Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #295
------------------------------

This Issue is Sponsored By: SPI Dynamics

ALERT: How a Hacker Launches a SQL Injection Attack
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems! Firewalls and
IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection! 

http://www.securityfocus.com/sponsor/SPIDynamics_sf-news_050405

------------------------------------------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Web Browser Forensics, Part 1
     2. Defeating Honeypots: System Issues, Part 2
     3. Windows 2003 SP1
II. BUGTRAQ SUMMARY
     1. ESMI PayPal Storefront SQL Injection Vulnerability
     2. ESMI PayPal Storefront Cross-Site Scripting Vulnerability
     3. Apple QuickTime PictureViewer Buffer Overflow Vulnerability
     4. Nuke Bookmarks Marks.php Path Disclosure Vulnerability
     5. Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
     6. Nuke Bookmarks Marks.php SQL Injection Vulnerability
     7. MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripti...
     8. MagicScripts E-Store Kit-2 PayPal Edition Remote File Includ...
     9. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
     10. Tincat Network Library Remote Buffer Overflow Vulnerability
     11. Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy...
     12. Tkai's Shoutbox Query Parameter URI Redirection Vulnerabilit...
     13. EXoops Multiple Input Validation Vulnerabilities
     14. Valdersoft Shopping Cart Multiple Input Validation Vulnerabi...
     15. PHPCoin Multiple Remote Vulnerabilities
     16. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
     17. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
     18. PhotoPost Pro Multiple Input Validation Vulnerabilities
     19. ACS Blog Name Field HTML Injection Vulnerability
     20. Smail-3 Unspecified Remote Vulnerability
     21. Symantec Norton AntiVirus AutoProtect Module Remote Denial O...
     22. Symantec Norton AntiVirus AutoProtect Module SmartScan Local...
     23. Bugtracker.NET Unspecified SQL Injection Vulnerabilities
     24. The Includer Remote File Include Vulnerability
     25. Adventia E-Data Remote HTML Injection Vulnerability
     26. Midnight Commander Insert_Text Buffer Overflow Vulnerability
     27. Chatness Message Form Field HTML Injection Vulnerability
     28. CPG Dragonfly Multiple Cross-Site Scripting Vulnerabilities
     29. Uapplication Ublog Cross-Site Scripting Vulnerability
     30. Linux Kernel EXT2 File System Information Leak Vulnerability
     31. EncapsBB File Include Vulnerability
     32. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
     33. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
     34. ASPApp PortalAPP Multiple Input Validation Vulnerabilities
     35. FastStone 4in1 Browser Web Server Remote Directory Traversal...
     36. WebAPP Unspecified File Disclosure Vulnerability
     37. WackoWiki Unspecified Cross-Site Scripting Vulnerabilities
     38. Adventia Chat Server Pro Remote HTML Injection Vulnerability
     39. Smarty Template Engine Remote PHP Script Execution Vulnerabi...
     40. Sybari AntiGen For Lotus Domino Multiple Remote Denial Of Se...
     41. Horde Application Framework Parent Page Title Cross-Site Scr...
     42. Lighthouse Development Squirrelcart SQL Injection Vulnerabil...
     43. Mailreader Remote HTML Injection Vulnerability
     44. Kerio Personal Firewall Local Network Access Restriction Byp...
     45. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
     46. Cisco VPN 3000 Concentrator Remote Denial of Service Vulnera...
     47. Linux Kernel File Lock Local Denial Of Service Vulnerability
     48. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
     49. OpenBSD TCP Stack Remote Denial Of Service Vulnerability
     50. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
     51. BZip2 CHMod File Permission Modification Race Condition Weak...
     52. Bay Technical Associates RPC3 Telnet Daemon Authentication B...
     53. InterAKT Online MX Shop SQL Injection Vulnerability
     54. ASP-DEV XM Forum IMG Tag Script Injection Vulnerability
     55. Linux Kernel Futex Local Deadlock Denial Of Service Vulnerab...
     56. Microsoft Jet Database Engine Malformed Database File Buffer...
     57. BlueSoleil Object Push Service Bluetooth File Upload Directo...
     58. PHP Group PHP Image File Format Remote Denial Of Service Vul...
     59. PHP Group PHP Remote JPEG File Format Remote Denial Of Servi...
     60. RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilit...
     61. BakBone NetVault Configure.CFG Local Buffer Overflow Vulnera...
     62. BakBone NetVault Remote Heap Overflow Vulnerability
     63. MaxWebPortal Events And Links Interface Multiple Input Valid...
     64. Microsoft Windows UNC Path Handling Unspecified Buffer Overf...
     65. Linux Kernel TmpFS Driver Local Denial Of Service Vulnerabil...
     66. Microsoft Windows Server 2003 Service Pack 1 Released - Mult...
     67. AlstraSoft EPay Pro Remote File Include Vulnerability
     68. AlstraSoft EPay Pro Multiple Cross-Site Scripting Vulnerabil...
III. SECURITYFOCUS NEWS ARTICLES
     1. Sybase allows release of flaw information
     2. Companies resist nuclear cyber security rule
     3. Feds square off with organized cyber crime
     4. Three quarters of corporate PCs shun SP2
     5. Carjackers swipe biometric Merc, plus owner's finger
     6. Hacking Google for fun and profit
IV. SECURITYFOCUS TOP 6 TOOLS
     1. Bitform Discover 2005.1
     2. Libnids 1.2
     3. File System Saint 1.02a
     4. TextKeeper 5.0
     5. DeSPAM Tunnel 3.0.0
     6. Umbrella v0.5
V. SECURITYJOBS LIST SUMMARY
     1. [SJ-JOB] Management, Santa Clara, US (Thread)
     2. [SJ-JOB] Technical Marketing Engineer, Santa Clara, ... (Thread)
     3. [SJ-JOB] Channel / Business Development, Home Based/... (Thread)
     4. [SJ-JOB] Security Architect, London, GB (Thread)
     5. [SJ-JOB] Management, New York, US (Thread)
     6. [SJ-JOB] Security Auditor, Tampa, US (Thread)
     7. [SJ-JOB] Developer, New York City, US (Thread)
     8. [SJ-JOB] Manager, Information Security, New York Cit... (Thread)
     9. [SJ-JOB] Security Engineer, Eglin Air Force Base , U... (Thread)
     10. [SJ-JOB] Security Engineer, New York City, US (Thread)
     11. [SJ-JOB] Security Product Manager, New York City, US (Thread)
     12. [SJ-JOB] Security Consultant, Honolulu, US (Thread)
     13. [SJ-JOB] Security System Administrator, Chicago, US (Thread)
     14. [SJ-JOB] Technology Risk Consultant, Los Angeles, US (Thread)
     15. [SJ-JOB] Manager, Information Security, Philadelphia... (Thread)
     16. [SJ-JOB] Sales Representative, Surrey/Windsor/&pound... (Thread)
     17. [SJ-JOB] Technical Support Engineer, Surrey/Windsor/... (Thread)
     18. [SJ-JOB] Sales Engineer, COLORADO SPRINGS , US (Thread)
     19. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
     20. [SJ-JOB] Jr. Security Analyst, Philadelphia, US (Thread)
     21. [SJ-JOB] Security Consultant, Singapore, SG (Thread)
     22. [SJ-JOB] Security Consultant, Houston, US (Thread)
     23. [SJ-JOB] Security Consultant, London, GB (Thread)
     24. [SJ-JOB] Security Engineer, London, GB (Thread)
     25. [SJ-JOB] VP of Marketing, London/Surrey/Berkshire &p... (Thread)
     26. [SJ-JOB] Auditor, San Francisco, US (Thread)
     27. [SJ-JOB] Security Engineer, Duluth, US (Thread)
     28. [SJ-JOB] Management, St. Louis or Kansas City, US (Thread)
     29. [SJ-JOB] Security Director, Leeds / Edinburgh, GB (Thread)
     30. [SJ-JOB] Security Engineer, Westford, US (Thread)
     31. [SJ-JOB] VP of Marketing, London/Berkshire Referral ... (Thread)
     32. [SJ-JOB] Manager, Information Security, West London,... (Thread)
     33. [SJ-JOB] CHECK Team Leader, London, GB (Thread)
     34. [SJ-JOB] Developer, Atlanta, US (Thread)
     35. [SJ-JOB] Sales Engineer, Oxford, GB (Thread)
     36. [SJ-JOB] Regional Channel Manager, Des Moines, US (Thread)
     37. [SJ-JOB] Sales Engineer, Newark and vicinity, US (Thread)
     38. [SJ-JOB] Security Product Manager, Santa Clara, US (Thread)
     39. [SJ-JOB] Sr. Security Analyst, Highlands Ranch, US (Thread)
     40. [SJ-JOB] Security Product Marketing Manager, Santa C... (Thread)
     41. [SJ-JOB] Management, Mission Viejo, US (Thread)
     42. [SJ-JOB] Management, New York (Brooklyn Metrotech), ... (Thread)
VI. INCIDENTS LIST SUMMARY
     1. Vendor notification (Thread)
     2. exploit or human (Thread)
     3. ANI Exploits in Spam -> more info (Thread)
     4. ANI Exploits in Spam (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
     1. Scanner (Thread)
     2. dnsmasq <2.21 off-by-one (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
     1. Integrating Domain and VPN Login (Thread)
     2. Windows Server 2003 Service Pack 1 (Thread)
     3. SecurityFocus Microsoft Newsletter #234 (Thread)
     4. quarantine vpn clients (Thread)
IX. SUN FOCUS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2005-03-29 to 2005-04-05.
X. LINUX FOCUS LIST SUMMARY
     1. vsftp question (Thread)
     2. Linux and DB2 (Thread)
     3. Apache+PHP+ftp security (Thread)
     4. Re[2]: Apache+PHP+ftp security (Thread)
     5. OpenVPN? (Thread)
XI. UNSUBSCRIBE INSTRUCTIONS
XII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Web Browser Forensics, Part 1
By Keith J. Jones and Rohyt Belani
This article provides a case study of digital forensics, and investigates
incriminating evidence using a user's web browser history.
http://www.securityfocus.com/infocus/1827

2. Defeating Honeypots: System Issues, Part 2
By Thorsten Holz and Frederic Raynal
Part two of this paper discusses how hackers discover, interact with, and
sometimes disable honeypots at the system level and the application layer.
http://www.securityfocus.com/infocus/1828

3. Windows 2003 SP1
By Mark Burnett
Microsoft's release of Windows 2003 Service Pack 1 last week is loaded with
security enhancements, and it's a big step in the right direction.
http://www.securityfocus.com/columnists/312

II. BUGTRAQ SUMMARY
-------------------
1. ESMI PayPal Storefront SQL Injection Vulnerability
BugTraq ID: 12903
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12903
Summary:
ESMI PayPal Storefront is prone to an SQL injection vulnerability.  This issue
is due to a failure in the application to properly sanitize user-supplied input
before using it in as SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

2. ESMI PayPal Storefront Cross-Site Scripting Vulnerability
BugTraq ID: 12904
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12904
Summary:
ESMI PayPal Storefrom is affected by a cross-site scripting vulnerability. This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

3. Apple QuickTime PictureViewer Buffer Overflow Vulnerability
BugTraq ID: 12905
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12905
Summary:
Apple QuickTime is reportedly prone to a buffer overflow when viewing malformed
image files.

This issue was reported to exist in QuickTime 6.5.1 for Windows.  Other versions
may also be affected.

This issue may be related to BID 11553.

4. Nuke Bookmarks Marks.php Path Disclosure Vulnerability
BugTraq ID: 12906
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12906
Summary:
Nuke Bookmarks is prone to a path disclosure issue when invalid data is
submitted.

This issue can allow an attacker to access sensitive data that may be used to
launch further attacks against a vulnerable computer.

5. Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12907
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12907
Summary:
Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

6. Nuke Bookmarks Marks.php SQL Injection Vulnerability
BugTraq ID: 12908
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12908
Summary:
Nuke Bookmarks is prone to an SQL injection vulnerability.

This vulnerability could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks.

7. MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripti...
BugTraq ID: 12909
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12909
Summary:
MagicScripts E-Store Kit-2 PayPal Edition is prone to a cross-site scripting
vulnerability.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

8. MagicScripts E-Store Kit-2 PayPal Edition Remote File Includ...
BugTraq ID: 12910
Remote: Yes
Date Published: Mar 26 2005
Relevant URL: http://www.securityfocus.com/bid/12910
Summary:
MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include
vulnerability.

Remote attackers could potentially exploit this issue to include a remote
malicious PHP script.  If the attacker is able to execute the remote script it
would execute in the context of the Web server hosting the vulnerable
application.

9. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
BugTraq ID: 12911
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12911
Summary:
A local signed buffer index vulnerability affects the Linux kernel. This issue
is due to a failure of the affected kernel to securely handle signed values when
validating memory indexes.

This issue may be leverage by a local attacker to gain escalated privileges on
an affected computer.

10. Tincat Network Library Remote Buffer Overflow Vulnerability
BugTraq ID: 12912
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12912
Summary:
Tincat is reported prone to a remote buffer overflow vulnerability.

It is reported that this issue exists in the function responsible for logging
users that have connected to a game server. 

A successful attack can allow an attacker to gain unauthorized access to a
vulnerable computer in the context of a game server.

11. Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy...
BugTraq ID: 12913
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12913
Summary:
Microsoft Outlook 2002 Connector for IBM Lotus Domino is reported prone to a
policy bypass vulnerability. It is reported that the Microsoft Outlook 2002
Connector for IBM Lotus Domino saves login credentials locally even when a Group
policy is in place that is supposed to prevent this.

This may result in a false sense of security. An attacker with knowledge of a
valid username may employ the cached passwords to authenticate successfully to
the connected IBM Lotus Domino server.

12. Tkai's Shoutbox Query Parameter URI Redirection Vulnerabilit...
BugTraq ID: 12914
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12914
Summary:
Tkai's Shoutbox is reported prone to a remote URI redirection vulnerability.  

It is reported that an attacker can exploit this issue by supplying the URI of a
malicious site through the 'query' parameter of a link.

A successful attack may result in various attacks including theft of cookie
based authentication credentials.

13. EXoops Multiple Input Validation Vulnerabilities
BugTraq ID: 12915
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12915
Summary:
Multiple input validation vulnerabilities reportedly affect exoops. These issues
are due to a failure of the application to properly sanitize user-supplied input
prior to using it to carry out critical actions.

An attacker may leverage these issues to carry out cross-site scripting and SQL
injection attacks against the affected application.  This may result in the
theft of authentication credentials, destruction or disclosure of sensitive
data, and potentially other attacks.

14. Valdersoft Shopping Cart Multiple Input Validation Vulnerabi...
BugTraq ID: 12916
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12916
Summary:
Multiple input validation vulnerabilities reportedly affect Valdersoft Shopping
Cart. These issues are due to a failure of the application to properly sanitize
user-supplied input prior to using it to carry out critical actions.

An attacker may leverage these issues to carry out cross-site scripting and SQL
injection attacks against the affected application.  This may result in the
theft of authentication credentials, destruction or disclosure of sensitive
data, and potentially other attacks.

15. PHPCoin Multiple Remote Vulnerabilities
BugTraq ID: 12917
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12917
Summary:
Multiple remote input validation vulnerabilities affect phpCoin.

Multiple SQL injection vulnerabilities have been reported.  An attacker may
leverage these issues to manipulate and view arbitrary database contents. 

phpCoin is also affected by a local file include vulnerability.  An attacker may
leverage this issue to execute arbitrary server-side script code that resides on
an affected computer with the privileges of the Web server process. This may
potentially facilitate unauthorized access.  This issue may also be exploited to
disclose arbitrary files.

phpCoin 1.2.1b and prior versions are affected by these issues.

16. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
BugTraq ID: 12918
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12918
Summary:
A remote buffer overflow vulnerability affects Multiple vendor's Telnet client. 
This issue is due to a failure of the application to properly validate the
length of user-supplied strings prior to copying them into static process
buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges
of the user that activated the vulnerable application. This may facilitate
unauthorized access or privilege escalation.

17. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
BugTraq ID: 12919
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12919
Summary:
Multiple vendor's Telnet client applications are reported prone to a remote
buffer overflow vulnerability. It is reported that the vulnerability exists in a
function 'env_opt_add()' in the 'telnet.c' source file, which is apparently
common source for all of the affected vendors.

A remote attacker may exploit this vulnerability to execute arbitrary code on
some of the affected platforms in the context of a user that is using the
vulnerable Telnet client to connect to a malicious server.

18. PhotoPost Pro Multiple Input Validation Vulnerabilities
BugTraq ID: 12920
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12920
Summary:
Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. 
These issues are due to a failure of the application to properly sanitize
user-supplied input prior to using it to carry out critical actions.

The first set of issues are cross-site scripting vulnerabilities that affect the
'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts.  These issues
arise as the application fails to properly sanitize input passed through the
offending functions before including it in dynamically generated Web content.

The second set of issues are SQL injection vulnerabilities that affect the
'showmembers.php' and 'showphoto.php' scripts.  The application includes the
value of the offending parameters without sanitization, allowing an attacker to
inject SQL syntax and manipulate SQL queries.

An attacker may leverage these issues to carry out cross-site scripting and SQL
injection attacks against the affected application.  This may result in the
theft of authentication credentials, destruction or disclosure of sensitive
data, and potentially other attacks.

19. ACS Blog Name Field HTML Injection Vulnerability
BugTraq ID: 12921
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12921
Summary:
ACS Blog is affected by an HTML injection vulnerability.

The issue affects the 'Name' field and may be exploited to execute arbitrary
HTML and script code in the browser of the user when the user views an affected
Web page. 

ACS Blog 1.1.1 is affected by this issue. It is likely that this issue affects
prior versions as well.

20. Smail-3 Unspecified Remote Vulnerability
BugTraq ID: 12922
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12922
Summary:
Smail-3 is reported prone to an unspecified vulnerability that may be related to
the issues that are described in BID 12899 (Smail-3 Multiple Remote and Local
Vulnerabilities). 

It is reported that the vulnerability manifests because insufficient boundary
checks are performed on certain pointer values. It is conjectured that this may
result in memory corruption ultimately leading to arbitrary code execution.

Few details are known in regards to this issue, this BID will be updated as soon
as further information is made available.

21. Symantec Norton AntiVirus AutoProtect Module Remote Denial O...
BugTraq ID: 12923
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12923
Summary:
The Symantec Norton AntiVirus AutoProtect module is reported prone to a remote
denial of service vulnerability. It is reported that the issue manifests when an
unspecified type of file is scanned by AutoProtect, the scan results in the
device driver module failing leading to a subsequent kernel crash.

22. Symantec Norton AntiVirus AutoProtect Module SmartScan Local...
BugTraq ID: 12924
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12924
Summary:
The Symantec Norton AntiVirus AutoProtect SmartScan functionality is reported
prone to a local denial of service vulnerability. It is reported that under
certain circumstances, when SmartScan is enabled, renaming of a file that is
stored on a network share will result in a system crash.

A local attacker may exploit this vulnerability to deny service for legitimate
users.

23. Bugtracker.NET Unspecified SQL Injection Vulnerabilities
BugTraq ID: 12925
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12925
Summary:
Bugtracker.NET is prone to unspecified SQL injection vulnerabilities.

These vulnerabilities could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks.

24. The Includer Remote File Include Vulnerability
BugTraq ID: 12926
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12926
Summary:
The Includer is reported prone to a remote file include vulnerability.

The problem presents itself specifically when an attacker passes the location of
a remote script through an affected parameter.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access. 

All versions of The Includer are considered to be vulnerable at the moment. 
This BID will be updated when more information becomes available.

25. Adventia E-Data Remote HTML Injection Vulnerability
BugTraq ID: 12927
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12927
Summary:
A remote HTML injection vulnerability affects Adventia E-Data.  This issue is
due to a failure of the application to properly sanitize user-supplied input
prior to including it in dynamically generated Web content. 

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

26. Midnight Commander Insert_Text Buffer Overflow Vulnerability
BugTraq ID: 12928
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12928
Summary:
A buffer overflow vulnerability exists in Midnight Commander.  The vulnerability
is caused by insufficient bounds checking of external data supplied to the
'insert_text()' function.  

This issue may allow local attackers to execute arbitrary code in the context of
another user.

27. Chatness Message Form Field HTML Injection Vulnerability
BugTraq ID: 12929
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12929
Summary:
Chatness is prone to an HTML injection vulnerability.  This issue is exposed
through various chat message form fields.

Exploitation will allow an attacker to inject hostile HTML and script code into
the session of another user.  An attacker could take advantage of this
vulnerability to steal cookie-based authentication credentials or launch other
attacks.

28. CPG Dragonfly Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12930
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12930
Summary:
CPG Dragonfly is prone to multiple cross-site scripting vulnerabilities in
various modules.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

29. Uapplication Ublog Cross-Site Scripting Vulnerability
BugTraq ID: 12931
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12931
Summary:
Ublog is affected by a cross-site scripting vulnerability.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

Ublog 1.0.4 and prior versions are reportedly affected by this issue.

30. Linux Kernel EXT2 File System Information Leak Vulnerability
BugTraq ID: 12932
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12932
Summary:
The Linux kernel EXT2 filesystem handling code is reported prone to a local
information leakage vulnerability.

This issue may be leveraged by a local attacker to gain access to potential
sensitive kernel memory.  Information gained in this way may lead to further
attacks against the affected computer.

31. EncapsBB File Include Vulnerability
BugTraq ID: 12933
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12933
Summary:
EncapsBB is reported prone to a file include vulnerability.

The problem presents itself specifically when an attacker passes the location of
a remote or local script through the 'index_header.php' script. 

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access. 

EncapsBB version 0.3.2_fixed is reported prone to this issue.  Other versions
may be affected as well.

32. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
BugTraq ID: 12934
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12934
Summary:
Sylpheed is prone to a buffer overflow when handling email attachments with
MIME-encoded file names.

Succesful exploitation may allow arbitrary code execution in the security
context of the application.

33. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
BugTraq ID: 12935
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12935
Summary:
Linux Kernel is prone to a potential local denial of service vulnerability.  

It is reported that issue exists in the 'load_elf_library' function.

Linux Kernel 2.6.11.5 and prior versions are affected by this issue.

34. ASPApp PortalAPP Multiple Input Validation Vulnerabilities
BugTraq ID: 12936
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12936
Summary:
Multiple input validation vulnerabilities reportedly affect PortalAPP.  These
issues are due to a failure of the application to properly sanitize
user-supplied input prior to using it to carry out critical actions.

The first set of issues are cross-site scripting vulnerabilities that affect the
'content.asp' script. These issues arise as the application fails to properly
sanitize input passed through the offending functions before including it in
dynamically generated Web content.

The second issue is an SQL injection vulnerability that affects the
'ad_click.asp' script.  The application includes the value of the offending
parameters without sanitization, allowing an attacker to inject SQL syntax and
manipulate SQL queries.

An attacker may leverage these issues to carry out cross-site scripting and SQL
injection attacks against the affected application.  This may result in the
theft of authentication credentials, destruction or disclosure of sensitive
data, and potentially other attacks.

35. FastStone 4in1 Browser Web Server Remote Directory Traversal...
BugTraq ID: 12937
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12937
Summary:
A vulnerability has been identified in the handling of certain types of requests
by the 4in1 Browser Web server.  Because of this, it is possible for an attacker
to gain access to potentially sensitive system files.

This issue could be exploited to gain read access to files on a host using the
vulnerable software.  Read privileges granted to these files would be restricted
by the permissions of the web server process.

This vulnerability is reported to affect FastStone 4in1 Browser version 1.2,
previous versions might also be affected.

36. WebAPP Unspecified File Disclosure Vulnerability
BugTraq ID: 12938
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12938
Summary:
WebAPP is reported prone to an unspecified file disclosure vulnerability. 

It is reported that this issue may allow remote attackers to disclose contents
of certain files.  Information gathered through a successful attack may aid in
other attacks against a vulnerable computer.

All versions of WebAPP are considered vulnerable to this issue.

This BID will be updated when more information is available.

37. WackoWiki Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 12939
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12939
Summary:
Multiple cross-site scripting vulnerabilities exist in WackoWiki.  The vendor
has released a fixed version to address these issues but has not provided any
further information regarding these issues.  The issues may likely be exploited
to steal cookie-based authentication credentials.  Other attacks may also be
possible.

The vulnerabilities are reported to affect WackoWiki R4.  It is not known if
earlier versions are also affected.

These issues are distinct from the vulnerabilities reported in BID 11935
"WackoWiki Multiple Unspecified Cross-Site Scripting Vulnerabilities".

38. Adventia Chat Server Pro Remote HTML Injection Vulnerability
BugTraq ID: 12940
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12940
Summary:
A remote HTML injection vulnerability affects Adventia Chat Server Pro. This
issue is due to a failure of the application to properly sanitize user-supplied
input prior to including it in dynamically generated Web content.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

39. Smarty Template Engine Remote PHP Script Execution Vulnerabi...
BugTraq ID: 12941
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12941
Summary:
A remote PHP code execution vulnerability affects Smarty Template Engine.  This
issue is due to a failure of the application to properly secure access to PHP
script manipulation.

An attacker may leverage this issue to execute arbitrary PHP script code on an
affected computer; this may be exploited to gain unauthorized access to or
escalated privileges on a hosting computer.

40. Sybari AntiGen For Lotus Domino Multiple Remote Denial Of Se...
BugTraq ID: 12942
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12942
Summary:
Multiple vulnerabilities are reported to exist in Sybari AntiGen For Lotus
Domino. The following issues are reported:

A denial of service vulnerability is reported to affect Sybari AntiGen For Lotus
Domino. The issue is reported to manifest when a specially crafted RAR archive
is processed, and results in the software crashing.

A buffer overflow vulnerability is reported to affect Sybari AntiGen For Lotus
Domino. It is reported that this issue manifests when a tiny file is scanned.

A remote attacker may exploit these issues to deny service for legitimate users.

41. Horde Application Framework Parent Page Title Cross-Site Scr...
BugTraq ID: 12943
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12943
Summary:
Horde Application Framework is prone to a cross-site scripting vulnerability. 
An attacker can supply arbitrary HTML and script code to the application when
the page title of a parent frame is manipulated.

A successful attack can facilitate theft of cookie-based authentication
credentials. Other attacks are possible as well. 

Horde 3.0.4-RC2 is reported vulnerable, however, other versions may be affected
as well.

42. Lighthouse Development Squirrelcart SQL Injection Vulnerabil...
BugTraq ID: 12944
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12944
Summary:
Squirrelcart is affected by an SQL injection vulnerability.

This vulnerability could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks. 

All versions of Squirrelcart are considered vulnerable at the moment.

43. Mailreader Remote HTML Injection Vulnerability
BugTraq ID: 12945
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12945
Summary:
A remote HTML injection vulnerability affects Mailreader. This issue is due to a
failure of the application to properly sanitize user-supplied input prior to
including it in dynamically generated Web content. 

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

44. Kerio Personal Firewall Local Network Access Restriction Byp...
BugTraq ID: 12946
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12946
Summary:
A local network access restriction bypass vulnerability affects Kerio Personal
Firewall.  This issue is due to a design error that causes the application to
fail to properly validate the origin of network requests.

An attacker may leverage this issue to bypass network access restrictions,
potentially leading administrators to a false sense of security.

45. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
BugTraq ID: 12947
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12947
Summary:
mtftpd is reported prone to a remote format string vulnerability.

Reports indicate that this issue may be exploited by a remote authenticated
attacker to execute arbitrary code in the context of the vulnerable service.

This vulnerability is reported to affect mtftpd versions up to an including
version 0.0.3.

46. Cisco VPN 3000 Concentrator Remote Denial of Service Vulnera...
BugTraq ID: 12948
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12948
Summary:
Cisco VPN 3000 Concentrator products are reported prone to a remote denial of
service vulnerability.

A remote unauthenticated attacker may trigger this vulnerability to cause an
affected device to reload or drop connections.  Specifically, an attacker can
target the HTTPS service running on a vulnerable device to trigger this
vulnerability.

Cisco VPN 3000 Concentrator products running software version 4.1.7.A and prior
are affected by this issue.

47. Linux Kernel File Lock Local Denial Of Service Vulnerability
BugTraq ID: 12949
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12949
Summary:
A local denial of service vulnerability reportedly affects the Linux kernel. 
This issue arises due to a failure of the kernel to properly handle malicious,
excessive file locks.

An attacker may leverage this issue to crash or hang the affected kernel and
deny service to legitimate users.

It should be noted that Symantec has been unable to reproduce this issue after
testing.  It is possible that this vulnerability is linked to the reporter's
specific configuration.  More information will be added as it becomes available.

48. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
BugTraq ID: 12950
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12950
Summary:
gdk-pixbuf library is reported prone to a denial of service vulnerability.  This
issue arises due to a double free condition.

It is reported that this vulnerability presents itself when an application that
is linked against the library handles malformed Bitmap (.bmp) image files. 

A successful attack may result in a denial of service condition.  It is not
confirmed whether this vulnerability could be leveraged to execute arbitrary
code.

gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable to this
issue.  It is likely that other versions are affected as well.

This BID will be updated when more information becomes available.

49. OpenBSD TCP Stack Remote Denial Of Service Vulnerability
BugTraq ID: 12951
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12951
Summary:
A remote denial of service vulnerability affects the OpenBSD operating system. 
This issue is due to implementation errors in the TCP stack, causing it to fail
on malicious requests.

A remote attacker may leverage this issue to cause an affected computer to
exhaust memory or crash, denying service to legitimate users.

50. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 12952
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12952
Summary:
paFileDB is reported prone to a cross-site scripting vulnerability.

The vulnerability presents itself when an attacker supplies malicious HTML and
script code through the 'id' parameter.

This may allow for theft of cookie-based authentication credentials or other
attacks.

paFileDB 3.1 and prior versions are affected by this vulnerability.

This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection And
Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena PAFileDB Multiple
Remote Cross Site Scripting Vulnerabilities).  This BID will be retired or
updated upon further analysis.

51. BZip2 CHMod File Permission Modification Race Condition Weak...
BugTraq ID: 12954
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12954
Summary:
bzip2 is reported prone to a security weakness, the issue is only present when
an archive is extracted into a world or group writeable directory. It is
reported that bzip2 employs non-atomic procedures to write a file and later
change the permissions on the newly extracted file.

A local attacker may leverage this issue to modify file permissions of target
files.

This weakness is reported to affect bzip2 version 1.0.2 and previous versions.

52. Bay Technical Associates RPC3 Telnet Daemon Authentication B...
BugTraq ID: 12955
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12955
Summary:
It is reported that the telnet daemon used by the device is affected by an
authentication bypass vulnerability.

A successful attack can allow an attacker to carry out a denial of service
attack against a machine using the power supply by shutting down the device.

RPC3 Telnet version F 3.05 is reported vulnerable.  It is believed that the
telnet daemon is shipped with most RPC-3 devices.

It is reported that RPC3 Telnet Revision F5.10.4 is not affected by this issue.

The affected packages will be updated when more information becomes available.

53. InterAKT Online MX Shop SQL Injection Vulnerability
BugTraq ID: 12957
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12957
Summary:
MX Shop is reportedly affected by an SQL injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

This vulnerability could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic.

Successful exploitation could result in a compromise of security properties of
the application. The impact of this issue may be limited depending on the
underlying database that is being used.

InterAKT Online MX Shop version 1.1.1 is reported prone to these issues, other
versions might also be affected.

54. ASP-DEV XM Forum IMG Tag Script Injection Vulnerability
BugTraq ID: 12958
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12958
Summary:
XM Forum is reported prone to a script injection vulnerability.

An attacker can supply arbitrary HTML and script code through the BBCode IMG tag
to trigger this issue and execute arbitrary script code in a user's browser.

XM Forum RC3 is reported vulnerable.  It is possible that other versions are
affected as well.

55. Linux Kernel Futex Local Deadlock Denial Of Service Vulnerab...
BugTraq ID: 12959
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12959
Summary:
The Linux kernel futex functions are reported prone to a local denial of service
vulnerability. The issue is reported to manifest because several unspecified
futex functions perform 'get_user()' calls and at the same time hold mmap_sem
for reading purposes.

A local attacker may potentially leverage this issue to trigger a kernel
deadlock and potentially deny service for legitimate users.

This vulnerability is reported to exist in the 2.6 Linux kernel tree.

56. Microsoft Jet Database Engine Malformed Database File Buffer...
BugTraq ID: 12960
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12960
Summary:
It is reported that Microsoft Jet Database Engine is vulnerable to a buffer
overflow vulnerability. This issue is due to a failure of the library to
properly bounds check user-supplied database file contents.

Attackers may exploit this vulnerability to execute arbitrary machine code in
the context of the victim user attempting to access a malicious Jet database
file.

This vulnerability is reported to exist in the 'msjet40.dll' library, version
4.00.8618.0. Older versions may also be affected. The 'msjetole40.dll' OLE
(Object Linking and Embedding) library is reportedly immune to this
vulnerability.

57. BlueSoleil Object Push Service Bluetooth File Upload Directo...
BugTraq ID: 12961
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12961
Summary:
BlueSoleil is prone to directory traversal attacks during Bluetooth file
uploads.  The issue exists in the Object Push Service.

This vulnerability may allow an attacker to upload malicious files to arbitrary
locations on affected computers over Bluetooth.  An attacker can take advantage
of the issue to execute arbitrary code by uploading executables to a location on
the computer where they will later be executed.

58. PHP Group PHP Image File Format Remote Denial Of Service Vul...
BugTraq ID: 12962
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12962
Summary:
A remote denial of service vulnerability affects PHP Group PHP.  This issue is
due to a failure of the application to properly handle maliciously formed Image
Format File (IFF) image files.

It should be noted that this vulnerability can only be exploited remotely if a
Web based PHP application is implemented that allows user-supplied images to be
processed by the 'getimagesize()' function.  The 'getimagesize()' is commonly
implemented in PHP Web applications that allow for the display of images.

An attacker may leverage this issue to cause the affected script interpreter to
consume excessive processing resources on an affected computer, leading to a
denial of service condition.

59. PHP Group PHP Remote JPEG File Format Remote Denial Of Servi...
BugTraq ID: 12963
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12963
Summary:
A remote denial of service vulnerability affects PHP Group PHP.  This issue is
due to a failure of the application to properly handle maliciously crafted JPEG
image files.

It should be noted that this vulnerability can only be exploited remotely if a
Web based PHP application is implemented that allows user-supplied images to be
processed by the 'getimagesize()' function.  The 'getimagesize()' is commonly
implemented in PHP Web applications that allow for the display of images.

An attacker may leverage this issue to cause the affected script interpreter to
consume excessive processing resources on an affected computer, leading to a
denial of service condition.

60. RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilit...
BugTraq ID: 12965
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12965
Summary:
RUMBA is reported prone to multiple buffer overflow vulnerabilities. Theses
issues are reported to manifest when RTO and WPA profiles are loaded by the
software.

Ultimately it is conjectured that this issue may be exploited by a remote
attacker to execute arbitrary attacker-supplied code in the context of the
vulnerable software.

RUMBA version 7.3 is reported prone to this issue, previous versions are also
reported to be affected.

61. BakBone NetVault Configure.CFG Local Buffer Overflow Vulnera...
BugTraq ID: 12966
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12966
Summary:
NetVault is reported prone to a local buffer overflow vulnerability.

It is reported that a local attacker can exploit this vulnerability by supplying
excessive data through a variable in the 'configure.cfg' file.

A successful attack can allow local attackers to execute arbitrary code on a
vulnerable computer to gain elevated privileges.

This issue has been confirmed in NetVault 7 packages running on Windows
platforms.  Other versions of NetVault running on different platforms may be
affected as well.

62. BakBone NetVault Remote Heap Overflow Vulnerability
BugTraq ID: 12967
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12967
Summary:
NetVault is reported prone to a remote heap overflow vulnerability.

A successful attack can allow remote attackers to execute arbitrary code on a
vulnerable computer to gain unauthorized access. 

This issue has been confirmed in NetVault 7 packages running on Windows
platforms. Other versions of NetVault running on different platforms may be
affected as well.

63. MaxWebPortal Events And Links Interface Multiple Input Valid...
BugTraq ID: 12968
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12968
Summary:
Multiple input validation vulnerabilities affect MaxWebPortal. These issues are
due to a failure of the application to properly sanitize user-supplied input
prior to using it to carry out critical application functionality such as
database interaction and generating dynamic Web content. 

An attacker may exploit this issue to manipulate SQL queries to the underlying
database and have arbitrary script code executed in the browser of an
unsuspecting user.  This may facilitate theft of sensitive information,
potentially including authentication credentials, and data corruption.

64. Microsoft Windows UNC Path Handling Unspecified Buffer Overf...
BugTraq ID: 12969
Remote: Unknown
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12969
Summary:
Microsoft Windows is reported prone to an unspecified buffer overflow
vulnerability when handling a malformed UNC path.

It is reported that this issue can be triggered by supplying a malformed UNC
path through the command line.  Further details were not disclosed, however, it
is conjectured that a local attacker supplies excessive data as a UNC path to
trigger the overflow condition leading to memory corruption.  It is currently
not known if this will allow a local attacker to gain elevated privileges.

Although unconfirmed, this issue may also pose a remote risk if an attacker is
able to supply a vulnerable user with a malformed UNC path and entice them to
open it or through an application that processes UNC paths.

This issue has reportedly been addressed with the release of Windows Server 2003
SP1.  Operating system releases prior to Server 2003 are also reportedly
affected.

Due to a lack of details, further information is not available at the moment. 
This BID will be updated when more details are released.

65. Linux Kernel TmpFS Driver Local Denial Of Service Vulnerabil...
BugTraq ID: 12970
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12970
Summary:
The Linux kernel is reported prone to a local denial of service vulnerability.
The issue is reported to exist in the Linux kernel tmpfs driver, and is because
of a lack of sanitization performed on the address argument of 'shm_nopage()'.

66. Microsoft Windows Server 2003 Service Pack 1 Released - Mult...
BugTraq ID: 12972
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12972
Summary:
Microsoft has released Windows Server 2003 Service Pack 1.  This release
addresses a number of bugs, including some potential security vulnerabilities
and weaknesses.  

Many of the bugs that have been fixed in this Service Pack may have a security
impact that may be exploited by a local or remote attacker.  Possible
consequences include privilege escalation, lowered security settings, denial of
service attacks, and policy bypass. The release also includes various security
enhancements and roll-ups for previous security updates.

67. AlstraSoft EPay Pro Remote File Include Vulnerability
BugTraq ID: 12973
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12973
Summary:
EPay Pro is reported prone to a remote file include vulnerability.

The problem presents itself specifically when an attacker passes the location of
a remote attacker-specified script through the 'view' parameter.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer.

EPay Pro version 2.0 is vulnerable to this issue.

68. AlstraSoft EPay Pro Multiple Cross-Site Scripting Vulnerabil...
BugTraq ID: 12974
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12974
Summary:
It is reported that EPay Pro is affected by various cross-site scripting
vulnerabilities.

These problems present themselves when malicious HTML and script code is sent to
the application through multiple parameters.

This issue may allow for theft of cookie-based authentication credentials or
other attacks.

EPay Pro version 2.0 is vulnerable to these issues.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Sybase allows release of flaw information
By: Robert Lemos

The database company allows U.K. security firm NGSSoftware to 
publish details on six flaws, but legal and security experts are still 
concerned that future disclosures will be challenged.
http://www.securityfocus.com/news/10827

2. Companies resist nuclear cyber security rule
By: Kevin Poulsen

A proposed standard  for protecting nuclear power plant safety systems from
cyber attack gets a less than glowing reaction from system vendors and plant
operators.

http://www.securityfocus.com/news/10618

3. Feds square off with organized cyber crime
By: Kevin Poulsen

Law enforcement sees undercover operations as a key to unraveling sophisticated
alliances between computer intruders and fraud artists.
http://www.securityfocus.com/news/10525

4. Three quarters of corporate PCs shun SP2
By: John Leyden, The Register

Only a quarter of corporate PCs running Windows XP have upgraded to SP2 (Service
Pack 2), according to a survey out this week.
http://www.securityfocus.com/news/10818

5. Carjackers swipe biometric Merc, plus owner's finger
By: John Leyden, The Register

A Malaysian businessman has lost a finger to car thieves impatient to get around
his Mercedes' fingerprint security system.
http://www.securityfocus.com/news/10817

6. Hacking Google for fun and profit
By: John Leyden, The Register

Insecure websites are not the only venues at risk from Google-hacking.
http://www.securityfocus.com/news/10816

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Bitform Discover 2005.1
By: Bitform Technology Inc.
Relevant URL: http://www.bitform.net/products/discover/
Platforms: Java
Summary: 

Bitform Discover is a powerful utility that quickly analyzes individual
documents or whole collections of documents and reports on more than two dozen
potentially sensitive hidden data elements. Discover supports Microsoft Word,
Excel and PowerPoint file formats.

2. Libnids 1.2
By: Rafal Wojtczuk
Relevant URL: http://libnids.sourceforge.net/
Platforms: Os Independent
Summary: 

NIDS E-box implementation; emulates linux 2.0.36 TCP/IP stack. It provides IP
defragmentation, TCP reassembly, portscan detection.

3. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary: 

A fast, flexible, lightweight perl-based host IDS.

4. TextKeeper 5.0
By: HardwareCrasher
Relevant URL: http://members.lycos.co.uk/textkeeper/tkup.zip
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary: 

Encrypts text using numeric combinations and two algorithms, One of the
algorithms uses 5 different numeric combinations.

5. DeSPAM Tunnel 3.0.0
By: The German Computer Freaks (Du-Nu)
Relevant URL: http://www.gcf.de/projects/despam.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary: 

This program is a tunnel for pop3 connections and filters spam during the
pop3-download of emails automatically. To determine whether an email is UCE it
evaluates the content of each email that passes the tunnel statistically. Its
intelligent wordparsing filter "backMatch" even matches buzzwords that contain
characters which have been replaced by similar looking special chars to avoid
being filtered.

6. Umbrella v0.5
By: Umbrella
Relevant URL: http://umbrella.sf.net/
Platforms: Linux
Summary: 

A combination of process-based access control (PBAC) and authentication of
binaries (like DigSig) - in addition the binaries have the security policy
included within the binary, thus when it is executed, the policy is applied to
the corrosponding process. Umbrella provides developers with a "restricted fork"
which enables him to further restrict a sub-process from e.g. accessing the
network.

V. SECURITYJOBS LIST SUMMARY
----------------------------
1. [SJ-JOB] Management, Santa Clara, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394687

2. [SJ-JOB] Technical Marketing Engineer, Santa Clara, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394686

3. [SJ-JOB] Channel / Business Development, Home Based/... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394685

4. [SJ-JOB] Security Architect, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394684

5. [SJ-JOB] Management, New York, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394683

6. [SJ-JOB] Security Auditor, Tampa, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394682

7. [SJ-JOB] Developer, New York City, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394681

8. [SJ-JOB] Manager, Information Security, New York Cit... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394680

9. [SJ-JOB] Security Engineer, Eglin Air Force Base , U... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394679

10. [SJ-JOB] Security Engineer, New York City, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394678

11. [SJ-JOB] Security Product Manager, New York City, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394677

12. [SJ-JOB] Security Consultant, Honolulu, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394676

13. [SJ-JOB] Security System Administrator, Chicago, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394675

14. [SJ-JOB] Technology Risk Consultant, Los Angeles, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394674

15. [SJ-JOB] Manager, Information Security, Philadelphia... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394673

16. [SJ-JOB] Sales Representative, Surrey/Windsor/&pound... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394672

17. [SJ-JOB] Technical Support Engineer, Surrey/Windsor/... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394671

18. [SJ-JOB] Sales Engineer, COLORADO SPRINGS , US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394670

19. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394669

20. [SJ-JOB] Jr. Security Analyst, Philadelphia, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394668

21. [SJ-JOB] Security Consultant, Singapore, SG (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394666

22. [SJ-JOB] Security Consultant, Houston, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394665

23. [SJ-JOB] Security Consultant, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394664

24. [SJ-JOB] Security Engineer, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394663

25. [SJ-JOB] VP of Marketing, London/Surrey/Berkshire &p... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394661

26. [SJ-JOB] Auditor, San Francisco, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394660

27. [SJ-JOB] Security Engineer, Duluth, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394659

28. [SJ-JOB] Management, St. Louis or Kansas City, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394657

29. [SJ-JOB] Security Director, Leeds / Edinburgh, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394656

30. [SJ-JOB] Security Engineer, Westford, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394655

31. [SJ-JOB] VP of Marketing, London/Berkshire Referral ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394654

32. [SJ-JOB] Manager, Information Security, West London,... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394653

33. [SJ-JOB] CHECK Team Leader, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394651

34. [SJ-JOB] Developer, Atlanta, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394650

35. [SJ-JOB] Sales Engineer, Oxford, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394649

36. [SJ-JOB] Regional Channel Manager, Des Moines, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394648

37. [SJ-JOB] Sales Engineer, Newark and vicinity, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394647

38. [SJ-JOB] Security Product Manager, Santa Clara, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394646

39. [SJ-JOB] Sr. Security Analyst, Highlands Ranch, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394645

40. [SJ-JOB] Security Product Marketing Manager, Santa C... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394644

41. [SJ-JOB] Management, Mission Viejo, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394643

42. [SJ-JOB] Management, New York (Brooklyn Metrotech), ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/394642

VI. INCIDENTS LIST SUMMARY
--------------------------
1. Vendor notification (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/394787

2. exploit or human (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/394786

3. ANI Exploits in Spam -> more info (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/394574

4. ANI Exploits in Spam (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/394573

VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Scanner (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/394858

2. dnsmasq <2.21 off-by-one (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/394467

VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Integrating Domain and VPN Login (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/394961

2. Windows Server 2003 Service Pack 1 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/394960

3. SecurityFocus Microsoft Newsletter #234 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/394518

4. quarantine vpn clients (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/394458

IX. SUN FOCUS LIST SUMMARY
--------------------------
NO NEW POSTS FOR THE WEEK 2005-03-29 to 2005-04-05.

X. LINUX FOCUS LIST SUMMARY
---------------------------
1. vsftp question (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/394897

2. Linux and DB2 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/394891

3. Apache+PHP+ftp security (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/394746

4. Re[2]: Apache+PHP+ftp security (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/394581

5. OpenVPN? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/394497
[ terug ]