rMxMQ$7$F!"(BCookie $B$r;HMQ$9$k%5!<%S%9$X$NG'>Z$r(B
$B@.8y$5$;$k$3$H$,2DG=$G$9!#(B

PHP Advanced Transfer Manager 1.30 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs(B
$B9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

67. Subdreamer Multiple Remote SQL Injection Vulnerabilities
BugTraq ID: 15238
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15238
$BMWLs(B:
Subdreamer $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~N
OCM(B
$B$rEO$7!"%/%(%j$NO@M}9=B$$rA`:n$9$k$J$I$N967b$r2C$($k$3$H$,5v$5$l$F$7$
^$&(B
$B2DG=@-$,$"$j$^$9!#967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$
+$l(B
$B$?$j!"%G!<%?$,3+<($5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967
b<T(B
$B$,%P%C%/%(%s%I%G!<%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2
DG=(B
$B@-$b$"$j$^$9!#(B

Subdreamer 2.2.1 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#$=$NB>$N%P!<%8%g%s(B
$B$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

III.SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. U.S. makes securing SCADA systems a priority
$BCx<T(B: Robert Lemos
$BJF9q$K$*$$$F9q2H$NEENO%7%9%F%`$H8x1W;v6HMQ$N%M%C%H%o!<%/$O4m81$K$5$i$
5$l(B
$B$F$$$k$3$H$,7|G0$5$l$F$$$^$9!#JF9q9qEZ0BA4J]>c>J$O3F4k6H$,@)8f%7%9%F%
`$r(B
$B%m%C%/%@%&%s$G$-$k$h$&$K$9$k$?$a$N?7$?$J;n$_$r9T$C$F$$$^$9!#(B

http://www.securityfocus.com/news/11351

2. Web defacer sentenced, facing deportation
$BCx<T(B: Robert Lemos
Rafael Nunez-Aponte $B$OJF9q6u73$N(B Web $B%5%$%H2~$6$s$K$D$$$F;JK!<h0z$K9g0U(B
$B$7!"I~Lr$9$k$3$H$K$J$j$^$7$?!#$7$+$7!"(BNASA $B4XO"J8=q$NO31L$K4XO"$9$kMF5?(B
$B$K$D$$$F$O$^$@7hCe$7$F$$$^$;$s!#(B

http://www.securityfocus.com/news/11350

3. Snort vulnerability "wormable" but not widespread
$BCx<T(B: Robert Lemos
$B%*!<%W%s%=!<%9$N?/F~8!CN%7%9%F%`$N%W%j%W%m%;%C%55!G=$K(B 3 $B$+7n4VA0$+$iB8(B
$B:_$9$k7g4Y$O%o!<%`:n<T$N4X?4$r0z$-IU$1$k2DG=@-$,$"$j$^$9$,!"LdBj$N1F6
A$r(B
$B<u$1$k%7%9%F%`$N?t$O>/$J$$$H9M$($i$l$^$9!#(B

http://www.securityfocus.com/news/11349

4. Worm worries don't wait for Windows exploits
$BCx<T(B: Robert Lemos
$B:G6aH/I=$5$l$?(B Microsoft Windows $B$NLdBj$,%$%s%?!<%M%C%H%o!<%`$N1B?)$H$J(B
$B$k2DG=@-$K$D$$$F!"%;%-%e%j%F%#8&5f<T$?$A$N0U8+$O?)$$0c$C$F$$$^$9!#(B

http://www.securityfocus.com/news/11346

5. Say hello to the Skype Trojan
$BCx<T(B: John Leyden
$B%&%$%k%9:n@.<T$O!"?M5$$N9b$$(B VoIP $B%=%U%H%&%'%"$N:G?7%P!<%8%g%s$K8+$;$+$1(B
$B$??7$?$J%H%m%$$NLZGO$r;HMQ$7$F!"(BSkype $B%f!<%6$rI8E*$K$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11348

6. Shared music abuse bug hits iTunes
$BCx<T(B: John Leyden
$B%;%-%e%j%F%#8&5f<T$O!"?M5$$N9b$$(B Apple $B$N(B iTunes $B%W%m%0%i%`$GLdBj$rH/8+(B
$B$7$^$7$?!#$3$NLdBj$O!"6&M-$N2;3Z%@%&%s%m!<%I$rK832$9$k$?$a$KMxMQ$5$l$
k2D(B
$BG=@-$,$"$j$^$9!#(B

http://www.securityfocus.com/news/11347

7. US cybersecurity all at sea
$BCx<T(B: John Leyden
$B9qEZ0BA4J]>c>J$K$h$k%"%a%j%+9qFb$N%5%$%P!<%;%-%e%j%F%#%j%9%/$N4IM}$OI
T==(B
$BJ,$G$"$k!"$H@h$NJF9qBgE}NN>pJs%;%-%e%j%F%#C4Ev8\Ld$OH/8@$7$F$$$^$9!#
(B

http://www.securityfocus.com/news/11345

8. Worm fears over MS October patch batch
$BCx<T(B: John Leyden
Microsoft $B$O(B 9 $B7o$N%"%C%W%G!<%H$r4^$`=$@5%W%m%0%i%`$r2PMKF|$KH/I=$7$^$7(B
$B$?!#(B

http://www.securityfocus.com/news/11342

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html
0?l *?H?÷
?]0?Y10 +0 *?H?÷
?
û0?0?k9ÊT?þP"2þ2ÙÛû?0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
180518235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
?÷Îv\«??Ü?o49]?>kr,áÇ¢{@)¹x?ºLÅ£j^?n{ãòAf¾û®¢Î?ó¢4?´²¶$òåÕàÈåbm?{Ë¾»?|WÊð7©¯?î¾(?Ù&v ÍÄNð®Õ¾¯WjÐ BBBô
Ì¥x??&8?G0?0?kLÇêª?>qÓ?ø=:???0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
280801235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
©OÃ
Çg¾,ËÙ¨Í-uç~?;rë~ë\- ?Ökm`|å®Å#\JÐ¯±]óÇ¶
Ûà?
Ý¼Çv?µÝOÃ?u¸ÀæÉ[k¥¸?Ü¬¤ÝríN¡÷O¼ÓêÈdt{Â?A?esXñ?<j±?ÉÄ?¼ÏEmEân"?þ¼1\
èòÙ0?¶0? %îs<û ?U??{?í¿0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
020404000000Z
070403235959Z0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0?0
*?H?÷
0?¼+þîO×ùútüoÃøÊ?(v'È4 Ëªr-Éö?~?hòKïÉÿo½?îÓ??ÿ¨þîhU°¼ð°óåNhfisµ:V÷^uæo;êâd'\`?ÝÛ+·¼¶ª¡$)¯t¦?¯GöÕK~,e3îÛ¥<
KCp?ÙÙÂ??Äø(£¤0¡0Uÿ0ÿ0FU ?0=0;`?H?øE0,0*+https://www.verisign.co.jp/rpa0U
ÿ0 `?H?øB0 U0¤010UC1C2-1-40
*?H?÷
\?Ïh??¿ÏÓ_n²N>?Qs?e¢w ~ü v1?ÿîv4YVÊæGèãTÓÈ?Î?«bMo]?¸¢±?_K??Çó[m³#ÕcÑU*¿þ·ÄUò´o:?¿ê§q^/=¯?
?òt)ÿÌõ
?¬ÕÕ?ô÷7ªÔ?pd{0?10?? d2?7Åw?É??¹?b?ñ0
*?H?÷
0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0
050331000000Z
060331235959Z0ü10U
VeriSign Japan K.K.10UISP Service CA1503U,Terms of use at www.verisign.co.jp/rpa (c)011806U/Service Name - 5BF88D474BD2A6D3E7E073163F0C4D1210UHitachijoho10UTsuneo Ogasawara1!0 *?H?÷
t.ogaswr (at) lac.co (dot) jp0 [email concealed]?0
*?H?÷
0?¿*E´\2ÅÍóDíÐÏÇ~?+Ü=Ù&-u4)~è§ÊÇ2ÉnAàÙWÍØoÓÐûÊfÚq³.?³¥Hë¼ÀÚ×?!0¯6iÚ??±?rÙDÏdA[?Ùî?´q\~ãè?ú¨
Ä»ù?oÊi1¶+_ãr?#??>¥þ?IÁeA£ä0á0 U00EU >0<0:
`?H?øE0,0*+https://www.verisign.co.jp/rpa0U 0
`?H?øB?0ZUS0Q0O M K?Ihttp://onsitecrl.verisign.co.jp/VeriSi
gnJapanKKISPServiceCA/LatestCRL.crl0
`?H?øE ÿ0
*?H?÷
TMÎ¤©ýäøpßËµ"òÎ©,ÍË¶Q??`puÏ?¥?F?ÿ¬ãÅz?¸íñ²Oð)ô2ð$³q?âüý |øu
ßx©?Ì0³Jçjñ^9?^ p('?öC¦^ã=?øîÍ?&´ª.àTaxz4ÓÄÇ«<v?òY³QúÄ1?90?50Þ0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CAd2?7Åw?É??¹?b?ñ0 + ±0 *?H?÷
1 *?H?÷
0 *?H?÷
1
060217082500Z0# *?H?÷
1ØÝ*Ä?©kx;;Î+0çv0R *?H?÷
1E0C0
*?H?÷
0*?H?÷
?0+0
*?H?÷
@0
*?H?÷
(0
*?H?÷
?q
±!vÖ[äö·2ð?_æ?Ãå¸?_×nº$'ó:ô<HÒ?ã?G(×ìe¼â??M±Úeð¿²8yÅÒº0.?°eå'?Rß`
?úÃeÇ?N¡Y?p^þÒ?È¹H¤×ãóØXÞR?{»ê äê?4¨Þ³iµ<Nb
lÒB¾

[ reply ]