SecurityFocus

SecurityFocus Newsletter #324 2005-11-07->2005-11-11 Feb 24 2006 08:47AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 324 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Tue, 15 Nov 2005 16:44:35 -0700
Message-ID: <437A72E3.8080205 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #324
-----------------------------

This Issue is Sponsored By: Watchfire AppScan

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Sony's legal issues
2. Linux worm overrated
II. BUGTRAQ SUMMARY
1. Macromedia Flash Array Index Memory Access Vulnerability
2. ibProArcade User ID SQL Injection Vulnerability
3. Macromedia Flash ActionDefineFunction Memory Access Vulnerability
4. PHPFM Arbitrary File Upload Vulnerability
5. Asterisk Voicemail Unauthorized Access Vulnerability
6. Debian Horde Default Administrator Password Vulnerability
7. Jed Wing CHM Lib LZX Decompression Method Buffer Overflow Vulnerability
8. F-Secure Anti-Virus Gatekeeper and Gateway for Linux Local Privilege Escalation Vulnerability
9. OSTE Remote File Include Vulnerability
10. GNU gnump3d Unspecified Cross-Site Scripting Vulnerability
11. XMB U2U.PHP Cross-Site Scripting Vulnerability
12. Linux-FTPD-SSL FTP Server Remote Buffer Overflow Vulnerability
13. Invision Power Board Multiple Cross-Site Scripting Vulnerabilities
14. Invision Power Board Multiple HTML Injection Vulnerabilities
15. FileZilla Server Terminal Remote Client-Side Buffer Overflow Vulnerability
16. Zone Labs Zone Alarm Advance Program Control Bypass Weakness
17. toendaCMS Admin.PHP Directory Traversal Vulnerability
18. VERITAS Cluster Server for UNIX Local Buffer Overflow Vulnerability
19. PHPList Multiple Input Validation Vulnerabilities
20. toendaCMS Remote File Upload Vulnerability
21. Microsoft Windows Graphics Rendering Engine WMF/EMF Format Code Execution Vulnerability
22. VERITAS NetBackup Volume Manager Daemon Buffer Overflow Vulnerability
23. PHPKit Multiple Input Validation Vulnerabilities
24. ATutor Registration.PHP SQL Injection Vulnerability
25. Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability
26. PHP Group Exif Module Infinite Recursion Denial Of Service Vulnerability
27. HP-UX ENVD Local Privilege Escalation Vulnerability
28. SAP Web Application Server HTTP Response Splitting Vulnerability
29. SAP Web Application Server Multiple Cross-Site Scripting Vulnerabilities
30. SAP Web Application Server URI Redirection Vulnerability
31. Sylpheed LDIF Import Remote Buffer Overflow Vulnerability
32. ASPKnowledgebase Adminlogin.ASP SQL Injection Vulnerability
33. Linux Kernel Sysctl Unregistration Local Denial of Service Vulnerability
34. HP-UX RemSHD Unspecified Unauthorized Access Vulnerability
35. IBM Tivoli Directory Server Unspecified Unauthorized Access Vulnerability
36. YaBB Image Upload HTML Injection Vulnerability
37. Google Talk Email Notification Denial Of Service Vulnerability
38. Mike Neuman OSH Environment Variable Buffer Overflow Vulnerability
39. TikiWiki Tiki-view_forum_thread.PHP Cross-Site Scripting Vulnerability
40. Antville Cross-Site Scripting Vulnerability
41. SpamAssassin Bus Error Spam Detection Bypass Vulnerability
42. IBM DB2 Content Manager Multiple Denial of Service Vulnerabilities
43. IPCop Backup Key Information Disclosure Vulnerability
44. IPCop Backup File Replacement Race Condition Vulnerability
45. Moodle Multiple SQL Injection Vulnerabilities
46. RealNetworks RealOne Player/RealPlayer RM File Remote Stack Based Buffer Overflow Vulnerability
47. RealNetworks RealPlayer DUNZIP32.DLL Heap Overflow Vulnerability
48. Sun Solaris In.Named Remote Denial of Service Vulnerability
49. phpAdsNew Lib-sessions.inc.PHP SQL Injection Vulnerability
50. OcoMon Multiple Unspecified SQL Injection Vulnerabilities
51. Kerio WinRoute Firewall RTSP Stream Denial of Service Vulnerability
52. Kerio WinRoute Firewall Disabled Account Bypass Vulnerability
53. Exponent CMS Multiple SQL Injection Vulnerabilities
54. TikiWiki Tiki-Editpage.PHP Directory Traversal Vulnerability
55. Exponent CMS Image Upload Arbitrary Script Execution Vulnerability
56. TikiWiki Tiki-User_Preferences.PHP Directory Traversal Vulnerability
57. Dev-Editor Virtual Directory Security Bypass Vulnerability
58. Sudo Perl Environment Variable Handling Security Bypass Vulnerability
59. Lynx URI Handlers Arbitrary Command Execution Vulnerability
60. PHPSysInfo Multiple Input Validation Vulnerabilities
61. IBM AIX Diagela.SH Unspecified Security Vulnerability
62. RealNetworks RealPlayer Unspecified Malformed Image Skin File Buffer Overflow Vulnerability
63. PHPWebThings Download.PHP File Parameter SQL Injection Vulnerability
64. ActiveCampaign 1-2-All Broadcast Email Admin Control Panel Username SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Sony BMG faces digital-rights siege
2. Gold at the end of rainbow cracking?
3. Suspected bot master busted
4. Hidden DRM code's legitimacy questioned
5. Skype under scrutiny for bugs
6. Say hello to the Skype Trojan
7. Shared music abuse bug hits iTunes
8. US cybersecurity all at sea

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------

II.BUGTRAQ SUMMARY
--------------------
1. Macromedia Flash Array Index Memory Access Vulnerability
BugTraq ID: 15332
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15332
$BMWLs(B:
Flash $B%W%i%0%$%s$O!"F~NOCM$NBEEv@-3NG'$NITHw$N1F6A$r<u$1$^$9!#$3$NLdBj$r(B

$BMxMQ$9$k$H!"3N<B$KG$0U$N%3!<%I$r<B9T$9$k$3$H$,$G$-$^$9!#$3$NLdBj$O!"=
EMW(B
$B$JG[Ns%$%s%G%C%/%9CM$KBP$9$kF~NOCM$NBEEv@-3NG'$NITHw$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"G$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#<
B9T(B
$B$5$l$k2DG=@-$,:G$b9b$$967b$O!"(BWeb $B%5%$%H>e$KG[CV$5$l$?LdBj$r0z$-5/$3$9$h(B
$B$&$K@_7W$5$l$?0-0U$"$k(B SWF $B%U%!%$%k$r;HMQ$9$kJ}K!$G$9!#(B

Macromedia Flash 6 $B$*$h$S(B 7 $B$K$*$$$FLdBj$,B8:_$9$k$HJs9p$5$l$F$$$^$9!#(B

2. ibProArcade User ID SQL Injection Vulnerability
BugTraq ID: 15333
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15333
$BMWLs(B:
$BF~NOCM$NBEEv@-3NG'$NITHw$KM3Mh$9$k(B SQL $B9=J8$,CmF~$5$l$k967b$,Js9p$5$l$F(B
$B$$$^$9!#$3$NLdBj$O!"(BibProArcade $B%b%8%e!<%k$,M-8z$K@_Dj$5$l$F$$$k>l9g$K!"(B
PowerBoard $B$*$h$S(B vBulletin $B$NN>%$%s%9%H!<%k$N(B "index.php" $B%9%/%j%W%H$K(B
$BB8:_$9$k$HJs9p$5$l$F$$$^$9!#(BPowerBoard $B%f!<%6MQ$N(B HTML $BJQ?t(B "id" $B$*$h$S(B
vBulletin $B%f!<%6MQ$N(B "userid" $B$N%(%9%1!<%W=hM}$,!"(BSQL $B%/%(%jJ8;zNs$KKd$a(B
$B9~$^$l$kA0$KE,@Z$K<B9T$5$l$J$$$3$H$,Js9p$5$l$F$$$^$9!#(B

3. Macromedia Flash ActionDefineFunction Memory Access Vulnerability
BugTraq ID: 15334
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15334
$BMWLs(B:
Macromedia Flash $B$N%W%i%0%$%s$K$OF~NOCM$NBEEv@-3NG'$NITHw$N1F6A$r<u$1$^(B
$B$9!#$3$NLdBj$O!"G$0U$N%3!<%I$r<B9T$9$k$?$a!"$"$k$$$O%5!<%S%9ITG=>uBV$
r0z(B
$B$-5/$3$9$?$a$KMxMQ$5$l$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"=EMW$JG[Ns%$%s%
G%C(B
$B%/%9CM$KBP$9$kF~NOCM$NBEEv@-3NG'$NITHw$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"G$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#<
B9T(B
$B$5$l$k2DG=@-$,:G$b9b$$967b$O!"(BWeb $B%5%$%H>e$KCV$+$l$?LdBj$r0z$-5/$3$9$h$&(B
$B$K@_7W$5$l$?0-0U$"$k(B SWF $B%U%!%$%k$r;HMQ$9$kJ}K!$G$9!#(B

Macromedia Flash 6 $B$*$h$S(B 7 $B$K$*$$$F$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l(B
$B$F$$$^$9!#(B

$B$3$NLdBj$O(B BID 15332 (Macromedia Flash Array Index Memory Access
Vulnerability) $B$G@bL@$5$l$F$$$kLdBj$HN`;w$7$F$$$^$9$,!"1F6A$r<u$1$k4X?t(B
$B$,0[$J$kE@$KN10U$9$Y$-$G$9!#(B

4. PHPFM Arbitrary File Upload Vulnerability
BugTraq ID: 15335
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15335
$BMWLs(B:
PHPFM $B$K$O!"G$0U$N%U%!%$%k$,%"%C%W%m!<%I$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^(B

$B$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"G$0U$N%3!<%I$r%"%C%W%m!<%I$7!"(BWeb $B%5!<%P%W%m(B
$B%;%9$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$
j!"(B
$BIT@5%"%/%;%9$d8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$=$NB>$N967b$
,<B(B
$B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

5. Asterisk Voicemail Unauthorized Access Vulnerability
BugTraq ID: 15336
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15336
$BMWLs(B:
Asterisk $B$K$O!"K\Mh5v2D$5$l$F$$$J$$%"%/%;%9$,9T$o$l$kLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$NBEEv@-3NG'$,E,@Z$K<B9
T$5(B
$B$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"I8E*%f!<%6$N%\%$%9%a!<%k$X$N%"%/%;%9$*$h$SLdBj$N$"$
k(B
$B%7%9%F%`>e$NG$0U$N(B '.wav/.WAV' $B%U%!%$%k$X$N%"%/%;%9$r967b<T$K5v$7$F$7$^(B
$B$$$^$9!#(B

6. Debian Horde Default Administrator Password Vulnerability
BugTraq ID: 15337
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15337
$BMWLs(B:
Debian $B$N(B Horde3 $B%Q%C%1!<%8$N%G%U%)%k%H%$%s%9%H!<%k$G$O!"4IM}<T%Q%9%o!<(B
$B%I$,6uGr$K$J$C$F$$$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k%m!<%+%k$^$?$O%j%b!<%H$N967b<T$O!"LdBj$N$"$k%"%W%j%
1!<(B
$B%7%g%s$G4IM}<T%"%/%;%98"8B$r<hF@$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"%P%
C%/(B
$B%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$,2C$($i$l$k2DG=@-$,$"$j$^$9!#B>$N967
b$,(B
$B0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

$B$3$l$O(B Horde3 $B%"%W%j%1!<%7%g%s$r(B Debian Linux $B$K%$%s%9%H!<%k$9$k$H$-$K$N(B
$B$_8+$i$l$kLdBj$G$9!#(B

7. Jed Wing CHM Lib LZX Decompression Method Buffer Overflow Vulnerability
BugTraq ID: 15338
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15338
$BMWLs(B:
CHM lib $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#(B

LZX $B2rE`%a%=%C%I$,$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#$3$NLdBj
(B
$B$N@-<A>e%j%b!<%H$+$iMxMQ$5$l$k2DG=@-$,$"$j!"(BCHM lib $B%i%$%V%i%j$r;HMQ$9$k(B
$B%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G967b<T$,G$0U$N%^%7%s%3!
<%I(B
$B$r<B9T$9$k$3$H$r5v$7$F$7$^$&$3$H$,?d;!$5$l$^$9!#(B

$B$3$l0J>e$N>\:Y>pJs$O8=;~E@$G$O8x3+$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!Bh!
"$3(B
$B$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

8. F-Secure Anti-Virus Gatekeeper and Gateway for Linux Local Privilege Escalation Vulnerability
BugTraq ID: 15339
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15339
$BMWLs(B:
F-Secure Anti-Virus $B@=IJ$K$O!"%m!<%+%k$G8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%;%-%e%j%F%#>eITE,@Z$J(B setuid-superuser $B%P%$%J%j$N(B
$B%Q!<%_%C%7%g%s$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O%m!<%+%k$N967b<T$,4IM}<T8"8B$r<hF@$9$k$3$H$r5v$7$F$7$^$&$?$
a!"(B
$BLdBj$N$"$k%3%s%T%e!<%?$N5!G=$,40A4$KB;$J$o$l$k2DG=@-$,$"$j$^$9!#(B

9. OSTE Remote File Include Vulnerability
BugTraq ID: 15340
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15340
$BMWLs(B:
OSTE $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#$3$N(B

$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r%j%b!<%H$+$i<B9T$9$k2DG=@-$,$"$j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

10. GNU gnump3d Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 15341
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15341
$BMWLs(B:
GNU gnump3d $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kL$FCDj$NLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!
<%6(B
$B$N%V%i%&%6$G!"LdBj$N$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%
9%/(B
$B%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'(B
$B>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O(B BID 15226 (GNU gnump3d Error Page Cross-Site Scripting
Vulnerability) $B$G@bL@$5$l$F$$$kLdBj$HN`;w$7$F$$$^$9$,!"0[$J$kLdBj$G$9!#(B

11. XMB U2U.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15342
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15342
$BMWLs(B:
XMB $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#$3$NLd
(B
$BBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$
KM3(B
$BMh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"(B
$B$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$
9$k(B
$B2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N96(B
$B7b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

12. Linux-FTPD-SSL FTP Server Remote Buffer Overflow Vulnerability
BugTraq ID: 15343
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15343
$BMWLs(B:
Linux-FTPD-SSL FTP Server $B$G$O!"%j%b!<%H$+$i$N967b$K$h$j%P%C%U%!%*!<%P!<(B
$B%U%m!<$,H/@8$9$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NO%G!
<%?(B
$B$r%5%$%:$,IT==J,$J%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%A%'%C%/$,E,@Z$
K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,LdBj$N$"$k%5!<%P%"%W%j%1!<%7%g%s$N%
;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k$3$H$,5v$5$l$F$7$^$
$$^(B
$B$9!#$3$N$h$&$J>l9g$ODL>o!"4IM}<T8"8B$,;HMQ$5$l$^$9!#(B

13. Invision Power Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15344
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15344
$BMWLs(B:
Invision Power Board $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t(B
$B$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$i$NLdBj$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`(B
$B<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B%P!<%8%g%s(B 2.1 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

14. Invision Power Board Multiple HTML Injection Vulnerabilities
BugTraq ID: 15345
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15345
$BMWLs(B:
Invision Power Board $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%
s%F(B
$B%s%D$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG=@-$
b$"(B
$B$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

$B%P!<%8%g%s(B 2.1 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,H=L@$7$F$$$^$9!#$=(B
$B$l0JA0$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

15. FileZilla Server Terminal Remote Client-Side Buffer Overflow Vulnerability
BugTraq ID: 15346
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15346
$BMWLs(B:
FileZilla Server Terminal $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%/%i%$%"%s%H%5%$%I$G(B
$B$N%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#$
3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?J8;zNs$r8GDjD9$N%W%m%;%9%P%C%U%!$K%3%T!<$9$kA
0$K!"(B
$BJ8;zNsD9$NBEEv@-3NG'$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%
6$N(B
$B8"8B$GG$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%
9$d(B
$B8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

16. Zone Labs Zone Alarm Advance Program Control Bypass Weakness
BugTraq ID: 15347
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15347
$BMWLs(B:
Zone Labs Zone Alarm $B$K$O!"(BAdvanced Program Control $B$K$h$kJ]8n$r2sHr$9$k(B
$B$3$H$r5v$7$F$7$^$&LdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$BJ#?t$N%"%W%j%1!<%7%g%s$G$O!"(BHTML $B$rI=<($9$k%b!<%@%k%@%$%"%m%0%\%C%/%9$r(B
$B:n@.$7$F!"$=$N%@%$%"%m%0%\%C%/%9$r%j%b!<%H%5%$%H$K%j%@%$%l%/%H$5$;$k$
3$H(B
$B$,2DG=$G$"$k$HJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"0-0U$"$k%W%m%0%i%`$,(B Advanced Program Control $B$K$h$kJ]8n$r2s(B
$BHr$7$F!"I8E*$H$J$C$?%3%s%T%e!<%?$+$i%j%b!<%H$N967b<T$K%G!<%?$rAw?.$9$
k$3(B
$B$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BAdvanced Program Control $B$,M-8z$K@_Dj$5$l$F$$$F!"%$%s%?!<%M%C(B
$B%H$X$N%"%/%;%9$,%V%i%&%6$K5v2D$5$l$F$$$k>l9g$K8B$jH/@8$9$kE@$KN10U$9$
Y$-(B
$B$G$9!#(B

17. toendaCMS Admin.PHP Directory Traversal Vulnerability
BugTraq ID: 15348
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15348
$BMWLs(B:
toendaCMS $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$k$HJs9p$5$l(B
$B$F$$$^$9!#$3$NLdBj$O!"(BWeb $B%5!<%P$,FI$_<h$j2DG=$JG$0U$N%U%!%$%k$NFbMF$r3+(B
$B<($9$k$?$a$KMxMQ$5$l$k2DG=@-$N$"$k$3$H$,H=L@$7$F$$$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"@x:_E*$K=EMW$J>pJs$r4^$`%U%!%$%
k$r(B
$B3+<($9$k2DG=@-$,$"$j$^$9!#(B

$B%P!<%8%g%s(B 2.1 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

18. VERITAS Cluster Server for UNIX Local Buffer Overflow Vulnerability
BugTraq ID: 15349
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15349
$BMWLs(B:
VERITAS Cluster Server for UNIX $B$NJ#?t$N%P!<%8%g%s$K$*$$$F!"%m!<%+%k$G$N(B
$B967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kLdBj$N1F6A$r<u$1$^$9!#$3$NL
dBj(B
$B$O!"%f!<%6$,;XDj$7$?%G!<%?$r%5%$%:$,IT==J,$J%a%b%j%P%C%U%!$K%3%T!<$9$
kA0(B
$B$K!"6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$BLdBj$N$"$k%"%W%j%1!<%7%g%s$,(B setuid root $B%S%C%H$,IUM?$5$l$F%$%s%9%H!<%k(B
$B$5$l$k$?$a!"$3$NLdBj$O%m!<%+%k$N967b<T$,4IM}<T$N>ZL@=q$r;HMQ$7$FG$0U$
N%^(B
$B%7%s%3!<%I$r<B9T$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

19. PHPList Multiple Input Validation Vulnerabilities
BugTraq ID: 15350
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15350
$BMWLs(B:
PHPList $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$K$O!"J#?t$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj!"
(BHTTP
$B%?%0$rA^F~2DG=$JLdBj!"(BSQL $B9=J8$rCmF~2DG=$JLdBj!"$*$h$S%G%#%l%/%H%j%H%i%P!<(B
$B%5%k967b$,<B9T$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

20. toendaCMS Remote File Upload Vulnerability
BugTraq ID: 15351
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15351
$BMWLs(B:
toendaCMS $B$K$O!"G$0U$N%U%!%$%k$,%"%C%W%m!<%I$5$l$kLdBj$,B8:_$9$k5?$$$,$"(B
$B$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%H(B
$BFb$GG$0U$N%3!<%I$r%"%C%W%m!<%I$7!"<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$
j!"(B
$BIT@5%"%/%;%9$d8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$=$NB>$N967b$
,<B(B
$B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

21. Microsoft Windows Graphics Rendering Engine WMF/EMF Format Code Execution Vulnerability
BugTraq ID: 15352
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15352
$BMWLs(B:
Microsoft Windows $B$N(B WMF/EMF $B%0%i%U%#%C%/%l%s%@%j%s%0%(%s%8%s$O!"%j%b!<(B
$B%H$+$i%3!<%I$r<B9T2DG=$JLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,(B WMF $B7A<0$^$?$O(B EMF $B7A<0$N0-0U$"$k%U%!%$%k$rI=<($9$k(B
$B$3$H$K$h$j!"LdBj$N$"$k%(%s%8%s$,$3$N%U%!%$%k$N2r@O$r;n$_$k$H$-$KH/@8$
7$^(B
$B$9!#$3$NLdBj$rMxMQ$9$k$H!"%R!<%W%a%b%j$NGK2u$dG$0U$N%3!<%I<B9T$r>7$/2
DG=(B
$B@-$N$"$k@0?t%*!<%P%U%m!<$r0z$-5/$3$9$3$H$,2DG=$G$9!#(B

$BLdBj$N$"$k%(%s%8%s$N@-<A>e!"%3!<%I$N<B9T$K$O(B SYSTEM $B8"8B$,;HMQ$5$l$^$9!#(B
$B967b$,@.8y$9$k$H!"%j%b!<%H$+$i$N967b$r>7$$$?$j!"%m!<%+%k$G8"8B$,>:3J$
5$l(B
$B$k2DG=@-$,$"$j$^$9!#(B

22. VERITAS NetBackup Volume Manager Daemon Buffer Overflow Vulnerability
BugTraq ID: 15353
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15353
$BMWLs(B:
VERITAS NetBackup $B$N(B Volume Manager Daemon $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<(B
$B$,H/@8$9$k5?$$$,$"$j$^$9!#967b$,@.8y$9$k$H!"%5!<%S%9ITG=>uBV$K4Y$k!"$
"$k(B
$B$$$OG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#(B

NetBackup 5.0 $B$*$h$S(B 5.1 $B$K$*$$$F$N$_!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

23. PHPKit Multiple Input Validation Vulnerabilities
BugTraq ID: 15354
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15354
$BMWLs(B:
PHPKit $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$K$O!"J#?t$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj!"
(BHTTP
$B%?%0$rA^F~2DG=$JLdBj!"(BSQL $B9=J8$rCmF~2DG=$JLdBj!"%m!<%+%k$G%U%!%$%k$,%$%s(B
$B%/%k!<%I2DG=$JLdBj!"$*$h$SG$0U$N%3!<%I$,<B9T$5$l$kLdBj$,B8:_$9$k5?$$$
,$"(B
$B$j$^$9!#(B

24. ATutor Registration.PHP SQL Injection Vulnerability
BugTraq ID: 15355
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15355
$BMWLs(B:
ATutor $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"$3$N%"%W%j%1!<%7%g%s$N5!G=$,B;$J$o$l$?$j!"%G!<%?$N3
+<((B
$B$d2~$6$s$,>7$+$l$k2DG=@-$,$"$j$^$9!#$3$NLdBj$rMxMQ$9$k967b<T$O!"G$0U$
N%3(B
$B%^%s%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

25. Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability
BugTraq ID: 15356
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15356
$BMWLs(B:
Microsoft Windows $B$N(B WMF $B%0%i%U%#%C%/%l%s%@%j%s%0%(%s%8%s$O!"%j%b!<%H$+(B
$B$i%3!<%I$r<B9T2DG=$JLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,0-0U$"$k(B WMF $B7A<0$N%U%!%$%k$rI=<($9$k$3$H$K$h$j!"$3(B
$B$N%(%s%8%s$,$3$N%U%!%$%k$N2r@O$r;n$_$k$H$-$KH/@8$7$^$9!#0-0U$"$k%U%!%
$%k(B
$B$K$h$j!"%R!<%W%a%b%j$NGK2u$dG$0U$N%3!<%I<B9T$r>7$/@0?t%*!<%P%U%m!<$,0
z$-(B
$B5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$BLdBj$N$"$k%(%s%8%s$N@-<A>e!"%3!<%I$N<B9T$K$O(B SYSTEM $B8"8B$,;HMQ$5$l$^$9!#(B
$B967b$,@.8y$9$k$H!"%j%b!<%H$+$i$N967b$r>7$$$?$j!"%m!<%+%k$G8"8B$,>:3J$
5$l(B
$B$k2DG=@-$,$"$j$^$9!#(B

26. PHP Group Exif Module Infinite Recursion Denial Of Service Vulnerability
BugTraq ID: 15358
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15358
$BMWLs(B:
PHP $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"GKB;$7$?(B JPEG $B%U%!%$%k$K4^$^$l$k(B EXIF $B2hA|%G!<%?$r2r@O$9$k$H(B
$B$-$KH/@8$7$^$9!#(B

$B967b<T$O!"$3$NLdBj$rMxMQ$7$F%7%9%F%`$r%/%i%C%7%e$5$;!"@55,%f!<%6$X$N%
5!<(B
$B%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(B

27. HP-UX ENVD Local Privilege Escalation Vulnerability
BugTraq ID: 15359
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15359
$BMWLs(B:
HP-UX envd $B$K$O!"%m!<%+%k$G8"8B>:3J$,0z$-5/$3$5$l$k5?$$$,$"$k$3$H$,Js9p(B
$B$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"%m!<%+%k$N967b<T$,G$0U$N%3!<%I$r<B9T$9$k$3$H!"$*$h$S8"8B$
r>:(B
$B3J$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

28. SAP Web Application Server HTTP Response Splitting Vulnerability
BugTraq ID: 15360
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15360
$BMWLs(B:
SAP Web Application Server $B$K$O!"(BHTTP $B1~EzJ,3d$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"%G!<%?$N2~$6$s!"%-%c%C%7%e1x@w$
d56$C(B
$B$?%3%s%F%s%D$rI=<($5$;$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"%/%i%$%"%s%H%f!
<%6(B
$B$r$"$?$+$b0BA4$G$"$k$H8m2r$5$;$k$h$&$K;E8~$1$k$5$^$6$^$J967b$KMxMQ$5$
l$k(B
$B2DG=@-$,$"$j$^$9!#(B

SAP WAS $B$N(B BSP $B%i%s%?%$%`$N$_$,$3$NLdBj$N1F6A$r<u$1$^$9!#(B

29. SAP Web Application Server Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15361
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15361
$BMWLs(B:
SAP Web Application Server $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1(B
$B$kJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$
?F~(B
$BNOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

SAP WAS $B$N(B BSP $B%i%s%?%$%`$K$N$_!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

30. SAP Web Application Server URI Redirection Vulnerability
BugTraq ID: 15362
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15362
$BMWLs(B:
SAP Web Application Server $B$K$O!"%j%b!<%H$+$i(B URI $B$,%j%@%$%l%/%H$5$l$k5?(B
$B$$$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B967b<T$O!"(B'sap-exiturl' $B%Q%i%a!<%?$r2p$7$F0-0U$"$k%5%$%H$N(B URI $B$r;XDj$9(B
$B$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k$3$H$,Js9p$5$l$F$$$^$9!#
(B

$B967b$,@.8y$9$k$H!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N$5$^$6$^$J967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?967b<T$O!"%U%#%C%7%s%0967b$r6/2
=$9(B
$B$k$?$a$K$3$NLdBj$rMxMQ$9$k2DG=@-$b$"$j$^$9!#(B

SAP WAS $B$N(B BSP $B%i%s%?%$%`$N$_$,$3$NLdBj$N1F6A$r<u$1$^$9!#(B

31. Sylpheed LDIF Import Remote Buffer Overflow Vulnerability
BugTraq ID: 15363
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15363
$BMWLs(B:
Sylpheed $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#(B

$B%f!<%6$K$h$C$F0-0U$"$k(B LFID $B%U%!%$%k$,%"%I%l%9%V%C%/$K%$%s%]!<%H$5$l$k$H(B
$B$-$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"967b<T$,(B Sylpheed $B%/%i%$%"%s%H$N%;%-%e%j%F%#%3%s(B
$B%F%-%9%HFb$G!"%3%s%T%e!<%?$KIT@5$K%"%/%;%9$9$k$3$H$r5v$7$F$7$^$&2DG=@
-$,(B
$B$"$j$^$9!#(B

32. ASPKnowledgebase Adminlogin.ASP SQL Injection Vulnerability
BugTraq ID: 15364
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15364
$BMWLs(B:
ASPKnowledgebase $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

33. Linux Kernel Sysctl Unregistration Local Denial of Service Vulnerability
BugTraq ID: 15365
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15365
$BMWLs(B:
Linux Kernel $B$K$O!"%m!<%+%k$G%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$k$HJs9p$5$l(B
$B$F$$$^$9!#(B

$B$3$NLdBj$O!"%M%C%H%o!<%/%G%P%$%9$,<h$j30$5$l$?$H$-$K%+!<%M%k%j%=!<%9$
NEP(B
$BO?2r=|$,E,@Z$K9T$o$l$J$$$?$a$KH/@8$7$^$9!#(B

$B$3$NLdBj$O!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/$3$H$r%m!<%+%k$N967b<T$K5
v$7(B
$B$F$7$^$$$^$9!#%+!<%M%k$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9
T$5(B
$B$l$k2DG=@-$,$"$k$H?d;!$5$l$^$9$,!"$3$l$K$D$$$F$OL$8!>Z$G$9!#(B

34. HP-UX RemSHD Unspecified Unauthorized Access Vulnerability
BugTraq ID: 15366
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15366
$BMWLs(B:
HP-UX $B$N(B remshd $B$K$O!"IT@5%"%/%;%9$,0z$-5/$3$5$l$kL$FCDj$NLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#(B

'Trusted Mode' $B$K@_Dj$5$l$F$$$k>l9g!"%j%b!<%H$N967b<T$O(B remshd $B$KB8:_$9(B
$B$kITHw$rMxMQ$7$F!"LdBj$rJz$($k%5!<%S%9$rMxMQ$9$k%7%9%F%`$X$NIT@5%"%/%
;%9(B
$B$r<hF@$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$K$D$$$F$O$o$:$+$J>pJs$7$+8x3+$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<
!Bh(B
$B$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

35. IBM Tivoli Directory Server Unspecified Unauthorized Access Vulnerability
BugTraq ID: 15367
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15367
$BMWLs(B:
IBM Tivoli Directory Server $B$K$O!"%G%#%l%/%H%j%5!<%P$K%j%b!<%H$+$iIT@5%"(B
$B%/%;%9$r<B9T2DG=$JL$FCDj$NLdBj$N1F6A$r<u$1$^$9!#$3$l$K$h$j!"967b<T$,%
G%#(B
$B%l%/%H%j%5!<%P%G!<%?%Y!<%9$K3JG<$5$l$F$$$k%G!<%?$K%"%/%;%9$7$?$j!"%G!
<%?(B
$B$r2~$6$s$^$?$O:o=|$7$?$j$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

$B$3$NLdBj$K$D$$$F$O$o$:$+$J>pJs$7$+8x3+$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<
!Bh(B
$B$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

36. YaBB Image Upload HTML Injection Vulnerability
BugTraq ID: 15368
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15368
$BMWLs(B:
YaBB $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(B
$B%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!"F~NOC
M$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG=@-$
b$"(B
$B$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

$B$3$NLdBj$O!"(BWeb $B%V%i%&%6$K(B Microsoft Internet Explorer $B$r;HMQ$9$k$H$-$K(B
$B8B$jH/@8$7$^$9!#(B

37. Google Talk Email Notification Denial Of Service Vulnerability
BugTraq ID: 15369
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15369
$BMWLs(B:
Google Talk $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"Nc30(B
$BE*$J>u67$K$h$C$FI8E*%f!<%6$,J#?t$N%(%i!<%]%C%W%"%C%W%&%#%s%I%&$H$NBPO
C$*(B
$B$h$S$3$l$i$N%&%#%s%I%&$rJD$8$k$3$H$r6/@)$5$l$F$7$^$&%W%m%0%i%_%s%0%(%
i!<(B
$B$KM3Mh$7$^$9!#(B

$B%/%i%$%"%s%H%"%W%j%1!<%7%g%s$N%f!<%6$X$N%5!<%S%95qH]$r0z$-5/$3$9$?$a!
"0U(B
$B?^E*$K:n@.$5$l$?EE;R%a!<%k%a%C%;!<%8$,967b<T$K$h$C$FAw?.$5$l$k2DG=@-$
N$"(B
$B$k$3$H$,Js9p$5$l$F$$$^$9!#(B

38. Mike Neuman OSH Environment Variable Buffer Overflow Vulnerability
BugTraq ID: 15370
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15370
$BMWLs(B:
Osh $B$K$O!"4D6-JQ?t$r=hM}$9$k$H$-$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k2DG=@-
(B
$B$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?%3%s%F%s%D$K$h$C$FNY@\$9$k4D6
-JQ(B
$B?t$,>e=q$-$5$l$F$7$^$&%"%W%j%1!<%7%g%s$NITHw$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"4IM}<T8"8B$GG$0U$N%3!<%I$r<B9T$9$k$?$a$KMxMQ$5$l$k2DG=@-$
,$"(B
$B$j$^$9!#(B

39. TikiWiki Tiki-view_forum_thread.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15371
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15371
$BMWLs(B:
TikiWiki $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

1.9.2 $B0JA0$N(B 1.9.x $B$+$i$N3F%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1(B
$B$^$9!#$3$l$h$jA0$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

40. Antville Cross-Site Scripting Vulnerability
BugTraq ID: 15372
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15372
$BMWLs(B:
Antville $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

Antville 1.1 $B$K$*$$$F$3$NLdBj$N1F6A$r<u$1$^$9!#$3$l$h$jA0$N%P!<%8%g%s$b(B
$B1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

41. SpamAssassin Bus Error Spam Detection Bypass Vulnerability
BugTraq ID: 15373
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15373
$BMWLs(B:
SpamAssassin $B$K$O!"%9%Q%`$N8!=P$,2sHr$5$l$k2DG=@-$N$"$kLdBj$,B8:_$9$k5?(B
$B$$$,$"$j$^$9!#$3$NLdBj$ONc30E*$J>u67$N=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B967b<T$O!"$3$NLdBj$rMxMQ$7$F;R%W%m%;%9$r%/%i%C%7%e$5$;!"EE;R%a!<%k$,8
!=P(B
$B$r2sHr$7!"DL2a$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

42. IBM DB2 Content Manager Multiple Denial of Service Vulnerabilities
BugTraq ID: 15376
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-10
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15376
$BMWLs(B:
IBM DB2 Content Manager $B$K$O!"J#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i(B
$B$NLdBj$O!"967b<T$,%5!<%S%9ITG=>uBV$r0z$-5/$3$9$3$H$r5v$7$F$7$^$&2DG=@
-$,(B
$B$"$j$^$9!#(B

Content Manager Version 8.2 Fix Pack 10 $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$l(B
$B$i$NLdBj$N1F6A$r<u$1$^$9!#(B

43. IPCop Backup Key Information Disclosure Vulnerability
BugTraq ID: 15377
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-10
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15377
$BMWLs(B:
IPCop $B$K$O!">pJs$,O31L$9$k5?$$$,$"$j$^$9!#(BIPCop $B$K$O!">pJs$,O31L$9$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"0E9f2=$5$l$?%P%C%/%"%C%W%U%!%$%k$X$N80$,%"%W%
j%1!<(B
$B%7%g%s$GJ]4I$5$l$kJ}K!$KM3Mh$7$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$O!"%P%C%/%"%C%W%U%!%$%k$r2rFI$9$k$3$H$,2DG=$
G$9!#(B
$BF~<j$5$l$?>pJs$O99$J$k967b$KMxMQ$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"$=$NB>$
N96(B
$B7b$,9T$o$l$k2DG=@-$b$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"G$0U$N%P%C%/%"%C%W%U%!%$%k$r>e=q$-$9$k2DG
=@-(B
$B$,$"$j$^$9!#$?$@$7!"967b<T$O@55,$NJ}K!$r;HMQ$9$k$+B>$N@x:_E*$JLdBj$rM
xMQ(B
$B$7$F!"(B'nobody' $B%f!<%6%"%+%&%s%H$K%"%/%;%9$,2DG=$G$"$kI,MW$,$"$j$^$9!#96(B
$B7b<T$O$3$NLdBj$rMxMQ$7$F!"4IM}<T8"8B$GG$0U$N%U%!%$%k$r>e=q$-$G$-$k2DG
=@-(B
$B$,$"$j$^$9!#(B

44. IPCop Backup File Replacement Race Condition Vulnerability
BugTraq ID: 15378
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-10
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15378
$BMWLs(B:
IPCop $B$K$O!"%P%C%/%"%C%W%U%!%$%k$NCV$-49$($r5v$7$F$7$^$&6%9g>uBV$,H/@8$9(B

$B$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%U%!%$%k$r0E9f2=$9$kA0$K%U%!%$%k$N=jM-<
T$r(B
$BJQ99$7$F$7$^$&$3$H$KM3Mh$7$^$9!#(B

$B%m!<%+%k$N967b<T$O@55,$NJ}K!$r;HMQ$9$k$+!"$"$k$$$O$3$NLdBj$rMxMQ$9$k$
?$a(B
$B$NB>$N@x:_E*$JLdBj$r2p$7$F!"(B'nobody' $B%f!<%6%"%+%&%s%H$G$N%"%/%;%9$,2DG=(B
$B$G$"$kI,MW$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%P%C%/%"%C%W%U%!%$%k$O967b<T$,;XDj$7$?G$0U$N%G!<%?$
KCV(B
$B$-49$($i$l$^$9!#%P%C%/%"%C%W%U%!%$%k$,%j%9%H%"$5$l$k>l9g!"4IM}<T8"8B$
r;H(B
$BMQ$7$F%7%9%F%`>pJs$,G$0U$N%G!<%?$G>e=q$-$5$l$k2DG=@-$,$"$j$^$9!#(B

45. Moodle Multiple SQL Injection Vulnerabilities
BugTraq ID: 15380
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-10
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15380
$BMWLs(B:
Moodle $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM(B
$B$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

46. RealNetworks RealOne Player/RealPlayer RM File Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 15381
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-10
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15381
$BMWLs(B:
RealNetworks $B$N(B RealPlayer $B$H(B RealOne Player $B$K$O!"%j%b!<%H$+$i$N967b$K(B
$B$h$j%9%?%C%/>e$G%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$k$HJs9p$5$l$
F$$(B
$B$^$9!#$3$NLdBj$O!"(BRM (Real Media) $B%U%!%$%k$N2r@O;~$K6-3&%A%'%C%/$,<B9T$5(B
$B$l$J$$$3$H$KM3Mh$7$^$9!#%j%b!<%H$N967b<T$O!"LdBj$N$"$k%3%s%T%e!<%?>e$
GG$(B
$B0U$N%3!<%I$r<B9T$7!"IT@5%"%/%;%9$r9T$&2DG=@-$,$"$j$^$9!#(B

Microsoft Windows$B!"(BLinux$B!"$*$h$S(B Apple Mac $B%W%i%C%H%U%)!<%`8~$1$N(B
RealNetworks $B@=IJ$K$*$$$F!"$3$NLdBj$,Js9p$5$l$F$$$^$9!#(B

47. RealNetworks RealPlayer DUNZIP32.DLL Heap Overflow Vulnerability
BugTraq ID: 15382
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-10
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15382
$BMWLs(B:
Windows $B%W%i%C%H%U%)!<%`>e$N(B Real Player $B$K$O!"%R!<%WNN0h$G%P%C%U%!%*!<(B
$B%P!<%U%m!<$,H/@8$9$kLdBj$,B8:_$7$^$9!#(B

$B$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?%U%!%$%k$r=hM}$9$k$?$a$K(B 'DUNZIP32.DLL' $B$,(B
$B8F$S=P$5$l$k$H$-$K0z$-5/$3$5$l$^$9!#(B

$B967b$,@.8y$9$k$H!"967b<T$,LdBj$N$"$k%3%s%T%e!<%?>e$GIT@5%"%/%;%9$r<B9
T$9(B
$B$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

48. Sun Solaris In.Named Remote Denial of Service Vulnerability
BugTraq ID: 15384
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15384
$BMWLs(B:
Sun Solaris $B$N(B in.named $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K(B
$B4Y$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"J#?t$N%j%/%(%9%H$r(B DNS $B%5!<%P$KAw$j$D$1$k$3$H(B
$B$G%7%9%F%`$r%/%i%C%7%e$5$;!"7k2LE*$K@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/2
DG=(B
$B@-$,$"$j$^$9!#(B

49. phpAdsNew Lib-sessions.inc.PHP SQL Injection Vulnerability
BugTraq ID: 15385
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15385
$BMWLs(B:
phpAdsNew $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLd(B
$BBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?(B
$B%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

$B$3$N(B BID $B$O(B BID 15374 (phpAdsNew Logout.PHP SQL Injection Vulnerability)
$B$NJ#@=$G$9!#(BBID 15374 $B$OGK4~$5$l$k$3$H$K$J$j$^$9!#(B

50. OcoMon Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 15386
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15386
$BMWLs(B:
OcoMon $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

OcoMon 1.x $B$N3F%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l(B
$B$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

51. Kerio WinRoute Firewall RTSP Stream Denial of Service Vulnerability
BugTraq ID: 15387
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15387
$BMWLs(B:
Kerio WinRoute Firewall $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K(B
$B4Y$k5?$$$,$"$j$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%5!<%S%9$r%/%i%C%7%e$
5$;!"(B
$B%U%!%$%"%&%)!<%k$rL58z$K$9$k2DG=@-$,$"$j$^$9!#$3$l$O!"99$J$k967b$r;n$
_$k(B
$B$?$a$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#(B

52. Kerio WinRoute Firewall Disabled Account Bypass Vulnerability
BugTraq ID: 15388
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15388
$BMWLs(B:
Kerio WinRoute Firewall $B$K$O!"L58z2=$5$l$F$$$k%"%+%&%s%H$K$h$k%"%/%;%9$r(B
$B5v$7$F$7$^$&LdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%"%W%j%1!<%7%g%
sFb(B
$BIt$KB8:_$7$F$$$kG'>Z$NITHw$KM3Mh$9$k$H?d;!$5$l$^$9!#(B

$BL$FCDj$NITHw$N$?$a!"L58z2=$5$l$F$$$k%"%+%&%s%H$,1F6A$r<u$1$k%7%9%F%`$
KG'(B
$B>Z$5$l$k2DG=@-$,$"$j$^$9!#$3$N$?$a$K!"$"$?$+$b0BA4$G$"$k$+$N$h$&$J8m2
r$r(B
$B>7$/2DG=@-$,$"$j$^$9!#(B

53. Exponent CMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 15389
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15389
$BMWLs(B:
Exponent CMS $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

54. TikiWiki Tiki-Editpage.PHP Directory Traversal Vulnerability
BugTraq ID: 15390
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15390
$BMWLs(B:
TikiWiki $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"@x:_E*$K=EMW$J>pJs$r4^$`%U%!%$%
k$r(B
$B3+<($9$k2DG=@-$,$"$j$^$9!#$3$NJ}K!$G<hF@$5$l$?>pJs$O!"$3$N%=%U%H%&%'%
"$*(B
$B$h$S%[%9%H%3%s%T%e!<%?$KBP$7$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$7$F;HM
Q$5(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

55. Exponent CMS Image Upload Arbitrary Script Execution Vulnerability
BugTraq ID: 15391
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15391
$BMWLs(B:
Exponent CMS $B$K$O!"G$0U$N%9%/%j%W%H$,<B9T$5$l$k5?$$$,$"$j$^$9!#$3$l$O!"(B
$B$3$N%"%W%j%1!<%7%g%s$N2hA|%"%C%W%m!<%I5!G=$KBP$7$F%f!<%6$,;XDj$7$?F~N
OCM(B
$B$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O%j%b!<%H$+$i%9%/%j%W%H%3!<%I$r%$%s%/%k!<%I$7!"LdBj$N$"$k%5!<%
P$N(B
$B%;%-%e%j%F%#%3%s%F%-%9%HFb$G$=$N%9%/%j%W%H%3!<%I$r<B9T$9$k$3$H$,2DG=$
G$9!#(B

0.x $B$N3F%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!
#(B
0.94.6 $B$K%"%C%W%0%l!<%I$9$k$3$H$,$G$-$^$9!#(B

56. TikiWiki Tiki-User_Preferences.PHP Directory Traversal Vulnerability
BugTraq ID: 15392
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15392
$BMWLs(B:
TikiWiki $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"@x:_E*$K=EMW$J>pJs$r4^$`%U%!%$%
k$r(B
$B3+<($9$k2DG=@-$,$"$j$^$9!#$3$NJ}K!$G<hF@$5$l$?>pJs$O!"$3$N%=%U%H%&%'%
"$*(B
$B$h$S%[%9%H%3%s%T%e!<%?$KBP$7$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$7$F;HM
Q$5(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

57. Dev-Editor Virtual Directory Security Bypass Vulnerability
BugTraq ID: 15393
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15393
$BMWLs(B:
Dev-Editor $B$K$O!"%k!<%H2>A[%G%#%l%/%H%j0J30$N>l=j$K$"$k%G%#%l%/%H%j$X$N(B
$BIT@5%"%/%;%9$K4XO"$9$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BDev-Editor $B$,2>A[%G%#%l%/%H%j$X$N%"%/%;%9$r=hM}$9$kJ}K!$K$h(B
$B$j0z$-5/$3$5$l$^$9!#(B

$B967b$,@.8y$9$k$H!";XDj$N%k!<%H2>A[%G%#%l%/%H%j0J30$N%G%#%l%/%H%j$K%"%
/%;(B
$B%9$9$k$3$H$r967b<T$K5v$7$F$7$^$$$^$9!#$3$NLdBj$K$h$j>pJs$,3+<($5$l!"H
kL)(B
$B>pJs$X$NIT@5%"%/%;%9$r>7$/2DG=@-$,$"$j$^$9!#(B

58. Sudo Perl Environment Variable Handling Security Bypass Vulnerability
BugTraq ID: 15394
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15394
$BMWLs(B:
Sudo $B$K$O!"%;%-%e%j%F%#@)8B$,2sHr$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$K$h$j!"(B

$BG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"46@w$,L5;k$5$l$
?>l(B
$B9g$N4D6-JQ?t(B 'PERLLIB'$B!"(B'PERL5LIB'$B!"$*$h$S(B 'PERL5OPT' $B$N=hM}$KB8:_$9$kIT(B
$BHw$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"%;%-%e%j%F%#@)8B$r2sHr$7!"G$0U$N%i%$%V%i%
j%U%!(B
$B%$%k$r%$%s%/%k!<%I$9$k2DG=@-$,$"$j$^$9!#(B

$B967b<T$,$3$NLdBj$rMxMQ$9$k$?$a$K$O!"(BSudo $B$r2p$7$F(B Perl $B$r<B9T$9$kG=NO$,(B
$BI,MW$G$9!#(B

59. Lynx URI Handlers Arbitrary Command Execution Vulnerability
BugTraq ID: 15395
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15395
$BMWLs(B:
Lynx $B$K$O!"G$0U$N%3%^%s%I$,<B9T$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6(B

$B$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!
#(B

$B$3$NLdBj$rMxMQ$9$k%j%b!<%H$N967b<T$O!"0-0U$"$k%j%s%/$r%/%j%C%/$9$k$h$
&$K(B
$BI8E*%f!<%6$rM6F3$9$k$3$H$K$h$C$F!"I8E*%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%
HFb(B
$B$GG$0U$N%3%^%s%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

60. PHPSysInfo Multiple Input Validation Vulnerabilities
BugTraq ID: 15396
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15396
$BMWLs(B:
phpSysInfo $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?$$$,(B
$B$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@
Z$K(B
$B<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

phpSysInfo $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kLdBj!"(BHTTP $B1~Ez(B
$BJ,3d$NLdBj!"$*$h$S%m!<%+%k$GG$0U$N%U%!%$%k$,%$%s%/%k!<%I$5$l$kLdBj$,B
8:_(B
$B$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$rMxMQ$9$k967b<T$O!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h!"%U%#%C(B
$B%7%s%0967b!"$*$h$SHkL)>pJs$d=EMW$J>pJs$N<hF@$,0z$-5/$3$5$l$k2DG=@-$,$
"$j(B
$B$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

61. IBM AIX Diagela.SH Unspecified Security Vulnerability
BugTraq ID: 15397
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-11-11
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15397
$BMWLs(B:
IBM AIX $B$K$O!"L$FCDj$N%;%-%e%j%F%#>e$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K4X$9$k>pJs$O$[$H$s$I8x3+$5$l$F$$$^$;$s!#>\:Y$J>pJs$,8x3+$5$
l<!(B
$BBh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

62. RealNetworks RealPlayer Unspecified Malformed Image Skin File Buffer Overflow Vulnerability
BugTraq ID: 15398
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15398
$BMWLs(B:
RealNetworks $B$N(B RealPlayer $B$K$O!"%j%b!<%H$N967b<T$,G$0U$N%3!<%I$r<B9T$9(B
$B$k$3$H$r5v$7$F$7$^$&L$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%9%-%s%U%!%$%k$K4^$^$l$k0U?^E*$K:n@.$5$l$?2hA|$K$h$C$F0z$
-5/(B
$B$3$5$l$k2DG=@-$,$"$j$^$9!#%9%?%C%/%Y!<%9$N%P%C%U%!%*!<%P!<%U%m!<$,$3$
NLd(B
$BBj$N860x$G$"$k$HJs9p$5$l$F$$$^$9!#0U?^E*$K:n@.$5$l$?2hA|$r4^$s$@0-0U$
"$k(B
$B%9%-%s%U%!%$%k$r3+$/$h$&$KI8E*%f!<%6$rM6F3$9$k$3$H$K$h$C$F!"$3$NLdBj$
,Mx(B
$BMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

Windows $B%W%i%C%H%U%)!<%`$G<B9T$5$l$k(B RealPlayer 10/10.5 $B$N0lIt%j%j!<%9$K(B
$B$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

63. PHPWebThings Download.PHP File Parameter SQL Injection Vulnerability
BugTraq ID: 15399
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15399
$BMWLs(B:
phpWebThings $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$l$O!"(BSQL $B%/%(%j$G;HMQ$5$l$k%G!<%?$K4XO"$9$kF~NOCM$NBEEv@-3NG'$NLdBj$G$9!#(B
$B$3$NLdBj$O!"%j%b!<%H%f!<%6$,%/%(%j$N9=B$$*$h$S%m%8%C%/$rA`:n$9$k$3$H$
r5v(B
$B$7$F$7$^$$$^$9!#(B

$B$3$NLdBj$K$h$j!"$3$N%=%U%H%&%'%"$N5!G=$,B;$J$o$l$k2DG=@-$,$"$j$^$9!#%
G!<(B
$B%?%Y!<%9$N<BAu$dLdBj$N$"$k%/%(%j$N@-<A$K$h$C$F$O!"%G!<%?%Y!<%9$KIT@5%
"%/(B
$B%;%9$9$k$3$H$b2DG=$K$J$j$^$9!#(B

64. ActiveCampaign 1-2-All Broadcast Email Admin Control Panel Username SQL Injection Vulnerability
BugTraq ID: 15400
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-11-12
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15400
$BMWLs(B:
ActiveCampaign 1-2-All Broadcast Email $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#$3$l$O!"(BSQL $B%/%(%j$G;HMQ$5$l$k%G!<%?$K4XO"$9$kF~(B
$BNOCM$NBEEv@-3NG'$NLdBj$G$9!#$3$NLdBj$O!"%j%b!<%H%f!<%6$,%/%(%j$N9=B$$
*$h(B
$B$S%m%8%C%/$rA`:n$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

$B$3$NLdBj$K$h$j!"$3$N%=%U%H%&%'%"$N5!G=$,B;$J$o$l$k2DG=@-$,$"$j$^$9!#%
G!<(B
$B%?%Y!<%9$N<BAu$dLdBj$N$"$k%/%(%j$N@-<A$K$h$C$F$O!"%G!<%?%Y!<%9$X$NIT@
5%"(B
$B%/%;%9$r<hF@$9$k$3$H$b2DG=$K$J$j$^$9!#(B

III.SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Sony BMG faces digital-rights siege
$BCx<T(B: Robert Lemos
$B%&%$%k%9:n@.<T$K$h$C$F(B Sony BMG $B$N(B $B!H(Brootkit$B!I(B ($B%k!<%H%-%C%H(B) $B$,MxMQ$5$l(B
$B$F$$$k$H$$$&8=>u$r<u$1!"$3$N%3%s%F%s%DDs6!4k6H$KBP$9$k>CHq<T$*$h$S%;%
-%e(B
$B%j%F%#8&5f<T$?$A$N6l>p$OK!E*$J8e$m=b$rF@$^$7$?!#2;3Z6H3&$N5p?M$G$"$k
(B
Sony BMG $B$KBP$7!">/$J$/$H$b(B 5 $B7o$NAJ>Y$,4{$K5/$3$5$l$F$$$k$+:#8e5/$3$5$l(B
$B$kM=Dj$G$9!#(B

http://www.securityfocus.com/news/11356

2. Gold at the end of rainbow cracking?
$BCx<T(B: Robert Lemos
$B%Q%9%o!<%I%O%C%7%e$NBg5,LO$J%F!<%V%k$K$h$j!"@H<e$J%m%0%$%s>pJs$r2rFI$
9$k(B
$B$3$H$,6K$a$FMF0W$K$J$j$^$9!#0UM_$"$U$l$k?M!9$O!"$3$N%F!<%V%k$r%$%s%?!
<%M%C(B
$B%H$+$i%"%/%;%9$G$-$k$h$&$K$9$k$3$H$G2?$i$+$N%S%8%M%9$K$J$k$N$G$O$J$$$
+$H(B
$B9M$($F$$$^$9!#(B

http://www.securityfocus.com/news/11355

3. Suspected bot master busted
$BCx<T(B: Robert Lemos
$B%\%C%H%=%U%H%&%'%"$K$h$j(B 40 $BK|Bf$N%3%s%T%e!<%?$r46@w$5$;!"IT@5$J%"%U%#%j(B
$B%(%$%H>R2p$GHo32$r<u$1$?%7%9%F%`$X$NHNGd3hF0$K$h$k%"%/%;%9$K$h$C$FMx1
W$r(B
$B>e$2$F$$$?MF5?$G!"%+%j%U%)%k%K%"=#:_=;$NCK$,9pH/$5$l$^$7$?!#(B

http://www.securityfocus.com/news/11353

4. Hidden DRM code's legitimacy questioned
$BCx<T(B: Robert Lemos
Sony BMG $B$,Ds6!$9$k2;3Z(B CD $B$N%3%T!<%W%m%F%/%H$K$h$j!"(BWindows $B%3%s%T%e!<(B
$B%?>e$K$O%"%s%$%s%9%H!<%k$,:$Fq$J%G%8%?%kCx:n8"4IM}(B (DRM) $B%=%U%H%&%'%"$,(B
$B1#$5$l$F%$%s%9%H!<%k$5$l$^$9!#$3$N$3$H$K$D$$$F!"%;%-%e%j%F%#$N@lLg2H$
?$A(B
$B$O%l%3!<%I2q<R$,%k!<%H%-%C%H$rAH$_9~$s$G$$$k$HHsFq$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11352

5. Skype under scrutiny for bugs
$BCx<T(B: John Leyden
$B9-$/;HMQ$5$l$F$$$k(B VoIP $B%3%_%e%K%1!<%7%g%s%=%U%H%&%'%"$G$"$k(B Skype $B$K4X(B
$BO"$9$k:G6a$N(B 2 $B7o$N?<9o$J%;%-%e%j%F%#>e$NLdBj$O!"%Y%s%@$K$H$C$F:G0-$N%?(B
$B%$%_%s%0$G5/$3$j$^$7$?!#(B

http://www.securityfocus.com/news/11354

6. Say hello to the Skype Trojan
$BCx<T(B: John Leyden
$B%&%$%k%9:n@.<T$O!"?M5$$N9b$$(B VoIP $B%=%U%H%&%'%"$N:G?7%P!<%8%g%s$K8+$;$+$1(B
$B$??7$?$J%H%m%$$NLZGO$r;HMQ$7$F!"(BSkype $B%f!<%6$rI8E*$K$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11348

7. Shared music abuse bug hits iTunes
$BCx<T(B: John Leyden
$B%;%-%e%j%F%#8&5f<T$O!"?M5$$N9b$$(B Apple $B$N(B iTunes $B%W%m%0%i%`$GLdBj$rH/8+(B
$B$7$^$7$?!#$3$NLdBj$O!"6&M-$N2;3Z$r%@%&%s%m!<%I$9$k%$%s%?!<%U%'!<%9$G<
B9T(B
$B$5$l$k2DG=@-$,$"$j$^$9!#(B

http://www.securityfocus.com/news/11347

8. US cybersecurity all at sea
$BCx<T(B: John Leyden
$B9qEZ0BA4J]>c>J$K$h$k%"%a%j%+9qFb$N%5%$%P!<%;%-%e%j%F%#%j%9%/$N4IM}$OI
T==(B
$BJ,$G$"$k!"$H@h$NJF9qBgE}NN>pJs%;%-%e%j%F%#C4Ev8\Ld$OH/8@$7$F$$$^$9!#
(B

http://www.securityfocus.com/news/11345

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html
0?l *?H?÷
?]0?Y10 +0 *?H?÷
?
û0?0?k9ÊT?þP"2þ2ÙÛû?0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
180518235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
?÷Îv\«??Ü?o49]?>kr,áÇ¢{@)¹x?ºLÅ£j^?n{ãòAf¾û®¢Î?ó¢4?´²¶$òåÕàÈåbm?{Ë¾»?|WÊð7©¯?î¾(?Ù&v ÍÄNð®Õ¾¯WjÐ BBBô
Ì¥x??&8?G0?0?kLÇêª?>qÓ?ø=:???0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
280801235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
©OÃ
Çg¾,ËÙ¨Í-uç~?;rë~ë\- ?Ökm`|å®Å#\JÐ¯±]óÇ¶
Ûà?
Ý¼Çv?µÝOÃ?u¸ÀæÉ[k¥¸?Ü¬¤ÝríN¡÷O¼ÓêÈdt{Â?A?esXñ?<j±?ÉÄ?¼ÏEmEân"?þ¼1\
èòÙ0?¶0? %îs<û ?U??{?í¿0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
020404000000Z
070403235959Z0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0?0
*?H?÷
0?¼+þîO×ùútüoÃøÊ?(v'È4 Ëªr-Éö?~?hòKïÉÿo½?îÓ??ÿ¨þîhU°¼ð°óåNhfisµ:V÷^uæo;êâd'\`?ÝÛ+·¼¶ª¡$)¯t¦?¯GöÕK~,e3îÛ¥<
KCp?ÙÙÂ??Äø(£¤0¡0Uÿ0ÿ0FU ?0=0;`?H?øE0,0*+https://www.verisign.co.jp/rpa0U
ÿ0 `?H?øB0 U0¤010UC1C2-1-40
*?H?÷
\?Ïh??¿ÏÓ_n²N>?Qs?e¢w ~ü v1?ÿîv4YVÊæGèãTÓÈ?Î?«bMo]?¸¢±?_K??Çó[m³#ÕcÑU*¿þ·ÄUò´o:?¿ê§q^/=¯?
?òt)ÿÌõ
?¬ÕÕ?ô÷7ªÔ?pd{0?10?? d2?7Åw?É??¹?b?ñ0
*?H?÷
0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0
050331000000Z
060331235959Z0ü10U
VeriSign Japan K.K.10UISP Service CA1503U,Terms of use at www.verisign.co.jp/rpa (c)011806U/Service Name - 5BF88D474BD2A6D3E7E073163F0C4D1210UHitachijoho10UTsuneo Ogasawara1!0 *?H?÷
t.ogaswr (at) lac.co (dot) jp0 [email concealed]?0
*?H?÷
0?¿*E´\2ÅÍóDíÐÏÇ~?+Ü=Ù&-u4)~è§ÊÇ2ÉnAàÙWÍØoÓÐûÊfÚq³.?³¥Hë¼ÀÚ×?!0¯6iÚ??±?rÙDÏdA[?Ùî?´q\~ãè?ú¨
Ä»ù?oÊi1¶+_ãr?#??>¥þ?IÁeA£ä0á0 U00EU >0<0:
`?H?øE0,0*+https://www.verisign.co.jp/rpa0U 0
`?H?øB?0ZUS0Q0O M K?Ihttp://onsitecrl.verisign.co.jp/VeriSi
gnJapanKKISPServiceCA/LatestCRL.crl0
`?H?øE ÿ0
*?H?÷
TMÎ¤©ýäøpßËµ"òÎ©,ÍË¶Q??`puÏ?¥?F?ÿ¬ãÅz?¸íñ²Oð)ô2ð$³q?âüý |øu
ßx©?Ì0³Jçjñ^9?^ p('?öC¦^ã=?øîÍ?&´ª.àTaxz4ÓÄÇ«<v?òY³QúÄ1?90?50Þ0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CAd2?7Åw?É??¹?b?ñ0 + ±0 *?H?÷
1 *?H?÷
0 *?H?÷
1
060224084700Z0# *?H?÷
1Q~aõÅqï\(+I»M?&Ç5Á0R *?H?÷
1E0C0
*?H?÷
0*?H?÷
?0+0
*?H?÷
@0
*?H?÷
(0
*?H?÷
?eÙ?ý
ÉbÑlâð
öUXã?Ù4e3(¨r(©R¼rRA³o??IÉGÅ Ê]?@´ÖäGtÑC_,öPOéÄ}Â?ªËùØ?6Éâ½?ó?
H]qõÆ ?%v &5êË.FÎeË2z©?*zXç?1Ä ?ÑjÖóW

[ reply ]