Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #308
----------------------------------------

This Issue is Sponsored By: CrossTec

NetOp Desktop Firewall & Policy Server lets you centrally manage which
applications can run on your enterprise PCs.  NetOp's tiny driver-centric design
prevents unauthorized programs and processes, including viruses, keyloggers,
spyware and more from executing -- without slowing down your systems. The future
of endpoint protection is available today. Try it FREE.

http://www.securityfocus.com/sponsor/CrossTec_sf-news_050726

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Identifying P2P users using traffic analysis
       2. Interview with Dan Kaminsky on Microsoft's security
II.   BUGTRAQ SUMMARY
       1. Macromedia JRun Unauthorized Session Access Vulnerability
       2. Oracle HTTP Server Unspecified Malformed Request Denial Of Service
Vulnerability
       3. Oracle HTTP Server MOD_OSSO Partner Application Cookie Expiration
Weakness
       4. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
       5. Oracle HTTP Server MOD_ORADAV ORAALTPASSWORD Obfuscation Weakness
       6. Clever Copy Calendar.PHP Cross-Site Scripting Vulnerability
       7. Oracle Webcache SSL Encryption Downgrade Weakness
       8. MooseGallery Display.PHP File Include Vulnerability
       9. Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site
Scripting Vulnerability
       10. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer
Overflow Vulnerability
       11. Hosting Controller Multiple Remote Vulnerabilities
       12. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial
Of Service Vulnerability
       13. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption
Denial Of Service Vulnerability
       14. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial
Of Service Vulnerability
       15. Sybase EAServer Remote Buffer Overflow Vulnerability
       16. Microsoft MSN Messenger / Internet Explorer Image ICC Profile
Processing Vulnerability
       17. Invision PowerBoard SQL Injection Privilege Escalation Vulnerability
       18. PowerDNS LDAP Backend Query Escape Failure Vulnerability
       19. PowerDNS Recursive Query Denial of Service Vulnerability
       20. Shorewall MACLIST Firewall Rules Bypass Vulnerability
       21. Skype Technologies Skype Insecure Temporary File Creation
Vulnerability
       22. OSCommerce Update.PHP Information Disclosure Vulnerability
       23. VP-ASP Shopaddtocart.ASP SQL Injection Vulnerability
       24. CaLogic Multiple Remote File Include Vulnerabilities
       25. KDE Kate, KWrite Local Backup File Information Disclosure
Vulnerability
       26. Y.SAK Scripts Multiple Remote Arbitrary Command Execution
Vulnerabilities
       27. MRV Communications In-Reach Console Servers Access Control Bypass
Vulnerability
       28. e107 Website System Nested BBCode URL Tag Script Injection
Vulnerability
       29. Hosting Controller Multiple Remote Access Control and SQL Injection
Vulnerabilities
       30. tForum Member.PHP Cross-Site Scripting Vulnerability
       31. ToCA Race Driver Multiple Remote Format String And Buffer Overflow
Vulnerabilities
       32. VP-ASP Shopproductselect.ASP SQL Injection Vulnerability
       33. VP-ASP Shopaddtocartnodb.ASP SQL Injection Vulnerability
       34. EKG Insecure Temporary File Creation Vulnerability
       35. EKG Unspecified Command Execution Vulnerability
       36. Oracle Reports Server DESName Remote File Overwrite Vulnerability
       37. Novell GroupWise WebAccess HTML Injection Vulnerability
       38. Oracle Reports Server XML File Disclosure Vulnerability
       39. Oracle Reports Server Arbitrary File Disclosure Vulnerability
       40. Oracle Reports Server Multiple Cross-Site Scripting Vulnerabilities
       41. PHPPageProtect Admin.PHP Cross Site Scripting Vulnerability
       42. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
       43. Oracle Reports Server Unauthorized Report Execution Vulnerability
       44. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer
Overflow Vulnerability
       45. PHPPageProtect Login.PHP Cross Site Scripting Vulnerability
       46. Oracle Forms Services Unauthorized Form Execution Vulnerability
       47. SEO-Board Smilies_popup.PHP Cross Site Scripting Vulnerability
       48. Apple Mac OS X AirPort Card Automatic Network Association
Vulnerability
       49. PHPFinance Inc.login.PHP Authentication Bypass Vulnerability
       50. Form Sender Processform.PHP3 Name Cross Site Scripting Vulnerability
       51. Mozilla Firefox Weak Authentication Mechanism Vulnerability
       52. Form Sender Processform.PHP3 Failed Cross Site Scripting
Vulnerability
       53. MediaWiki Unspecified Remote Cross-Site Scripting Vulnerability
       54. CuteNews Search.PHP Cross-Site Scripting Vulnerability
       55. PHP Surveyor Multiple Cross-Site Scripting Vulnerabilities
       56. Oray PeanutHull Local Privilege Escalation Vulnerability
       57. PHP Surveyor Multiple SQL Injection Vulnerabilities
       58. PHP-Fusion  BBcode Color Tag Code Injection Vulnerability
       59. PHPNews Auth.PHP SQL Injection Vulnerability
       60. FreeBSD Jail() Devfs Ruleset Bypass Vulnerability
       61. ReviewPost Showproduct.PHP Sort SQL Injection Vulnerability
       62. Greasemonkey Multiple Remote Information Disclosure Vulnerabilities
       63. Website Generator Remote Code Execution Vulnerability
       64. Website Generator Multiple Remote Cross Site Scripting
Vulnerabilities
       65. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer
Overflow Vulnerability
       66. Zlib Compression Library Decompression Denial Of Service
Vulnerability
       67. DXXO Count Web Statistics Multiple SQL Injection Vulnerabilities
       68. Alwil Software Avast! Antivirus Multiple Vulnerabilities
       69. Pyrox Search Newsearch.PHP Whatdoreplace Cross-Site Scripting
Vulnerability
       70. PHPSiteSearch Search.PHP Query Cross-Site Scripting Vulnerability
       71. EKG LIbGadu Multiple Remote Integer Overflow Vulnerabilities
       72. CMSimple Index.PHP Search Cross-Site Scripting Vulnerability
       73. Intruder Client Remote Denial of Service Vulnerability
       74. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
       75. Fetchmail POP3 Client Buffer Overflow Vulnerability
       76. Ultimate PHP Remote Injection Vulnerabilities
       77. Sendcard Sendcard.PHP SQL Injection Vulnerability
       78. Contrexx Multiple Input Validation Vulnerabilities
       79. PHP TopSites Setup.PHP Authentication Bypass Vulnerability
       80. Veritas NetBackup Access Violation Vulnerability
       81. ASN Guestbook Multiple Cross-Site Scripting Vulnerabilities
III.  SECURITYFOCUS NEWS
       1. 3Com launches vulnerability-buying program
       2. Oracle taken to task for time to fix vulnerabilities
       3. Report: Squatters a major problem for credit-report site
       4. Desktop port proliferation a security risk?
       5. Spyware 'calling home' volumes soar
       6. UK war driver fined £500
       7. Dell rejects spyware charge
       8. Phlooding attack could leave enterprises high and dry
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Technology Risk Consultant, Los Angeles
       2. [SJ-JOB] Account Manager, Bay Area
       3. [SJ-JOB] Account Manager, Plano / Dallas
       4. [SJ-JOB] Application Security Architect, Bangalore
       5. [SJ-JOB] Sales Engineer, Seattle
       6. [SJ-JOB] Account Manager, New York
       7. [SJ-JOB] Security Researcher, Chicago
       8. [SJ-JOB] Account Manager, Munich and Frankfurt
       9. [SJ-JOB] Account Manager, Maidenhead, Berkshire
       10. [SJ-JOB] Forensics Engineer, Dubai
       11. [SJ-JOB] Security System Administrator, Riverside
       12. [SJ-JOB] Information Assurance Analyst, Rockville
       13. [SJ-JOB] Security Product Marketing Manager, Santa Clara
       14. [SJ-JOB] Manager, Information Security, Oklahoma CIty
       15. [SJ-JOB] Sales Engineer, Atlanta
       16. [SJ-JOB] Security Consultant, Manalapan
       17. [SJ-JOB] Security Engineer, Cupertino
       18. [SJ-JOB] Security Engineer, Cupertino
       19. [SJ-JOB] Security Product Marketing Manager, Santa Clara
       20. [SJ-JOB] Security Product Marketing Manager, Beaverton
       21. [SJ-JOB] Security Engineer, Reston
       22. [SJ-JOB] Security Architect, New York
       23. [SJ-JOB] Security Researcher, Herndon
       24. [SJ-JOB] Account Manager, Los Angeles
       25. [SJ-JOB] Application Security Architect, Dulles
       26. [SJ-JOB] Application Security Architect, Fairfax
       27. [SJ-JOB] Sr. Security Analyst, Cranford
       28. [SJ-JOB] Security Consultant, Mumbai/Bangalore
       29. [SJ-JOB] Certification & Accreditation Engineer, DC
       30. [SJ-JOB] Security Engineer, New York City
       31. [SJ-JOB] Application Security Architect, Sunnyvale
       32. [SJ-JOB] Security Researcher, Bangalore
       33. [SJ-JOB] Security System Administrator, Sunnyvale
       34. [SJ-JOB] Director, Information Security, Alexandria
       35. [SJ-JOB] Channel / Business Development, San Diego
       36. [SJ-JOB] Sr. Security Engineer, South San Francisco
       37. [SJ-JOB] Security Engineer, Washington
       38. [SJ-JOB] Security Engineer, Chicago
       39. [SJ-JOB] Sales Engineer, New  York
       40. [SJ-JOB] Security Engineer, Boston
       41. [SJ-JOB] VP of Regional Sales, London
       42. [SJ-JOB] Security Architect, Seattle
       43. [SJ-JOB] Account Manager, Mahwah
       44. [SJ-JOB] Account Manager, UK Wide
       45. [SJ-JOB] Account Manager, Sterling
       46. [SJ-JOB] Jr. Security Analyst, Fort Lauderdale
       47. [SJ-JOB] Sales Engineer, Charleston
       48. [SJ-JOB] Information Assurance Engineer, Springfield
       49. [SJ-JOB] Sales Engineer, Carlsbad
       50. [SJ-JOB] Developer, WalnutCreek
       51. [SJ-JOB] Developer, Hyderabad
       52. [SJ-JOB] VP / Dir / Mgr engineering, WalnutCreek
       53. [SJ-JOB] Security Engineer, Dallas
       54. [SJ-JOB] Quality Assurance, Cupertino
       55. [SJ-JOB] Manager, Information Security, Chicago
       56. [SJ-JOB] Information Assurance Analyst, Chicago
V.    INCIDENTS LIST SUMMARY
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. CSR: challenge update...
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. Disabling Microsoft FTP service banner.
       2. Administrivia: IIS/AV thread
       3. Should servers have anti--virus installed on them?
       4. SecurityFocus Microsoft Newsletter #248
       5. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
       6. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Identifying P2P users using traffic analysis
By Yiming Gong
With the popularity of P2P and the bandwidth it consume, there is a growing need
to identify P2P users within the network traffic.
http://www.securityfocus.com/infocus/1843

2. Interview with Dan Kaminsky on Microsoft's security
By Federico Biancuzzi
Could you introduce yourself?
http://www.securityfocus.com/columnists/342


II.  BUGTRAQ SUMMARY
--------------------
1. Macromedia JRun Unauthorized Session Access Vulnerability
BugTraq ID: 14271
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14271
Summary:
Macromedia JRun is affected by a vulnerability that may allow a user's session
to be shared with another user. 

Under certain circumstances, two users may share the same session facilitating
various attacks including a compromise of the user's account.

It should be noted that this issue cannot be triggered by an attacker and occurs
rarely.

JRun 4.0, ColdFusion MX 7.0 Enterprise Multi-Server Edition, and ColdFusion MX
6.1 Enterprise with JRun are affected by this vulnerability.

2. Oracle HTTP Server Unspecified Malformed Request Denial Of Service
Vulnerability
BugTraq ID: 14272
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14272
Summary:
Oracle HTTP Server is prone to a denial of service vulnerability.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July.  Oracle has not released any further information about this
vulnerability.

3. Oracle HTTP Server MOD_OSSO Partner Application Cookie Expiration Weakness
BugTraq ID: 14273
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14273
Summary:
The Oracle HTTP Server mod_osso single sign-on module does not properly expire
partner application cookies.  This could present a security threat if a
malicious user has a means to gain unauthorized access to partner application
cookies.  The expected behavior is that application cookies will expire.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July. Oracle has not released any further information about this
weakness.  This issue could be related to vulnerability DB10 in the Critical
Patch Update for July, though this has not been confirmed.  This BID will be
updated if further information is released.

4. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
BugTraq ID: 14276
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14276
Summary:
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2
functionality. This issue is due to a failure of the application to properly
bounds check input data prior to copying it into a fixed size memory buffer.

This issue will facilitate remote exploitation as an attacker may distribute
malicious MP3 files and entice unsuspecting users to process them with the
affected application.

An attacker may exploit this issue to execute arbitrary code with the privileges
of the user that activated the vulnerable application.

Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other
versions are also likely affected.

5. Oracle HTTP Server MOD_ORADAV ORAALTPASSWORD Obfuscation Weakness
BugTraq ID: 14277
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14277
Summary:
A security weakness exists in the Oracle HTTP Server mod_oradav module.  The
issue is that the ORAALTPASSWORD is obfuscated when it should be encrypted.  A
malicious user with access to the obfuscated password could easily decode it as
a result.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July. Oracle has not released any further information about this
weakness.

6. Clever Copy Calendar.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14278
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14278
Summary:
A cross-site scripting vulnerability affects Clever Copy. This issue is due to a
failure of the application to properly sanitize user-supplied URI input that
will be output in dynamically generated Web pages. 

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.



7. Oracle Webcache SSL Encryption Downgrade Weakness
BugTraq ID: 14279
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14279
Summary:
A security weakness was reported in Oracle Webcache.  The issue is that
documents may be served with weaker SSL encryption than configured in Oracle
HTTP Server.

This could result in a false sense of security.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July. Oracle has not released any further information about this
weakness.

8. MooseGallery Display.PHP File Include Vulnerability
BugTraq ID: 14280
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14280
Summary:
MooseGallery is susceptible to a remote PHP file include vulnerability. This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker may exploit this issue to execute arbitrary PHP code on an affected
computer with the privileges of the Web server process. This may facilitate
unauthorized access.


9. Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site Scripting
Vulnerability
BugTraq ID: 14281
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14281
Summary:
An unspecified cross-site scripting vulnerability exists in the Single Sign-On
Server (SSO) for Oracle Database Server.

This issue could likely be exploited by enticing a victim to visit a malicious
link that includes hostile HTML and script code.  Theft of cookie-based
authentication credentials from legitimate users could result from exploitation.
 Other attacks may also be possible.

This issue was mentioned in the patch readme for the Oracle Critical Patch
Update for July. Oracle has not released any further information about this
vulnerability.

10. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow
Vulnerability
BugTraq ID: 14282
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14282
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the
JPEG image rendering library used by the browser. This issue is due to a failure
of the application to properly bounds check input data prior to copying it to a
fixed size memory buffer.

This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.

Successful exploitation may result in execution of arbitrary code in the context
of the user executing the affected browser.

This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.

11. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 14283
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14283
Summary:
Hosting Controller is reported prone to multiple vulnerabilities. These issues
can allow an attacker to carry out SQL injection attacks, gain unauthorized
access to scripts, gain elevated privileges and carry out potential denial of
service attacks.

Hosting Controller version 6.1 hotfix 2.1 is vulnerable to these issues.

12. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of
Service Vulnerability
BugTraq ID: 14284
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14284
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser. This
issue is reportedly similar to the one described in BID 14282.

This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.

Successful exploitation results in crashing the affected Web browser. It may be
possible that execution of arbitrary code may also be achieved, but this has not
been confirmed.

This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.

13. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial
Of Service Vulnerability
BugTraq ID: 14285
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14285
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser.

This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.

Successful exploitation results in crashing the affected Web browser by
consuming excessive memory.

This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.

14. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of
Service Vulnerability
BugTraq ID: 14286
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14286
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser.

This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.

Successful exploitation results in crashing the affected Web browser. This
vulnerability also reportedly consumes excessive CPU resources.

This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.

15. Sybase EAServer Remote Buffer Overflow Vulnerability
BugTraq ID: 14287
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14287
Summary:
Sybase EAServer is affected by a remote buffer overflow vulnerability.

The vulnerability exists in the server's WebConsole.  A successful attack can
result in overflowing a finite sized buffer and ultimately leading to arbitrary
code execution in the context of the 'jagsrv.exe' process.  This may allow the
attacker to gain elevated privileges.

It should be noted that an attacker needs to provide authentication credentials
prior to carrying out this attack.


16. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing
Vulnerability
BugTraq ID: 14288
Remote: Yes
Date Published: 2005-07-16
Relevant URL: http://www.securityfocus.com/bid/14288
Summary:
It has been reported that both Microsoft Internet Explorer and MSN Instant
Messenger can be crashed if image data with malformed embedded ICC profile data
is processed.  The condition is likely due to an integer handling error.  The
author has stated that the crash observed was due to an access violation on a
memory read attempt, possibly due to an out-of-bounds array access.  This means
that the flaw is not immediately exploitable, though there may yet be a way to
write data.


17. Invision PowerBoard SQL Injection Privilege Escalation Vulnerability
BugTraq ID: 14289
Remote: Yes
Date Published: 2005-07-16
Relevant URL: http://www.securityfocus.com/bid/14289
Summary:
A vulnerability in Invision PowerBoard has been reported.  It is alleged that
due to a SQL injection vulnerability, it is possible for attackers to hijack
other user accounts.  Proof of concept code has been supplied.

18. PowerDNS LDAP Backend Query Escape Failure Vulnerability
BugTraq ID: 14290
Remote: Yes
Date Published: 2005-07-17
Relevant URL: http://www.securityfocus.com/bid/14290
Summary:
The PowerDNS LDAP back-end did not adequately escape requests prior to version
2.9.18.   As a result, it was possible for requests to fail without answering
questions.  This may have security implications in environments where PowerDNS
and LDAP are used.  The vendor has fixed this in version 2.9.18.


19. PowerDNS Recursive Query Denial of Service Vulnerability
BugTraq ID: 14291
Remote: Yes
Date Published: 2005-07-17
Relevant URL: http://www.securityfocus.com/bid/14291
Summary:
A denial of service vulnerability affects PowerDNS.  The vulnerability allows
for remote attackers from external networks to cause lookups for authorized
hosts to fail.  The technical details of this vulnerability are not yet
available.  The condition occurs when PowerDNS is configured to allow only hosts
from specific IP address ranges to perform recursive queries. 

20. Shorewall MACLIST Firewall Rules Bypass Vulnerability
BugTraq ID: 14292
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14292
Summary:
Shorewall is susceptible to a firewall rules bypass vulnerability. This issue is
due to a failure of the software to properly implement expected firewall rules
for MAC address-based filtering.

This issue arrises when 'MACLIST_TTL' is greater than 0, or
'MACLIST_DISPOSITION' is configured as 'ACCEPT'.

This vulnerability allows attackers to bypass firewall rules, letting them
attack protected services and computers without further restriction.

This also issue leads to a false sense of security by firewall administrators.

21. Skype Technologies Skype Insecure Temporary File Creation Vulnerability
BugTraq ID: 14293
Remote: No
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14293
Summary:
Skype is affected by an insecure temporary file creation vulnerability.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.

Skype 1.1.0.20 and prior versions are affected.

22. OSCommerce Update.PHP Information Disclosure Vulnerability
BugTraq ID: 14294
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14294
Summary:
osCommerce is prone to an information disclosure vulnerability.  An attacker
could exploit this vulnerability to display the contents of any file normally
readable by the Web server process.

Successful exploitation would result in information disclosure.  Information
obtained could be used to aid in further attacks against the underlying system;
other attacks are also possible.

This issue reportedly affects osCommerce version 2.2 milestone 2; other versions
may also be vulnerable.

23. VP-ASP Shopaddtocart.ASP SQL Injection Vulnerability
BugTraq ID: 14295
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14295
Summary:
It is confirmed that the VP-ASP Shopping Cart is prone to a remote SQL injection
vulnerability. This issue is due to a failure of the application to properly
sanitize user-supplied input before using it in an SQL query. 

It is possible for an attacker to disclose the user password hashes, or other
sensitive information contained within the database by exploiting this
issue.There is also the possibility of exploiting latent vulnerabilities in the
underlying database implementation. 

24. CaLogic Multiple Remote File Include Vulnerabilities
BugTraq ID: 14296
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14296
Summary:
CaLogic is prone to multiple remote file include vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage this issue to execute arbitrary server-side script code
on an affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.

These issues reportedly affect CaLogic version 1.2.2; other versions may also be
affected.

25. KDE Kate, KWrite Local Backup File Information Disclosure Vulnerability
BugTraq ID: 14297
Remote: No
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14297
Summary:
KDE kate, and kwrite are susceptible to a local information disclosure
vulnerability. This issue is due to a failure of the applications to maintain
secure file permissions when creating backup files.

This vulnerability allows local attackers to gain access to the contents of
potentially sensitive files.

Note: Since these applications are network-aware, under some unknown
circumstances, this issue may not be restricted to local attackers.

26. Y.SAK Scripts Multiple Remote Arbitrary Command Execution Vulnerabilities
BugTraq ID: 14299
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14299
Summary:
Y.SAK Scripts are prone to multiple remote command execution vulnerabilities. 
These issues are due to a failure in the application to properly sanitize
user-supplied input.  These issues arise when user-specified data is supplied to
the Perl open() routine without proper sanitation.

Successful exploitation of any of these issues may facilitate unauthorized
remote access in the context of the Web server to the affected computer.



27. MRV Communications In-Reach Console Servers Access Control Bypass
Vulnerability
BugTraq ID: 14300
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14300
Summary:
In-Reach console servers are affected by an access control bypass vulnerability.

Under certain circumstances, the vulnerable devices fail to verify port based
access controls and allows a user to access any port or console.

This issue affects In-Reach LX-8000, 4000 and 1000 series devices running
software version 3.5.0.  Other models may be vulnerable as well.

28. e107 Website System Nested BBCode URL Tag Script Injection Vulnerability
BugTraq ID: 14301
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14301
Summary:
e107 Website System is prone to a script injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

29. Hosting Controller Multiple Remote Access Control and SQL Injection
Vulnerabilities
BugTraq ID: 14302
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14302
Summary:
Hosting Controller is prone to multiple vulnerabilities. These issues can allow
an attacker to carry out SQL injection attacks and gain unauthorized access to
scripts.

Hosting Controller version 6.1 hotfix 2.2 is vulnerable to these issues.

30. tForum Member.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14303
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14303
Summary:
tForum is prone to a cross-site scripting vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.



31. ToCA Race Driver Multiple Remote Format String And Buffer Overflow
Vulnerabilities
BugTraq ID: 14304
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14304
Summary:
ToCA Race Driver is susceptible to multiple remote buffer overflow and format
string vulnerabilities. These issues both stem from the improper use of the
'sprintf()' function.

The game utilizes 'sprintf()' to build strings for visualizing text data for the
player. The incorrect usage of this function is exploitable in the public chat,
and in the in-game server browser. Other locations may also be affected.

These vulnerabilities allow remote attackers to execute arbitrary machine code
in the context of affected client applications. This may occur in either a
broadcast, or unicast fashion.

32. VP-ASP Shopproductselect.ASP SQL Injection Vulnerability
BugTraq ID: 14305
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14305
Summary:
It is confirmed that the VP-ASP Shopping Cart is prone to a remote SQL injection
vulnerability. This issue is due to a failure of the application to properly
sanitize user-supplied input before using it in an SQL query. 

It is possible for an attacker to disclose the user password hashes, or other
sensitive information contained within the database by exploiting this
issue.There is also the possibility of exploiting latent vulnerabilities in the
underlying database implementation. 

33. VP-ASP Shopaddtocartnodb.ASP SQL Injection Vulnerability
BugTraq ID: 14306
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14306
Summary:
It is confirmed that the VP-ASP Shopping Cart is prone to a remote SQL injection
vulnerability. This issue is due to a failure of the application to properly
sanitize user-supplied input before using it in an SQL query. 

It is possible for an attacker to disclose the user password hashes, or other
sensitive information contained within the database by exploiting this
issue.There is also the possibility of exploiting latent vulnerabilities in the
underlying database implementation. 

34. EKG Insecure Temporary File Creation Vulnerability
BugTraq ID: 14307
Remote: No
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14307
Summary:
ekg is reported prone to an unspecified insecure temporary file creation
vulnerability.  This issue is likely due to a design error that causes the
application to fail to verify the existence of a file before writing to it. 

The details available regarding this issue are not sufficient to provide an in
depth technical description. This BID will be updated when more information
becomes available. 

An attacker may leverage this issue to overwrite arbitrary files with the
privileges of an unsuspecting user that activates the vulnerable application. 


35. EKG Unspecified Command Execution Vulnerability
BugTraq ID: 14308
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14308
Summary:
ekg is affected by an unspecified command execution vulnerability.

A successful attack would involve executing shell commands in the context of the
application.  It may be possible for an attacker to gain unauthorized access to
an affected computer by exploiting this issue.  


36. Oracle Reports Server DESName Remote File Overwrite Vulnerability
BugTraq ID: 14309
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14309
Summary:
Oracle Reports Server is susceptible to an arbitrary file overwrite
vulnerability in its Web interface.

On the Microsoft Windows platform, attackers may exploit this vulnerability to
overwrite arbitrary files with System-level privileges. Attackers may overwrite
critical system files, resulting in a system-level failures.

On other platforms, attackers may exploit this vulnerability to overwrite
arbitrary files with the privileges of the Oracle Applications Server user.
Attackers may overwrite critical Oracle files, resulting in an application-level
failure.

Database failure, data destruction, and possibly other attacks are possible.

37. Novell GroupWise WebAccess HTML Injection Vulnerability
BugTraq ID: 14310
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14310
Summary:
Novell GroupWise WebAccess is prone to an HTML injection vulnerability.  This
may be used to inject hostile HTML and script code into the Web mail
application.  When a user opens an email containing the hostile code, it may be
rendered in their browser.

Successful exploitation could potentially allow theft of cookie-based
authentication.  Other attacks are also possible.

38. Oracle Reports Server XML File Disclosure Vulnerability
BugTraq ID: 14311
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14311
Summary:
Oracle Reports Server may allow remote attackers to disclose parts of arbitrary
XML files.

Reportedly, the server fails to restrict users from accessing parts of arbitrary
XML files when handling specially crafted HTTP GET requests.

All versions of Oracle Reports Server are reported to be vulnerable to this
issue.

39. Oracle Reports Server Arbitrary File Disclosure Vulnerability
BugTraq ID: 14312
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14312
Summary:
Oracle Reports Server may allow remote attackers to disclose parts of arbitrary
files.

Reportedly, the server fails to restrict users from accessing parts of arbitrary
files when handling specially crafted HTTP GET requests.

All versions of Oracle Reports Server are reported to be vulnerable to this
issue.

40. Oracle Reports Server Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14313
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14313
Summary:
Multiple remote cross-site scripting vulnerabilities affect Oracle Reports
Server.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

Oracle Reports Server 9.0.2 with patchset 2 is reported to be vulnerable.  Other
versions may be affected as well.

41. PHPPageProtect Admin.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14314
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14314
Summary:
A cross-site scripting vulnerability affects PHPPageProtect. This issue is due
to a failure of the application to properly sanitize user-supplied URI input
that will be output in dynamically generated Web pages.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


42. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
BugTraq ID: 14315
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14315
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability.

This issue presents itself when an attacker submits excessive data through the
CREATE command subsequent to authentication

This vulnerability may be leveraged to execute arbitrary code in the context of
the server, facilitating unauthorized access to the affected computer.

Alt-N MDaemon 8.03 is reported to be vulnerable.  Other versions are likely
affected as well.

43. Oracle Reports Server Unauthorized Report Execution Vulnerability
BugTraq ID: 14316
Remote: No
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14316
Summary:
Oracle Reports Server is susceptible to an unauthorized report execution
vulnerability.

By placing a report file in a globally accessible location, users can trigger
the execution of the report by issuing an HTTP GET request to the affected
servlet containing the full path of the file.

Attackers may exploit this vulnerability to execute arbitrary commands, or
read/write arbitrary files with the privileges of the Oracle account under which
the server is executing.

It should be noted that this issue may be remotely exploited if an attacker has
means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without
local access.

44. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow
Vulnerability
BugTraq ID: 14317
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14317
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability.

A specially crafted request can corrupt process memory and lead to an overflow
condition.

This issue may be leveraged to execute arbitrary code in the context of the
server. This may facilitate unauthorized access to the affected computer.

Alt-N MDaemon 8.03 is reported to be vulnerable. Other versions are likely
affected as well.

45. PHPPageProtect Login.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14318
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14318
Summary:
A cross-site scripting vulnerability affects PHPPageProtect. This issue is due
to a failure of the application to properly sanitize user-supplied URI input
that will be output in dynamically generated Web pages.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


46. Oracle Forms Services Unauthorized Form Execution Vulnerability
BugTraq ID: 14319
Remote: No
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14319
Summary:
Oracle Forms Services is susceptible to an unauthorized form execution
vulnerability.

Attackers may exploit this vulnerability to execute arbitrary commands with the
privileges of the Oracle account under which the server is executing.

It should be noted that this issue may be remotely exploited if an attacker has
means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without
local access.

47. SEO-Board Smilies_popup.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14320
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14320
Summary:
A cross-site scripting vulnerability affects SEO-Board. This issue is due to a
failure of the application to properly sanitize user-supplied URI input that
will be output in dynamically generated Web pages. 

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user.  This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


48. Apple Mac OS X AirPort Card Automatic Network Association Vulnerability
BugTraq ID: 14321
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14321
Summary:
Apple Mac OS X is affected by a vulnerability that may cause a computer to
connect to a potentially malicious network without prior notification.

This can lead to various attacks against the affected computer.

This issue does not affect AirPort Extreme.

49. PHPFinance Inc.login.PHP Authentication Bypass Vulnerability
BugTraq ID: 14322
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14322
Summary:
PHPFinance is prone to an authentication bypass vulnerability.  An error in the
authentication mechanism can permit attackers to bypass authentication and gain
access to the vulnerable application.

Once access has been achieved, the malicious user has full control of the
application.  This may aid in further attacks against the underlying system.


50. Form Sender Processform.PHP3 Name Cross Site Scripting Vulnerability
BugTraq ID: 14324
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14324
Summary:
A cross-site scripting vulnerability affects Form Sender. This issue is due to a
failure of the application to properly sanitize user-supplied URI input that
will be output in dynamically generated Web pages.

This may facilitate the theft of cookie-based authentication credentials as well
as other attacks.

51. Mozilla Firefox Weak Authentication Mechanism Vulnerability
BugTraq ID: 14325
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14325
Summary:
Firefox is affected by a vulnerability that may result in sending authentication
credentials across the network in plaintext format.

By default, the browser chooses basic authentication even if other
authentication schemas such as Digest or NTLM are available from the server.

Mozilla Firefox 1.0.4 and 1.0.5 running on Windows are confirmed to be
vulnerable.  Other versions on different platforms may be affected as well.

52. Form Sender Processform.PHP3 Failed Cross Site Scripting Vulnerability
BugTraq ID: 14326
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14326
Summary:
A cross-site scripting vulnerability affects Form Sender. This issue is due to a
failure of the application to properly sanitize user-supplied URI input that
will be output in dynamically generated Web pages.

This may facilitate the theft of cookie-based authentication credentials as well
as other attacks.

53. MediaWiki Unspecified Remote Cross-Site Scripting Vulnerability
BugTraq ID: 14327
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14327
Summary:
MediaWiki is prone to cross-site scripting attacks.

The specific scripts and parameters that are affected by this issue are
currently unknown. This BID will be updated as more details are released.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

MediaWiki 1.4.6 and prior versions are affected.

54. CuteNews Search.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14328
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14328
Summary:
CuteNews is affected by a cross-site scripting vulnerability.

The problem presents itself when malicious HTML and script code is sent to the
application through the 'search.php' script. 

This issue may allow for theft of cookie-based authentication credentials or
other attacks. 

This vulnerability is reported to exist in version 1.3.6.  Prior versions of
CuteNews may be vulnerable as well.

55. PHP Surveyor Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14329
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14329
Summary:
PHP Surveyor is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.


 

56. Oray PeanutHull Local Privilege Escalation Vulnerability
BugTraq ID: 14330
Remote: No
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14330
Summary:
PeanutHull is affected by a local privilege escalation vulnerability.

The application allows local users to launch arbitrary executables with SYSTEM
privileges.

PeanutHull 3.0 Beta 5 and prior versions are vulnerable to this issue.

57. PHP Surveyor Multiple SQL Injection Vulnerabilities
BugTraq ID: 14331
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14331
Summary:
PHP Surveyor is prone to multiple SQL injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

58. PHP-Fusion  BBcode Color Tag Code Injection Vulnerability
BugTraq ID: 14332
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14332
Summary:
PHPFusion fails to properly sanitize BBCode '[color]' tags in message posts. 
This issue can be exploited to inject certain CSS (Cascading Style Sheet) code.

Exploitation of this vulnerability may allow an attacker to manipulate content
or launch other attacks.


59. PHPNews Auth.PHP SQL Injection Vulnerability
BugTraq ID: 14333
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14333
Summary:
PHPNews is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in SQL queries.

This vulnerability could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks.


60. FreeBSD Jail() Devfs Ruleset Bypass Vulnerability
BugTraq ID: 14334
Remote: No
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14334
Summary:
FreeBSD is prone to a vulnerability that may allow local attackers to gain
access to restricted resources on a computer. 

This issue allows local attackers to access hidden device nodes on devfs file
systems from within a jail.  The attacker can create sensitive device nodes in
the jail with default access permissions.

A successful attack can lead to information disclosure and privilege escalation.



61. ReviewPost Showproduct.PHP Sort SQL Injection Vulnerability
BugTraq ID: 14335
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14335
Summary:
ReviewPost is prone to a SQL injection vulnerability.

This vulnerability could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks.

62. Greasemonkey Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 14336
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14336
Summary:
Greasemonkey is susceptible to multiple remote information disclosure
vulnerabilities. These issues are due to a design error allowing insecure
JavaScript functions to be executed by remote Web sites.

The specified issues exist in the 'GM_xmlhttpRequest()', 'GM_setValue()', and
'GM_scripts()' functions.

Other GM_* functions also likely to be affected, but the exact functions are not
known at this time.

These vulnerabilities allow remote attackers to retrieve the contents of
arbitrary files, retrieve directory listings from arbitrary locations, and
retrieve the contents of various private Greasemonkey data structures. This aids
them in further attacks.

63. Website Generator Remote Code Execution Vulnerability
BugTraq ID: 14337
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14337
Summary:
A remote script code execution vulnerability affects Website Generator. This is
due to a failure of the application to properly sanitize input.

An attacker may be able to exploit this issue to execute arbitrary script code
with the privileges of an unsuspecting user that activated the affected Web
browser.


64. Website Generator Multiple Remote Cross Site Scripting Vulnerabilities
BugTraq ID: 14338
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14338
Summary:
Website Generator is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.


65. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow
Vulnerability
BugTraq ID: 14339
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14339
Summary:
A remote buffer overflow vulnerability affects WhitSoft Development SlimFTPd.

The problem presents itself when an authenticated user issues a command with
excessive string values as parameters.

An attacker can leverage this issue to execute arbitrary machine code with the
privileges of the affected FTP server, facilitating unauthorized access to the
vulnerable computer.

66. Zlib Compression Library Decompression Denial Of Service Vulnerability
BugTraq ID: 14340
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14340
Summary:
Zlib is susceptible to a denial of service vulnerability. This issue is due to a
failure of the library to properly handle unexpected input to its decompression
routines.

Certain values used during decompression are incorrectly specified, allowing
invalid inflate input to crash the library.

This vulnerability allows attackers to crash applications that utilize the
affected library.

67. DXXO Count Web Statistics Multiple SQL Injection Vulnerabilities
BugTraq ID: 14341
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14341
Summary:
dxxo Count Web Statistics is prone to multiple SQL injection vulnerabilities. 
These issues are due to a failure in the application to properly sanitize
user-supplied input before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

68. Alwil Software Avast! Antivirus Multiple Vulnerabilities
BugTraq ID: 14342
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14342
Summary:
Avast! is affected by multiple remote vulnerabilities.  These issues can allow
an attacker to write files to arbitrary directories and exploit a remote buffer
overflow to execute arbitrary code.

These issues can lead to a complete compromise of the vulnerable computer.

69. Pyrox Search Newsearch.PHP Whatdoreplace Cross-Site Scripting Vulnerability
BugTraq ID: 14343
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14343
Summary:
A cross-site scripting vulnerability affects Pyrox Search. This issue is due to
a failure of the application to properly sanitize user-supplied URI input that
will be output in dynamically generated Web pages.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.

70. PHPSiteSearch Search.PHP Query Cross-Site Scripting Vulnerability
BugTraq ID: 14344
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14344
Summary:
A cross-site scripting vulnerability affects PHPSiteSearch. This issue is due to
a failure of the application to properly sanitize user-supplied URI input that
will be output in dynamically generated Web pages.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


71. EKG LIbGadu Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 14345
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14345
Summary:
EKG libgadu is susceptible to multiple remote integer overflow vulnerabilities.
These issues are due to a failure of the application to properly sanitize
user-supplied input data prior to using it in memory allocation and copy
operations.

Attackers may exploit these vulnerabilities to execute arbitrary machine code in
the context of applications that utilize the affected library. Failed
exploitation attempts likely result in crashed applications.

72. CMSimple Index.PHP Search Cross-Site Scripting Vulnerability
BugTraq ID: 14346
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14346
Summary:
A cross-site scripting vulnerability affects CMSimple. This issue is due to a
failure of the application to properly sanitize user-supplied URI input that
will be output in dynamically generated Web pages.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


73. Intruder Client Remote Denial of Service Vulnerability
BugTraq ID: 14347
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14347
Summary:
Intruder is prone to a remote denial of service vulnerability.  This issue is
due to a failure in the application to handle exceptional conditions.

The application fails to deal with data received in a proper manner.  An
attacker can exploit this vulnerability by sending malicious data to the
affected application and crash it, denying service to legitimate users.  Reports
indicate an attacker can also rename arbitrary files on the affected machine;
other attacks may also be possible.

74. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14348
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14348
Summary:
A cross-site scripting vulnerability affects Ultimate PHP Board. This issue is
due to a failure of the application to properly sanitize user-supplied URI input
that will be output in dynamically generated Web pages.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.


75. Fetchmail POP3 Client Buffer Overflow Vulnerability
BugTraq ID: 14349
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14349
Summary:
Fetchmail POP3 client is prone to a buffer overflow vulnerability.  This issue
presents itself because the application fails to perform boundary checks prior
to copying user-supplied data into sensitive process buffers. This includes POP
variants such as APOP, and others.

A successful attack can result in overflowing a finite sized buffer and
ultimately leading to arbitrary code execution in the context of the fetchmail
process.  This may allow the attacker to gain elevated privileges.

76. Ultimate PHP Remote Injection Vulnerabilities
BugTraq ID: 14350
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14350
Summary:
Ultimate PHP is prone to multiple HTML injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.

77. Sendcard Sendcard.PHP SQL Injection Vulnerability
BugTraq ID: 14351
Remote: Yes
Date Published: 2005-07-22
Relevant URL: http://www.securityfocus.com/bid/14351
Summary:
Sendcard is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

This issue reportedly affects Sendcard version 3.2.3; other versions may also be
vulnerable.

78. Contrexx Multiple Input Validation Vulnerabilities
BugTraq ID: 14352
Remote: Yes
Date Published: 2005-07-22
Relevant URL: http://www.securityfocus.com/bid/14352
Summary:
Contrexx is affected by multiple input validation vulnerabilities.  These issues
can allow an attacker to carry out HTML injection, SQL injection and information
disclosure attacks.

Contrexx versions prior to 1.0.5 are affected.

79. PHP TopSites Setup.PHP Authentication Bypass Vulnerability
BugTraq ID: 14353
Remote: Yes
Date Published: 2005-07-22
Relevant URL: http://www.securityfocus.com/bid/14353
Summary:
PHP TopSites is prone to an authentication bypass wulnerbility.  An attacker may
bypass authentication and gain access to the vulnerable application.

Once access has been achieved, the malicious user has full control of the
application.  This may aid in further attacks against the underlying system.

80. Veritas NetBackup Access Violation Vulnerability
BugTraq ID: 14355
Remote: Yes
Date Published: 2005-07-22
Relevant URL: http://www.securityfocus.com/bid/14355
Summary:
Veritas NetBackup may be prone to an access violation error.

It is conjectured that this issue may arise due to NULL pointer dereference,
although this is not confirmed.  An attacker may disclose potentially sensitive
data or crash the application by exploiting this vulnerability.

Veritas NetBackup 5.1 running on Microsoft Windows platform is reported to be
vulnerable to this issue.

81. ASN Guestbook Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14356
Remote: Yes
Date Published: 2005-07-22
Relevant URL: http://www.securityfocus.com/bid/14356
Summary:
Asn Guestbook is prone to multiple cross-site scripting vulnerabilities.  These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site.  This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.



III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. 3Com launches vulnerability-buying program
By: Robert Lemos
UPDATE: Under the Zero Day Initiative, 3Com plans to pay security researchers
for information on vulnerabilities and award bonuses to prolific flaw finders.
http://www.securityfocus.com/news/11253

2. Oracle taken to task for time to fix vulnerabilities
By: Robert Lemos
Claiming the company failed to fix six flaws despite having more than 650 days
to issue a patch, security researchers at Red Database publish details of the
vulnerabilities.
http://www.securityfocus.com/news/11252

3. Report: Squatters a major problem for credit-report site
By: Robert Lemos
For consumers looking to get free credit reports at the government-created
AnnualCreditReport.com site, misspellings can mean lost money or even lost
privacy, a reports charges.
http://www.securityfocus.com/news/11251

4. Desktop port proliferation a security risk?
By: Robert Lemos
Peer-to-peer software applications that require users to open ports in their
firewalls are becoming more popular. The effect on desktop security is still
uncertain, however.
http://www.securityfocus.com/news/11248

5. Spyware 'calling home' volumes soar
By: John Leyden
Outbound spyware transmissions from infested machines accounted for up to eight
per cent of total outbound web traffic in pilot tests of a new managed spyware
screening service.
http://www.securityfocus.com/news/11254

6. UK war driver fined £500
By: John Leyden
A man was last week fined £500 after a British jury found him guilty of
using a neighborhood wireless broadband connection without permission.
http://www.securityfocus.com/news/11255

7. Dell rejects spyware charge
By: John Leyden
Dell has rejected allegations that its PCs come pre-loaded with an intrusive
application that spies on users' surfing habits.
http://www.securityfocus.com/news/11250

8. Phlooding attack could leave enterprises high and dry
By: John Leyden
You've got to hand it to the IT security industry for its ability to coin new
and impressive sounding terms for security threats.
http://www.securityfocus.com/news/11249

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Technology Risk Consultant, Los Angeles
http://www.securityfocus.com/archive/77/406432

2. [SJ-JOB] Account Manager, Bay Area
http://www.securityfocus.com/archive/77/406433

3. [SJ-JOB] Account Manager, Plano / Dallas
http://www.securityfocus.com/archive/77/406429

4. [SJ-JOB] Application Security Architect, Bangalore
http://www.securityfocus.com/archive/77/406430

5. [SJ-JOB] Sales Engineer, Seattle
http://www.securityfocus.com/archive/77/406431

6. [SJ-JOB] Account Manager, New York
http://www.securityfocus.com/archive/77/406425

7. [SJ-JOB] Security Researcher, Chicago
http://www.securityfocus.com/archive/77/406426

8. [SJ-JOB] Account Manager, Munich and Frankfurt
http://www.securityfocus.com/archive/77/406427

9. [SJ-JOB] Account Manager, Maidenhead, Berkshire
http://www.securityfocus.com/archive/77/406423

10. [SJ-JOB] Forensics Engineer, Dubai
http://www.securityfocus.com/archive/77/406424

11. [SJ-JOB] Security System Administrator, Riverside
http://www.securityfocus.com/archive/77/406393

12. [SJ-JOB] Information Assurance Analyst, Rockville
http://www.securityfocus.com/archive/77/406394

13. [SJ-JOB] Security Product Marketing Manager, Santa Clara
http://www.securityfocus.com/archive/77/406395

14. [SJ-JOB] Manager, Information Security, Oklahoma CIty
http://www.securityfocus.com/archive/77/406390

15. [SJ-JOB] Sales Engineer, Atlanta
http://www.securityfocus.com/archive/77/406392

16. [SJ-JOB] Security Consultant, Manalapan
http://www.securityfocus.com/archive/77/406236

17. [SJ-JOB] Security Engineer, Cupertino
http://www.securityfocus.com/archive/77/406237

18. [SJ-JOB] Security Engineer, Cupertino
http://www.securityfocus.com/archive/77/406242

19. [SJ-JOB] Security Product Marketing Manager, Santa Clara
http://www.securityfocus.com/archive/77/406240

20. [SJ-JOB] Security Product Marketing Manager, Beaverton
http://www.securityfocus.com/archive/77/406241

21. [SJ-JOB] Security Engineer, Reston
http://www.securityfocus.com/archive/77/406191

22. [SJ-JOB] Security Architect, New York
http://www.securityfocus.com/archive/77/406188

23. [SJ-JOB] Security Researcher, Herndon
http://www.securityfocus.com/archive/77/406189

24. [SJ-JOB] Account Manager, Los Angeles
http://www.securityfocus.com/archive/77/406190

25. [SJ-JOB] Application Security Architect, Dulles
http://www.securityfocus.com/archive/77/406187

26. [SJ-JOB] Application Security Architect, Fairfax
http://www.securityfocus.com/archive/77/406088

27. [SJ-JOB] Sr. Security Analyst, Cranford
http://www.securityfocus.com/archive/77/406142

28. [SJ-JOB] Security Consultant, Mumbai/Bangalore
http://www.securityfocus.com/archive/77/406089

29. [SJ-JOB] Certification & Accreditation Engineer, DC
http://www.securityfocus.com/archive/77/406145

30. [SJ-JOB] Security Engineer, New York City
http://www.securityfocus.com/archive/77/406147

31. [SJ-JOB] Application Security Architect, Sunnyvale
http://www.securityfocus.com/archive/77/406136

32. [SJ-JOB] Security Researcher, Bangalore
http://www.securityfocus.com/archive/77/406140

33. [SJ-JOB] Security System Administrator, Sunnyvale
http://www.securityfocus.com/archive/77/406137

34. [SJ-JOB] Director, Information Security, Alexandria
http://www.securityfocus.com/archive/77/406139

35. [SJ-JOB] Channel / Business Development, San Diego
http://www.securityfocus.com/archive/77/406141

36. [SJ-JOB] Sr. Security Engineer, South San Francisco
http://www.securityfocus.com/archive/77/406138

37. [SJ-JOB] Security Engineer, Washington
http://www.securityfocus.com/archive/77/406047

38. [SJ-JOB] Security Engineer, Chicago
http://www.securityfocus.com/archive/77/406050

39. [SJ-JOB] Sales Engineer, New  York
http://www.securityfocus.com/archive/77/406051

40. [SJ-JOB] Security Engineer, Boston
http://www.securityfocus.com/archive/77/406055

41. [SJ-JOB] VP of Regional Sales, London
http://www.securityfocus.com/archive/77/406057

42. [SJ-JOB] Security Architect, Seattle
http://www.securityfocus.com/archive/77/406072

43. [SJ-JOB] Account Manager, Mahwah
http://www.securityfocus.com/archive/77/405980

44. [SJ-JOB] Account Manager, UK Wide
http://www.securityfocus.com/archive/77/405981

45. [SJ-JOB] Account Manager, Sterling
http://www.securityfocus.com/archive/77/405986

46. [SJ-JOB] Jr. Security Analyst, Fort Lauderdale
http://www.securityfocus.com/archive/77/405979

47. [SJ-JOB] Sales Engineer, Charleston
http://www.securityfocus.com/archive/77/405990

48. [SJ-JOB] Information Assurance Engineer, Springfield
http://www.securityfocus.com/archive/77/406014

49. [SJ-JOB] Sales Engineer, Carlsbad
http://www.securityfocus.com/archive/77/406004

50. [SJ-JOB] Developer, WalnutCreek
http://www.securityfocus.com/archive/77/406005

51. [SJ-JOB] Developer, Hyderabad
http://www.securityfocus.com/archive/77/406013

52. [SJ-JOB] VP / Dir / Mgr engineering, WalnutCreek
http://www.securityfocus.com/archive/77/406040

53. [SJ-JOB] Security Engineer, Dallas
http://www.securityfocus.com/archive/77/405623

54. [SJ-JOB] Quality Assurance, Cupertino
http://www.securityfocus.com/archive/77/405626

55. [SJ-JOB] Manager, Information Security, Chicago
http://www.securityfocus.com/archive/77/405624

56. [SJ-JOB] Information Assurance Analyst, Chicago
http://www.securityfocus.com/archive/77/405625

V.   INCIDENTS LIST SUMMARY
---------------------------
VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. CSR: challenge update...
http://www.securityfocus.com/archive/82/406418

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Disabling Microsoft FTP service banner.
http://www.securityfocus.com/archive/88/406235

2. Administrivia: IIS/AV thread
http://www.securityfocus.com/archive/88/406177

3. Should servers have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405896

4. SecurityFocus Microsoft Newsletter #248
http://www.securityfocus.com/archive/88/405798

5. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405749

6. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405648

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
[ terug ]