Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #301
------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Web Browser Forensics, Part 2
     2. Microsoft Anti-Virus?
     3. Chrooted Snort on Solaris
     4. Permission to Simplify
II. BUGTRAQ SUMMARY
     1. HTMLJunction EZGuestbook Guestbook.mdb Database Disclosure V...
     2. Mozilla Firefox Install Method Remote Arbitrary Code Executi...
     3. PHPBB Unspecified BBCode.PHP Vulnerability
     4. Orenosv HTTP/FTP Server FTP Commands Remote Buffer Overflow ...
     5. Net56 Browser Based File Manager SQL Injection Authenticatio...
     6. Advanced Guestbook Index.PHP Entry Parameter SQL Injection V...
     7. Orenosv HTTP/FTP Server CGISSI.EXE Remote Buffer Overflow Vu...
     8. NiteEnterprises Remote File Manager Denial of Service Vulner...
     9. Easy Message Board Directory Traversal Vulnerability
     10. Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulner...
     11. AOL Instant Messenger Smiley Icon Location Remote Denial Of ...
     12. Positive Software Corporation SiteStudio HTML Injection Vuln...
     13. Easy Message Board Remote Command Execution Vulnerability
     14. NukeScripts NukeSentinel Input Validation Vulnerability
     15. PHP Nuke Double Hex Encoded Input Validation Vulnerability
     16. DataTrac Remote Denial of Service Vulnerability
     17. Positive Software H-Sphere Winbox Sensitive Logfile Content ...
     18. CodeThat.com CodeThatShoppingCart Multiple Input Validation ...
     19. PWSPHP Multiple Cross-Site Scripting Vulnerabilities
     20. IETF IPSEC Protocol Encapsulating Security Payload Vulnerabi...
     21. PWSPHP Profil.PHP SQL Injection Vulnerability
     22. Microsoft SQL Server 2000 Multiple Vulnerabilities
     23. Apple iTunes MPEG4 Parsing Buffer Overflow Vulnerability
     24. Sun StorEdge 6130 Array Unauthorized Access Vulnerability
     25. Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerabili...
     26. WoltLab Burning Board Unspecified Vulnerability
     27. WowBB View_User.PHP SQL Injection Vulnerability
     28. NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerabi...
     29. GeoVision Digital Surveillance System Unauthorized JPEG Imag...
     30. e107 Website System Search.PHP Remote File Include Vulnerabi...
     31. e107 Website System Request.PHP Directory Traversal Vulnerab...
     32. Subject Search Server Search For Variable HTML Injection Vul...
     33. Fusion SBX Authentication Bypass Vulnerability
     34. e107 Website System Forum_viewforum.PHP SQL Injection Vulner...
     35. e107 Website System Global Variables Unauthorized Access Vul...
     36. MyServer Cross-Site Scripting Vulnerability
     37. MyServer Remote Directory Listing Vulnerability
     38. ASP Virtual News Manager Admin_Login.ASP SQL Injection Vulne...
     39. Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scr...
     40. Gzip Zgrep Arbitrary Command Execution Vulnerability
     41. HT Editor ELF Parser Unspecified Remote Heap Overflow Vulner...
     42. LibTIFF TIFFOpen Buffer Overflow Vulnerability
     43. HT Editor PE Parser Unspecified Remote Buffer Overflow Vulne...
     44. Sun Solaris automountd Local Denial Of Service Vulnerability
     45. Linux Kernel ELF Core Dump Local Buffer Overflow Vulnerabili...
     46. Gaim Remote URI Handling Buffer Overflow Vulnerability
     47. Gaim Remote MSN Empty SLP Message Denial Of Service Vulnerab...
     48. Squid Proxy Unspecified DNS Spoofing Vulnerability
     49. PixySoft Guestbook Pro Multiple HTML Injection Vulnerabiliti...
     50. BakBone NetVault Unspecified Heap Overflow Vulnerability
     51. Cisco Catalyst 6500/7600 Series Firewall Services Module ACL...
     52. Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilit...
     53. Woppoware PostMaster Multiple Input Validation and Informati...
     54. ShowOff! Digital Media Software Multiple Remote Vulnerabilit...
     55. Open Solution Quick.Cart Index.PHP Cross-Site Scripting Vuln...
     56. BoastMachine Remote Arbitrary File Upload Vulnerability
     57. MaxWebPortal Multiple Remote Vulnerabilities
     58. Open Solution Quick.Forum NewTopic HTML Injection Vulnerabil...
     59. Apple QuickTime Quartz Composer File Information Disclosure ...
     60. APG Technology ClassMaster Unauthorized Folder Access Vulner...
     61. Bugzilla Authentication Information Disclosure Vulnerability
     62. Bugzilla Hidden Product Information Disclosure Vulnerability
     63. Microsoft Windows Media Player Digital Rights Management Arb...
     64. DirectTopics Topic.PHP SQL Injection Vulnerability
     65. DirectTopics HTML Injection Vulnerability
     66. Bug Report Multiple HTML Injection Vulnerabilities
     67. Ibas ExpertEraser Improper Disk Wipe Vulnerability
     68. 1Two News Multiple HTML Injection Vulnerabilities
     69. Acrowave AAP-3100AR Wireless Router Authentication Bypass Vu...
     70. OllyDbg INT3 Format String Vulnerability
     71. Kerio MailServer Multiple Remote Denial of Service Vulnerabi...
     72. PHPBB Attachment Mod Unspecified Realname Vulnerability
     73. BakBone NetVault Remote Heap Overflow Code Execution Vulnera...
     74. All Enthusiast PhotoPost PHP Pro Member.PHP SQL Injection Vu...
     75. Ultimate PHP Board ViewForum.PHP Cross-Site Scripting Vulner...
     76. Ultimate PHP Board ViewForum.PHP SQL Injection Vulnerability
     77. Booby Private Bookmark Disclosure Vulnerability
     78. OpenBB Read.PHP SQL Injection Vulnerability
     79. OpenBB Member.PHP Cross-Site Scripting Vulnerability
     80. Yahoo! Messenger URL Handler Remote Denial Of Service Vulner...
     81. PHPHeaven PHPMyChat Start-Page.CSS.PHP3 Cross-Site Scripting...
     82. PHPHeaven PHPMyChat Style.CSS.PHP3 Cross-Site Scripting Vuln...
III. SECURITYFOCUS NEWS ARTICLES
     1. Microsoft looks to "monkeys" to find Web threats
     2. Firefox's security coming under scrutiny
     3. Microsoft fortifies monthly patches with interim advisories
     4. Phishing gets personal
     5. Sober infected PCs spew right-wing 'hate spam'
     6. Google puts the brake on Web Accelerator
IV. SECURITYFOCUS TOP 6 TOOLS
     1. tcpdump for Windows 1.0 beta
     2. CIRT.DK SMTP Relay Scanner 1.4
     3. Assimilator 1.0.0
     4. Netfilter2html 0.9
     5. Cenzic Hailstorm 2.0
     6. VForce 2.1.008
V. SECURITYJOBS LIST SUMMARY
     1. [SJ-JOB] Information Assurance Analyst, Virginia Bea... (Thread)
     2. [SJ-JOB] Security Product Manager, Bay Area, US (Thread)
     3. [SJ-JOB] Security Consultant, Houston, US (Thread)
     4. [SJ-JOB] Information Assurance Engineer, Washington,... (Thread)
     5. [SJ-JOB] Security Product Manager, San Mateo, US (Thread)
     6. [SJ-JOB] Manager, Information Security, Baltimore, U... (Thread)
     7. [SJ-JOB] Security Product Manager, San Diego, US (Thread)
     8. [SJ-JOB] Security Architect, Flemington, US (Thread)
     9. [SJ-JOB] Sr. Product Manager, San Diego, US (Thread)
     10. [SJ-JOB] Security Researcher, San Diego, US (Thread)
     11. [SJ-JOB] Sr. Security Engineer, San Diego, US (Thread)
     12. [SJ-JOB] Sales Representative, San Diego, US (Thread)
     13. [SJ-JOB] Security Product Marketing Manager, Redwood... (Thread)
     14. [SJ-JOB] Security Researcher, Dublin, IE (Thread)
     15. [SJ-JOB] Security Product Marketing Manager, Cuperti... (Thread)
     16. [SJ-JOB] Director, Information Security, Herndon, US (Thread)
     17. [SJ-JOB] Technology Risk Consultant, London, GB (Thread)
     18. [SJ-JOB] Sr. Security Analyst, San Francisco, US (Thread)
     19. [SJ-JOB] Security Product Manager, Redwood City, US (Thread)
     20. [SJ-JOB] CSO, Washington, US (Thread)
     21. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
     22. [SJ-JOB] Sales Engineer, Boston, US (Thread)
     23. [SJ-JOB] Security Architect, Herndon, US (Thread)
     24. [SJ-JOB] Security Engineer, Herndon, US (Thread)
     25. [SJ-JOB] Sales Representative, Washington D.C, US (Thread)
     26. [SJ-JOB] Director, Information Security, Maryland Ea... (Thread)
     27. [SJ-JOB] Application Security Engineer, Mountain Vie... (Thread)
     28. [SJ-JOB] Security Consultant, London + UK wide, GB (Thread)
     29. [SJ-JOB] Developer, Palo Alto, US (Thread)
     30. [SJ-JOB] Security Engineer, San Jose, US (Thread)
     31. [SJ-JOB] Evangelist, Atlanta, US (Thread)
     32. [SJ-JOB] Certification & Accreditation Engineer, Fre... (Thread)
     33. [SJ-JOB] Sales Representative, Roseville, US (Thread)
     34. [SJ-JOB] Sr. Security Engineer, Roseville, US (Thread)
     35. [SJ-JOB] Quality Assurance, Lexington, US (Thread)
     36. [SJ-JOB] Technical Marketing Engineer, Lexington, US (Thread)
     37. [SJ-JOB] Security Architect, Denver, US (Thread)
     38. [SJ-JOB] Technology Risk Consultant, Los Angeles, US (Thread)
     39. [SJ-JOB] Security Consultant, Chicago, US (Thread)
     40. [SJ-JOB] Security Consultant, Milwaukee, US (Thread)
     41. [SJ-JOB] Management, San Francisco, US (Thread)
     42. [SJ-JOB] Sr. Security Engineer, San Jose, US (Thread)
     43. [SJ-JOB] Security Product Marketing Manager, San Die... (Thread)
     44. [SJ-JOB] Evangelist, Miami, US (Thread)
     45. [SJ-JOB] Security System Administrator, Washington, ... (Thread)
     46. [SJ-JOB] Manager, Information Security, Boca Raton, ... (Thread)
     47. [SJ-JOB] Sales Engineer, Los Angeles, US (Thread)
     48. [SJ-JOB] Sr. Product Manager, Alexandria, US (Thread)
     49. [SJ-JOB] Security Engineer, Albany, US (Thread)
VI. INCIDENTS LIST SUMMARY
     1. Administrivia: SF new article: Web Browser Forensics... (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
     1. New Free Tool - Foundstone .NET Mon (Thread)
     2. Ethereal v0.9.13 to v0.10.10 DISTCC Denial of Servic... (Thread)
     3. top (procps-2.0.7-25) vulnerability (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
     1. Set ACL on Application and Security logs (Thread)
     2. To disable SMB packet and secure channel signing enf... (Thread)
     3. Encrypting remote files with EFS (Thread)
     4. M$ SQL Server SP 4 (Thread)
     5. SecurityFocus Microsoft Newsletter #240 (Thread)
IX. SUN FOCUS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2005-05-10 to 2005-05-17.
X. LINUX FOCUS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2005-05-10 to 2005-05-17.
XI. BOOK EXCERPTS
XII. UNSUBSCRIBE INSTRUCTIONS
XIII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Web Browser Forensics, Part 2
By Keith J. Jones and Rohyt Belani
Part 2 of this web browser forensics series looks at reconstructing Mozilla
Firefox' cache in order to catch an internal hacker using an
administrator's account.
http://www.securityfocus.com/infocus/1832

2. Microsoft Anti-Virus?
By Kelly Martin
Microsoft's announcement that it will enter the AV market next year, with
initial trials starting next week, could be a sign of many things to come.
http://www.securityfocus.com/columnists/325

2. Chrooted Snort on Solaris
By Andre Lue-Fook-Sang
This article discussed installation and configuration of a chrooted Snort
IDS on most versions of Solaris.
http://www.securityfocus.com/infocus/1833

4. Permission to Simplify
By Mark Burnett
Complexity in Microsoft's software does little but hinder people from using
their good security features, and the current state of Windows file
permissions is a perfect example.
http://www.securityfocus.com/columnists/326

II. BUGTRAQ SUMMARY
-------------------
1. HTMLJunction EZGuestbook Guestbook.mdb Database Disclosure V...
BugTraq ID: 13543
Remote: Yes
Date Published: May 07 2005
Relevant URL: http://www.securityfocus.com/bid/13543
Summary:
HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote
users may download the database file 'guestbook.mdb' and gain access to
sensitive information. The attacker would carry out this attack by directly
requesting the database file through an HTTP GET request.

2. Mozilla Firefox Install Method Remote Arbitrary Code Executi...
BugTraq ID: 13544
Remote: Yes
Date Published: May 07 2005
Relevant URL: http://www.securityfocus.com/bid/13544
Summary:
Mozilla Firefox is prone to a security vulnerability that could result in the
execution of arbitrary code without requiring user interaction. 

Initial analysis of the vulnerability reveals that the vulnerability relies on a
three-stage attack that may lead to an arbitrary script gaining
'UniversalXPConnect' privileges. 

It was observed that this issue might be exploited remotely to take arbitrary
actions on the vulnerable computer in the context of the user that is running
the affected browser.

This vulnerability is reported in all versions of Mozilla Firefox browsers up to
1.0.3.

To be exploitable, a Web site listed in a victim user's configuration to allow
extension installation must be susceptible to a cross-site scripting
vulnerability. By default, 'update.mozilla.org', and 'addon.mozilla.org' are
both listed as trusted Web sites for extension installation.

*Update: The cross-site scripting vulnerability that the publicly available
exploit relied on in the mozilla.org domain has been fixed. This issue is no
longer exploitable through this public attack vector.

3. PHPBB Unspecified BBCode.PHP Vulnerability
BugTraq ID: 13545
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13545
Summary:
The phpbb vendor reports that a critical unspecified vulnerability exists in the
BBCode handling routines of the 'bbcode.php' script.

Very little is known about this vulnerability except that the vendor has
reported that it is addressed in phpBB version 2.0.15.

This BID will be updated when further analysis of this issue is complete.

4. Orenosv HTTP/FTP Server FTP Commands Remote Buffer Overflow ...
BugTraq ID: 13546
Remote: Yes
Date Published: May 08 2005
Relevant URL: http://www.securityfocus.com/bid/13546
Summary:
The FTP server shipped with Orenosv HTTP/FTP is prone to a remote buffer
overflow vulnerability.

This issue presents itself when the application handles excessive values
supplied as file names through various FTP commands.

If a successful attack results in memory corruption, this issue can be leveraged
to cause a denial of service condition or arbitrary code execution.

Orenosv HTTP/FTP Server 0.8.1 is reportedly vulnerable, however, other versions
may be affected as well.

5. Net56 Browser Based File Manager SQL Injection Authenticatio...
BugTraq ID: 13547
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13547
Summary:
Net56 Browser Based File Manager is prone to an SQL injection vulnerability that
could allow unauthorized users to log on as any user of the application without
providing a password.

This issue was reported to affect Net56 Browser Based File Manager 1.0; other
versions may be vulnerable.

6. Advanced Guestbook Index.PHP Entry Parameter SQL Injection V...
BugTraq ID: 13548
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13548
Summary:
Advanced Guestbook is prone to an SQL injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

This issue reportedly affects Advanced Guestbook version 2.3.1; other versions
may also be vulnerable.

7. Orenosv HTTP/FTP Server CGISSI.EXE Remote Buffer Overflow Vu...
BugTraq ID: 13549
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13549
Summary:
Orenosv HTTP/FTP server is prone to a remote buffer overflow vulnerability that
affects 'cgissi.exe'.

This issue presents itself when the application handles excessive values
supplied through an SSI command name.

A successful attack can result in memory corruption and can be leveraged to
cause a denial of service condition or arbitrary code execution. Arbitrary code
execution can result in a remote compromise in the context of the server.

Orenosv HTTP/FTP Server 0.8.1 is reportedly vulnerable, however, other versions
may be affected as well.

8. NiteEnterprises Remote File Manager Denial of Service Vulner...
BugTraq ID: 13550
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13550
Summary:
NiteEnterprises Remote File Manager is prone to a remote denial of service
vulnerability.  This issue may be due to an inability of the application to
handle unexpected data.

NiteEnterprises Remote File Manager 1.0 was reported to be affected by this
issue; other versions may be vulnerable.

9. Easy Message Board Directory Traversal Vulnerability
BugTraq ID: 13551
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13551
Summary:
Easy Message Board is prone to a directory traversal vulnerability that could
allow attackers to read files outside the Web root.

10. Sun Solaris NIS+ Unspecified Remote Denial Of Service Vulner...
BugTraq ID: 13552
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13552
Summary:
The rpc.nisd NIS+ daemon on Sun Solaris is vulnerable to an unspecified remote
denial of service vulnerability.

This issue allows remote, unprivileged users to either crash the affected daemon
process, or to cause the process to enter into an infinite loop, consuming CPU
resources. These actions may block legitimate users from utilizing the NIS+
service.

Repeated attacks may result in disabling all NIS+ servers in a network, leading
to a sustained denial of service for the directory service. This would likely
cause all dependent services and authentication processes to fail.

Sun Solaris versions 7, 8, and 9 are affected by this issue.

This BID will be updated as further information is disclosed.

11. AOL Instant Messenger Smiley Icon Location Remote Denial Of ...
BugTraq ID: 13553
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13553
Summary:
AOL Instant Messenger is reported prone to a remote denial of service
vulnerability.

The issue manifests when the affected client application handles a chat
invitation, a file transfer, or a game request that contains 'smiley' HTML code
that passes invalid data as the location of the 'smiley' icon.

Reports indicate that the issue manifests because of a buffer overflow condition
this, however, is not confirmed.

A remote attacker may leverage this condition to crash a target AOL Instant
Messenger client. Other attacks may also be possible.

12. Positive Software Corporation SiteStudio HTML Injection Vuln...
BugTraq ID: 13554
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13554
Summary:
SiteStudio is prone to an HTML injection vulnerability.

Attacker-supplied HTML and script code may be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
 An attacker could also exploit this issue to control how the site is rendered
to the user; other attacks are also possible.

13. Easy Message Board Remote Command Execution Vulnerability
BugTraq ID: 13555
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13555
Summary:
Easy Message Board is prone to a remote command execution vulnerability.  This
issue is due to a failure in the application to properly sanitize user-supplied
input.

14. NukeScripts NukeSentinel Input Validation Vulnerability
BugTraq ID: 13556
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13556
Summary:
NukeScripts NukeSentinel is prone to an input validation vulnerability. Reports
indicate the script fails to correctly identify potentially dangerous characters
when the characters are hex-encoded (i.e. %41 == A).

A remote attacker may exploit this issue to bypass NukeSentinel protections and
exploit issues that exist in the underlying PHP Nuke installation.

15. PHP Nuke Double Hex Encoded Input Validation Vulnerability
BugTraq ID: 13557
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13557
Summary:
PHP Nuke is prone to an input validation vulnerability. Reports indicate the
script fails to correctly identify potentially dangerous characters when the
characters are double hex-encoded (i.e. %25%41 == %41 == A).

A remote attacker may exploit this issue to bypass PHP Nuke protections and
exploit issues that exist in the underlying PHP Nuke installation.

16. DataTrac Remote Denial of Service Vulnerability
BugTraq ID: 13558
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13558
Summary:
DataTrac is prone to a remote denial of service vulnerability.

The program crashes if a long string is sent to the service.  A malformed
unexpected request may trigger this issue as well.

DataTrac 1.1 was reported to be vulnerable.

17. Positive Software H-Sphere Winbox Sensitive Logfile Content ...
BugTraq ID: 13559
Remote: No
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13559
Summary:
It is reported that Positive Software H-Sphere Winbox stores user account
information in a plaintext format inside of application log files.

As a result, user credentials could be exposed to other local users who have
permissions to access the log files.

18. CodeThat.com CodeThatShoppingCart Multiple Input Validation ...
BugTraq ID: 13560
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13560
Summary:
CodeThatShoppingCart is reportedly affected by multiple input validation
vulnerabilities.  These issues may allow remote attackers to carry out
cross-site scripting and SQL injection attacks.  An attacker may also
potentially disclose sensitive data.

CodeThatShoppingCart 1.3.1 was reported to be vulnerable.  Other versions may be
affected as well.

19. PWSPHP Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13561
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13561
Summary:
PwsPHP is prone to multiple cross-site scripting vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

The vendor has addressed these issues in PwsPHP version 1.2.3; earlier versions
are reported vulnerable.

20. IETF IPSEC Protocol Encapsulating Security Payload Vulnerabi...
BugTraq ID: 13562
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13562
Summary:
A vulnerability affects certain configurations of IPSec.

When IPSec is configured to employ Encapsulating Security Payload (ESP) in
tunnel mode with confidentiality only, where Authentication Header (AH) is not
being used to provide packet integrity protection, certain attacks against the
IPSec protocol are possible.

Reports indicate that these attacks may also potentially be possible against
IPSec when AH is in use, but only under certain unspecified configurations.

The reported attacks take advantage of the fact that no ESP packet payload
integrity checks exist when ESP is configured in the vulnerable aforementioned
manner.

This issue may be leveraged by an attacker to reveal plaintext IP datagrams and
potentially sensitive information. Information harvested in this manner may be
used to aid in further attacks.

This BID will be updated as further information is made available.

21. PWSPHP Profil.PHP SQL Injection Vulnerability
BugTraq ID: 13563
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13563
Summary:
PwsPHP is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

The vendor has addressed this issue in PwsPHP version 1.2.3; earlier versions
are reported vulnerable.

22. Microsoft SQL Server 2000 Multiple Vulnerabilities
BugTraq ID: 13564
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13564
Summary:
Microsoft has released Microsoft SQL Server 2000 Service Pack 4.  This release
addresses various potential security vulnerabilities.  If exploited, these
issues may allow remote attackers to cause denial of service conditions, bypass
database policy, disclose sensitive information, and potentially execute
arbitrary code.

23. Apple iTunes MPEG4 Parsing Buffer Overflow Vulnerability
BugTraq ID: 13565
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13565
Summary:
Apple iTunes MPEG4 file parsing is prone to a buffer overflow.  A specifically
malformed MPEG4 file could trigger this overflow, causing a denial of service or
execution of arbitrary code.

This vulnerability was addressed in iTunes 4.8; all earlier versions are likely
affected.

24. Sun StorEdge 6130 Array Unauthorized Access Vulnerability
BugTraq ID: 13566
Remote: Yes
Date Published: May 09 2005
Relevant URL: http://www.securityfocus.com/bid/13566
Summary:
StorEdge 6130 Array is affected by an unauthorized access vulnerability.

A successful attack may lead to a denial of service condition due to data
corruption or deletion.  Other attacks may be possible as well.

StorEdge 6130 arrays with serial numbers in the range of 0451AWF00G to
0513AWF00J are affected by this issue.

Due to a lack of details, further information is not available at the moment. 
This BID will be updated when more information becomes available.

25. Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerabili...
BugTraq ID: 13567
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13567
Summary:
A remote buffer overflow vulnerability affects Ethereal. This issue is due to a
failure of the application to securely copy network-derived data into sensitive
process buffers.  The specific issue exists in the DISTCC protocol dissector.

An attacker may exploit this issue to execute arbitrary code with the privileges
of the user that activated the vulnerable application. This may facilitate
unauthorized access or privilege escalation.

This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10.

Note that this issue was originally disclosed in BID 13504.

26. WoltLab Burning Board Unspecified Vulnerability
BugTraq ID: 13568
Remote: Unknown
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13568
Summary:
WoltLab Burning Board is prone to an unspecified vulnerability.  The cause of
this issue is currently unknown.

This issue may be related to BID 13325 or 13353, however this is unconfirmed.

27. WowBB View_User.PHP SQL Injection Vulnerability
BugTraq ID: 13569
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13569
Summary:
WowBB is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input prior to
using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

28. NukeET Base64 Codigo Variable Cross-Site Scripting Vulnerabi...
BugTraq ID: 13570
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13570
Summary:
NukeET is prone to a cross-site scripting vulnerability.

The source of this issue is that HTML and script code is not properly sanitized
from URI variables before being output in a dynamically generated Web page. 
However, to successfully trigger the issue, HTML and script code may be
Base64-encoded when passed as a URI variable argument.

An attacker may exploit the issue by enticing a user to following a link that
includes hostile Base64-encoded HTML and script code.  The malicious input will
be decoded by the application and may then be rendered in the browser of the
user who visits the link.

29. GeoVision Digital Surveillance System Unauthorized JPEG Imag...
BugTraq ID: 13571
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13571
Summary:
GeoVision Digital Surveillance System is prone to a vulnerability that allows
remote unauthorized attackers to view JPEG images stored on a server.  

This issue results from an access validation error.

GeoVision Digital Surveillance System versions 6.04 or 6.1 are reportedly
vulnerable.

30. e107 Website System Search.PHP Remote File Include Vulnerabi...
BugTraq ID: 13572
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13572
Summary:
e107 Website System is prone to a remote file include vulnerability.  An
attacker may leverage this issue to execute arbitrary server-side script code on
an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.

31. e107 Website System Request.PHP Directory Traversal Vulnerab...
BugTraq ID: 13573
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13573
Summary:
e107 Website System is prone to a directory traversal vulnerability.  This issue
could be exploited to obtain the contents of arbitrary files on the vulnerable
computer.

32. Subject Search Server Search For Variable HTML Injection Vul...
BugTraq ID: 13574
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13574
Summary:
Subject Search Server is prone to an HTML injection vulnerability.

The source of this issue is that HTML and script code is not properly sanitized
from user-supplied input before being output in a dynamically generated Web
page.  The malicious input may then be rendered in the browser of the user who
visits the page containing the input.

33. Fusion SBX Authentication Bypass Vulnerability
BugTraq ID: 13575
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13575
Summary:
Fusion SBX is prone to a vulnerability that may let remote attackers bypass
authentication.  

The specific issue is inadequate access validation of user-supplied variables. 
Once authentication has been bypassed, the attacker may be able to execute
arbitrary PHP code.

34. e107 Website System Forum_viewforum.PHP SQL Injection Vulner...
BugTraq ID: 13576
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13576
Summary:
e107 Website System is prone to an SQL injection vulnerability.  This
vulnerability could permit remote attackers to pass malicious input to database
queries, resulting in modification of query logic or other attacks.

35. e107 Website System Global Variables Unauthorized Access Vul...
BugTraq ID: 13577
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13577
Summary:
e107 Website System is prone to a vulnerability that can allow remote attackers
to gain complete unauthorized access to an affected Web site or the database
used by the application.

36. MyServer Cross-Site Scripting Vulnerability
BugTraq ID: 13578
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13578
Summary:
myServer is prone to a cross-site scripting vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

This issue reportedly affects myServer version 0.8 for Microsoft Windows; other
versions may also be affected.

37. MyServer Remote Directory Listing Vulnerability
BugTraq ID: 13579
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13579
Summary:
myServer is prone to a remote directory listing vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

A remote attacker can disclose the contents of the directory above the
configured Web document root. 

An attacker may leverage this issue to gain access to sensitive information by
disclosing a directory listing; information disclosed in this way could lead to
further attacks against the target system.

This issue reportedly affects myServer version 0.8 for Microsoft Windows; other
versions may also be affected.

38. ASP Virtual News Manager Admin_Login.ASP SQL Injection Vulne...
BugTraq ID: 13580
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13580
Summary:
ASP Virtual News Manager is prone to an SQL injection vulnerability.  This issue
is due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

39. Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scr...
BugTraq ID: 13581
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13581
Summary:
Macromedia ColdFusion MX 7 is prone to a cross-site scripting vulnerability when
utilizing the JRun Web Server.  This issue is due to a failure in the
application to properly sanitize user-supplied input prior to using it in
dynamically generated content.

Macromedia JRun Web Server comes packaged with ColdFusion MX 7, users of that
application are advised to upgrade their ColdFusion MX 7 installation.

40. Gzip Zgrep Arbitrary Command Execution Vulnerability
BugTraq ID: 13582
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13582
Summary:
zgrep is reportedly affected by an arbitrary command execution vulnerability.

An attacker may execute arbitrary commands through zgrep command arguments to
potentially gain unauthorized access to the affected computer.  It should be
noted that this issue only poses a security threat if the arguments originate
from a malicious source.

zgrep 1.2.4 was reported vulnerable.  Other versions may be affected as well.

41. HT Editor ELF Parser Unspecified Remote Heap Overflow Vulner...
BugTraq ID: 13584
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13584
Summary:
HT Editor is affected by an unspecified heap overflow vulnerability.

Specific details about this issue are not currently available.  It is known that
this vulnerability affects the ELF parser.

A successful attack may result in arbitrary code execution and allow the
attacker to gain unauthorized access to the vulnerable computer.

HT Editor 0.8.0 and prior versions are affected by this issue.

42. LibTIFF TIFFOpen Buffer Overflow Vulnerability
BugTraq ID: 13585
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13585
Summary:
LibTIFF is prone to a buffer overflow vulnerability.  The issue occurs in the
TIFFOpen() function when malformed TIFF files are opened.  Successful
exploitation could lead to arbitrary code execution.

43. HT Editor PE Parser Unspecified Remote Buffer Overflow Vulne...
BugTraq ID: 13587
Remote: Yes
Date Published: May 10 2005
Relevant URL: http://www.securityfocus.com/bid/13587
Summary:
HT Editor is affected by an unspecified buffer overflow vulnerability.

Specific details about this issue are not currently available. It is known that
this vulnerability affects the PE parser.

A successful attack may result in arbitrary code execution and allow the
attacker to gain unauthorized access to the vulnerable computer.

HT Editor 0.8.0 and prior versions are affected by this issue.

44. Sun Solaris automountd Local Denial Of Service Vulnerability
BugTraq ID: 13588
Remote: No
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13588
Summary:
Sun Solaris automountd is prone to a denial of service vulnerability.  This
condition may be exploited by local attackers to kill the automountd service,
denying availability of autofs file systems to legitimate users and
applications.

45. Linux Kernel ELF Core Dump Local Buffer Overflow Vulnerabili...
BugTraq ID: 13589
Remote: No
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13589
Summary:
The Linux kernel is susceptible to a local buffer overflow vulnerability when
attempting to create ELF core dumps. This issue is due to an integer overflow
flaw that results in a kernel buffer overflow during a copy_from_user() call.

To exploit this vulnerability, a malicious user creates a malicious ELF
executable designed to create a negative 'len' variable in elf_core_dump().

This vulnerability may be exploited by local users to execute arbitrary machine
code in the context of the kernel, facilitating privilege escalation.

46. Gaim Remote URI Handling Buffer Overflow Vulnerability
BugTraq ID: 13590
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13590
Summary:
Gaim is susceptible to a remote buffer overflow vulnerability when handling long
URIs. This issue is due to a failure of the application to properly bounds check
user-supplied input data prior to copying it to a fixed-size stack buffer.

Due to the multiple protocol support of Gaim, and the nature of the differing IM
protocols, only some of the IM networks are reported vulnerable. This is due to
message length limits imposed by the IM networks. Currently, the Jabber, and
SILC IM network protocols are known to be vulnerable. Other protocols may also
be affected.

This vulnerability allows remote attackers to execute arbitrary machine code in
the context of the affected application.

Gaim versions prior to 1.3.0 are vulnerable to this issue.

47. Gaim Remote MSN Empty SLP Message Denial Of Service Vulnerab...
BugTraq ID: 13591
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13591
Summary:
Gaim is susceptible to a remote denial of service vulnerability in its MSN
protocol handling code.

This vulnerability allows remote attackers to crash affected clients, denying
service to them.

Gaim versions prior to 1.3.0 are vulnerable to this issue.

48. Squid Proxy Unspecified DNS Spoofing Vulnerability
BugTraq ID: 13592
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13592
Summary:
Squid Proxy is prone to an unspecified DNS spoofing vulnerability.  This could
allow malicious users to perform DNS spoofing attacks on Squid Proxy clients on
unprotected networks.

This issue affects Squid Proxy versions 2.5 and earlier.

49. PixySoft Guestbook Pro Multiple HTML Injection Vulnerabiliti...
BugTraq ID: 13593
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13593
Summary:
Guestbook Pro is prone to multiple HTML injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in dynamically generated content.

Attacker-supplied HTML and script code would be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
An attacker could also exploit this issue to control how the site is rendered to
the user; other attacks are also possible.

50. BakBone NetVault Unspecified Heap Overflow Vulnerability
BugTraq ID: 13594
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13594
Summary:
BakBone NetVault is reportedly affected by an unspecified heap overflow
vulnerability.

Specific details were not released about this issue.  This BID will be updated
when more information is available.

All versions of NetVault are considered vulnerable at the moment.

51. Cisco Catalyst 6500/7600 Series Firewall Services Module ACL...
BugTraq ID: 13595
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13595
Summary:
Cisco FWSM (Firewall Services Module) is prone to a vulnerability that may allow
traffic that is explicitly filtered to bypass ACLs.  As a result, unauthorized
TCP traffic may bypass the firewall.

This issue only affects Cisco Catalyst 6500 Series Switches and Cisco 7600
series routers running FWSM version 2.3.1 or earlier when using content
filtering exceptions.

52. Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilit...
BugTraq ID: 13596
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13596
Summary:
NexusWay is reportedly affected by multiple remote vulnerabilities.  These
issues can allow an unauthorized attacker to execute arbitrary commands and gain
administrative access to an affected device.

All versions of NexusWay are considered vulnerable at the moment.

53. Woppoware PostMaster Multiple Input Validation and Informati...
BugTraq ID: 13597
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13597
Summary:
PostMaster is prone to multiple input validation and information disclosure
vulnerabilities.

These issue could permit a remote attacker to gain access to arbitrary user
accounts, manipulate site content to perform cross-site scripting attacks,
enumerate arbitrary files on the affected server or provide an attacker with
additional information to aid in password brute force attacks. 

These issues are reported to affect PostMaster version 4.2.2; other versions may
also be vulnerable.

54. ShowOff! Digital Media Software Multiple Remote Vulnerabilit...
BugTraq ID: 13598
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13598
Summary:
ShowOff! Digital Media Software is affected by multiple vulnerabilities.  These
issues can allow an attacker to carry out directory traversal and denial of
service attacks.

ShowOff! Digital Media Software 1.5.4 is reportedly vulnerable.  Other versions
may be affected as well.

55. Open Solution Quick.Cart Index.PHP Cross-Site Scripting Vuln...
BugTraq ID: 13599
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13599
Summary:
Quick.Cart is prone to a cross-site scripting vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

This issue is reported to affect Quick.Cart version 0.3.0; other versions may
also be affected.

56. BoastMachine Remote Arbitrary File Upload Vulnerability
BugTraq ID: 13600
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13600
Summary:
BoastMachine is prone to a remote arbitrary file upload vulnerability.

This issue can ultimately facilitate unauthorized access in the context of the
Web server. 

BoastMachine 3.0 platinum is affected by this issue.  Other versions may be
vulnerable as well.

57. MaxWebPortal Multiple Remote Vulnerabilities
BugTraq ID: 13601
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13601
Summary:
MaxWebPortal is affected by multiple remote vulnerabilities. These issues may
allow an attacker to carry out cross-site scripting, SQL injection and HTML
injection attacks.

MaxWebPortal 1.3.5 and prior versions are reportedly vulnerable to these issues.

58. Open Solution Quick.Forum NewTopic HTML Injection Vulnerabil...
BugTraq ID: 13602
Remote: Yes
Date Published: May 11 2005
Relevant URL: http://www.securityfocus.com/bid/13602
Summary:
Quick.Forum is prone to an HTML injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in dynamically generated content.

Attacker-supplied HTML and script code would be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
An attacker could also exploit this issue to control how the site is rendered to
the user; other attacks are also possible.

This issue is reported to affect Quick.Forum version 2.1.6; other versions may
also be affected.

59. Apple QuickTime Quartz Composer File Information Disclosure ...
BugTraq ID: 13603
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13603
Summary:
It has been reported that QuickTime is affected by a vulnerability that may
allow remote attackers to disclose sensitive information.  Specifically, this
vulnerability can be exploited through the QuickTime Web plugin. 

The issue arises when a malformed Quartz Composer file embedded in a QuickTime
Video Clip file (.mov) is handled by the application.

This may aid in other attacks against the affected computer.

QuickTime 7 is reportedly affected by this issue.

60. APG Technology ClassMaster Unauthorized Folder Access Vulner...
BugTraq ID: 13604
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13604
Summary:
ClassMaster is reportedly affected by a vulnerability that may allow attackers
to gain unauthorized access to users' folders.

An attacker is able to gain complete access to user shares over a network
without providing any sort of authentication credentials.

All versions of ClassMaster are considered vulnerable at the moment.

61. Bugzilla Authentication Information Disclosure Vulnerability
BugTraq ID: 13605
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13605
Summary:
Bugzilla is prone to a vulnerability that could allow username and password
information to be disclosed in generated links.  Any user with access to the
server's Web logs could potentially gain access to the user's authentication
information.

62. Bugzilla Hidden Product Information Disclosure Vulnerability
BugTraq ID: 13606
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13606
Summary:
Bugzilla is prone to an information disclosure vulnerability due to improper
access validation.  This could allow a user to determine the existence of a
product in the Bugzilla database even if it should not be visible to them.

63. Microsoft Windows Media Player Digital Rights Management Arb...
BugTraq ID: 13607
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13607
Summary:
Media Player Digital Rights Management (DRM) is prone to a weakness that could
permit the launch of an arbitrary Web page.

This issue has been addressed and updates are available for Media Player 10 and
for Windows Media Player 9.

64. DirectTopics Topic.PHP SQL Injection Vulnerability
BugTraq ID: 13608
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13608
Summary:
DirectTopics is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

65. DirectTopics HTML Injection Vulnerability
BugTraq ID: 13609
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13609
Summary:
DirectTopics is prone to an HTML injection vulnerability.  This issue is due to
a failure in the application to properly sanitize user-supplied input before
using it in dynamically generated content.

Attacker-supplied HTML and script code would be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
An attacker could also exploit this issue to control how the site is rendered to
the user; other attacks are also possible.

66. Bug Report Multiple HTML Injection Vulnerabilities
BugTraq ID: 13610
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13610
Summary:
Eric Fichot Bug Report is prone to multiple HTML injection vulnerabilities. 
These issues are due to a failure in the application to properly sanitize
user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
An attacker could also exploit this issue to control how the site is rendered to
the user; other attacks are also possible.

67. Ibas ExpertEraser Improper Disk Wipe Vulnerability
BugTraq ID: 13611
Remote: No
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13611
Summary:
ExpertEraser is reported prone to a vulnerability that causes the application to
improperly wipe a hard disk.

Reportedly, the application fails to completely wipe a hard disk when the disk
has been configured using Device Configuration Overlay (DCO).  

This issue could lead to a false sense of security and allow an attacker to
harvest potentially sensitive information from a hard disk.

All versions of ExpertEraser 2.0 prior to May 13, 2005 are affected by this
issue.

68. 1Two News Multiple HTML Injection Vulnerabilities
BugTraq ID: 13612
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13612
Summary:
1Two News is prone to multiple HTML injection vulnerabilities.  These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in dynamically generated content.

Attacker-supplied HTML and script code would be able to access properties of the
site, potentially allowing for theft of cookie-based authentication credentials.
An attacker could also exploit this issue to control how the site is rendered to
the user; other attacks are also possible.

69. Acrowave AAP-3100AR Wireless Router Authentication Bypass Vu...
BugTraq ID: 13613
Remote: Yes
Date Published: May 12 2005
Relevant URL: http://www.securityfocus.com/bid/13613
Summary:
Acrowave AAP-3100AR routers are susceptible to an authentication bypass
vulnerability.

This vulnerability allows remote attackers to gain administrative access to
affected devices.

Due to code reuse, it is likely that other devices are also vulnerable to this
issue.

70. OllyDbg INT3 Format String Vulnerability
BugTraq ID: 13615
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13615
Summary:
OllyDbg is prone to a format string vulnerability when a module with a malformed
name makes a call to INT3.  Debugging a malicious program that is designed to
exploit this issue could lead to an application crash or execution of arbitrary
code in the context of the user running the debugger.

This issue was reported to affect OllyDbg 1.10; other versions are likely
vulnerable.

71. Kerio MailServer Multiple Remote Denial of Service Vulnerabi...
BugTraq ID: 13616
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13616
Summary:
Kerio MailServer is affected by multiple remote denial of service
vulnerabilities.

Kerio MailServer running on Linux platforms is prone to a remote denial of
service vulnerability when handling specially crafted e-mail messages.

Kerio MailServer is reportedly affected by another remote denial of service
vulnerability when emails for IMAP or Outlook are download.

Kerio MailServer 6.0.9 and prior versions are affected by these issues.

72. PHPBB Attachment Mod Unspecified Realname Vulnerability
BugTraq ID: 13617
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13617
Summary:
Attachment Mod for phpBB is prone to an unspecified vulnerability regarding
'realnames'.

No further information is available on this issue, it is conjectured the
application fails to perform proper sanitation on user-supplied data.

73. BakBone NetVault Remote Heap Overflow Code Execution Vulnera...
BugTraq ID: 13618
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13618
Summary:
BakBone NetVault is prone to a remote heap overflow vulnerability.

Exploitation of this issue allows for memory corruption resulting from the
application copying excessive network data into a finite sized buffer.

An attacker can gain unauthorized access to an affected computer.

All versions of NetVault are considered vulnerable at the moment.

74. All Enthusiast PhotoPost PHP Pro Member.PHP SQL Injection Vu...
BugTraq ID: 13620
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13620
Summary:
PhotoPost PHP Pro is affected by an SQL injection vulnerability.

This issue is due to a failure in the application to properly sanitize
user-supplied input to the 'member.php' script before using it in an SQL query.

All versions of PhotoPost PHP Pro are considered vulnerable at the moment.

75. Ultimate PHP Board ViewForum.PHP Cross-Site Scripting Vulner...
BugTraq ID: 13621
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13621
Summary:
Ultimate PHP Board is prone to a cross-site scripting vulnerability.  This issue
is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

76. Ultimate PHP Board ViewForum.PHP SQL Injection Vulnerability
BugTraq ID: 13622
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13622
Summary:
Ultimate PHP Board is prone to an SQL injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

77. Booby Private Bookmark Disclosure Vulnerability
BugTraq ID: 13623
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13623
Summary:
Booby is prone to a vulnerability that could allow users' private bookmarks to
be retrieved.

This issue was fixed in Booby 1.0.1; all earlier versions are likely vulnerable.

78. OpenBB Read.PHP SQL Injection Vulnerability
BugTraq ID: 13624
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13624
Summary:
OpenBB is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

This issue reportedly affects OpenBB version 1.0.8; other versions may also be
vulnerable.

79. OpenBB Member.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13625
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13625
Summary:
OpenBB is prone to a cross-site scripting vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

This issue reportedly affects OpenBB version 1.0.8; other versions may also be
vulnerable.

80. Yahoo! Messenger URL Handler Remote Denial Of Service Vulner...
BugTraq ID: 13626
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13626
Summary:
Yahoo! Messenger is prone to a denial of service vulnerability.  This issue is
due to a failure in the application to handle exceptional conditions.

A remote user can cause Yahoo! Messenger to disconnect through malicious emails
or Web pages.

This issue is reported to affect Yahoo! Messenger versions 5.x to 6.0 Windows;
other versions on other operating systems may also be affected.

81. PHPHeaven PHPMyChat Start-Page.CSS.PHP3 Cross-Site Scripting...
BugTraq ID: 13627
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13627
Summary:
phpMyChat is prone to a cross-site scripting vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

82. PHPHeaven PHPMyChat Style.CSS.PHP3 Cross-Site Scripting Vuln...
BugTraq ID: 13628
Remote: Yes
Date Published: May 13 2005
Relevant URL: http://www.securityfocus.com/bid/13628
Summary:
phpMyChat is prone to a cross-site scripting vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Microsoft looks to "monkeys" to find Web threats
By: Robert Lemos

Can a million monkeys secure the Web for Windows? Researchers at the company use
virtual Windows XP computers to crawl the Net looking for zero-day exploits.
http://www.securityfocus.com/news/11178

2. Firefox's security coming under scrutiny
By: Robert Lemos

The Mozilla Foundation's Firefox Web browser has made security a major part of
its marketing, but a spate of vulnerabilities found over the last nine months
had sullied that message.
http://www.securityfocus.com/news/11155

3. Microsoft fortifies monthly patches with interim advisories
By: Robert Lemos

Customers may want patches less often, but they want notification of events that
affect their security now. Microsoft complies with informational advisories.
http://www.securityfocus.com/news/11132

4. Phishing gets personal
By: John Leyden, The Register

Fraudsters are using stolen information to lure victims into divulging
additional sensitive information in a new form of phishing attack.
http://www.securityfocus.com/news/11177

5. Sober infected PCs spew right-wing 'hate spam'
By: John Leyden, The Register

Virus writers turned PCs infected with the Sober-P worm into relay stations for
right-wing propaganda using backdoor access into compromised machines to load
malicious code.
http://www.securityfocus.com/news/11171

6. Google puts the brake on Web Accelerator
By: John Leyden, The Register

Google has disabled downloads of its Web Accelerator software less than a week
after introducing the service.
http://www.securityfocus.com/news/11165

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. tcpdump for Windows 1.0 beta
By: microOLAP Technologies
Relevant URL: http://microolap.com/products/network/tcpdump/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary: 

MicroOLAP TCPDUMP for Windows accurately reproduces all features of 
the original tcpdump by LBNL's Network Research Group , developed for the UNIX 
systems. Since MicroOLAP TCPDUMP for Windows is compiled with the Packet Sniffer
SDK, 
it has the following advantages:
 - does not require any third-party preinstalled drivers; 
 - works from the single 300K .EXE file; 
 - supports 1Gbit networks.

2. CIRT.DK SMTP Relay Scanner 1.4
By: Dennis Rand - CIRT.DK
Relevant URL: http://www.cirt.dk/tools/relayscanner/relayscanner.zip
Platforms: Perl (any system supporting perl)
Summary: 

CIRT.DK SMTP Relay Scanner v.1.4
Description: This program is used to test SMTP servers for Relaying problems
that could lead to an spammer using your mailserver to send SPAM. Try to bypass
relaying in as many ways as possible.
   
The SMTP Relay scanner uses plugins, and an easy plugin language so that new
plugins can be made
   
Currently 152 tests preformed
http://www.cirt.dk/tools/

3. Assimilator 1.0.0
By: Black List Software
Relevant URL: http://hackinoutthebox.com/sub5.index.php
Platforms: Windows XP
Summary: 

Assimilation is the result of assimilating something which is dissimilated. In
other words, assimilation is the result of making two dissimilar things similar.
Assimilation can be based on a baseline. A baseline is a standard or protocol
which is in place for the sake of governing events. In the case of Assimilator
v1.0.0, our baseline is a replication of the good processes which run locally on
our computers.

4. Netfilter2html 0.9
By: Rodrigo P. Telles <rodrigo@telles.org>
Relevant URL: http://n2h.telles.org/
Platforms: UNIX
Summary: 

netfilter2html is a script wrote using GAWK to process netfilter logs and
generate a nice HTML output. GAWK is faster to process text files, it can
process 100.000 text lines in a few seconds.

5. Cenzic Hailstorm 2.0
By: Cenzic, Inc.
Relevant URL: http://www.cenzic.com/prod_application_security.html
Platforms: Windows XP
Summary: 

Cenzic Hailstorm automates penetration testing for your web applications. 
Cenzic Hailstorm provides various groups ? Information Security, QA, and
Developers ? throughout the enterprise an ability to test applications for
security vulnerabilities, for enforcement of internal security policies, and for
regulatory compliancecrafted policy library to address new and unique
vulnerabilities.

6. VForce 2.1.008
By: Virtual Forge
Relevant URL: http://solutions.virtualforge.net/sol_download_en.php
Platforms: Windows NT, Windows XP
Summary: 

V-Force is an instrument with whose help attacks on web server or applications
can be simulated and the results logged and analyzed.

V. SECURITYJOBS LIST SUMMARY
----------------------------
1. [SJ-JOB] Information Assurance Analyst, Virginia Bea... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398322

2. [SJ-JOB] Security Product Manager, Bay Area, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398320

3. [SJ-JOB] Security Consultant, Houston, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398317

4. [SJ-JOB] Information Assurance Engineer, Washington,... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398313

5. [SJ-JOB] Security Product Manager, San Mateo, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398287

6. [SJ-JOB] Manager, Information Security, Baltimore, U... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398286

7. [SJ-JOB] Security Product Manager, San Diego, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398285

8. [SJ-JOB] Security Architect, Flemington, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398284

9. [SJ-JOB] Sr. Product Manager, San Diego, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398283

10. [SJ-JOB] Security Researcher, San Diego, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398282

11. [SJ-JOB] Sr. Security Engineer, San Diego, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398281

12. [SJ-JOB] Sales Representative, San Diego, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398280

13. [SJ-JOB] Security Product Marketing Manager, Redwood... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398279

14. [SJ-JOB] Security Researcher, Dublin, IE (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398278

15. [SJ-JOB] Security Product Marketing Manager, Cuperti... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398277

16. [SJ-JOB] Director, Information Security, Herndon, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398276

17. [SJ-JOB] Technology Risk Consultant, London, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398275

18. [SJ-JOB] Sr. Security Analyst, San Francisco, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398274

19. [SJ-JOB] Security Product Manager, Redwood City, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398273

20. [SJ-JOB] CSO, Washington, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/398272

21. [SJ-JOB] Security Consultant, Minneapolis, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397967

22. [SJ-JOB] Sales Engineer, Boston, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397964

23. [SJ-JOB] Security Architect, Herndon, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397963

24. [SJ-JOB] Security Engineer, Herndon, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397962

25. [SJ-JOB] Sales Representative, Washington D.C, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397961

26. [SJ-JOB] Director, Information Security, Maryland Ea... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397960

27. [SJ-JOB] Application Security Engineer, Mountain Vie... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397959

28. [SJ-JOB] Security Consultant, London + UK wide, GB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397958

29. [SJ-JOB] Developer, Palo Alto, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397957

30. [SJ-JOB] Security Engineer, San Jose, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397956

31. [SJ-JOB] Evangelist, Atlanta, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397955

32. [SJ-JOB] Certification & Accreditation Engineer, Fre... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397954

33. [SJ-JOB] Sales Representative, Roseville, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397953

34. [SJ-JOB] Sr. Security Engineer, Roseville, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397952

35. [SJ-JOB] Quality Assurance, Lexington, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397951

36. [SJ-JOB] Technical Marketing Engineer, Lexington, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397950

37. [SJ-JOB] Security Architect, Denver, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397949

38. [SJ-JOB] Technology Risk Consultant, Los Angeles, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397948

39. [SJ-JOB] Security Consultant, Chicago, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397947

40. [SJ-JOB] Security Consultant, Milwaukee, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397946

41. [SJ-JOB] Management, San Francisco, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397944

42. [SJ-JOB] Sr. Security Engineer, San Jose, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397943

43. [SJ-JOB] Security Product Marketing Manager, San Die... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397942

44. [SJ-JOB] Evangelist, Miami, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397941

45. [SJ-JOB] Security System Administrator, Washington, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397940

46. [SJ-JOB] Manager, Information Security, Boca Raton, ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397939

47. [SJ-JOB] Sales Engineer, Los Angeles, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397938

48. [SJ-JOB] Sr. Product Manager, Alexandria, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397937

49. [SJ-JOB] Security Engineer, Albany, US (Thread)
Relevant URL:

http://www.securityfocus.com/archive/77/397936

VI. INCIDENTS LIST SUMMARY
--------------------------
1. Administrivia: SF new article: Web Browser Forensics... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/75/397995

VII. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. New Free Tool - Foundstone .NET Mon (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/398172

2. Ethereal v0.9.13 to v0.10.10 DISTCC Denial of Servic... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/397987

3. top (procps-2.0.7-25) vulnerability (Thread)
Relevant URL:

http://www.securityfocus.com/archive/82/397905

VIII. MICROSOFT FOCUS LIST SUMMARY
----------------------------------
1. Set ACL on Application and Security logs (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/398327

2. To disable SMB packet and secure channel signing enf... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/397978

3. Encrypting remote files with EFS (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/397976

4. M$ SQL Server SP 4 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/397972

5. SecurityFocus Microsoft Newsletter #240 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/397927

IX. SUN FOCUS LIST SUMMARY
--------------------------
NO NEW POSTS FOR THE WEEK 2005-05-10 to 2005-05-17.

X. LINUX FOCUS LIST SUMMARY
---------------------------
NO NEW POSTS FOR THE WEEK 2005-05-10 to 2005-05-17.

XI. BOOK EXCERPTS
----------------------------
1. Intrusion Prevention and Active Response (Syngress)
Chapter 6 discusses protecting your host through the operating system.
http://www.securityfocus.com/excerpts/syngress-2

2. Ethereal Packet Sniffing (Syngress)
Chapter 8 looks at real world packet captures: dissecting worms.
http://www.securityfocus.com/excerpts/syngress-3

3. The Art of Computer Virus Research and Defense, by Peter Szor (Symantec)
Chapter 9 presents the strategies of computer worms in detail.
http://www.securityfocus.com/excerpts/symantec
[ terug ]