Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #297
------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and 
network based Intrusion Detection Systems, giving you a comprehensive 
view of your computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Privacy From the Trenches
     2. Introduction to Spyware Keyloggers
     3. Watching the Watchers
II. BUGTRAQ SUMMARY
     1. Centrinity FirstClass Client Bookmark Window File Execution ...
     2. RadScripts RadBids Gold Multiple Vulnerabilities
     3. Citrix MetaFrame Web Client Access Restriction Bypass Vulner...
     4. Azerbaijan Development Group AzDGDatingPlatinum Multiple Vul...
     5. Sun J2SE Software Development Kit Java Archive Tool Director...
     6. File Upload Script PHPBB Module Arbitrary Script Upload Vuln...
     7. KDE KMail HTML EMail Remote Email Content Spoofing Vulnerabi...
     8. ModernGigabyte ModernBill News.PHP File Include Vulnerabilit...
     9. ModernGigabyte ModernBill C_CODE Parameter Cross-Site Script...
     10. DC++ Unspecified Download Drive File Appending Vulnerability
     11. ModernGigabyte ModernBill Aid Parameter Cross-Site Scripting...
     12. TowerBlog User Credential Exposure Weakness
     13. OpenOffice Malformed Document Remote Heap Overflow Vulnerabi...
     14. Pine RPDump Local File Corruption Vulnerability
     15. Zoom Media Gallery Index.PHP SQL Injection Vulnerability
     16. RSnapshot Local File Permission Manipulation Vulnerability
     17. KDE PCX Image File Handling Buffer Overflow Vulnerability
     18. Invision Power Board ST Parameter SQL Injection Vulnerabilit...
     19. GwenView Multiple Unspecified Image Handling Heap-Based Memo...
     20. IrfanView Multiple Unspecified Image Handling Heap-Based Mem...
     21. ImageMagick Multiple Unspecified Image Handling Heap-Based M...
     22. WebCT Discussion Board HTML Injection Vulnerability
     23. Computer Associates BrightStor ARCserve Backup UniversalAgen...
     24. JPortal Banner.PHP SQL Injection Vulnerability
     25. Multiple Debugger Vendor Malicious Code Execution Vulnerabil...
     26. Light Speed Technologies DeluxeFTP Local Authentication Cred...
     27. FreeBSD PortUpgrade Local Insecure Temporary File Handling V...
     28. AEwebworks Dating Software AeDating Index.PHP Local File Inc...
     29. Windows Kernel Font Buffer Overflow Vulnerability
     30. Microsoft Windows Kernel Object Management Denial Of Service...
     31. AEwebworks Dating Software AeDating Sdating.PHP SQL Injectio...
     32. Microsoft Windows Message Queuing Remote Buffer Overflow Vul...
     33. AEwebworks Dating Software AeDating Control Panel Cross-Site...
     34. Microsoft MSN Messenger GIF Image Processing Remote Buffer O...
     35. Microsoft Windows Kernel CSRSS Local Privilege Escalation Vu...
     36. Microsoft Windows Internet Protocol Validation Remote Code E...
     37. Microsoft Internet Explorer Content Advisor File Handling Bu...
     38. Microsoft Exchange Server SMTP Extended Verb Buffer Overflow...
     39. Microsoft Word Unspecified Document File Buffer Overflow Vul...
     40. Microsoft Internet Explorer DHTML Object Race Condition Memo...
     41. Microsoft Windows Kernel Access Validation Request Buffer Ov...
     42. Microsoft Word Malformed Document Buffer Overflow Vulnerabil...
     43. Microsoft Internet Explorer Malformed URI Buffer Overflow Vu...
     44. Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of ...
     45. Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting ...
     46. XAMPP CDS.PHP Remote HTML Injection Vulnerability
     47. XAMPP Phonebook.PHP Remote HTML Injection Vulnerability
     48. XAMPP Guestbook-EN.PL Remote HTML Injection Vulnerability
     49. Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow V...
     50. IBM Lotus Domino Server Malformed POST Request Remote Buffer...
     51. XAMPP Insecure Default Password Disclosure Vulnerability
     52. Microsoft Windows Shell Remote Code Execution Vulnerability
     53. Salim Gasmi GLD Postfix Greylisting Daemon Format String Vul...
     54. Oracle Applications Oracle Forms SQL Injection Vulnerability
     55. WIDCOMM Bluetooth Communication Software Directory Traversal...
     56. Centra 7 User Information Multiple HTML Injection Vulnerabil...
     57. EGroupWare EMail Attachment Information Disclosure Vulnerabi...
     58. Pinnacle Cart Index.PHP Cross-Site Scripting Vulnerability
     59. Oracle Multiple Vulnerabilities
     60. Sygate Security Agent XML Security Policy File Local Bypass ...
     61. Sun JavaMail MimeBodyPart.getFileName Directory Traversal Vu...
     62. Veritas i3 FocalPoint Server Unspecified Vulnerability
     63. PHP Group PHP Multiple Unspecified Vulnerabilities
     64. Oracle Database Multiple SQL Injection Vulnerabilities
     65. Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vuln...
     66. JunkBuster Heap Corruption Vulnerability
     67. JunkBuster Configuration Modification Vulnerability
     68. ACNews Login.ASP SQL Injection Vulnerability
     69. PHPBB2 Plus GroupCP.PHP Cross-Site Scripting Vulnerability
     70. PHPBB2 Plus Index.PHP Multiple Cross-Site Scripting Vulnerab...
     71. PHPBB2 Plus Portal.PHP Multiple Cross-Site Scripting Vulnera...
     72. PHPBB2 Plus ViewForum.PHP Cross-Site Scripting Vulnerability
     73. PHPBB2 Plus ViewTopic.PHP Cross-Site Scripting Vulnerability
     74. LG U8120 Mobile Phone MIDI File Remote Denial Of Service Vul...
     75. PHPBB Photo Album Module Album_Search.PHP SQL Injection Vuln...
     76. IBM iSeries AS400 POP3 Server Remote Information Disclosure ...
     77. PHPBB Photo Album Module Album_Cat.PHP Cross-Site Scripting ...
     78. PHPBB Photo Album Module Album_Comment.PHP Cross-Site Script...
     79. CPIO CHMod File Permission Modification Race Condition Weakn...
     80. IBM WebSphere Application Server Web Server Root JSP Source ...
     81. S9Y Serendipity Exit.PHP SQL injection Vulnerability
     82. Sumus Game Server Remote Buffer Overflow Vulnerability
     83. PHP Group Exif Module IFD Tag Integer Overflow Vulnerability
     84. PHP Group Exif Module IFD Nesting Denial Of Service Vulnerab...
     85. Sun Java System Web Server Unspecified Denial of Service Vul...
     86. Squid Proxy Aborted Connection Remote Denial Of Service Vuln...
     87. Musicmatch Jukebox DiagCollectionControl.dll Arbitrary File ...
     88. RSA Security RSA Authentication Agent For Web Remote Cross-S...
     89. All4WWW-HomePageCreator Index.PHP Arbitrary Remote File Incl...
     90. SPHPBlog Search.PHP Cross-Site Scripting Vulnerability
     91. Sudo VISudo Insecure Temporary File Creation Vulnerability
     92. Oops! Proxy Server Auth Remote Format String Vulnerability
     93. Musicmatch Jukebox Absolute Path Specification Weakness
     94. Musicmatch Jukebox Unspecified Remote Buffer Overflow Vulner...
     95. IlohaMail Email Message Remote HTML Injection Vulnerability
     96. Opera SSL Security Feature Design Error Vulnerability
     97. Yager Development Yager Game Data Block Buffer Overflow Vuln...
     98. Yager Development Yager Game Nickname Buffer Overflow Vulner...
     99. Yager Development Yager Game Data Block Denial Of Service Vu...
     100. Kerio MailServer WebMail Remote Resource Exhaustion Vulnerab...
III. SECURITYFOCUS NEWS ARTICLES
     1. Teenagers struggle with privacy, security issues
     2. Privacy groups assail future passport technology
     3. Campaign seeks to defang Rafa's hacker image
     4. Unholy trio menace Firefox
     5. Save us from spam
     6. Japan Internet takeover battle ends in alliance
IV. SECURITYFOCUS TOP 6 TOOLS
     1. Enig3 1.0.0
     2. NuFW 1.0.0
     3. .NET Security Tool Kit 1.0
     4. SecureUML 1.0
     5. Validator.NET 1.0
     6. ldaupenum 0.02alpha
V. SECURITYJOBS LIST SUMMARY
     1. [SJ-JOB] Sales Engineer, Boston, US (Thread)
     2. [SJ-JOB] Developer, Annapolis, US (Thread)
     3. [SJ-JOB] Management, Toronto, CA (Thread)
     4. [SJ-JOB] Security Engineer, Newark, US (Thread)
     5. [SJ-JOB] Certification & Accreditation Engineer, Atl... (Thread)
     6. [SJ-JOB] Sales Engineer, Los Angeles, US (Thread)
     7. [SJ-JOB] Technical Support Engineer, Cupertino, US (Thread)
     8. [SJ-JOB] Security Researcher, Atlanta, US (Thread)
     9. [SJ-JOB] Channel / Business Development, New York, U... (Thread)
     10. [SJ-JOB] Customer Service, San Diego, US (Thread)
     11. [SJ-JOB] Security Consultant, Cupertino, US (Thread)
     12. [SJ-JOB] Security Consultant, Wayne, US (Thread)
     13. [SJ-JOB] Security Consultant, Atlanta, US (Thread)
     14. [SJ-JOB] Security Engineer, Washington, US (Thread)
     15. [SJ-JOB] Sr. Security Analyst, South West Kansas, US (Thread)
     16. [SJ-JOB] Management, Houston, US (Thread)
     17. [SJ-JOB] Security Consultant, Springfield, US (Thread)
     18. [SJ-JOB] Information Assurance Engineer, Washington,... (Thread)
     19. [SJ-JOB] Application Security Engineer, El Segundo, ... (Thread)
     20. [SJ-JOB] Manager, Information Security, 10016, US (Thread)
     21. [SJ-JOB] Security Consultant, St. Louis, US (Thread)
     22. [SJ-JOB] Manager, Information Security, new york, US (Thread)
     23. [SJ-JOB] Security Consultant, new york, US (Thread)
     24. [SJ-JOB] Product Strategist, San Diego, US (Thread)
     25. [SJ-JOB] Security System Administrator, San Francisc... (Thread)
     26. [SJ-JOB] Manager, Information Security, Long Island,... (Thread)
     27. [SJ-JOB] Sr. Security Engineer, Boston, US (Thread)
     28. [SJ-JOB] Security Researcher, San Francisco, US (Thread)
     29. [SJ-JOB] Security Engineer, Palo Alto, US (Thread)
     30. [SJ-JOB] Security Consultant, Schaumburg, US (Thread)
     31. [SJ-JOB] Manager, Information Security, Schaumburg, ... (Thread)
     32. [SJ-JOB] Sales Engineer, Birmingham, US (Thread)
     33. [SJ-JOB] Sales Engineer, Minneapolis, US (Thread)
     34. [SJ-JOB] Sales Engineer, NYC/Edison,NJ, US (Thread)
     35. [SJ-JOB] Sales Engineer, Atlanta, US (Thread)
     36. [SJ-JOB] Security Engineer, South Bay area, CA, US (Thread)
     37. [SJ-JOB] Application Security Engineer, San Jose, US (Thread)
     38. [SJ-JOB] Sr. Security Engineer, Seattle, US (Thread)
     39. [SJ-JOB] Security Auditor, Toronto, CA (Thread)
     40. [SJ-JOB] Security Engineer, Toronto, CA (Thread)
     41. [SJ-JOB] Account Manager, Denver, US (Thread)
     42. [SJ-JOB] Channel / Business Development, San Francis... (Thread)
     43. [SJ-JOB] Security Engineer, Edina, US (Thread)
     44. [SJ-JOB] Security Engineer, Huntsville, US (Thread)
     45. [SJ-JOB] Management, Sunnyvale, US (Thread)
     46. [SJ-JOB] Regional Channel Manager, Seattle or surrou... (Thread)
     47. [SJ-JOB] Security Engineer, Washington, DC, US (Thread)
     48. [SJ-JOB] Security Consultant, Milwaukee, US (Thread)
     49. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
     50. [SJ-JOB] Security Consultant, Chicago, US (Thread)
     51. [SJ-JOB] Security Consultant, Berks/Bucks, GB (Thread)
     52. [SJ-JOB] Channel / Business Development, Berks/Bucks... (Thread)
     53. [SJ-JOB] Account Manager, Berkshire/Bucks, GB (Thread)
     54. [SJ-JOB] Sales Representative, ALL MAJOR CITIES, US (Thread)
     55. [SJ-JOB] Sales Engineer, North/South California and ... (Thread)
     56. [SJ-JOB] Sales Engineer, All major cities, US (Thread)
     57. [SJ-JOB] Security Architect, Denver, US (Thread)
     58. [SJ-JOB] Security Engineer, Denver, US (Thread)
     59. [SJ-JOB] Technology Risk Consultant, London, GB (Thread)
     60. [SJ-JOB] Forensics Engineer, London, GB (Thread)
     61. [SJ-JOB] Security Product Manager, Orange County, US (Thread)
     62. [SJ-JOB] Manager, Information Security, Redmond, US (Thread)
     63. [SJ-JOB] Application Security Architect, Redmond, US (Thread)
     64. [SJ-JOB] Sr. Security Engineer, Huntsville, US (Thread)
     65. [SJ-JOB] Sr. Security Analyst, Toledo, US (Thread)
     66. [SJ-JOB] Security Consultant, Geneva, CH (Thread)
     67. [SJ-JOB] Sr. Security Analyst, Flemington, US (Thread)
VI. INCIDENTS LIST SUMMARY
     1. UDP port 1026 probe? (Thread)
     2. Attacks vs Probes (Thread)
     3. What to do if they ignore you (Thread)
     4. [incidents] What to do if they ignore you (Thread)
     5. Gathering volatile information (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
     1. Any way to automatically change arbitrary headers of... (Thread)
     2. IBM WebSphere Widespread configuration JSP disclosur... (Thread)
     3. pwdx argv buffer overflow vulnerability (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
     1. Re: using certificates in Outlook for encryption (Thread)
     2. using certificates in Outlook for encryption (Thread)
     3. Windows Server 2003 Service Pack 1 (Thread)
     4. Fw:  using certificates in Outlook for encryption (Thread)
     5. Windows XP SP2 update (Thread)
     6. _Minimizing Windows Server 2003 network services_ pa... (Thread)
     7. SecurityFocus Microsoft Newsletter #236 (Thread)
IX. SUN FOCUS LIST SUMMARY
     1. (mis)using RBAC... (Thread)
X. LINUX FOCUS LIST SUMMARY
     1. PAKCON II:  Call for Papers (CfP - 2005) (Thread)
     2. Announcing PAKCON II (2005)! (Thread)
     3. Any way to automatically change arbitrary headers of... (Thread)
XI. BOOK EXCERPTS
XII. UNSUBSCRIBE INSTRUCTIONS
XIII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Privacy From the Trenches
By Scott Granneman
The recent string of high profile security breaches doesn't even hit the 
radar of the average user worried about the privacy of his personal 
information.
http://www.securityfocus.com/columnists/317

2. Introduction to Spyware Keyloggers
By Sachin Shetty
The purpose of this article is to discuss keyloggers found in spyware 
applications, including their detection, features, and removal.
http://www.securityfocus.com/infocus/1829

3. Watching the Watchers
By Matthew Tanase
Misuse of database information by insiders happens everyday, and there's 
little we can do about it.
http://www.securityfocus.com/columnists/318

II. BUGTRAQ SUMMARY
-------------------
1. Centrinity FirstClass Client Bookmark Window File Execution ...
BugTraq ID: 13079
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13079
Summary:
FirstClass client is reported prone to a vulnerability that may allow remote
attackers to cause local arbitrary files to be executed.

An unspecified field in the FirstClass bookmark management window is not
properly sanitized for user-supplied input and URI input can be passed to the
Windows ShellExecute API.

This may be a serious issue if through other means the attacker can cause a
malicious file to be placed on the client filesystem and later execute it.

FirstClass 8.0 is reported vulnerable to this issue.

2. RadScripts RadBids Gold Multiple Vulnerabilities
BugTraq ID: 13080
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13080
Summary:
RadBids Gold is reported prone to multiple vulnerabilities.  These issues
include arbitrary file disclosure, cross-site scripting, and SQL injection.

The following specific vulnerabilities were identified:

A remote attacker can disclose arbitrary files.  Information gathered through
this issue may allow the attacker to carry out other attacks against an affected
computer.

The application is affected by a SQL injection vulnerability.  Successful
exploitation could result in a compromise of the application, disclosure or
modification of data, or may permit an attacker to exploit vulnerabilities in
the underlying database implementation.

Multiple cross-site scripting issues have been identified as well.  An attacker
may leverage these issues to have arbitrary script code executed in the browser
of an unsuspecting user. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.

RadBids Gold v2 is reported vulnerable to these issues.  Other versions may be
affected as well.

3. Citrix MetaFrame Web Client Access Restriction Bypass Vulner...
BugTraq ID: 13081
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13081
Summary:
A vulnerability affecting the application may allow an attacker to bypass
restrictions and potentially launch restricted applications.

Apparently, an attacker with access to Microsoft Word can bypass restrictions by
creating Word macros to launch arbitrary restricted applications.

All versions of Citrix MetaFrame Web Client are considered vulnerable at the
moment.

Due to a lack of details, further information is not available at the moment.
This BID will be updated when more information becomes available.

4. Azerbaijan Development Group AzDGDatingPlatinum Multiple Vul...
BugTraq ID: 13082
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13082
Summary:
AzDGDatingPlatinum is reported prone to multiple vulnerabilities.

The following specific issues were identified:

The application is affected by multiple SQL injection vulnerabilities.  These
vulnerabilities could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks. 

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

A cross-site scripting issue affects the application as well.  An attacker may
leverage this issue to have arbitrary script code executed in the browser of an
unsuspecting user. This may facilitate the theft of cookie-based authentication
credentials as well as other attacks. 

AzDGDatingPlatinum 1.1.0 is reported vulnerable.  Other versions may be affected
as well.

5. Sun J2SE Software Development Kit Java Archive Tool Director...
BugTraq ID: 13083
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13083
Summary:
The Java Archive Tool is reported vulnerable to a directory traversal
vulnerability.

An attacker can supply a malicious archive containing files named with '../'
directory traversal sequences, which can potentially overwrite existing data
during extraction.

Sun Java 2 Standard Edition versions 1.5.0 and 1.4.2 for both Linux and
Microsoft Windows platforms are reported vulnerable.  Other vendors using the
technology may be affected as well.

6. File Upload Script PHPBB Module Arbitrary Script Upload Vuln...
BugTraq ID: 13084
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13084
Summary:
File Upload Script is reported prone to an arbitrary script upload
vulnerability.

If successfully exploited, an attacker can execute arbitrary script code on a
vulnerable server. This can lead to unauthorized access in the context of the
affected server.

All versions of File Upload Script are considered vulnerable at the moment.

7. KDE KMail HTML EMail Remote Email Content Spoofing Vulnerabi...
BugTraq ID: 13085
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13085
Summary:
A remote email message content spoofing vulnerability affects KDE KMail.  This
issue is due to a failure of the application to properly sanitize HTML email
messages.

An attacker may leverage this issue to spoof email content and various header
fields of email messages.  This may aid an attacker in conducting phishing and
social engineering attacks by spoofing PGP keys as well as other critical
information.

8. ModernGigabyte ModernBill News.PHP File Include Vulnerabilit...
BugTraq ID: 13086
Remote: Yes
Date Published: Apr 10 2005
Relevant URL: http://www.securityfocus.com/bid/13086
Summary:
ModernBill is prone to a remote file include vulnerability.

The problem presents itself specifically when an attacker passes the location of
a remote attacker-specified script through the 'news.php' script. 

ModernBill 4.3 and prior versions are vulnerable to this issue.

9. ModernGigabyte ModernBill C_CODE Parameter Cross-Site Script...
BugTraq ID: 13087
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13087
Summary:
ModernBill is affected by a cross-site scripting vulnerability.

This issue is due to a failure in the application to properly sanitize
user-supplied input to the 'c_code' parameter.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

ModernBill 4.3 and prior versions are vulnerable to this issue.

10. DC++ Unspecified Download Drive File Appending Vulnerability
BugTraq ID: 13088
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13088
Summary:
DC++ is prone to an unspecified vulnerability that could allow a remote user to
append data to files in a user's download drive.  The exact cause of this issue
is not currently known.

This vulnerability was reported to affect versions of DC++ prior to 0.674.

11. ModernGigabyte ModernBill Aid Parameter Cross-Site Scripting...
BugTraq ID: 13089
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13089
Summary:
ModernBill is affected by a cross-site scripting vulnerability. 

This issue is due to a failure in the application to properly sanitize
user-supplied input to the 'aid' parameter.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks. 

ModernBill 4.3 and prior versions are vulnerable to this issue.

12. TowerBlog User Credential Exposure Weakness
BugTraq ID: 13090
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13090
Summary:
TowerBlog is reported prone to a weakness that may allow remote attackers to
disclose user credentials.

It is reported that user password hashes are stored in a file that resides in
the Web root allowing arbitrary attackers to access and disclose the sensitive
information.

An attacker may then carry out brute force attacks against the password hashes
to ultimately disclose user credentials.  This may lead to other attacks against
the system and potentially allow the attacker to compromise an affected
computer.

TowerBlog 0.6 is reported to be affected.  Other versions may be affected as
well.

13. OpenOffice Malformed Document Remote Heap Overflow Vulnerabi...
BugTraq ID: 13092
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13092
Summary:
OpenOffice is reported prone to a remote heap overflow vulnerability.

An attacker may exploit this issue by crafting a malformed .doc file and
enticing a user to open this file with the affected application.  If a
vulnerable user opens this file in OpenOffice, the application may crash due to
memory corruption.  This issue may also be leveraged to execute arbitrary code
in the context of the user running OpenOffice.

OpenOffice 1.1.4 and 2.0 Beta are reported vulnerable to this issue.

14. Pine RPDump Local File Corruption Vulnerability
BugTraq ID: 13093
Remote: No
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13093
Summary:
Pine 'rpdump' is reported prone to a race condition vulnerability. The issue
exists because a window of opportunity exists between the time that the software
checks if a user supplied local file exists, and the time that the file is
opened for writing.

If 'rpdump' is being invoked against an existing file that resides in a local
world-writable directory, an attacker may potentially replace the file with a
hardlink to a target file. The attacker may accomplish this while the vulnerable
software is processing the remote file. If successful, data that was supposed
for the existing file will instead be written to the linked file.

Pine version 4.62 is reported vulnerable, other versions might also be affected.

15. Zoom Media Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 13094
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13094
Summary:
zOOm Media Gallery is reportedly affected by a remote SQL injection
vulnerability.  This issue is due to a failure in the application to properly
sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

This issue is reported to affect zOOm Media Gallery version 2.1.2; other
versions may also be affected.

16. RSnapshot Local File Permission Manipulation Vulnerability
BugTraq ID: 13095
Remote: No
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13095
Summary:
A local file privileges manipulation vulnerability affects rsnapshot.  This
issue is due to a design error that causes the failure of the utility to
properly assign permissions on files referenced by symbolic link files.

An attacker may leverage this issue to change the permissions on arbitrary files
backed up by the affected utility.  Specifically an attacker can claim ownership
of the target file.

17. KDE PCX Image File Handling Buffer Overflow Vulnerability
BugTraq ID: 13096
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13096
Summary:
KDE is reported prone to a PCX image file handling buffer overflow
vulnerability. This issue is due to a failure of the 'kimgio' image library to
properly validate PCX image data.

This vulnerability was reported to exist in PCX image handling routines, but
other image handlers have been patched by the vendor. It is therefore possible
that other image file formats may also be affected by similar problems.

Attackers may exploit this vulnerability to crash applications utilizing the
affected library, or possibly cause arbitrary machine code to be executed in the
context of the application utilizing the affected library.

18. Invision Power Board ST Parameter SQL Injection Vulnerabilit...
BugTraq ID: 13097
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13097
Summary:
Invision Power Board is reported prone to an SQL injection vulnerability.  Due
to improper filtering of user-supplied data, attackers may pass SQL statements
to the underlying database through the 'st' parameter. 

Invision Power Board 1.3.1 and prior versions are affected by this issue.

19. GwenView Multiple Unspecified Image Handling Heap-Based Memo...
BugTraq ID: 13098
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13098
Summary:
GwenView is reported prone to multiple unspecified heap memory corruption
vulnerabilities. It is reported that these issues are caused by a lack of
sufficient sanity checks performed while allocating heap-based memory when the
chunk size is derived from the image height, width and plane values.

It is reported that a malicious image may be used to trigger these issues. 

A remote attacker may potentially exploit these vulnerabilities to crash
affected software, or to potentially execute arbitrary code in the context of
the user that is running the affected software, although this is not confirmed.

This BID will be updated and split into unique BIDs as soon as further
information is available.

20. IrfanView Multiple Unspecified Image Handling Heap-Based Mem...
BugTraq ID: 13099
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13099
Summary:
IrfanView is reported prone to multiple unspecified heap memory corruption
vulnerabilities. It is reported that these issues are caused by a lack of
sufficient sanity checks performed while allocating heap-based memory when the
chunk size is derived from the image height, width and plane values.

It is reported that a malicious image may be used to trigger these issues. 

A remote attacker may potentially exploit these vulnerabilities to crash
affected software, or to potentially execute arbitrary code in the context of
the user that is running the affected software, although this is not confirmed.

This BID will be updated and split into unique BIDs as soon as further
information is available.

21. ImageMagick Multiple Unspecified Image Handling Heap-Based M...
BugTraq ID: 13100
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13100
Summary:
ImageMagick is reported prone to multiple unspecified heap memory corruption
vulnerabilities. It is reported that these issues are caused by a lack of
sufficient sanity checks performed while allocating heap-based memory when the
chunk size is derived from the image height, width and plane values.

It is reported that a malicious image may be used to trigger these issues. 

A remote attacker may potentially exploit these vulnerabilities to crash
affected software, or to potentially execute arbitrary code in the context of
the user that is running the affected software, although this is not confirmed.

This BID will be updated and split into unique BIDs as soon as further
information is available.

22. WebCT Discussion Board HTML Injection Vulnerability
BugTraq ID: 13101
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13101
Summary:
WebCT is reportedly affected by an HTML injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
prior to using it in dynamically generated content.

Attacker-supplied HTML and script code would be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
An attacker could also exploit this issue to control how the site is rendered to
the user; other attacks are also possible.

This issue is reported to affect WebCT Version 4.1; other versions may also be
affected.

23. Computer Associates BrightStor ARCserve Backup UniversalAgen...
BugTraq ID: 13102
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13102
Summary:
A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve
and ARCserve Enterprise agent.  This issue is due to a failure of the
application to securely copy data from the network.

A remote attacker may exploit this issue to execute arbitrary code on a
vulnerable computer, potentially facilitating unauthorized superuser access. A
denial of service condition may arise as well.

Computer Associates BrightStor ARCserve Backup version v11 for Win32 platforms
is reported prone to this issue. Other versions might also be affected.

24. JPortal Banner.PHP SQL Injection Vulnerability
BugTraq ID: 13103
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13103
Summary:
JPortal is reportedly affected by an SQL injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

This issue is reported to affect JPortal version 2.3.1; earlier versions may
also be vulnerable.

25. Multiple Debugger Vendor Malicious Code Execution Vulnerabil...
BugTraq ID: 13104
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13104
Summary:
Multiple debugger vendors are reported prone to a malicious code execution
vulnerability. This vulnerability is due to a failure of the affected
applications to properly ensure that the examined code is run in a contained
environment.

When an unsuspecting user attempts to debug the attacker-supplied executable,
the malicious code from the included library will be run in the context of the
debugger prior to the intended time, and in an uncontrolled manner.

This vulnerability allows remote attackers to execute arbitrary machine code in
the context of an affected debugger application. Due to the expected safe nature
of debugging applications, potentially very cautious users may fall victim to
this vulnerability.

OllyDbg, WinDbg, and Microsoft Visual C++ Debuggers are all reported susceptible
to this vulnerability. Other debuggers are also likely affected, as the
underlying operating system design makes it very difficult to avoid this
vulnerability.

26. Light Speed Technologies DeluxeFTP Local Authentication Cred...
BugTraq ID: 13105
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13105
Summary:
A local authentication credentials disclosure vulnerability affects Light Speed
Technologies DeluxeFTP.  This issue is due to a failure of the application to
properly secure authentication credentials by default.

An attacker may leverage this issue to gain access to authentication credentials
for all FTP accounts stored in the offending file.

27. FreeBSD PortUpgrade Local Insecure Temporary File Handling V...
BugTraq ID: 13106
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13106
Summary:
A local insecure file handling vulnerability affects FreeBSD portupgrade.  This
issue is due to a design error that causes the affected application to fail to
securely handle temporary files.

An attacker may leverage this issue to corrupt arbitrary files and execute code
with the privileges of a user that runs the vulnerable utility.  It should be
noted that this utility is commonly run with superuser privileges.

28. AEwebworks Dating Software AeDating Index.PHP Local File Inc...
BugTraq ID: 13108
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13108
Summary:
aeDating is prone to a local file include vulnerability.

The problem presents itself when an attacker passes the location of a
potentially malicious local script through a parameter of the 'index.php'
script.

An attacker may leverage this issue to execute arbitrary server-side script code
that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access.

It should be noted that this issue may also be leveraged to read arbitrary files
on an affected computer with the privileges of the Web server.

aeDating 3.2 and prior are affected by this issue.

29. Windows Kernel Font Buffer Overflow Vulnerability
BugTraq ID: 13109
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13109
Summary:
The Microsoft Windows Kernel is prone to a locally exploitable privilege
escalation vulnerability.  This issue is due to an unchecked buffer when
handling malicious fonts, potentially allowing a local attacker to completely
compromise a vulnerable computer.

Exploitation attempts could also result in a denial of service.  Microsoft has
reported that the vulnerability will most likely cause a denial of service on
Windows XP SP2 platforms.  The vendor has also stated that this vulnerability is
not critical on Windows 98/98SE/ME, possibly because of lack of multi-user
support on the operating system.

30. Microsoft Windows Kernel Object Management Denial Of Service...
BugTraq ID: 13110
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13110
Summary:
The Microsoft Windows kernel is prone to a locally exploitable denial of service
vulnerability.  The issue is reportedly related to object management in the
Windows kernel.

31. AEwebworks Dating Software AeDating Sdating.PHP SQL Injectio...
BugTraq ID: 13111
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13111
Summary:
aeDating is affected by an SQL injection vulnerability.

This issue is due to a failure in the application to properly sanitize
user-supplied input through a parameter of the 'sdating.php' script before using
it in a SQL query.  

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation. 

aeDating 3.2 and prior are affected by this issue.

32. Microsoft Windows Message Queuing Remote Buffer Overflow Vul...
BugTraq ID: 13112
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13112
Summary:
A remote buffer overflow vulnerability affects Microsoft Windows.  This issue is
due to a failure of the affected functionality to properly validate the length
of user-supplied strings prior to copying them into static process buffers. 
This vulnerability may be exploited over RPC.

An attacker may exploit this issue to execute arbitrary code with SYSTEM
privileges, facilitating unauthorized access or privilege escalation.

It should be noted that MSMQ is not installed by default on affected platforms
and must be manually installed for a computer to be vulnerable.  The
vulnerability is reportedly not present on computers that only enable MSMQ HTTP
Message Delivery.

33. AEwebworks Dating Software AeDating Control Panel Cross-Site...
BugTraq ID: 13113
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13113
Summary:
aeDating is affected by a cross-site scripting vulnerability.

This issue is due to a failure in the application to properly sanitize
user-supplied input to the control panel script of the application. 

This issue may facilitate the theft of cookie-based authentication credentials
as well as other attacks. 

aeDating 3.2 and prior are affected by this issue.

34. Microsoft MSN Messenger GIF Image Processing Remote Buffer O...
BugTraq ID: 13114
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13114
Summary:
Microsoft MSN Messenger is reported prone to a remote buffer overflow
vulnerability when handling malformed Graphic Interchange Format (GIF) images. 
This may allow an attacker to gain unauthorized access to an affected computer
by executing arbitrary code, reportedly resulting in system level compromise. 
Specially crafted emoticons or display pictures are likely to be used in a
client-to-client attack.

Other attack vectors may exists as well.

MSN Messenger 6.2 and MSN Messenger 7.0 beta are vulnerable to this issue.

35. Microsoft Windows Kernel CSRSS Local Privilege Escalation Vu...
BugTraq ID: 13115
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13115
Summary:
A local privilege escalation vulnerability affects Microsoft Windows. This issue
is due to a failure of the Kernel to properly handle user-supplied messages.

A local attacker may leverage this issue to completely compromise the computer.

36. Microsoft Windows Internet Protocol Validation Remote Code E...
BugTraq ID: 13116
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13116
Summary:
Microsoft Windows is reported prone to a remote code execution vulnerability. It
is reported that the vulnerability manifests when an affected Microsoft platform
receives and processes an especially malformed TCP/IP packet.

Reports indicate that the immediate consequences of exploitation of this issue
are a denial of service.

37. Microsoft Internet Explorer Content Advisor File Handling Bu...
BugTraq ID: 13117
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13117
Summary:
Microsoft Internet Explorer is prone to a remote buffer overflow vulnerability
when handling malformed Content Advisor files.  An attacker can exploit this
issue by crafting a Content Advisor file with excessive data and arbitrary
machine code to be processed by the browser.

A typical attack would involve the attacker creating a Web site that includes
the malicious file.  A similar attack can also be carried out through HTML email
using Microsoft Outlook and Microsoft Outlook Express applications.  

It should be noted that successful exploitation requires the user to follow
various steps to install a malicious file.

38. Microsoft Exchange Server SMTP Extended Verb Buffer Overflow...
BugTraq ID: 13118
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13118
Summary:
Microsoft Exchange Server is prone to a buffer overflow in SMTP extended verbs. 
Successful exploitation could result in arbitrary code execution.

39. Microsoft Word Unspecified Document File Buffer Overflow Vul...
BugTraq ID: 13119
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13119
Summary:
Microsoft Word is affected by a buffer overflow vulnerability.  This issue is
due to a failure in the application to do proper bounds checking on
user-supplied data.  Microsoft has not specified exactly where the error may
occur. This could result in execution of arbitrary code in the context of a user
who opens the malicious document.

Internet Explorer is a likely attack vector as Word may be opened to handle the
document when the user clicks a link.

40. Microsoft Internet Explorer DHTML Object Race Condition Memo...
BugTraq ID: 13120
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13120
Summary:
A vulnerability in Microsoft Internet Explorer may allow remote attackers to
execute arbitrary code in the context of users visiting malicious Web sites.

This issue presents itself the affected application attempts to process certain
script objects, a race condition may lead to the execution of attacker-supplied
code.

41. Microsoft Windows Kernel Access Validation Request Buffer Ov...
BugTraq ID: 13121
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13121
Summary:
The Microsoft Windows kernel is prone to a buffer overflow in the system that
validates access requests.  Successful exploitation could allow arbitrary code
execution in the context of the kernel.  Only local users could exploit this
vulnerability.

42. Microsoft Word Malformed Document Buffer Overflow Vulnerabil...
BugTraq ID: 13122
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13122
Summary:
Microsoft Word is prone to a buffer overflow vulnerability.  This issue presents
itself when Microsoft Word attempts to parse a malformed document.  This could
result in execution of arbitrary code in the context of a user who opens the
malicious document.

Internet Explorer is a likely attack vector as Word may be opened to handle the
document when the user clicks a link.

This issue was originally described as part of BID 11350.

43. Microsoft Internet Explorer Malformed URI Buffer Overflow Vu...
BugTraq ID: 13123
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13123
Summary:
A buffer overflow vulnerability is reported in Microsoft Internet Explorer. This
issue is due to insufficient boundary verification of user-supplied input data
causing a fixed-sized memory buffer to be overrun when attempting to copy data
into it.

This vulnerability allows attacker-supplied machine code to be executed in the
context of the affected application.

44. Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of ...
BugTraq ID: 13124
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13124
Summary:
Multiple vendor implementations of TCP/IP Internet Control Message Protocol
(ICMP) are reported prone to several denial of service attacks.

ICMP is employed by network nodes to determine certain automatic actions to take
based on network failures reported by an ICMP message. 

It is reported that for ICMP error messages, no security checks are recommended
by the RFC. As long as an ICMP message contains a valid source and destination
IP address and port pair, it will be accepted for an associated connection.

The following individual attacks are reported:

A blind connection-reset attack is reported to affect multiple vendors. This
attack takes advantage of the specification that describes that on receiving a
'hard' ICMP error, the corresponding connection should be aborted. The Mitre ID
CAN-2004-0790 is assigned to this issue.

A remote attacker may exploit this issue to terminate target TCP connections and
deny service for legitimate users.

An ICMP Source Quench attack is reported to affect multiple vendors. This attack
takes advantage of the specification that a host must react to receive ICMP
Source Quench messages by slowing transmission on the associated connection. The
Mitre ID CAN-2004-0791 is assigned to this issue. 

A remote attacker may exploit this issue to degrade the performance of TCP
connections and partially deny service for legitimate users.

An attack against ICMP PMTUD is reported to affect multiple vendors when they
are configured to employ PMTUD. By sending a suitable forged ICMP message to a
target host an attacker may reduce the MTU for a given connection. The Mitre ID
CAN-2004-1060 is assigned to this issue.

A remote attacker may exploit this issue to degrade the performance of TCP
connections and partially deny service for legitimate users.

**Update: It is reported that Microsoft platforms are also prone to these
issues.

45. Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting ...
BugTraq ID: 13125
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13125
Summary:
Comersus Cart is affected by a cross-site scripting vulnerability.  This issue
is due to a failure in the application to properly validate user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

46. XAMPP CDS.PHP Remote HTML Injection Vulnerability
BugTraq ID: 13126
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13126
Summary:
A remote HTML injection vulnerability affects XAMPP. This issue is due to a
failure of the application to properly sanitize user-supplied input prior to
including it in dynamically generated Web content.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

47. XAMPP Phonebook.PHP Remote HTML Injection Vulnerability
BugTraq ID: 13127
Remote: Unknown
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13127
Summary:
A remote HTML injection vulnerability affects XAMPP. This issue is due to a
failure of the application to properly sanitize user-supplied input prior to
including it in dynamically generated Web content.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

48. XAMPP Guestbook-EN.PL Remote HTML Injection Vulnerability
BugTraq ID: 13128
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13128
Summary:
A remote HTML injection vulnerability affects XAMPP. This issue is due to a
failure of the application to properly sanitize user-supplied input prior to
including it in dynamically generated Web content.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

49. Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow V...
BugTraq ID: 13129
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13129
Summary:
It is reported that GLD contains a buffer overflow vulnerability. This issue is
due to a failure of the application to properly ensure that a fixed-size memory
buffer is sufficiently large prior to copying user-supplied input data into it.

Remote attackers may exploit this vulnerability to cause arbitrary machine code
to be executed in the context of the affected service. As the service is
designed to be run as the superuser, remote attackers may gain superuser
privileges on affected computers. 

GLD version 1.4 is reportedly affected, but prior versions may also be affected.

50. IBM Lotus Domino Server Malformed POST Request Remote Buffer...
BugTraq ID: 13130
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13130
Summary:
Lotus Domino Server is reported prone to a remote buffer overflow
vulnerability. 

The issue presents itself when the server handles a malformed HTTP POST request.
 

A successful attack may result in a denial of service condition, however,
arbitrary code execution may occur as well.  This issue may be leveraged to gain
unauthorized access to a server.

IBM Lotus Domino Server versions 6.5.x and 6.0.x are reported vulnerable.  The
researcher responsible for discovering this issue has reported that this
vulnerability affects versions 6.0.5 and 6.5.4.  IBM Lotus Domino Server
versions 6.0.5 and 6.5.4 were recently released, therefore it is likely that
they are not affected and this issue only manifests in the versions prior to
these.  IBM also recommends that users should upgrade to these versions.  Please
see the referenced IBM advisory for more information.

This BID will be updated when more details are available.

51. XAMPP Insecure Default Password Disclosure Vulnerability
BugTraq ID: 13131
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13131
Summary:
An insecure default password disclosure vulnerability affects XAMPP.  This issue
is due to a failure of the application to properly secure access to default
passwords.

An attacker may leverage this issue to gain access to the default passwords for
many utilities installed by the affected application, including the MySQL 'root'
user, the phpMyAdmin 'pma' user, the FTP 'nobody' user and the Tomcat
administrator.

52. Microsoft Windows Shell Remote Code Execution Vulnerability
BugTraq ID: 13132
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13132
Summary:
Microsoft Windows is prone to a vulnerability that may allow remote attackers to
execute code through the Windows Shell.  The cause of the vulnerability is
related to how the operating system handles unregistered file types.  The
specific issue is that files with an unknown extension may be opened with the
application specified in the embedded CLSID.

The victim of the attack would be required to open a malicious file, possibly
hosted on a Web site or sent through email.  Social engineering would generally
be required to entice the victim into opening the file.

53. Salim Gasmi GLD Postfix Greylisting Daemon Format String Vul...
BugTraq ID: 13133
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13133
Summary:
It is reported that GLD contains a format string vulnerability. This issue is
due to a failure of the application to properly sanitize user-supplied input
data prior to using it in a formatted-printing function.

Remote attackers may exploit this vulnerability to cause arbitrary machine code
to be executed in the context of the affected service. As the service is
designed to be run as the superuser, remote attackers may gain superuser
privileges on affected computers.

GLD version 1.4 is reportedly affected, but prior versions may also be affected.

54. Oracle Applications Oracle Forms SQL Injection Vulnerability
BugTraq ID: 13134
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13134
Summary:
Oracle Forms is prone to an SQL injection vulnerability.  This issue arises due
to insufficient sanitization of user-supplied data.

It is reported that this issue exists in an Oracle Forms feature called
'Query/Where', which allows users to modify existing SQL statements. 

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

This issue is one of the issues described in BID 13139 (Oracle Multiple
Vulnerabilities).

55. WIDCOMM Bluetooth Communication Software Directory Traversal...
BugTraq ID: 13135
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13135
Summary:
The WIDCOMM Bluetooth communications software is prone to a directory traversal
vulnerability. This issue is due to a failure of the application to properly
sanitize user-supplied input data prior to utilizing it.

Attackers may exploit this vulnerability to gain access to potentially sensitive
files, as well as corrupt or destroy data. Other attacks may also be possible.

WIDCOMM BTStackServer for Microsoft Windows version 1.4.2 is reported to be
affected by this vulnerability. Other versions are also likely affected.

56. Centra 7 User Information Multiple HTML Injection Vulnerabil...
BugTraq ID: 13136
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13136
Summary:
Centra 7 is affected by multiple HTML injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in dynamically generated content.

Attacker-supplied HTML and script code would be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
An attacker could also exploit this issue to control how the site is rendered to
the user; other attacks are also possible.

57. EGroupWare EMail Attachment Information Disclosure Vulnerabi...
BugTraq ID: 13137
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13137
Summary:
An information disclosure vulnerability affects eGroupWare.  This issue is due
to a failure of the application to properly handle access to email attachments.

This issue may result in a disclosure of email attachments; attachments may be
sent to individuals that the sender did not intend to grant access to.

58. Pinnacle Cart Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13138
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13138
Summary:
Pinnacle Cart is affected by a cross-site scripting vulnerability.  This issue
is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

59. Oracle Multiple Vulnerabilities
BugTraq ID: 13139
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13139
Summary:
Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite,
Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and
Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. 

Oracle has released a Critical Patch Update to address these issues in various
supported applications and platforms.  Other non-supported versions may be
affected, though this has not been confirmed by Symantec.

The issues identified by the vendor affect all security properties of the Oracle
products and present local and remote threats.  Various levels of authorization
is required to leverage some issues, however, others do not require any
authorization.

This BID will be divided and updated into separate BIDs when more information is
available.

60. Sygate Security Agent XML Security Policy File Local Bypass ...
BugTraq ID: 13140
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13140
Summary:
Sygate Security Agent (SSA) is prone to a security vulnerability. The
application fails to control which users may Export and Import security policy
files.

A local attacker may export and edit an SSA XML security policy file, and may
then import the changed file into the affected software. This may allow the
attacker to change security settings in SSA, i.e. trusted IP address, or DNS
names, or crash the software.

A local attacker may exploit this issue to bypass the SSA security restrictions.

This issue only exists when the software is running in SSA running in 'Server
Control' or 'Power User' Modes.

61. Sun JavaMail MimeBodyPart.getFileName Directory Traversal Vu...
BugTraq ID: 13141
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13141
Summary:
Sun JavaMail is prone to a directory traversal vulnerability.  This arises
because the API fails to properly validate filenames in email attachments
received by the applet.

This issue was reported to affect JavaMail 1.3.2, however, earlier versions may
also be vulnerable.

62. Veritas i3 FocalPoint Server Unspecified Vulnerability
BugTraq ID: 13142
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13142
Summary:
Veritas i3 FocalPoint Server is prone to an unspecified vulnerability.  The
reporter of the vulnerability has rated it as critical.

i3 FocalPoint Server versions 7.1 and earlier are affected.

63. PHP Group PHP Multiple Unspecified Vulnerabilities
BugTraq ID: 13143
Remote: Unknown
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13143
Summary:
PHP is prone to multiple unspecified vulnerabilities.

PHP 5.0.3 and 4.3.10 are reported to be vulnerable.  Earlier versions may also
be affected.

64. Oracle Database Multiple SQL Injection Vulnerabilities
BugTraq ID: 13144
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13144
Summary:
Oracle database is reported prone to multiple SQL injection vulnerabilities. 
These issues exist due to insufficient sanitization of user-supplied data.

These issues can be exploited using malformed PL/SQL statements to pass
unauthorized SQL statements to the database.  Successful exploitation could
result in a compromise of the application, disclosure or modification of data,
or may permit an attacker to exploit vulnerabilities in the underlying database
implementation. 

Some of these issues may have been reported in BID 13139 (Oracle Multiple
Vulnerabilities) and addressed by the Oracle Critical Patch Update - April 2005.
 This cannot be confirmed at the moment.  

This BID will be updated and divided into individuals BIDs as more information
becomes available.

65. Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vuln...
BugTraq ID: 13145
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13145
Summary:
Oracle Database is reported prone to a buffer overflow vulnerability.

Reportedly this issue affects the 'MDSYS.MD2.SDO_CODE_SIZE' procedure.  An
attacker can supply excessive data to an affected routine resulting in
overflowing a destination buffer.  This issue can be leveraged to execute
arbitrary code and gain 'SYSDBA' privileges.

It is conjectured that authentication is required to carry out an attack.

This BID will be updated when more information is available.

66. JunkBuster Heap Corruption Vulnerability
BugTraq ID: 13146
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13146
Summary:
JunkBuster is prone to a heap corruption vulnerability during the filtering of
URI's.  This could potentially be exploited to execute arbitrary code.

67. JunkBuster Configuration Modification Vulnerability
BugTraq ID: 13147
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13147
Summary:
JunkBuster is prone to an issue that could allow a remote attacker to modify
configuration settings.  This could potentially compromise the privacy of the
user of the affected application.

68. ACNews Login.ASP SQL Injection Vulnerability
BugTraq ID: 13148
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13148
Summary:
ACNews is affected by an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

69. PHPBB2 Plus GroupCP.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13149
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13149
Summary:
phpBB2 Plus is affected by a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

70. PHPBB2 Plus Index.PHP Multiple Cross-Site Scripting Vulnerab...
BugTraq ID: 13150
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13150
Summary:
phpBB2 Plus is affected by multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

These issues affect phpBB2 Plus version 1.52 and earlier.

71. PHPBB2 Plus Portal.PHP Multiple Cross-Site Scripting Vulnera...
BugTraq ID: 13151
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13151
Summary:
phpBB2 Plus is affected by multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

These issues affect phpBB2 Plus version 1.52 and earlier.

72. PHPBB2 Plus ViewForum.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13152
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13152
Summary:
phpBB2 Plus is affected by a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

73. PHPBB2 Plus ViewTopic.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13153
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13153
Summary:
phpBB2 Plus is affected by a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

74. LG U8120 Mobile Phone MIDI File Remote Denial Of Service Vul...
BugTraq ID: 13154
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13154
Summary:
A remote denial of service vulnerability is reported to affect the LG U8120
Mobile Phone. The report indicates that the issue manifests when an affected
phone processes a malicious MIDI file.

75. PHPBB Photo Album Module Album_Search.PHP SQL Injection Vuln...
BugTraq ID: 13155
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13155
Summary:
Photo Album is affected by an SQL injection vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input before
using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

76. IBM iSeries AS400 POP3 Server Remote Information Disclosure ...
BugTraq ID: 13156
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13156
Summary:
IBM iSeries AS400 computers are reported prone to a remote information
disclosure vulnerability. The issue exists in the POP3 service that is installed
and runs by default on affected computers.

During authentication when a username is supplied the affected service will
reply with overly verbose status messages.

A remote attacker may employ these status messages to aid in the disclosure of
valid usernames during brute force attacks. Information that is harvested in
this manner may then be used to aid in further attacks.

77. PHPBB Photo Album Module Album_Cat.PHP Cross-Site Scripting ...
BugTraq ID: 13157
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13157
Summary:
Photo Album is affected by a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

78. PHPBB Photo Album Module Album_Comment.PHP Cross-Site Script...
BugTraq ID: 13158
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13158
Summary:
Photo Album is affected by a cross-site scripting vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

79. CPIO CHMod File Permission Modification Race Condition Weakn...
BugTraq ID: 13159
Remote: No
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13159
Summary:
cpio is prone to a security weakness. The issue is only present when an archive
is extracted into a world or group writeable directory. It has been reported
that cpio employs non-atomic procedures to write a file and later change the
permissions on the newly extracted file.

A local attacker may leverage this issue to modify file permissions of target
files.

This weakness affects cpio version 2.6 and previous versions.

80. IBM WebSphere Application Server Web Server Root JSP Source ...
BugTraq ID: 13160
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13160
Summary:
A remote JSP source disclosure vulnerability reportedly affects the IBM
WebSphere Application Server.  This issue is due to a failure of the application
to properly handle various requests under certain circumstances.

It should be noted that this issue only arises when the Web serve and
application server root directories reside in the same location; this is not the
default configuration.

An attacker may leverage this issue to disclose JSP source code, facilitating
code theft as well as potential further attacks.

81. S9Y Serendipity Exit.PHP SQL injection Vulnerability
BugTraq ID: 13161
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13161
Summary:
Serendipity is affected by an SQL injection vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input to the 
'exit.php' script before using it in an SQL query.

This vulnerability could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks.

82. Sumus Game Server Remote Buffer Overflow Vulnerability
BugTraq ID: 13162
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13162
Summary:
A remote buffer overflow vulnerability affects the Sumus game server. This issue
is due to a failure of the application to properly validate the length of
user-supplied strings prior to copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with superuser
privileges, facilitating unauthorized access and privilege escalation.

83. PHP Group Exif Module IFD Tag Integer Overflow Vulnerability
BugTraq ID: 13163
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13163
Summary:
PHP is prone to an integer overflow vulnerability in the EXIF module.  This
issue is exposed when malformed IFD (Image File Directory) tags are processed.

This issue could manifest itself in Web applications that allow users to upload
images.   Any other application that processes untrusted EXIF image data could
also be exposed to attacks.  Successful exploitation may allow for execution of
arbitrary code.

This vulnerability may be one of the issues described in BID 13143 "PHP Group
PHP Multiple Unspecified Vulnerabilities".

84. PHP Group Exif Module IFD Nesting Denial Of Service Vulnerab...
BugTraq ID: 13164
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13164
Summary:
PHP is prone to a denial of service vulnerability.  This issue occurs when
deeply nested EXIF IFD (Image File Directory) data is processed.

This issue could manifest itself in Web applications that allow users to upload
images.

This vulnerability may be one of the issues described in BID 13143 "PHP Group
PHP Multiple Unspecified Vulnerabilities".

85. Sun Java System Web Server Unspecified Denial of Service Vul...
BugTraq ID: 13165
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13165
Summary:
Sun Java System Web Server is prone to a remote denial of service vulnerability.
 This issue was reported to only affect the Java System Web Server on Windows
platforms.

86. Squid Proxy Aborted Connection Remote Denial Of Service Vuln...
BugTraq ID: 13166
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13166
Summary:
A remote denial of service vulnerability affects the Squid Proxy.  This issue is
due to a failure of the application to properly handle exceptional network
requests.  The problem presents itself when a remote attacker prematurely aborts
a connection during a PUT or POST request.

A remote attacker may leverage this issue to crash the affected Squid Proxy,
denying service to legitimate users.

87. Musicmatch Jukebox DiagCollectionControl.dll Arbitrary File ...
BugTraq ID: 13167
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13167
Summary:
Musicmatch Jukebox is prone to an arbitrary file overwrite vulnerability through
an ActiveX control marked safe for scripting.  This could allow a remote
attacker to overwrite any file to which the user running Musicmatch has write
permissions.

88. RSA Security RSA Authentication Agent For Web Remote Cross-S...
BugTraq ID: 13168
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13168
Summary:
A remote cross-site scripting vulnerability affects the RSA Security RSA
Authentication Agent for Web. This issue is due to a failure of the application
to properly sanitize user-supplied input prior to including it in dynamically
generated Web content.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks, due to the
nature of the application, bypassing authentication requirements may be
possible.

89. All4WWW-HomePageCreator Index.PHP Arbitrary Remote File Incl...
BugTraq ID: 13169
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13169
Summary:
All4WWW-Homepagecreator is affected by an arbitrary remote file include
vulnerability.  This issue is due to a failure in the application to properly
sanitize user-supplied input before using it in an 'include()' function call.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process.

90. SPHPBlog Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13170
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13170
Summary:
sphpBlog is affected by a cross-site scripting vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

This issue is reported to affect sphpBlog version 0.4.0; earlier versions may
also be vulnerable.

91. Sudo VISudo Insecure Temporary File Creation Vulnerability
BugTraq ID: 13171
Remote: No
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13171
Summary:
visudo is prone to an insecure temporary file creation vulnerability. However,
the issue can only manifest if the software is invoked on a sudoers file that is
contained in a world writable directory.

The visudo application creates a temporary file in the same directory as the
sudoers file that is being edited. The temporary file is named using a easily
predictable filename. 

An attacker may exploit this vulnerability to corrupt arbitrary files with
privileges of the superuser.

92. Oops! Proxy Server Auth Remote Format String Vulnerability
BugTraq ID: 13172
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13172
Summary:
Oops! Proxy Server is prone to a remote format string vulnerability. This issue
presents itself because the application fails to properly sanitize user-supplied
input prior to passing it as the format specifier to a formatted printing
function.

A successful attack may result in crashing the server or lead to arbitrary code
execution. This may facilitate unauthorized access or privilege escalation in
the context the server. 

Opps! versions prior to and including version 1.5.53 are reported prone to this
issue.

93. Musicmatch Jukebox Absolute Path Specification Weakness
BugTraq ID: 13173
Remote: No
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13173
Summary:
Musicmatch Jukebox does not use absolute paths to call applications.  This could
cause the application to execute an arbitrary file due to path precedence.  An
attacker would have to combine this weakness with a vulnerability that would
allow some malicious application to be saved to a specific location on the file
system.

94. Musicmatch Jukebox Unspecified Remote Buffer Overflow Vulner...
BugTraq ID: 13174
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13174
Summary:
An unspecified remote buffer overflow vulnerability affects Musicmatch Jukebox.
This issue is due to a failure of the application to properly validate the
length of user-supplied strings prior to copying them into static process
buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges
of the user that activated the vulnerable application. This may facilitate
unauthorized access or privilege escalation.

95. IlohaMail Email Message Remote HTML Injection Vulnerability
BugTraq ID: 13175
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13175
Summary:
IlohaMail is affected by an HTML injection vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input before
using it in dynamically generated content.

Attacker-supplied HTML and script code would be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
An attacker could also exploit this issue to control how the site is rendered to
the user; other attacks are also possible.

96. Opera SSL Security Feature Design Error Vulnerability
BugTraq ID: 13176
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13176
Summary:
Opera is prone to a design error that can result in a false sense of security.
The issue exists in a security feature that is available in Opera version 8 Beta
3. The new security feature displays the Organization name derived from an SSL
certificate in the Opera tab of an SSL secured site. 

Because the Organization name of an SSL certificate is not intended to be
unique, this issue may be exploited and result in a false sense of security for
users.

97. Yager Development Yager Game Data Block Buffer Overflow Vuln...
BugTraq ID: 13177
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13177
Summary:
A remote buffer overflow vulnerability affects Yager Development Yager Game.
This issue is due to a failure of the application to properly validate the
length of user-supplied, network derived strings prior to copying them into
static process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges
of the user that activated the vulnerable application. This may facilitate
unauthorized access or privilege escalation.

98. Yager Development Yager Game Nickname Buffer Overflow Vulner...
BugTraq ID: 13178
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13178
Summary:
A remote buffer overflow vulnerability affects Yager Development Yager Game.
This issue is due to a failure of the application to properly validate the
length of user-supplied, network derived strings prior to copying them into
static process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges
of the user that activated the vulnerable application. This may facilitate
unauthorized access or privilege escalation.

99. Yager Development Yager Game Data Block Denial Of Service Vu...
BugTraq ID: 13179
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13179
Summary:
A remote denial of service vulnerability affects the Yager Development Yager
Game.  This issue is due to a failure of the application to properly handle
exceptional network data.

An attacker may leverage this issue to freeze a multiplayer game that is
currently in progress; players will be forced to end their game to return to
normal functionality.

100. Kerio MailServer WebMail Remote Resource Exhaustion Vulnerab...
BugTraq ID: 13180
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13180
Summary:
Kerio MailServer is prone to a remote resource exhaustion vulnerability in the
WebMail service.  This issue is due to a failure of the application to properly
handle exceptional conditions.

A remote attacker may leverage this issue to cause the affected application to
hang, possibly denying service to legitimate users.

The vendor has addressed this issue in Kerio MailServer 6.0.9; earlier versions
are reported vulnerable.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Teenagers struggle with privacy, security issues
By: Robert Lemos

High-school students have a message for parents: We understand the technology
better than you. Security and privacy? We're dealing with it.
http://www.securityfocus.com/news/10940

2. Privacy groups assail future passport technology
By: Robert Lemos

The addition of a wireless data chip in next-generation
passports have privacy advocates concerned.

http://www.securityfocus.com/news/10908

3. Campaign seeks to defang Rafa's hacker image
By: Robert Lemos

Family and colleagues of a Venezuelan security expert known for defacing Web
sites under the name "Rafa" have launched a campaign to highlight the one-time
vandal's more benevolent acts.
http://www.securityfocus.com/news/10868

4. Unholy trio menace Firefox
By: John Leyden, The Register

The Mozilla Foundation has released updated versions of its popular Firefox
(version 1.0.3) and Mozilla (version 1.7.7) web browsers to correct a number of
recently discovered security flaws. The updates fix a trio of critical
vulnerabilities, two of which have become the subject of proof-of-concept hacker
exploits.
http://www.securityfocus.com/news/10945

5. Save us from spam
By: John Leyden, The Register

The majority of UK consumers and small businesses are yet to deploy anti-spam
filters. A poll of UK residential email users and SMEs published Monday found 57
per cent have no anti-spam filtering installed, leaving them unprotected from
spam, key logging and phishing attacks.
http://www.securityfocus.com/news/10939

6. Japan Internet takeover battle ends in alliance
By: Yuri Kageyama, The Associated Press

A rare takeover battle that gripped Japan ended in a $622 million deal Monday
when Internet service company Livedoor Inc. agreed to sell one of its divisions
to media conglomerate Fuji Television Network Inc.
http://www.securityfocus.com/news/10935

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Enig3 1.0.0
By: CCC Morocco Team
Relevant URL: http://www.ccc.ma/sw/enig3/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary: 

Enig3 is a free cryptography tool that can encrypt/decrypt content/data using
your own private generated 128 Bits Enig3-Key, was developed on CCC-Morocco
Labs, using the most complex cryptographic methodologies. It uses a
Flow-Encoding technique which is done in 3 phases...

2. NuFW 1.0.0
By: INL
Relevant URL: http://www.nufw.org
Platforms: Linux
Summary: 

NuFW performs an authentication of every single connections passing through the
IP filter, by transparently requesting user's credentials before any filtering
decision is taken. Practically, this brings the notion of user ID down to the IP
layers.

3. .NET Security Tool Kit 1.0
By: Foundstone Professional Services
Relevant URL:
http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subcontent=/s
ervices/overview_s3i
Platforms: Windows XP
Summary: 

The Foundstone S3i .NET Security Toolkit includes tools to help design, develop,
and test secure .NET software applications. The toolkit includes Validator.NET,
.NETMon, and the SecureUML Template.

4. SecureUML 1.0
By: Foundstone Professional Services
Relevant URL:
http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subcontent=/s
ervices/overview_s3i
Platforms: Windows XP
Summary: 

The SecureUML Visio template defines a custom Unified Modeling Language (UML)
dialect to help system architects build roles based access control systems
(RBAC).

5. Validator.NET 1.0
By: Foundstone Professional Services
Relevant URL:
http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subcontent=/s
ervices/overview_s3i
Platforms: Windows XP
Summary: 

Validator.NET enables developers to programmatically determine user input
locations that could be potentially exploited by hackers and provides proactive
steps to build data validation routines which are loaded into a protection
module. The tool helps eliminate common vulnerabilities such as SQL Injection
and Cross-Site Scripting.

6. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000, Windows
95/98, Windows NT, Windows XP
Summary: 

ldapenum is a perl script designed to enumerate system and password information
from domain controllers using the LDAP service when IPC$ is locked. The script
has been tested on windows and linux.

V. SECURITYJOBS LIST SUMMARY
----------------------------
1. [SJ-JOB] Sales Engineer, Boston, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396026

2. [SJ-JOB] Developer, Annapolis, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396025

3. [SJ-JOB] Management, Toronto, CA (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396024

4. [SJ-JOB] Security Engineer, Newark, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396023

5. [SJ-JOB] Certification & Accreditation Engineer, Atl... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396022

6. [SJ-JOB] Sales Engineer, Los Angeles, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396021

7. [SJ-JOB] Technical Support Engineer, Cupertino, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396020

8. [SJ-JOB] Security Researcher, Atlanta, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396019

9. [SJ-JOB] Channel / Business Development, New York, U... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396018

10. [SJ-JOB] Customer Service, San Diego, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396016

11. [SJ-JOB] Security Consultant, Cupertino, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396015

12. [SJ-JOB] Security Consultant, Wayne, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396014

13. [SJ-JOB] Security Consultant, Atlanta, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396013

14. [SJ-JOB] Security Engineer, Washington, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396012

15. [SJ-JOB] Sr. Security Analyst, South West Kansas, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396008

16. [SJ-JOB] Management, Houston, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396007

17. [SJ-JOB] Security Consultant, Springfield, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396004

18. [SJ-JOB] Information Assurance Engineer, Washington,... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396003

19. [SJ-JOB] Application Security Engineer, El Segundo, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396002

20. [SJ-JOB] Manager, Information Security, 10016, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/396001

21. [SJ-JOB] Security Consultant, St. Louis, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395954

22. [SJ-JOB] Manager, Information Security, new york, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395953

23. [SJ-JOB] Security Consultant, new york, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395952

24. [SJ-JOB] Product Strategist, San Diego, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395950

25. [SJ-JOB] Security System Administrator, San Francisc... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395948

26. [SJ-JOB] Manager, Information Security, Long Island,... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395679

27. [SJ-JOB] Sr. Security Engineer, Boston, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395678

28. [SJ-JOB] Security Researcher, San Francisco, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395676

29. [SJ-JOB] Security Engineer, Palo Alto, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395674

30. [SJ-JOB] Security Consultant, Schaumburg, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395672

31. [SJ-JOB] Manager, Information Security, Schaumburg, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395670

32. [SJ-JOB] Sales Engineer, Birmingham, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395669

33. [SJ-JOB] Sales Engineer, Minneapolis, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395667

34. [SJ-JOB] Sales Engineer, NYC/Edison,NJ, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395665

35. [SJ-JOB] Sales Engineer, Atlanta, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395664

36. [SJ-JOB] Security Engineer, South Bay area, CA, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395663

37. [SJ-JOB] Application Security Engineer, San Jose, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395662

38. [SJ-JOB] Sr. Security Engineer, Seattle, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395661

39. [SJ-JOB] Security Auditor, Toronto, CA (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395660

40. [SJ-JOB] Security Engineer, Toronto, CA (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395658

41. [SJ-JOB] Account Manager, Denver, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395657

42. [SJ-JOB] Channel / Business Development, San Francis... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395656

43. [SJ-JOB] Security Engineer, Edina, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395655

44. [SJ-JOB] Security Engineer, Huntsville, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395654

45. [SJ-JOB] Management, Sunnyvale, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395652

46. [SJ-JOB] Regional Channel Manager, Seattle or surrou... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395650

47. [SJ-JOB] Security Engineer, Washington, DC, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395649

48. [SJ-JOB] Security Consultant, Milwaukee, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395648

49. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395647

50. [SJ-JOB] Security Consultant, Chicago, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395646

51. [SJ-JOB] Security Consultant, Berks/Bucks, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395645

52. [SJ-JOB] Channel / Business Development, Berks/Bucks... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395644

53. [SJ-JOB] Account Manager, Berkshire/Bucks, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395643

54. [SJ-JOB] Sales Representative, ALL MAJOR CITIES, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395642

55. [SJ-JOB] Sales Engineer, North/South California and ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395641

56. [SJ-JOB] Sales Engineer, All major cities, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395640

57. [SJ-JOB] Security Architect, Denver, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395638

58. [SJ-JOB] Security Engineer, Denver, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395637

59. [SJ-JOB] Technology Risk Consultant, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395636

60. [SJ-JOB] Forensics Engineer, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395635

61. [SJ-JOB] Security Product Manager, Orange County, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395634

62. [SJ-JOB] Manager, Information Security, Redmond, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395633

63. [SJ-JOB] Application Security Architect, Redmond, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395632

64. [SJ-JOB] Sr. Security Engineer, Huntsville, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395631

65. [SJ-JOB] Sr. Security Analyst, Toledo, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395630

66. [SJ-JOB] Security Consultant, Geneva, CH (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395629

67. [SJ-JOB] Sr. Security Analyst, Flemington, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/395628

VI. INCIDENTS LIST SUMMARY
--------------------------
1. UDP port 1026 probe? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/396093

2. Attacks vs Probes (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/396089

3. What to do if they ignore you (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/396056

4. [incidents] What to do if they ignore you (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/395800

5. Gathering volatile information (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/395795

VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Any way to automatically change arbitrary headers of... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/396088

2. IBM WebSphere Widespread configuration JSP disclosur... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/395789

3. pwdx argv buffer overflow vulnerability (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/395592

VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Re: using certificates in Outlook for encryption (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/396145

2. using certificates in Outlook for encryption (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/396139

3. Windows Server 2003 Service Pack 1 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/396138

4. Fw:  using certificates in Outlook for encryption (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/396137

5. Windows XP SP2 update (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/396010

6. _Minimizing Windows Server 2003 network services_ pa... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/395821

7. SecurityFocus Microsoft Newsletter #236 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/395616

IX. SUN FOCUS LIST SUMMARY
--------------------------
1. (mis)using RBAC... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/92/396199

X. LINUX FOCUS LIST SUMMARY
---------------------------
1. PAKCON II:  Call for Papers (CfP - 2005) (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/396097

2. Announcing PAKCON II (2005)! (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/396095

3. Any way to automatically change arbitrary headers of... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/396045

XI. BOOK EXCERPTS
----------------------------
1. Google Hacking for Penetration Testers by Johnny Long (Syngress)
Chapter 8 discusses tracking down Web servers, login portals, and network
hardware .
http://www.securityfocus.com/excerpts/syngress

2. Buffer Overflow Attacks by James C. Foster (Syngress)
Chapter 7 looks at format string attacks, what they are and how to defend
against them.
http://www.securityfocus.com/excerpts/syngress-1

3. The Art of Computer Virus Research and Defense, by Peter Szor (Symantec)
Chapter 9 presents the strategies of computer worms in detail.
http://www.securityfocus.com/excerpts/symantec
[ terug ]