Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #320
----------------------------------------

This Issue is Sponsored By: Solsoft

RUNNING A CISCO ENVIRONMENT? TRY FIREWALL MANAGER
Solsoft Firewall Manager is the SMB version of the flagship Solsoft security
management platform. 
Affordable, it is ideal to manage complex environments between 5 and 25 security
devices. 
Security policies can be designed and deployed on CISCO ASA, PIX, FWSM, IOS,
VPN3000 as well as Check Point, Linux or Juniper devices. 
DON'T WAIT, DOWNLOAD YOUR FREE TRIAL VERSION TODAY! 

http://www.solsoft.com/security/sfm_securityfocus

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. Two-factor banking
       2. ICANN on center stage
       3. OpenBSD's network stack
II.   BUGTRAQ SUMMARY
       1. Xine-Lib Remote CDDB Information Format String Vulnerability
       2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion
Vulnerability
       3. Cyphor Multiple Input Validation Vulnerabilities
       4. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
       5. Linux Kernel Multiple Security Vulnerabilities
       6. Graphviz Insecure Temporary File Creation Vulnerability
       7. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
       8. BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
       9. PHPMyAdmin Local File Include Vulnerability
       10. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow
Vulnerability
       11. SGI IRIX Runpriv Local Privilege Escalation Vulnerability
       12. Microsoft Windows MSDTC Memory Corruption Vulnerability
       13. Microsoft MSDTC COM+ Remote Code Execution Vulnerability
       14. Microsoft MSDTC TIP Denial Of Service Vulnerability
       15. Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
       16. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
       17. Microsoft Internet Explorer COM Object Instantiation Variant
Vulnerability
       18. RARLAB WinRAR Multiple Remote Vulnerabilities
       19. Microsoft DirectX DirectShow AVI Processing Buffer Overflow
Vulnerability
       20. Microsoft Windows Explorer Web View Script Injection Vulnerability
       21. Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer
Overflow Vulnerability
       22. Microsoft Windows Client Service For Netware Buffer Overflow
Vulnerability
       23. Microsoft Collaboration Data Objects Remote Buffer Overflow
Vulnerability
       24. VersatileBulletinBoard Multiple SQL Injection Vulnerabilities
       25. Microsoft Windows Malicious Shortcut Handling Remote Code Execution
Vulnerability
       26. Microsoft Windows Malicious Shortcut Handling Remote Code Execution
Variant Vulnerability
       27. OpenSSL Insecure Protocol Negotiation Weakness
       28. OpenVMPS Logging Function Format String Vulnerability
       29. VersatileBulletinBoard Multiple Cross-Site Scripting Vulnerabilities
       30. PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
       31. VersatileBulletinBoard Information Disclosure Vulnerability
       32. Linux Kernel Multiple Memory Leak Local Denial Of Service
Vulnerabilities
       33. Accelerated E Solutions SQL Injection Vulnerability
       34. Zeroblog Thread.PHP Cross-Site Scripting Vulnerability
       35. VERITAS NetBackup Java User-Interface Remote Format String
Vulnerability
       36. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
       37. GFI MailSecurity for Exchange/SMTP Web Interface Remote Buffer
Overflow Vulnerability
       38. Zope RestructuredText Unspecified Security Vulnerability
       39. WebGUI Arbitrary Command Execution Vulnerability
       40. Sun Java System Application Server Java Server Page Source Disclosure
Vulnerability
       41. Linux Orinoco Driver Remote Information Disclosure Vulnerability
       42. Xeobook Multiple HTML Injection Vulnerabilities
       43. Symantec Brightmail AntiSpam Malformed MIME Message Denial Of Service
Vulnerability
       44. PHPWebSite Search Module SQL Injection Vulnerability
       45. Sun Solaris Multiple Local Vulnerabilities
       46. Ahnlab V3 Antivirus Multiple Archive Format Handling Remote Buffer
Overflow Vulnerability
       47. Yapig View.PHP Cross-Site Scripting Vulnerability
       48. Hitachi OpenTP1 Denial Of Service Vulnerability
       49. Kerio Personal Firewall and ServerFirewall Local Denial of Service
Vulnerability
       50. YaPig Homepage Form Field HTML Injection Vulnerability
       51. AbiWord Stack-Based Buffer Overflow Vulnerabilities
       52. Accelerated Mortgage Manager Password Field SQL Injection
Vulnerability
       53. HP-UX Itanium Local Denial Of Service Vulnerability
       54. Clam Anti-Virus ClamAV OLE2 File Handling Denial Of Service
Vulnerability
       55. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
       56. XMail Local Buffer Overflow Vulnerability
       57. TYPSoft FTP Server RETR Denial Of Service Vulnerability
       58. IBM AIX LSCFG Insecure Temporary File Creation Vulnerability
       59. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation
Weakness
       60. RTasarim WebAdmin Login SQL Injection Vulnerability
       61. Gallery Main.PHP Directory Traversal Vulnerability
       62. Trust Digital Trusted Mobility Suite Authentication Bypass
Vulnerability
       63. W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities
       64. Complete PHP Counter SQL Injection Vulnerability
       65. Complete PHP Counter Cross-Site Scripting Vulnerability
       66. SPE Insecure File Permissions Vulnerability
       67. PunBB Search.PHP SQL Injection Vulnerability
III.  SECURITYFOCUS NEWS
       1. Worm worries don't wait for Windows exploits
       2. Arrests unlikely to impact bot net threat, say experts
       3. Fingerprint payments taking off despite security concerns
       4. E-voting experts call for revised security guidelines
       5. Say hello to the Skype Trojan
       6. Shared music abuse bug hits iTunes
       7. US cybersecurity all at sea
       8. Worm fears over MS October patch batch
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Sales Representative, Washington, D.C.
       2. [SJ-JOB] Jr. Security Analyst, London
       3. [SJ-JOB] Security Engineer, Washington D.C.
       4. [SJ-JOB] Security System Administrator, London
       5. [SJ-JOB] Information Assurance Analyst, Rosslyn, VA (near DC)
       6. [SJ-JOB] Security Consultant, Luxembourg
       7. [SJ-JOB] Manager, Information Security, london
       8. [SJ-JOB] Security Architect, london
       9. [SJ-JOB] Auditor, New York
       10. [SJ-JOB] Information Assurance Engineer, Washington
       11. [SJ-JOB] Security Engineer, San Francisco
       12. [SJ-JOB] Security Engineer, San Diego
       13. [SJ-JOB] Security Architect, San Antonio
       14. [SJ-JOB] Security Architect, San Antonio
       15. [SJ-JOB] Sr. Security Analyst, Davidson
       16. [SJ-JOB] Information Assurance Engineer, Washington Navy Yard
       17. [SJ-JOB] Information Assurance Engineer, Reston
       18. [SJ-JOB] Sales Representative, Seattle
       19. [SJ-JOB] Security Consultant, London + UK wide
       20. [SJ-JOB] Developer, Milpitas
       21. [SJ-JOB] Sales Representative, Crystal Lake
       22. [SJ-JOB] Developer, Milpitas
       23. [SJ-JOB] Sales Engineer, Vienna
       24. [SJ-JOB] Application Security Engineer, Vienna
       25. [SJ-JOB] Quality Assurance, Milpitas
       26. [SJ-JOB] Channel / Business Development, Cupertino
       27. [SJ-JOB] Forensics Engineer, London
       28. [SJ-JOB] Account Manager, Atlanta
       29. [SJ-JOB] Security Consultant, Remote working
       30. [SJ-JOB] Technical Marketing Engineer, Cupertino
       31. [SJ-JOB] Sales Representative, Chicago
       32. [SJ-JOB] Security Product Marketing Manager, Santa Clara
       33. [SJ-JOB] Security Consultant, Vashi, Navi Mumbai
       34. [SJ-JOB] Security Engineer, Brussels
       35. [SJ-JOB] Security Product Marketing Manager, Santa clara
       36. [SJ-JOB] Technical Marketing Engineer, Belmont
       37. [SJ-JOB] Security Product Marketing Manager, Belmont
       38. [SJ-JOB] Security Product Marketing Manager, Belmont
       39. [SJ-JOB] Security Engineer, Phoenix
       40. [SJ-JOB] Security Product Manager, Santa Clara
       41. [SJ-JOB] Director, Information Security, London
       42. [SJ-JOB] Director, Information Security, washington, reston
       43. [SJ-JOB] Sr. Security Analyst, Arlington
       44. [SJ-JOB] Security Engineer, Providence
       45. [SJ-JOB] Management, Washington
       46. [SJ-JOB] Sales Engineer, Reston
       47. [SJ-JOB] Security Engineer, Herndon
       48. [SJ-JOB] Sr. Security Analyst, Arlington
       49. [SJ-JOB] Sr. Security Analyst, Ft. Lauderdale
       50. [SJ-JOB] Security Consultant, Minneapolis / St. Paul
       51. [SJ-JOB] Manager, Information Security, Arlington
       52. [SJ-JOB] Application Security Engineer, Calgary
       53. [SJ-JOB] Security Consultant, New York
       54. [SJ-JOB] Security Researcher, Chicago
       55. [SJ-JOB] Application Security Architect, Calgary
       56. [SJ-JOB] Manager, Information Security, Chicago
       57. [SJ-JOB] Account Manager, Washington D.C.
       58. [SJ-JOB] Security Consultant, NY
       59. [SJ-JOB] Security Consultant, Miami
       60. [SJ-JOB] Sales Engineer, Ambler
       61. [SJ-JOB] Sales Engineer, New York CIty
       62. [SJ-JOB] Sr. Security Engineer, Mountain View
       63. [SJ-JOB] Sr. Security Analyst, San Diego
       64. [SJ-JOB] Sales Representative, Boston
       65. [SJ-JOB] Security Engineer, Phoenix
       66. [SJ-JOB] Security Engineer, Phoenix
       67. [SJ-JOB] Sr. Security Engineer, Buckinghamshire
       68. [SJ-JOB] CHECK Team Leader, london
       69. [SJ-JOB] Application Security Architect, london
       70. [SJ-JOB] Security Engineer, Phoenix
       71. [SJ-JOB] Jr. Security Analyst, San Diego
       72. [SJ-JOB] Account Manager, Sterling
       73. [SJ-JOB] Security Researcher, San Diego
       74. [SJ-JOB] Sr. Product Manager, San Diego
       75. [SJ-JOB] Sr. Security Engineer, Detroit
       76. [SJ-JOB] Security Engineer, Austin
       77. [SJ-JOB] Security Consultant, Flanders
       78. [SJ-JOB] Sr. Security Analyst, Columbus
       79. [SJ-JOB] Security Engineer, Denver
       80. [SJ-JOB] Manager, Information Security, London
       81. [SJ-JOB] Sr. Security Analyst, Richmond
       82. [SJ-JOB] Developer, Columbia
       83. [SJ-JOB] Developer, Columbia
       84. [SJ-JOB] Customer Support, Boston
       85. [SJ-JOB] Auditor, San Francisco and LA
V.    INCIDENTS LIST SUMMARY
       1. Strange attack question - seems udp
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. Solaris sparc newbie exploit coding misc questions
       2. [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow
       3. [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow
Vulnerability
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. Auditing Options
       2. SecurityFocus Microsoft Newsletter #260
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
X.    NEW MAILING LISTS
XI.    UNSUBSCRIBE INSTRUCTIONS
XII.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Two-factor banking
By Kelly Martin
People who lived through the Second World War, like my grandparents, had a very
different view of money than those of us who grew up in the Information Age.
http://www.securityfocus.com/columnists/363

2. ICANN on center stage
By Scott Granneman
ICANN and the U.S. government reach center stage next month in Tunisia, as the
future of IP address assignments and U.S. control of the root DNS turns into a
hotbed of debate.
http://www.securityfocus.com/columnists/362

3. OpenBSD's network stack
By Federico Biancuzzi
SecurityFocus interviews three OpenBSD developers about their network stack
protection against DoS ICMP attacks, a short comparison with Linux' stack, and
some thoughts on OpenBGPD.
http://www.securityfocus.com/columnists/361


II.  BUGTRAQ SUMMARY
--------------------
1. Xine-Lib Remote CDDB Information Format String Vulnerability
BugTraq ID: 15044
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15044
Summary:
Xine-lib is susceptible to a remote format string vulnerability. This issue is
due to a failure of the application to securely implement a formatted printing
function.

Successful exploitation of this vulnerability allows remote attackers to execute
arbitrary machine code in the context of the affected application.

Xine-lib versions 0.9.13, 1.0, 1.0.1, 1.0.2, and 1.1.0 are reported to be
affected. Other versions may also be affected, as well as all applications that
utilize a vulnerable version of the library.

2. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion
Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a
vulnerability that may allow malformed archive files to bypass detection.

This issue arises when an affected application processes a specially altered
archive file that contains a fake, misleading MS-DOS executable MZ header.

This issue could result in malicious archives bypassing detection and allowing
the contents to be opened by a recipient.

It should be noted that specific information regarding affected packages and
versions is currently unavailable. The reporter of this issue used the EICAR
test message stored in multiple different malformed archives. It may be possible
that some of the reportedly affected packages may actually be immune to this
issue.

This BID will be updated as further information is disclosed.

3. Cyphor Multiple Input Validation Vulnerabilities
BugTraq ID: 15047
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15047
Summary:
Cyphor is prone to multiple cross-site scripting and SQL injection
vulnerabilities.

Exploitation could allow for theft of cookie-based authentication credentials or
unauthorized access to database data. Other attacks are also possible.


4. Up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
BugTraq ID: 15048
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15048
Summary:
up-IMAPProxy is reported prone to multiple unspecified remote format string
vulnerabilities.

Successful exploitation could result in a failure of the application or
arbitrary code execution in the context of the application. 

Specific details of these issues are not currently known. This BID will be
updated when further information becomes available. 


5. Linux Kernel Multiple Security Vulnerabilities
BugTraq ID: 15049
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15049
Summary:
Linux kernel is prone to multiple vulnerabilities.  These issues may allow local
and remote attackers to trigger denial of service conditions or disclose
sensitive kernel memory.

Linux kernel 2.6.x versions are known to be vulnerable at the moment.  Other
versions may be affected as well.

6. Graphviz Insecure Temporary File Creation Vulnerability
BugTraq ID: 15050
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
Graphviz creates temporary files in an insecure manner.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well. 

Graphviz 2.2.1 is reportedly affected, however, other versions may be vulnerable
as well.

7. XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15051
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15051
Summary:
xloadimage is affected by multiple remotely exploitable buffer overflow
vulnerabilities.

The problems present themselves when the application processes malformed image
titles. 

An attacker may exploit these issues to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access.

8. BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
BugTraq ID: 15052
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15052
Summary:
BEA has released 24 advisories identifying various vulnerabilities affecting BEA
WebLogic Server and WebLogic Express.  These issues present remote and local
threats and may facilitate attacks affecting the integrity, confidentiality, and
availability of vulnerable computers.

It is conjectured that some of these issues may allow an attacker to completely
compromise a vulnerable computer.

These issues are currently being analyzed.  This BID will be updated and
individuals BID will be released when further analysis is complete.

9. PHPMyAdmin Local File Include Vulnerability
BugTraq ID: 15053
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15053
Summary:
phpMyAdmin is prone to a local file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code
that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access. 

phpMyAdmin 2.6.4-pl1 is reported to be vulnerable.  Other versions may be
affected as well.

10. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow
Vulnerability
BugTraq ID: 15054
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15054
Summary:
Kaspersky Anti-Virus Engine is prone to a remote buffer overflow vulnerability.

This issue presents itself when an attacker sends a maliciously crafted CHM file
to an affected computer and this file is processed by Kaspersky's CHM file
parser.

This vulnerability allows attackers to execute arbitrary machine code in the
context of the affected application.  Attackers may gain privileged remote
access to computers running the affected application.

11. SGI IRIX Runpriv Local Privilege Escalation Vulnerability
BugTraq ID: 15055
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15055
Summary:
SGI IRIX runpriv can allow local attackers to gain elevated privileges.

A local user can append an arbitrary command while executing the application and
have the commands executed with superuser privileges.

A successful attack can allow the attacker to gain elevated privileges and
completely compromise an affected computer.

IRIX 6.5.22 (maintenance) is reportedly vulnerable, however, other versions are
likely to be affected as well.
 

12. Microsoft Windows MSDTC Memory Corruption Vulnerability
BugTraq ID: 15056
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15056
Summary:
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator)
service is prone to a memory corruption vulnerability.  This issue could allow
for execution of arbitrary code in the context of the service.  The
vulnerability may be remotely exploitable in some circumstances, but will also
permit local privilege escalation.

This issue is remotely exploitable on Windows 2000 platforms, since the Network
DTC is enabled by default on this platform.  On Windows XP, this issue may be
remotely exploitable if a local user has started the service.  On Windows Server
2003, this vulnerability is limited to local privilege escalation unless Network
DTC has been explicitly enabled by an administrator.  This issue is not present
on Windows XP SP2 and Windows Server 2003 SP1.

Update: Microsoft reports several systems have experienced one or more problems
after installing the critical update from Microsoft Security Bulletin MS05-051
for this issue.  For a more detailed explanation of these problems please see
the attached microsoft knowledge base article 909444.

13. Microsoft MSDTC COM+ Remote Code Execution Vulnerability
BugTraq ID: 15057
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15057
Summary:
Microsoft Windows is prone to a vulnerability in the COM+ (Component Object
Model) functionality of the MSDTC (Microsoft Distribution Transaction
Coordinator) service.  This issue may permit remote and local attackers to
execute arbitrary code in the context of the service.

This issue may be exploited by remote anonymous attackers on Windows 2000
platforms.  On Windows XP versions up to and including SP1, the attacker must
authenticate as the Guest or another account prior to exploitation.  On Windows
XP SP2 and all Windows Server 2003 operating systems, this issue is limited to
local privilege escalation.

Update: Microsoft reports several systems have experienced one or more problems
after installing the critical update from Microsoft Security Bulletin MS05-051
for this issue.  For a more detailed explanation of these problems please see
the attached microsoft knowledge base article 909444.

14. Microsoft MSDTC TIP Denial Of Service Vulnerability
BugTraq ID: 15058
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15058
Summary:
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator)
service is prone to a denial of service vulnerability.  

The vulnerability exists in the TIP (Transaction Internet Protocol)
functionality that is provided by MSDTC.  This vulnerability may be exploited by
a remote attacker to deny the availability of services that depend on MSDTC.

This issue only exists on operating systems that have support for the TIP
protocol enabled.  This vulnerability is remotely exploitable on default
configurations on Windows 2000.  TIP is not enabled by default on Windows XP and
Windows Server 2003 even if the MSDTC service is running.

Update: Microsoft reports several systems have experienced one or more problems
after installing the critical update from Microsoft Security Bulletin MS05-051
for this issue.  For a more detailed explanation of these problems please see
the attached microsoft knowledge base article 909444.

15. Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
BugTraq ID: 15059
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15059
Summary:
The Microsoft MSDTC (Microsoft Distribution Transaction Coordinator) service is
prone to a vulnerability that may permit denial of service attacks against the
service or facilitate distributed denial of service attacks against other
computers.

The vulnerability exists in the TIP (Transaction Internet Protocol)
functionality that is provided by MSDTC.  

This issue only exists on operating systems that have support for the TIP
protocol enabled.  This vulnerability is remotely exploitable on default
configurations on Windows 2000.  TIP is not enabled by default on Windows XP and
Windows Server 2003 even if the MSDTC service is running.

Update: Microsoft reports several systems have experienced one or more problems
after installing the critical update from Microsoft Security Bulletin MS05-051
for this issue.  For a more detailed explanation of these problems please see
the attached microsoft knowledge base article 909444.

16. KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
BugTraq ID: 15060
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15060
Summary:
KWord is prone to a remote buffer overflow vulnerability.

The vulnerability arises when the application handles a malformed RTF file.

A successful attack may result in arbitrary code execution facilitating remote
unauthorized access in the context of the user running KWord.

KOffice versions 1.2.0 to 1.4.1 are vulnerable to this issue.

17. Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
BugTraq ID: 15061
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15061
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability that is
related to instantiation of COM objects.

Successful exploitation could let remote attackers execute arbitrary code in the
context of the currently logged in user on the affected computer.

This is a variant of the vulnerability described in BID 14511 Microsoft Internet
Explorer COM Object Instantiation Buffer Overflow Vulnerability.  The difference
between this issue and BID 14511 is that a different set of COM objects are
affected that were not addressed in the previous BID.


18. RARLAB WinRAR Multiple Remote Vulnerabilities
BugTraq ID: 15062
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15062
Summary:
WinRAR is prone to multiple remote vulnerabilities.  These issues include a
format string and a buffer overflow vulnerability.  Successful exploitation may
allow an attacker to execute arbitrary code on a vulnerable computer.

WinRAR 3.50 and prior versions are vulnerable to these issues.

19. Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
BugTraq ID: 15063
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15063
Summary:
A buffer overflow vulnerability exists in the Microsoft Windows DirectX
component.  This issue is related to processing of .AVI (Audio Visual
Interleave) media files.  The specific vulnerability exists in DirectShow and
could be exposed through applications that employ DirectShow to process .AVI
files.

Successful exploitation will permit execution of arbitrary code in the context
of the user who opens a malicious .AVI file.

This issue could be exploited through any means that will allow the attacker to
deliver a malicious .AVI file to a victim user.  In Web-based attack scenarios,
exploitation could occur automatically if the malicious Web page can cause the
.AVI file to be loaded automatically by Windows Media Player.  Other attack
vectors such as email or instant messaging may require the victim user to
manually open the malicious .AVI.

It is not known if third-party applications rely on DirectShow to process .AVI
files.  If so, these applications could also present an attack vector.


20. Microsoft Windows Explorer Web View Script Injection Vulnerability
BugTraq ID: 15064
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15064
Summary:
Microsoft Windows Explorer Web View is affected by an arbitrary script injection
vulnerability.  

An attacker can exploit this issue by crafting a malicious file and placing it
on a Web site or sending it to a user through email followed by enticing them to
preview it in Windows Explorer.

A successful attack can result in a remote compromise in the context of the
vulnerable user.


21. Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow
Vulnerability
BugTraq ID: 15065
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15065
Summary:
Microsoft Windows Plug and Play is prone to a buffer overflow vulnerability.
This issue is due to a failure of the service to properly bounds check
user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue takes place when the PnP service handles malformed messages
containing excessive data. 

This vulnerability facilitates local privilege escalation and unauthorized
remote access depending on the underlying operating system. A successful attack
may result in arbitrary code execution resulting in an attacker gaining SYSTEM
privileges.

This issue is unrelated to the one documented in BID 14513, "Microsoft Windows
Plug and Play Buffer Overflow Vulnerability", but they both have similar attack
scenarios and affects.

22. Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
BugTraq ID: 15066
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15066
Summary:
Microsoft Client Service for Netware is prone to a buffer overflow vulnerability
that could permit the execution of arbitrary remote code.

A remote attacker can exploit this vulnerability to execute arbitrary code and
completely compromise the computer.  This issue could also be exploited by local
attackers to gain elevated privileges.

It should be noted that the Client Service for Netware is not installed by
default on any affected operating system.  Microsoft Windows XP Home is not
affected by this vulnerability at all.

23. Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
BugTraq ID: 15067
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15067
Summary:
Microsoft CDO is susceptible to a remote buffer overflow vulnerability. This
issue is due to a failure of the library to properly bounds check user-supplied
data prior to copying it to an insufficiently sized memory buffer.

This issue presents itself when an attacker sends a specifically crafted email
message to an email server utilizing the affected library.

This issue allows remote attackers to execute arbitrary machine code in the
context of the application utilizing the library.

24. VersatileBulletinBoard Multiple SQL Injection Vulnerabilities
BugTraq ID: 15068
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15068
Summary:
versatileBulletinBoard is prone to multiple SQL injection vulnerabilities. These
issues are due to a failure of the application to properly sanitize
user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

It should be noted that 'magic_quotes_gpc' must be set to 'off' for these
vulnerabilities to be exploitable.


25. Microsoft Windows Malicious Shortcut Handling Remote Code Execution
Vulnerability
BugTraq ID: 15069
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15069
Summary:
Microsoft Windows is prone to a remote code execution vulnerability when
handling a malicious shortcut (.lnk) file.  

An attacker can exploit this issue by crafting a malicious file and placing it
on a Web site or sending it to a user through email followed by enticing them to
open it and view the file's properties.  

This issue also poses a local threat as a local unprivileged attacker could
exploit this issue without user interaction to gain elevated privileges.

This vulnerability can facilitate arbitrary code execution with SYSTEM
privileges.

This BID is related to the issue described in BID 15070 (Microsoft Windows
Malicious Shortcut Handling Remote Code Execution Variant Vulnerability).

26. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant
Vulnerability
BugTraq ID: 15070
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15070
Summary:
Microsoft Windows is prone to a remote code execution vulnerability when
handling a malicious shortcut (.lnk) file.  

An attacker can exploit this issue by crafting a malicious file and placing it
on a Web site or sending it to a user through email followed by enticing them to
open it and view the file's properties.  

This issue also poses a local threat as a local unprivileged attacker could
exploit this issue without user interaction to gain elevated privileges.

This vulnerability can facilitate arbitrary code execution with SYSTEM
privileges.

This BID is related to the issue described in BID 15069 (Microsoft Windows
Malicious Shortcut Handling Remote Code Execution Vulnerability).

27. OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 15071
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol negotiation weakness. This issue is
due to the implementation of the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to
maintain compatibility with third party software.

This issue presents itself when two peers attempt to negotiate the protocol they
wish to communicate with. Attackers able to intercept and modify the SSL
communications may exploit this weakness to force SSL version 2 to be chosen.

The attacker may then exploit various insecurities in SSL version 2 to gain
access to, or tamper with the cleartext communications between the targeted
client and server.

It should be noted that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled
with the frequently used 'SSL_OP_ALL' option.

SSL peers configured not to permit SSL version 2 are not affected by this issue.

28. OpenVMPS Logging Function Format String Vulnerability
BugTraq ID: 15072
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15072
Summary:
OpenVMPS is affected by a remote format string vulnerability.  This issue is due
to a failure of the application to properly sanitize user-supplied input before
using it as the format specifier in a system log entry.

Reports indicate that the immediate consequence of successful exploitation is a
denial of service.

29. VersatileBulletinBoard Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15073
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15073
Summary:
versatileBulletinBoard is prone to multiple cross-site scripting
vulnerabilities. These issues are due to a failure in the application to
properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


30. PHP Advanced Transfer Manager Arbitrary File Upload Vulnerability
BugTraq ID: 15074
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15074
Summary:
PHP Advanced Transfer Manager is prone to a remote arbitrary file upload
vulnerability.

This issue may allow remote attackers to upload arbitrary files including
malicious scripts and possibly execute the script on the affected server.

31. VersatileBulletinBoard Information Disclosure Vulnerability
BugTraq ID: 15075
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15075
Summary:
versatileBulletinBoard is prone to an information disclosure issue.

A remote attacker may view a list of all files related to the application.

versatileBulletinBoard version 1.0.0.RC2 is affected.


32. Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
BugTraq ID: 15076
Remote: No
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15076
Summary:
Two local denial of service vulnerabilities affects the Linux kernel. These
issues are due to a design flaw that creates memory leaks.

These vulnerabilities may be exploited by local users to consume excessive
kernel resources, likely triggering a kernel crash, denying service to
legitimate users.

These issues affect Linux kernel versions prior to 2.6.14-rc4.

33. Accelerated E Solutions SQL Injection Vulnerability
BugTraq ID: 15077
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15077
Summary:
Accelerated E Solutions is prone to an SQL injection vulnerability.  This issue
is due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

34. Zeroblog Thread.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15078
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15078
Summary:
Zeroblog is prone to a cross-site scripting vulnerability. This issue is due to
a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.


35. VERITAS NetBackup Java User-Interface Remote Format String Vulnerability
BugTraq ID: 15079
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15079
Summary:
NetBackup Java user-interface is affected by a remote format string
vulnerability.  

An attacker can exploit this vulnerability by crafting a malicious request that
contains format specifiers.  A successful attack may result in crashing the
server or lead to arbitrary code execution. This may facilitate unauthorized
access or privilege escalation with SYSTEM or superuser privileges.



36. Novell NetMail NMAP Agent Remote Buffer Overflow Vulnerability
BugTraq ID: 15080
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15080
Summary:
NetMail Network Messaging Application Protocol (NMAP) Agent is affected by a
remote buffer overflow vulnerability.

This vulnerability allows remote attackers to execute arbitrary machine code in
the context of the affected server process.


37. GFI MailSecurity for Exchange/SMTP Web Interface Remote Buffer Overflow
Vulnerability
BugTraq ID: 15081
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15081
Summary:
GFI MailSecurity for Exchange/SMTP is affected by a remote buffer overflow
vulnerability.

Specifically, the issue presents itself when the Web management interface of the
application handles malformed HTTP requests.

A successful attack can result in a complete compromise of the vulnerable
computer.

GFI MailSecurity for Exchange/SMTP version 8.1 is vulnerable to this issue.

38. Zope RestructuredText Unspecified Security Vulnerability
BugTraq ID: 15082
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15082
Summary:
Zope is prone to an unspecified vulnerability in the docutils module.

No other information has been provided; this BID will be updated when further
details are available.


39. WebGUI Arbitrary Command Execution Vulnerability
BugTraq ID: 15083
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15083
Summary:
WebGUI is prone to an arbitrary command execution vulnerability. This is due to
insufficient sanitization of user-supplied data.

This issue can facilitate unauthorized remote access.

40. Sun Java System Application Server Java Server Page Source Disclosure
Vulnerability
BugTraq ID: 15084
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15084
Summary:
A problem with Sun Java System Application Server results in the disclosure of
the source code of Java Server Pages. This allows attackers to gain unauthorized
access to sensitive information, potentially aiding them in further attack.

41. Linux Orinoco Driver Remote Information Disclosure Vulnerability
BugTraq ID: 15085
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
The Orinoco drivers for Linux kernels is susceptible to a remote information
disclosure vulnerability. This issue is due to the driver sending uninitialized
kernel memory in small network packets.

Remote attackers may exploit this issue to gain access to potentially sensitive
kernel memory, aiding them in further attacks.

42. Xeobook Multiple HTML Injection Vulnerabilities
BugTraq ID: 15086
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15086
Summary:
Xeobook is prone to multiple unspecified HTML injection vulnerabilities.
These are due to a lack of proper sanitization of user-supplied input.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.


43. Symantec Brightmail AntiSpam Malformed MIME Message Denial Of Service
Vulnerability
BugTraq ID: 15087
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15087
Summary:
Symantec Brightmail AntiSpam is susceptible to a denial of service
vulnerability. This issue is due to a failure of the application to properly
handle certain malformed MIME content.

This issue allows remote attackers to crash the application, denying further
email scanning service to legitimate users.

44. PHPWebSite Search Module SQL Injection Vulnerability
BugTraq ID: 15088
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15088
Summary:
phpWebSite is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

The vendor has released the patch phpwebsite_security_patch_20051202.tgz
addressing this issue.

This vulnerability was originally believed to be related to to BID 14172
(PHPWebSite Index.PHP Multiple SQL Injection Vulnerabilities) but is a seperate
issue.

45. Sun Solaris Multiple Local Vulnerabilities
BugTraq ID: 15090
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15090
Summary:
Sun Solaris is prone to multiple local vulnerabilities.  These issues may allow
attackers to carry out denial of service attacks and obtain sensitive
information.

Solaris 10 is vulnerable to these issues.

46. Ahnlab V3 Antivirus Multiple Archive Format Handling Remote Buffer Overflow
Vulnerability
BugTraq ID: 15091
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15091
Summary:
Ahnlab V3 Antivirus is affected by a remote buffer overflow vulnerability when
handling various archive formats.

An attacker can exploit this issue by crafting a malicious archive and sending
the archive to a computer to be scanned by the affected application.

An attacker may exploit this vulnerability to gain unauthorized remote access
with SYSTEM privileges. 


47. Yapig View.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15092
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15092
Summary:
Yapig is prone to a cross-site scripting vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

YaPig versions 0.95b and earlier are affected.


48. Hitachi OpenTP1 Denial Of Service Vulnerability
BugTraq ID: 15093
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15093
Summary:
OpenTP1 is prone to a denial of service vulnerability.  This issue is due to a
failure in the application to properly handle malformed data.

A remote attacker can exploit this vulnerability to cause the affected service
to crash, denying service to legitimate users.

49. Kerio Personal Firewall and ServerFirewall Local Denial of Service
Vulnerability
BugTraq ID: 15094
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15094
Summary:
Kerio Personal Firewall and ServerFirewall are prone to a local denial of
service vulnerability.

Reports indicate that the FWDRV driver does not verify access to memory
associated with the Process Environment Block (PEB) of the application.  An
attacker can trigger fatal exceptions and cause the firewall process to
terminate.

A denial of service condition in the firewall can expose computers to further
attacks.

50. YaPig Homepage Form Field HTML Injection Vulnerability
BugTraq ID: 15095
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15095
Summary:
YaPig is prone an HTML injection vulnerability.  This issue is due to a failure
in the application to properly sanitize user-supplied input before using it in
dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.


51. AbiWord Stack-Based Buffer Overflow Vulnerabilities
BugTraq ID: 15096
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15096
Summary:
AbiWord is susceptible to multiple stack-based buffer overflow vulnerabilities;
fixes are available.  These issues are due to a failure of the application to
properly bounds check user-supplied data prior to copying it to an
insufficiently sized memory buffer while importing RTF files.

These issues likely allow attackers to execute arbitrary machine code in the
context of the user running the affected application.

Though similar to the vulnerability described in BID 14971 (AbiWord RTF File
Processing Buffer Overflow Vulnerability), these vulnerabilities are a separate
issue.

52. Accelerated Mortgage Manager Password Field SQL Injection Vulnerability
BugTraq ID: 15097
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15097
Summary:
Accelerated Mortgage Manager is prone to an SQL injection vulnerability. This is
due to a lack of proper sanitization of user-supplied input before passing it on
to SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


53. HP-UX Itanium Local Denial Of Service Vulnerability
BugTraq ID: 15100
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15100
Summary:
HP-UX is prone to a local denial of service vulnerability.  This issue is due to
a failure in the application to properly handle exceptional conditions.

A local authorized attacker could exploit this vulnerability to cause the system
to malfunction, resulting in a denial of service to legitimate users.

Only HP9000 Servers running HP-UX release B.11.23 on Itanium (IPF Architecture)
platforms are affected.

54. Clam Anti-Virus ClamAV OLE2 File Handling Denial Of Service Vulnerability
BugTraq ID: 15101
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15101
Summary:
ClamAV is prone to a denial of service vulnerability.  This is due to a failure
in the application to handle malformed OLE2 files.

Exploitation could cause the application to enter an infinite loop, resulting in
a denial of service.

55. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow Vulnerability
BugTraq ID: 15102
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15102
Summary:
GNU wget and cURL are prone to a buffer overflow vulnerability.  This issue is
due to a failure in the applications to do proper bounds checking on user
supplied data before using it in a memory copy operation.

An attacker can exploit this vulnerability to execute arbitrary code in the
context of the user utilizing the vulnerable application.

Exploitation of this vulnerability requires that NTLM authentication is enabled
in the affected clients.

56. XMail Local Buffer Overflow Vulnerability
BugTraq ID: 15103
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15103
Summary:
XMail is prone to a local buffer overflow vulnerability.

A successful attack can facilitate arbitrary code execution with elevated
privileges.  An attacker can gain superuser or group mail privileges depending
on the underlying operating system and distribution.

XMail 1.21 is reported to be vulnerable.  Other versions may be affected as
well.

57. TYPSoft FTP Server RETR Denial Of Service Vulnerability
BugTraq ID: 15104
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15104
Summary:
TYPSoft FTP Server is prone to a denial of service vulnerability. This issue is
due to a failure in the application to properly handle exceptional conditions.

A local authorized attacker could exploit this vulnerability to cause the system
to malfunction, resulting in a denial of service to legitimate users.

Versions 1.11 and earlier are known to be vulnerable.


58. IBM AIX LSCFG Insecure Temporary File Creation Vulnerability
BugTraq ID: 15105
Remote: No
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15105
Summary:
IBM AIX LSCFG creates temporary files in an insecure manner.

Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well. 

Reports indicate that an attacker can exploit this issue to overwrite the
'/etc/passwd', which can lead to privilege escalation.

59. Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation
Weakness
BugTraq ID: 15106
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15106
Summary:
Mozilla Thunderbird is prone to an insecure SMTP authentication protocol
negotiation weakness.

Reports indicate that the application uses PLAIN authentication if CRAM-MD5 or
STARTTLS between a client and a server cannot be established.  This can allow an
attacker to obtain credentials by sniffing network traffic.  

This issue can also allow an attacker to carry out man in the middle attacks by
establishing a malicious server and causing CRAM-MD5 or STARTTLS to fail
followed by harvesting authentication credentials of vulnerable users.

Mozilla Thunderbird 1.0.7 and 1.5 Beta 2 were reported to be vulnerable.  Other
versions may be affected as well.

60. RTasarim WebAdmin Login SQL Injection Vulnerability
BugTraq ID: 15107
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15107
Summary:
RTasarim WebAdmin is prone to an SQL injection vulnerability.  This issue is due
to a failure in the application to properly sanitize user-supplied input before
using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.


61. Gallery Main.PHP Directory Traversal Vulnerability
BugTraq ID: 15108
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15108
Summary:
Gallery is prone to a directory traversal vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input.

Exploitation of this vulnerability could lead to a loss of confidentiality. 
Information obtained may aid in further attacks against the underlying system;
other attacks are also possible.


62. Trust Digital Trusted Mobility Suite Authentication Bypass Vulnerability
BugTraq ID: 15109
Remote: No
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15109
Summary:
Trusted Mobility Suite is prone to an authentication bypass vulnerability.

Exploitation of this vulnerability effectively bypasses any policy in place with
regards to the currently connected handheld device.

63. W-Agora Multiple Arbitrary PHP Code Injection Vulnerabilities
BugTraq ID: 15110
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15110
Summary:
W-Agora is prone to multiple PHP code injection vulnerabilities.  These issues
are due to a failure in the application to properly sanitize user-supplied
input.

A remote attacker can exploit these vulnerability to upload or inject arbitrary
PHP code to the application and execute it in the context of the Web server
process.

64. Complete PHP Counter SQL Injection Vulnerability
BugTraq ID: 15111
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15111
Summary:
Complete PHP Counter is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

65. Complete PHP Counter Cross-Site Scripting Vulnerability
BugTraq ID: 15112
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15112
Summary:
Complete PHP Counter is prone to a cross-site scripting vulnerability. This
issue is due to a failure in the application to properly sanitize user-supplied
input.

An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site.  This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.

66. SPE Insecure File Permissions Vulnerability
BugTraq ID: 15113
Remote: No
Date Published: 2005-10-15
Relevant URL: http://www.securityfocus.com/bid/15113
Summary:
SPE is prone to a vulnerability regarding insecure file permissions.  This issue
is due to an error in the application during install.

A local attacker can exploit this vulnerability to execute arbitrary code in the
context of the user utilizing the vulnerable application.

67. PunBB Search.PHP SQL Injection Vulnerability
BugTraq ID: 15114
Remote: Yes
Date Published: 2005-10-15
Relevant URL: http://www.securityfocus.com/bid/15114
Summary:
PunBB is prone to an SQL injection vulnerability.  This issue is due to a
failure in the application to properly sanitize user-supplied input before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Worm worries don't wait for Windows exploits
By: Robert Lemos
Security researchers disagree over whether a recently announced flaw in
Microsoft Windows will likely become food for an Internet worm. 
http://www.securityfocus.com/news/11346

2. Arrests unlikely to impact bot net threat, say experts
By: Robert Lemos
The recent arrests of three men in The Netherlands who allegedly controlled a
network of more than 100,000 compromised computers will not likely curtail the
criminal economy surrounding bot nets.
http://www.securityfocus.com/news/11344

3. Fingerprint payments taking off despite security concerns
By: Robert Lemos
Consumers may be able to leave their wallets behind in the near future, but
security and privacy experts worry that pay-by-fingerprint schemes could lead to
hard-to-combat identity fraud and greater threats to civil rights.
http://www.securityfocus.com/news/11339

4. E-voting experts call for revised security guidelines
By: Robert Lemos
A federally funded group of voting technology experts call on the United States'
Election Assistance Commission to revamp its process for evaluating the security
of election systems.
http://www.securityfocus.com/news/11336

5. Say hello to the Skype Trojan
By: John Leyden
Virus writers are targeting Skype users with a new Trojan that poses as the
latest version of the popular VoIP software.
http://www.securityfocus.com/news/11348

6. Shared music abuse bug hits iTunes
By: John Leyden
Security researchers have discovered a vulnerability in Apple's popular iTunes
application which might be exploited to interfere with shared music downloads.
http://www.securityfocus.com/news/11347

7. US cybersecurity all at sea
By: John Leyden
US cybersecurity risks are being poorly managed by the Department of Homeland
Security, according to a former US presidential information security advisor.
http://www.securityfocus.com/news/11345

8. Worm fears over MS October patch batch
By: John Leyden
Microsoft's patch train rolled into town on Tuesday carrying a cargo of nine
updates. 
http://www.securityfocus.com/news/11342

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Sales Representative, Washington, D.C.
http://www.securityfocus.com/archive/77/413694

2. [SJ-JOB] Jr. Security Analyst, London
http://www.securityfocus.com/archive/77/413693

3. [SJ-JOB] Security Engineer, Washington D.C.
http://www.securityfocus.com/archive/77/413697

4. [SJ-JOB] Security System Administrator, London
http://www.securityfocus.com/archive/77/413698

5. [SJ-JOB] Information Assurance Analyst, Rosslyn, VA (near DC)
http://www.securityfocus.com/archive/77/413695

6. [SJ-JOB] Security Consultant, Luxembourg
http://www.securityfocus.com/archive/77/413686

7. [SJ-JOB] Manager, Information Security, london
http://www.securityfocus.com/archive/77/413687

8. [SJ-JOB] Security Architect, london
http://www.securityfocus.com/archive/77/413684

9. [SJ-JOB] Auditor, New York
http://www.securityfocus.com/archive/77/413685

10. [SJ-JOB] Information Assurance Engineer, Washington
http://www.securityfocus.com/archive/77/413683

11. [SJ-JOB] Security Engineer, San Francisco
http://www.securityfocus.com/archive/77/413680

12. [SJ-JOB] Security Engineer, San Diego
http://www.securityfocus.com/archive/77/413682

13. [SJ-JOB] Security Architect, San Antonio
http://www.securityfocus.com/archive/77/413679

14. [SJ-JOB] Security Architect, San Antonio
http://www.securityfocus.com/archive/77/413681

15. [SJ-JOB] Sr. Security Analyst, Davidson
http://www.securityfocus.com/archive/77/413678

16. [SJ-JOB] Information Assurance Engineer, Washington Navy Yard
http://www.securityfocus.com/archive/77/413676

17. [SJ-JOB] Information Assurance Engineer, Reston
http://www.securityfocus.com/archive/77/413677

18. [SJ-JOB] Sales Representative, Seattle
http://www.securityfocus.com/archive/77/413674

19. [SJ-JOB] Security Consultant, London + UK wide
http://www.securityfocus.com/archive/77/413675

20. [SJ-JOB] Developer, Milpitas
http://www.securityfocus.com/archive/77/413672

21. [SJ-JOB] Sales Representative, Crystal Lake
http://www.securityfocus.com/archive/77/413613

22. [SJ-JOB] Developer, Milpitas
http://www.securityfocus.com/archive/77/413612

23. [SJ-JOB] Sales Engineer, Vienna
http://www.securityfocus.com/archive/77/413609

24. [SJ-JOB] Application Security Engineer, Vienna
http://www.securityfocus.com/archive/77/413610

25. [SJ-JOB] Quality Assurance, Milpitas
http://www.securityfocus.com/archive/77/413611

26. [SJ-JOB] Channel / Business Development, Cupertino
http://www.securityfocus.com/archive/77/413608

27. [SJ-JOB] Forensics Engineer, London
http://www.securityfocus.com/archive/77/413566

28. [SJ-JOB] Account Manager, Atlanta
http://www.securityfocus.com/archive/77/413569

29. [SJ-JOB] Security Consultant, Remote working
http://www.securityfocus.com/archive/77/413567

30. [SJ-JOB] Technical Marketing Engineer, Cupertino
http://www.securityfocus.com/archive/77/413568

31. [SJ-JOB] Sales Representative, Chicago
http://www.securityfocus.com/archive/77/413565

32. [SJ-JOB] Security Product Marketing Manager, Santa Clara
http://www.securityfocus.com/archive/77/413552

33. [SJ-JOB] Security Consultant, Vashi, Navi Mumbai
http://www.securityfocus.com/archive/77/413553

34. [SJ-JOB] Security Engineer, Brussels
http://www.securityfocus.com/archive/77/413550

35. [SJ-JOB] Security Product Marketing Manager, Santa clara
http://www.securityfocus.com/archive/77/413554

36. [SJ-JOB] Technical Marketing Engineer, Belmont
http://www.securityfocus.com/archive/77/413551

37. [SJ-JOB] Security Product Marketing Manager, Belmont
http://www.securityfocus.com/archive/77/413493

38. [SJ-JOB] Security Product Marketing Manager, Belmont
http://www.securityfocus.com/archive/77/413494

39. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/413492

40. [SJ-JOB] Security Product Manager, Santa Clara
http://www.securityfocus.com/archive/77/413490

41. [SJ-JOB] Director, Information Security, London
http://www.securityfocus.com/archive/77/413491

42. [SJ-JOB] Director, Information Security, washington, reston
http://www.securityfocus.com/archive/77/413485

43. [SJ-JOB] Sr. Security Analyst, Arlington
http://www.securityfocus.com/archive/77/413487

44. [SJ-JOB] Security Engineer, Providence
http://www.securityfocus.com/archive/77/413489

45. [SJ-JOB] Management, Washington
http://www.securityfocus.com/archive/77/413486

46. [SJ-JOB] Sales Engineer, Reston
http://www.securityfocus.com/archive/77/413488

47. [SJ-JOB] Security Engineer, Herndon
http://www.securityfocus.com/archive/77/413450

48. [SJ-JOB] Sr. Security Analyst, Arlington
http://www.securityfocus.com/archive/77/413449

49. [SJ-JOB] Sr. Security Analyst, Ft. Lauderdale
http://www.securityfocus.com/archive/77/413451

50. [SJ-JOB] Security Consultant, Minneapolis / St. Paul
http://www.securityfocus.com/archive/77/413447

51. [SJ-JOB] Manager, Information Security, Arlington
http://www.securityfocus.com/archive/77/413448

52. [SJ-JOB] Application Security Engineer, Calgary
http://www.securityfocus.com/archive/77/413463

53. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/413464

54. [SJ-JOB] Security Researcher, Chicago
http://www.securityfocus.com/archive/77/413465

55. [SJ-JOB] Application Security Architect, Calgary
http://www.securityfocus.com/archive/77/413453

56. [SJ-JOB] Manager, Information Security, Chicago
http://www.securityfocus.com/archive/77/413454

57. [SJ-JOB] Account Manager, Washington D.C.
http://www.securityfocus.com/archive/77/413295

58. [SJ-JOB] Security Consultant, NY
http://www.securityfocus.com/archive/77/413296

59. [SJ-JOB] Security Consultant, Miami
http://www.securityfocus.com/archive/77/413336

60. [SJ-JOB] Sales Engineer, Ambler
http://www.securityfocus.com/archive/77/413293

61. [SJ-JOB] Sales Engineer, New York CIty
http://www.securityfocus.com/archive/77/413342

62. [SJ-JOB] Sr. Security Engineer, Mountain View
http://www.securityfocus.com/archive/77/413169

63. [SJ-JOB] Sr. Security Analyst, San Diego
http://www.securityfocus.com/archive/77/413170

64. [SJ-JOB] Sales Representative, Boston
http://www.securityfocus.com/archive/77/413167

65. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/413171

66. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/413168

67. [SJ-JOB] Sr. Security Engineer, Buckinghamshire
http://www.securityfocus.com/archive/77/413150

68. [SJ-JOB] CHECK Team Leader, london
http://www.securityfocus.com/archive/77/413153

69. [SJ-JOB] Application Security Architect, london
http://www.securityfocus.com/archive/77/413149

70. [SJ-JOB] Security Engineer, Phoenix
http://www.securityfocus.com/archive/77/413151

71. [SJ-JOB] Jr. Security Analyst, San Diego
http://www.securityfocus.com/archive/77/413123

72. [SJ-JOB] Account Manager, Sterling
http://www.securityfocus.com/archive/77/413125

73. [SJ-JOB] Security Researcher, San Diego
http://www.securityfocus.com/archive/77/413121

74. [SJ-JOB] Sr. Product Manager, San Diego
http://www.securityfocus.com/archive/77/413122

75. [SJ-JOB] Sr. Security Engineer, Detroit
http://www.securityfocus.com/archive/77/413124

76. [SJ-JOB] Security Engineer, Austin
http://www.securityfocus.com/archive/77/413105

77. [SJ-JOB] Security Consultant, Flanders
http://www.securityfocus.com/archive/77/413103

78. [SJ-JOB] Sr. Security Analyst, Columbus
http://www.securityfocus.com/archive/77/413104

79. [SJ-JOB] Security Engineer, Denver
http://www.securityfocus.com/archive/77/413102

80. [SJ-JOB] Manager, Information Security, London
http://www.securityfocus.com/archive/77/413097

81. [SJ-JOB] Sr. Security Analyst, Richmond
http://www.securityfocus.com/archive/77/413101

82. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/413098

83. [SJ-JOB] Developer, Columbia
http://www.securityfocus.com/archive/77/413099

84. [SJ-JOB] Customer Support, Boston
http://www.securityfocus.com/archive/77/413100

85. [SJ-JOB] Auditor, San Francisco and LA
http://www.securityfocus.com/archive/77/413096

V.   INCIDENTS LIST SUMMARY
---------------------------
1. Strange attack question - seems udp
http://www.securityfocus.com/archive/75/413544

VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. Solaris sparc newbie exploit coding misc questions
http://www.securityfocus.com/archive/82/413246

2. [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow
http://www.securityfocus.com/archive/82/413245

3. [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/82/413244

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Auditing Options
http://www.securityfocus.com/archive/88/413156

2. SecurityFocus Microsoft Newsletter #260
http://www.securityfocus.com/archive/88/413116

VIII. SUN FOCUS LIST SUMMARY
----------------------------

IX. LINUX FOCUS LIST SUMMARY
----------------------------

X.  NEW MAILING LISTS
-----------------------------
1. Binary Analysis
http://securityfocus.com/archive/138

2. Crypto
http://securityfocus.com/archive/140

3. Phishing & BotNets
http://securityfocus.com/archive/135

4. Real Cases
http://securityfocus.com/archive/136

5. Wireless Security
http://securityfocus.com/archive/137
[ terug ]