Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #442
----------------------------------------

This issue is Sponsored by: CISO Executive Summit & Roundtable-Middle East,
12th-14th May, Bahrain, Ritz-Carlton 


Over 20 speakers from across The Middle East, Europe, U.S & Asia will gather
together for the MIS training.s CISO Executive Summit Middle East, Sheraton
Bahrain Hotel, Kingdom of Bahrain 12-14 May 2008. This dynamic international
speaker line up will provide a broad perspective on the security threats faced
today and in the future. Take away actionable strategies that will enable you to
limit the risk within your organisation. International case studies from the
industries leading associations and organisations will provide you with the
knowledge to identify the warning signs of key threats to your company. 
Register now at www.mistieruope.com/CISOME


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.    FRONT AND CENTER
       1. The Laws of Full Disclosure
       2. Tweaking Social Security to Combat Fraud
II.   BUGTRAQ SUMMARY
       1. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
       2. Double-Take Denial of Service and Information Disclosure
Vulnerabilities
       3. phpProfiles 'body_comm.inc.php' Remote File Include Vulnerability
       4. Linux Kernel Sbus PROM Driver Multiple Integer Overflow
Vulnerabilities
       5. CruxCMS 'search.php' Cross-Site Scripting Vulnerability
       6. Highwood Design hwdVideoShare 'Itemid' Parameter SQL Injection
Vulnerability
       7. VMware Products Shared Folders 'MultiByteToWideChar()' Variant
Directory Traversal Vulnerability
       8. PADL 'nss_ldap' Race Condition Security Vulnerability
       9. Mozilla Firefox Domain Extensions Insecure Cookie Access Vulnerability
       10. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command
Execution Vulnerabilities
       11. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
       12. Joomla!, Mambo and PHP-Nuke Quran Component SQL Injection
Vulnerability
       13. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability
       14. ImageMagick ReadDIBImage Integer Overflow Vulnerability
       15. ImageMagick ReadBlob Multiple Remote Denial Of Service
Vulnerabilities
       16. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer
Overflow Vulnerabilities
       17. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple
Vulnerabilities
       18. Wireshark 0.99.6 Multiple Remote Vulnerabilities
       19. Wireshark 0.99.6 Multiple Denial of Service Vulnerabilities
       20. Multiple Horde Products Security Bypass Vulnerability
       21. BestWebApp Dating Site Multiple Input Validation Vulnerabilities
       22. PCRE Character Class Buffer Overflow Vulnerability
       23. PCRE Regular Expression Library Multiple Integer and Buffer Overflow
Vulnerabilities
       24. Linux Kernel ALSA snd-page-alloc Local Proc File Information
Disclosure Vulnerability
       25. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
       26. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow
Vulnerability
       27. Symantec Decomposer Resource Consumption Denial of Service
Vulnerability
       28. Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote
Vulnerabilities
       29. QEMU Translation Block Local Denial of Service Vulnerability
       30. QEMU Multiple Local Vulnerabilities
       31. Mozilla Firefox chrome:// URI JavaScript File Request Information
Disclosure Vulnerability
       32. MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow
Vulnerability
       33. Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer
Overflow Vulnerability
       34. Nukedit 'email' Parameter SQL Injection Vulnerability
       35. Multiple Web Browser BMP Partial Palette Information Disclosure and
Denial Of Service Vulnerability
       36. ZyXEL Gateway Products Multiple Vulnerabilities
       37. Novell Client 'nwspool.dll' EnumPrinters RPC Request Buffer Overflow
Vulnerability
       38. Ghostscript Unspecified Buffer Overflow Vulnerability
       39. InterVideo WinDVD Media Center Remote Denial of Service
Vulnerabilities
       40. activePDF Server Packet Processing Remote Heap Overflow Vulnerability
       41. Spyce Sample Scripts Multiple Input Validation Vulnerabilities
       42. CUPS Multiple Remote Denial of Service Vulnerabilities
       43. Asterisk Multiple Remote Denial of Service Vulnerabilities
       44. CUPS 'process_browse_data()' Remote Double Free Denial of Service
Vulnerability
       45. Softbiz Jokes and Funny Pictures Script 'sbcat_id' Parameter SQL
Injection Vulnerability
       46. Xpdf Multiple Remote Stream.CC Vulnerabilities
       47. Aeries Browser Interface 'LostPwd.asp' SQL Injection Vulnerability
       48. The SWORD Project Diatheke Unspecified Remote Command Execution
Vulnerability
       49. Rising Web Scan Object 'OL2005.dll' ActiveX Control Remote Code
Execution Vulnerability
       50. Move Media Player Quantum Streaming 'qsp2ie07074039.dl ActiveX
Control Buffer Overflow Vulnerability
       51. DrBenHur.com DBHcms 'mod.extmanager.php' Remote File Include
Vulnerability
       52. SurgeFTP 'Content-Length' Parameter NULL Pointer Denial Of Service
Vulnerability
       53. SurgeMail Real CGI executables Remote Buffer Overflow Vulnerability
       54. SurgeMail and WebMail 'Page' Command Remote Format String
Vulnerability
       55. PORAR Webboard 'question.asp' SQL Injection Vulnerability
       56. Alkacon OpenCms 'tree_files.jsp' Cross-Site Scripting Vulnerability
       57. phpRaider Resistance Field HTML Injection Vulnerability
       58. H-Sphere SiteStudio Unspecified Vulnerability
       59. WordPress Sniplets Plugin Multiple Input Validation Vulnerabilities
       60. KAME Project IPv6 IPComp Header Denial Of Service Vulnerability
       61. Galore Simple Shop 'section' Parameter SQL Injection Vulnerability
       62. MyServer Mutltiple HTTP Methods '204 Not Content' Error Remote Denial
of Service Vulnerabilities
       63. Matt's Whois 'mwhois.php' Cross-Site Scripting Vulnerability
       64. wyrd Insecure Temporary File Creation Vulnerability
       65. PHP-Nuke Kose_Yazilari Module 'artid' Parameter Multiple SQL
Injection Vulnerabilities
       66. XOOPS XM-Memberstats Module 'letter' and 'sortby' Parameters Multiple
SQL Injection Vulnerabilities
       67. PHP-Nuke Sell Module 'cid' Parameter SQL Injection Vulnerability
       68. Joomla! and Mambo 'com_wines' Component 'id' Parameter SQL Injection
Vulnerability
       69. Joomla! and Mambo 'com_inter' Component 'id' Parameter SQL Injection
Vulnerability
       70. Gary's Cookbook 'id' Parameter SQL Injection Vulnerability
       71. Joomla! and Mambo 'com_blog' Component 'pid' Parameter SQL Injection
Vulnerability
       72. Multiple Vendor PEAP Certificate Verification Security Bypass
Vulnerability
       73. Linux Kernel Prior to 2.6.24.1 'copy_from_user_mmap_sem()' Memory
Access Vulnerability
       74. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow
Vulnerability
       75. Pagetool Index.PHP SQL Injection Vulnerability
       76. F5 BIG-IP Application Security Manager 'report_type' Cross-Site
Scripting Vulnerability
       77. Symark PowerBroker Client Multiple Local Buffer Overflow
Vulnerabilities
       78. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow
Vulnerability
       79. Microsoft Word Unspecified Remote Code Execution Vulnerability
       80. Various IP Security Camera ActiveX Controls 'url' Attribute Buffer
Overflow Vulnerability
       81. VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution
Vulnerability
       82. Nortel UNIStim IP Phone Remote Ping Denial of Service Vulnerability
       83. S9Y Serendipity 'Real Name' Field HTML Injection Vulnerability
       84. KVM Block Device Backend Local Security Bypass Vulnerability
       85. MiniNuke 'members.asp' SQL Injection Vulnerability
       86. Joomla! and Mambo 'com_publication' Component 'pid' Parameter SQL
Injection Vulnerability
       87. Sun Solaris Internet Protocol 'ip(7P)' Security Bypass and Denial Of
Service Vulnerability
       88. TikiWiki 'tiki-edit_article.php' Cross-Site Scripting Vulnerability
       89. Fujitsu Interstage Application Server Single Sign-On Buffer Overflow
Vulnerability
       90. OpenBSD IPv6 Routing Headers Remote Denial of Service Vulnerability
       91. Portail Web Php Multiple Remote And Local File Include
Vulnerabilities
       92. LWS php User Base 'unverified.inc.php' Local File Include
Vulnerability
       93. LWS php User Base 'header.inc.php' Remote File Include Vulnerability
       94. LWS php Download Manager 'body.inc.php' Local File Include
Vulnerability
       95. PHPEcho CMS 'Smarty.class.php' Remote File Include Vulnerability
       96. auraCMS 'lihatberita' Module 'id' Parameter SQL Injection
Vulnerability
       97. Joomla! and Mambo 'com_hello_world' Component 'id' Parameter SQL
Injection Vulnerability
       98. PHP-Nuke Gallery Module 'aid' Parameter SQL Injection Vulnerability
       99. PHP-Nuke Sections Module 'artid' Parameter SQL Injection
Vulnerability
       100. PHP-Nuke Recipe Module 'recipeid' Parameter SQL Injection
Vulnerability
III.  SECURITYFOCUS NEWS
       1. Worries over "good worms" rise again
       2. Federal agencies miss deadline on secure configs
       3. Universities fend off phishing attacks
       4. Antivirus firms, test labs to form standards group
IV.   SECURITY JOBS LIST SUMMARY
       1. [SJ-JOB] Technical Support Engineer, San Mateo
       2. [SJ-JOB] Disaster Recovery Coordinator, Kansas City
       3. [SJ-JOB] Penetration Engineer, Redmond
       4. [SJ-JOB] Security Consultant, New York
       5. [SJ-JOB] Sales Engineer, San Jose
       6. [SJ-JOB] Customer Support, South Plainfield
       7. [SJ-JOB] Security Consultant, Copenhagen
       8. [SJ-JOB] Sales Engineer, Reston
       9. [SJ-JOB] Sales Engineer, Alpharetta
       10. [SJ-JOB] Customer Support, South Plainfield
       11. [SJ-JOB] Sales Engineer, Reston
       12. [SJ-JOB] Software Engineer, Alpharetta
       13. [SJ-JOB] Sales Engineer, San Jose
       14. [SJ-JOB] Sales Engineer, Philadelphia
       15. [SJ-JOB] Customer Support, South Plainfield
       16. [SJ-JOB] Security Engineer, Canberra
       17. [SJ-JOB] Sales Engineer, Canberra
       18. [SJ-JOB] Sales Engineer, Ottawa
       19. [SJ-JOB] Security Researcher, South Plainfield
       20. [SJ-JOB] Certification & Accreditation Engineer, Arlinton
       21. [SJ-JOB] Information Assurance Analyst, Herndon
       22. [SJ-JOB] Security Architect, South Plainfield
       23. [SJ-JOB] Certification & Accreditation Engineer, Arlington
       24. [SJ-JOB] Sr. Security Engineer, South Plainfield
       25. [SJ-JOB] Sr. Security Analyst, Arlington
       26. [SJ-JOB] Sr. Security Engineer, South Plainfield
       27. [SJ-JOB] Senior Software Engineer, South Plainfield
       28. [SJ-JOB] Security Consultant, Copenhagen
       29. [SJ-JOB] Sr. Security Engineer, South Plainfield
       30. [SJ-JOB] Sales Engineer, Deerfield Beach
       31. [SJ-JOB] Sr. Security Engineer, South Plainfield
       32. [SJ-JOB] Security Consultant, Boston
       33. [SJ-JOB] Sr. Security Engineer, South Plainfield
       34. [SJ-JOB] Application Security Architect, South Plainfield
       35. [SJ-JOB] Security Consultant, Dallas
       36. [SJ-JOB] Principal Software Engineer, Deerfield Beach
       37. [SJ-JOB] Security Architect, LONDON
       38. [SJ-JOB] Sales Engineer, Dallas
       39. [SJ-JOB] Sales Engineer, Chicago
       40. [SJ-JOB] Security Engineer, Chicago
       41. [SJ-JOB] Management, Pentagon City
       42. [SJ-JOB] Jr. Security Analyst, Washington, DC
       43. [SJ-JOB] Manager, Information Security, Chicago
       44. [SJ-JOB] Management, Reston
       45. [SJ-JOB] Security Engineer, Reston
       46. [SJ-JOB] Director, Computer Security, New Jersey
       47. [SJ-JOB] Management, San Mateo
       48. [SJ-JOB] Training / Awareness Specialist, San Mateo
       49. [SJ-JOB] Security Engineer, New Jersey
       50. [SJ-JOB] Security Engineer, Arlington
       51. [SJ-JOB] Management, Alpharetta
       52. [SJ-JOB] Security Consultant, Los Angeles
       53. [SJ-JOB] Sales Engineer, New York
       54. [SJ-JOB] Auditor, Columbia
       55. [SJ-JOB] Application Security Engineer, Ottawa
       56. [SJ-JOB] Sales Representative, Boston
       57. [SJ-JOB] Software Engineer, Palm Beach Gardens
       58. [SJ-JOB] Sales Representative, Atlanta
       59. [SJ-JOB] Database Security Architect, Houston
       60. [SJ-JOB] Technology Risk Consultant, Various
       61. [SJ-JOB] Information Assurance Analyst, London
       62. [SJ-JOB] Sales Representative, Chicago
       63. [SJ-JOB] Security Consultant, Thousand Oaks
       64. [SJ-JOB] Security Engineer, Huntsville
       65. [SJ-JOB] Forensics Engineer, Various
       66. [SJ-JOB] Application Security Engineer, Dover
       67. [SJ-JOB] Security Consultant, Various
       68. [SJ-JOB] Security Engineer, Arlington
       69. [SJ-JOB] Penetration Engineer, Dallas
       70. [SJ-JOB] Threat Analyst, Huntsville
       71. [SJ-JOB] Sr. Security Engineer, Stamford
       72. [SJ-JOB] Sr. Security Engineer, Washington, DC Metro Area
       73. [SJ-JOB] Chief Scientist, Huntsville
       74. [SJ-JOB] Chief Scientist, Huntsville
       75. [SJ-JOB] Security Engineer, Huntsville
       76. [SJ-JOB] Security Engineer, Kansas City
       77. [SJ-JOB] Security Engineer, San Francisco
       78. [SJ-JOB] Certification & Accreditation Engineer, Washington DC
       79. [SJ-JOB] Security Consultant, Thousand Oaks
       80. [SJ-JOB] Security Engineer, Seattle
       81. [SJ-JOB] Sr. Security Engineer, Austin/Richardson
       82. [SJ-JOB] Security Consultant, Thousand Oaks
       83. [SJ-JOB] Security Engineer, Arlington
       84. [SJ-JOB] Information Assurance Engineer, Annapolis Junction
       85. [SJ-JOB] Senior Software Engineer, St. Paul
       86. [SJ-JOB] Management, Phoenix
       87. [SJ-JOB] Management, New York
       88. [SJ-JOB] CISO, London
       89. [SJ-JOB] Application Security Architect, Washington
       90. [SJ-JOB] Software Engineer, Columbia
V.    INCIDENTS LIST SUMMARY
       1. CanSecWest 2008 Mar 26-28
       2. Possible Mail server compromise ?
VI.   VULN-DEV RESEARCH LIST SUMMARY
       1. GNU objdump 2.15 [FreeBSD] 2004-05-23 shows: ... "BFD: Please report
this bug." While analyzing crafted ELF.
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
       1. CanSecWest 2008 Mar 26-28
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1.The Laws of Full Disclosure
By Federico Biancuzzi
Full disclosure has a long tradition in the security community worldwide, yet
different European countries have different views on the legality of
vulnerability research. SecurityFocus contributor Federico Biancuzzi
investigates the subject of full disclosure and the law by interviewing lawyers
from twelve EU countries: Belgium, Denmark, Finland, France, Germany,Greece,
Hungary, Ireland, Italy, Poland, Romania, and the UK.
http://www.securityfocus.com/columnists/466

2. Tweaking Social Security to Combat Fraud
By Tim Mullen
Americans lost over 45 billion dollars in identity-related fraud in 2007.
Reports are so commonplace that we've actually become de-sensitized to them.
"200,000 victims reported..." "500,000 victims reported..." Even figures into
the millions don't seem to faze us anymore. And that is a Bad Thing. 
http://www.securityfocus.com/columnists/465


II.  BUGTRAQ SUMMARY
--------------------
1. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
BugTraq ID: 27913
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27913
Summary:
Symantec Decomposer is prone to a remote buffer-overflow vulnerability because
the application fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary machine code with the
privileges of the user running the affected application. Failed exploit attempts
will result in a denial-of-service condition.

The following products are affected:

- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to
3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as
5.0.4.363.and prior

2. Double-Take Denial of Service and Information Disclosure Vulnerabilities
BugTraq ID: 27951
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27951
Summary:
Double-Take is prone to multiple remote multiple denial-of-service and
information-disclosure vulnerabilities.

An attacker can exploit these issues to obtain sensitive information or crash
the affected application, denying service to legitimate users.

These issues affect  Double-Take 5.0.0.2865 and 4.5; other versions may also be
affected.

3. phpProfiles 'body_comm.inc.php' Remote File Include Vulnerability
BugTraq ID: 27952
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27952
Summary:
phpProfiles is prone to a remote file-include vulnerability because it fails to
properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file
containing malicious PHP code and execute it in the context of the webserver
process. This may facilitate a compromise of the application and the underlying
system; other attacks are also possible.

phpProfiles 4.5.2 is vulnerable; other versions may also be affected.

4. Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vulnerabilities
BugTraq ID: 10632
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/10632
Summary:
The OpenPROM Linux kernel driver contains multiple integer-overflow
vulnerabilities. 
 
Two vulnerabilities reside in the OpenPROM driver; both involve overflowing an
integer value. These values are used to allocate kernel memory and then to copy
data into the kernel. Attackers could exploit this to overwrite large amounts of
kernel memory. 
 
Exploits could crash the system or possibly execute code in the context of the
kernel. 
 
NOTE: Some versions of the Linux kernel are vulnerable to both overflows; other
versions are prone to only one. Kernel version 2.6.6 does not appear to be
vulnerable.

5. CruxCMS 'search.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27588
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27588
Summary:
CruxCMS is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

CruxCMS 3.0 is vulnerable; other versions may also be affected.

6. Highwood Design hwdVideoShare 'Itemid' Parameter SQL Injection Vulnerability
BugTraq ID: 27907
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27907
Summary:
hwdVideoShare is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

7. VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory
Traversal Vulnerability
BugTraq ID: 27944
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27944
Summary:
Multiple VMware products are prone to a directory-traversal vulnerability that
affects shared folders.

Attackers who can access a guest operating system can exploit this issue to gain
full read and write access to the filesystem of the host operating system.
Successful attacks could compromise the affected host OS. Other attacks are
possible.

NOTE: This vulnerability occurs only on Windows hosts when 'Shared Folders' is
enabled and when a shared folder exists.

The issue affects the following:

VMware Workstation 6.0.2, 5.5.4, and earlier
VMware Player 2.0.2, 1.0.4, and earlier
VMware ACE 2.0.2, 1.0.2, and earlier.

NOTE: This issue occurs because of a fix that was introduced to address a
similar issue (CVE-2007-1744) that is documented in BID 23721 (VMware
Workstation Shared Folders Directory Traversal Vulnerability).

8. PADL 'nss_ldap' Race Condition Security Vulnerability
BugTraq ID: 26452
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/26452
Summary:
PADL 'nss_ldap' is prone to a race-condition security vulnerability; fixes are
available.

An attacker may exploit this condition to obtain potentially sensitive data or
to launch other attacks against an application that employs the vulnerable
function.

The issue affects versions prior to PADL 'nss_ldap' Build 259.

9. Mozilla Firefox Domain Extensions Insecure Cookie Access Vulnerability
BugTraq ID: 27950
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27950
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to set cookies
for certain domain extensions.

The browser does not have any security provisions to prevent cookies from being
set for extensions with embedded dots. Attackers can leverage this issue to set
cookies in a manner that could aid in other web-based attacks.

Mozilla Firefox 2.x is vulnerable; other versions may also be affected.

10. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution
Vulnerabilities
BugTraq ID: 27528
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27528
Summary:
The 'xdg-utils' package is prone to a remote command-execution vulnerabilities.

An attacker could exploit this issue by enticing an unsuspecting victim to open
a malicious file. 

Successful exploits will allow attackers to execute arbitrary commands with the
privileges of the user running the affected application.

11. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
BugTraq ID: 27751
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27751
Summary:
ClamAV is prone to a heap-corruption vulnerability and an integer-overflow
vulnerability.

Successfully exploiting these issues allows remote attackers to execute
arbitrary machine code in the context of the affected application. This
facilitates the remote compromise of affected computers. Failed exploit attempts
likely result in application crashes.

Versions prior to ClamAV 0.92.1 are affected by these issues.

12. Joomla!, Mambo and PHP-Nuke Quran Component SQL Injection Vulnerability
BugTraq ID: 27842
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27842
Summary:
The 'Quran' component for Joomla!, Mambo, and PHP-Nuke is prone to an
SQL-injection vulnerability because the application fails to properly sanitize
user-supplied input before using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database.

This issue affects Quran 1.1 and prior versions.

13. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 25766
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25766
Summary:
ImageMagick is prone to an off-by-one buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary code
with the privileges of a user running the application.

Versions prior to ImageMagick 6.3.5-9 are vulnerable.

14. ImageMagick ReadDIBImage Integer Overflow Vulnerability
BugTraq ID: 25765
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25765
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it fails to
properly validate user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of
the application. Failed exploit attempts will likely cause denial-of-service
conditions.

Versions prior to ImageMagick 6.3.5-9 are vulnerable to this issue.

15. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 25764
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25764
Summary:
ImageMagick is prone to multiple remote denial-of-service vulnerabilities.

An attacker could exploit these issues by enticing an unsuspecting victim to
open a malicious image file. 

Successfully exploiting these issues will allow the attacker to consume
excessive amounts of CPU resources on affected computers, denying service to
legitimate users. 

These issues affect ImageMagick 6.3.4; prior versions are also affected.

16. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer
Overflow Vulnerabilities
BugTraq ID: 25763
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25763
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it
fails to adequately handle user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of
the application. Failed exploit attempts will likely cause denial-of-service
conditions.

These issues affect versions prior to ImageMagick 6.3.5-9.

17. BEA Systems Multiple Products BEA08-183.00 to BEA08-200.00 Multiple
Vulnerabilities
BugTraq ID: 27893
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27893
Summary:
BEA has released 17 advisories identifying various vulnerabilities affecting
WebLogic Server, WebLogic Portal, WebLogic Workshop, AquaLogic Interaction, BEA
Plumtree Foundation, AquaLogic Collaboration, and BEA Plumtree Collaboration.
These issues present remote and local threats and may facilitate attacks
affecting the integrity, confidentiality, and availability of vulnerable
computers.

18. Wireshark 0.99.6 Multiple Remote Vulnerabilities
BugTraq ID: 26532
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/26532
Summary:
Wireshark is prone to multiple denial-of-service and buffer-overflow
vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to
legitimate users of the application. Attackers may be able to leverage some of
these vulnerabilities to execute arbitrary code, but this has not been
confirmed.

Versions prior to Wireshark 0.99.7 are affected.

19. Wireshark 0.99.6 Multiple Denial of Service Vulnerabilities
BugTraq ID: 27071
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27071
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to
legitimate users of the application. Attackers may be able to leverage some of
these vulnerabilities to execute arbitrary code, but this has not been
confirmed.

Versions prior to Wireshark 0.99.7 are affected.

20. Multiple Horde Products Security Bypass Vulnerability
BugTraq ID: 27844
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27844
Summary:
Horde products are prone to a security-bypass vulnerability.

Attackers can use this issue to bypass certain security restrictions and edit
arbitrary contacts in shared and personal address books. This may aid in further
attacks.

This issue affects Horde Groupware 1.0.3, Horde Groupware Webmail Edition 1.0.4,
and Turba Contact Manager 2.1.6; other versions may also be vulnerable.

21. BestWebApp Dating Site Multiple Input Validation Vulnerabilities
BugTraq ID: 21158
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/21158
Summary:
BestWebApp Dating Site is prone to multiple input-validation vulnerabilities,
including cross-site scripting and SQL-injection issues, because it fails to
sufficiently sanitize user-supplied input.

An attacker could exploit these issues to steal cookie-based authentication
credentials, compromise the application, access or modify data, or exploit
latent vulnerabilities in the underlying database implementation.

22. PCRE Character Class Buffer Overflow Vulnerability
BugTraq ID: 27786
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27786
Summary:
PCRE regular-expression library is prone to a buffer-overflow vulnerability
because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of an
application using the library. Failed exploit attempts will likely cause
denial-of-service conditions.

The issue affects versions prior to PCRE 7.6.

23. PCRE Regular Expression Library Multiple Integer and Buffer Overflow
Vulnerabilities
BugTraq ID: 26462
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/26462
Summary:
PCRE regular-expression library is prone to multiple integer- and
buffer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, cause
denial-of-service conditions, or launch other attacks in the context of the
application using the affected library.

24. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure
Vulnerability
BugTraq ID: 25807
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25807
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain portions of kernel memory.
Information harvested may aid in further attacks.

Versions of the Linux kernel prior to 2.6.22.8 are vulnerable.

25. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the kernel to crash,
effectively denying service to legitimate users. Attackers may also be able to
execute arbitrary code with elevated privileges, but this has not been
confirmed.

This issue affects the Linux kernel 2.6 series.

26. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 21604
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because the
kernel fails to bounds-check user-supplied data before copying it into an
insufficiently sized buffer. 

An attacker may exploit this issue to execute arbitrary code with kernel-level
privileges, facilitating the complete compromise of affected computers. Failed
exploit attempts will result in denial-of-service conditions. 

Versions prior to 2.4.33.5 are vulnerable to this issue.

27. Symantec Decomposer Resource Consumption Denial of Service Vulnerability
BugTraq ID: 27911
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27911
Summary:
Symantec Decomposer is prone to a denial-of-service vulnerability because it
fails to adequately parse certain user-supplied input.

Attackers can exploit this issue to exhaust memory resources and cause
denial-of-service conditions.

The following products are affected:
- Symantec Scan Engine  5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching  4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris)  prior to
3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as
5.0.4.363.and prior

28. Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote
Vulnerabilities
BugTraq ID: 27683
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27683
Summary:
The Mozilla Foundation has released multiple security advisories specifying
various vulnerabilities in Firefox 2.0.0.11 and prior versions.

Exploiting these issues can allow attackers to:

- remotely execute arbitrary code 
- cause denial-of-service conditions
- hide contents of security warnings
- access sensitive information 
- escape sandbox and execute scripts with chrome privileges
- inject script code into other sites and violate the same-origin policy

Other attacks are possible.

These issues are present in Firefox 2.0.0.11 and prior versions. Mozilla
Thunderbird 2.0.0.9 and prior versions as well as SeaMonkey 1.1.7 and prior
versions are also affected by many of these vulnerabilities.

29. QEMU Translation Block Local Denial of Service Vulnerability
BugTraq ID: 26666
Remote: No
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/26666
Summary:
QEMU is prone to a local denial-of-service vulnerability because it fails to
perform adequate boundary checks when handling user-supplied input.

Attackers can exploit this issue to cause denial-of-service conditions. Given
the nature of the issue, attackers may also be able to execute arbitrary code,
but this has not been confirmed.

QEMU 0.9.0 is vulnerable; other versions may also be affected.

30. QEMU Multiple Local Vulnerabilities
BugTraq ID: 23731
Remote: No
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/23731
Summary:
QEMU is prone to multiple locally exploitable buffer-overflow and
denial-of-service vulnerabilities. The buffer-overflow issues occur because the
software fails to properly check boundaries of user-supplied input when copying
it to insufficiently sized memory buffers. The denial-of-service issues stem
from design errors.

Attackers may be able to exploit these issues to escalate privileges, execute
arbitrary code, or trigger denial-of-service conditions in the context of the
affected applications.

31. Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure
Vulnerability
BugTraq ID: 27406
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27406
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability because it
fails to restrict access to local JavaScript, images and stylesheets files.

Attackers can exploit this issue to gain access to potentially sensitive
information that could aid in further attacks.

Firefox 2.0.0.11 is vulnerable; other versions may also be affected.

NOTE: For an exploit to succeed, a user must have an addon installed that does
not store its contents in a '.jar' file. The attacker would have to target a
specific addon that uses "flat" packaging.

32. MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 27441
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27441
Summary:
MPlayer is prone to a remote stack-based buffer-overflow vulnerability because
it fails to perform adequate boundary checks on user-supplied input before
copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the
application. Failed attacks will cause denial-of-service conditions.

MPlayer 1.0 rc2 is vulnerable; other versions may also be affected.

33. Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer
Overflow Vulnerability
BugTraq ID: 24949
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/24949
Summary:
Asterisk is prone to a remote stack-based buffer-overflow vulnerability because
the application fails to bounds-check user-supplied data before copying it into
an insufficiently sized buffer.

Successful exploits may allow an attacker to execute arbitrary machine code to
compromise an affected computer or to cause a denial-of-service condition.

34. Nukedit 'email' Parameter SQL Injection Vulnerability
BugTraq ID: 28009
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28009
Summary:
Nukedit is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

35. Multiple Web Browser BMP Partial Palette Information Disclosure and Denial
Of Service Vulnerability
BugTraq ID: 27826
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27826
Summary:
Firefox and Opera browsers are prone to a vulnerability that can result in
information disclosure or a denial of service.

An attacker can exploit this issue to harvest sensitive information that may be
used to launch further attacks or to crash the affected application, denying
service to legitimate users. 

Mozilla Firefox 2.0.0.11 and Opera 9.50 Beta are affected.

36. ZyXEL Gateway Products Multiple Vulnerabilities
BugTraq ID: 27918
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27918
Summary:
ZyXEL gateway products are prone to multiple vulnerabilities, including
privilege-escalation, unauthorized-access, HTML-injection, session-hijacking,
and information-disclosure issues.

Attackers can exploit these issues to gain elevated privileges, execute HTML or
script code in the context of vulnerable sections of the web interface, and
perform other attacks that may facilitate a complete compromise of the affected
device.

37. Novell Client 'nwspool.dll' EnumPrinters RPC Request Buffer Overflow
Vulnerability
BugTraq ID: 27741
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/27741
Summary:
Novell Client is prone to a buffer-overflow vulnerability.

A remote attacker may exploit this issue to execute arbitrary code with
SYSTEM-level privileges, facilitating the compromise of affected computers. 
Failed exploit attempts will likely crash the application, denying service to
legitimate users.

NOTE: This issue may have been caused by an incomplete patch for the
vulnerability documented in BID 25092 ('Novell Client NWSPOOL.DLL Unspecified
Buffer Overflow Vulnerability').

Novell Client 4.91 SP2 through SP4 are vulnerable; other versions may also be
affected.

38. Ghostscript Unspecified Buffer Overflow Vulnerability
BugTraq ID: 28017
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28017
Summary:
Ghostscript is prone to an unspecified buffer-overflow vulnerability because it
fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute
arbitrary code in the context of  the application. Failed exploit attempts will
cause denial-of-service conditions.

39. InterVideo WinDVD Media Center Remote Denial of Service Vulnerabilities
BugTraq ID: 28016
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28016
Summary:
InterVideo WinDVD Media Center is prone to multiple remote denial-of-service
vulnerabilities arising from NULL-pointer dereference errors.

Successful attacks will deny service to legitimate users.

InterVideo WinDVD Media Center 2.11.15.0 is vulnerable; other versions may be
affected as well.

40. activePDF Server Packet Processing Remote Heap Overflow Vulnerability
BugTraq ID: 28013
Remote: Yes
Last Updated: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28013
Summary:
activePDF Server is prone to a remote heap-overflow vulnerability because it
fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of
the affected application. Failed attacks will likely cause denial-of-service
conditions.

This issue affects the activePDF Server 3.8.4 and 3.8.5.14; other versions may
be affected as well.

41. Spyce Sample Scripts Multiple Input Validation Vulnerabilities
BugTraq ID: 27898
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27898
Summary:
Spyce is prone to multiple input-validation vulnerabilities that can lead to
information disclosure or client-side script execution.

An attacker may leverage these issues to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks. The attacker can also obtain a server's webroot path.

The issues affect Spyce 2.1.3; other versions may also be vulnerable.

42. CUPS Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 27988
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27988
Summary:
CUPS is prone to two remote denial-of-service vulnerabilities.

Attackers may exploit these issues to crash the application, denying service to
legitimate users. Remote code execution may also be possible, but this has not
been confirmed.

CUPS 1.1.17 and 1.1.22 are vulnerable to these issues; other versions may also
be affected.

43. Asterisk Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 24950
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/24950
Summary:
Asterisk is prone to multiple remote denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to cause the application to
crash, effectively denying service to legitimate users.

44. CUPS 'process_browse_data()' Remote Double Free Denial of Service
Vulnerability
BugTraq ID: 27906
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27906
Summary:
CUPS is prone to a remote denial-of-service vulnerability because it fails to
protect against a double-free condition.

Attackers may exploit this issue to crash the application, denying service to
legitimate users. Remote code execution may also be possible, but this has not
been confirmed.

CUPS 1.3.5 is vulnerable to this issue; other versions may also be affected.

45. Softbiz Jokes and Funny Pictures Script 'sbcat_id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27973
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27973
Summary:
The Jokes and Funny Pictures script from Softbiz is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

46. Xpdf Multiple Remote Stream.CC Vulnerabilities
BugTraq ID: 26367
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/26367
Summary:
Xpdf is prone to multiple remote vulnerabilities because of flaws in various
functions in the 'Stream.cc' source file.

Attackers exploit these issues by coercing users to view specially crafted PDF
files with the affected application.

Successfully exploiting these issues allows attackers to execute arbitrary
machine code in the context of the vulnerable application. This facilitates the
remote compromise of affected computers.

Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected.

47. Aeries Browser Interface 'LostPwd.asp' SQL Injection Vulnerability
BugTraq ID: 26962
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/26962
Summary:
Aeries Browser Interface is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

48. The SWORD Project Diatheke Unspecified Remote Command Execution
Vulnerability
BugTraq ID: 27987
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27987
Summary:
The SWORD Project's Diatheke front-end is prone to a vulnerability that can
allow arbitrary shell commands to run.

Successful exploits will compromise the application and possibly the underlying
webserver.

SWORD 1.5.9 is vulnerable; other versions may also be affected.

49. Rising Web Scan Object 'OL2005.dll' ActiveX Control Remote Code Execution
Vulnerability
BugTraq ID: 27997
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27997
Summary:
Rising Web Scan Object 'OL2005.dll' ActiveX control is prone to a remote
code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code on a victim's
computer in the context of the vulnerable application using the ActiveX control
(typically Internet Explorer).

This issue affects Rising Web Scan Object 'OL2005.dll' 18.0.0.7; other versions
may also be affected.

50. Move Media Player Quantum Streaming 'qsp2ie07074039.dl ActiveX Control
Buffer Overflow Vulnerability
BugTraq ID: 27995
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27995
Summary:
Move Media Player Quantum Streaming 'qsp2ie07074039.dll' ActiveX control is
prone to a remote buffer-overflow vulnerability because the application fails to
properly bounds-check user-supplied data before copying it into insufficiently
sized memory buffers.

Exploiting this issue may allow remote attackers to execute arbitrary code in
the context of applications using the affected ActiveX control (typically
Internet Explorer) and to compromise affected computers. Failed attempts will
likely result in denial-of-service conditions.

This issue affects Quantum Streaming 'qsp2ie07074039.dll' ActiveX control
7.7.4.39; other versions may also be vulnerable.

51. DrBenHur.com DBHcms 'mod.extmanager.php' Remote File Include Vulnerability
BugTraq ID: 27996
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27996
Summary:
DrBenHur.com DBHcms is prone to a remote file-include vulnerability because it
fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file
containing malicious PHP code and execute it in the context of the webserver
process. This may facilitate a compromise of the application and the underlying
system; other attacks are also possible.

This issue affects DBHcms 1.1.4 and prior versions.

52. SurgeFTP 'Content-Length' Parameter NULL Pointer Denial Of Service
Vulnerability
BugTraq ID: 27993
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27993
Summary:
SurgeFTP is prone to a remote denial-of-service vulnerability because it fails
to perform adequately boundary checks on user-supplied input.

Exploiting this issue will cause the server to copy data to a NULL pointer,
which will crash the server, denying access to legitimate users.

SurgeFTP 2.3a2 is vulnerable; other versions may also be affected.

53. SurgeMail Real CGI executables Remote Buffer Overflow Vulnerability
BugTraq ID: 27992
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27992
Summary:
SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to
properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary
machine code in the context of the affected service. Failed exploit attempts
likely result in denial-of-service conditions.

SurgeMail 38k4 and prior versions are vulnerable.

54. SurgeMail and WebMail 'Page' Command Remote Format String Vulnerability
BugTraq ID: 27990
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27990
Summary:
SurgeMail and WebMail are prone to a remote format-string vulnerability because
the applications fail to properly sanitize user-supplied input before including
it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user
running the affected application. Failed exploit attempts will result in a
denial of service.
 
This issue affects the following:

SurgeMail 38k4, beta 39a and earlier
   Netwin WebMail 3.1s and earlier

55. PORAR Webboard 'question.asp' SQL Injection Vulnerability
BugTraq ID: 27989
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27989
Summary:
PORAR Webboard is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

56. Alkacon OpenCms 'tree_files.jsp' Cross-Site Scripting Vulnerability
BugTraq ID: 27986
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27986
Summary:
Alkacon OpenCms is prone to a cross-site scripting vulnerability because the
application fails to properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

OpenCms 7.0.3 is vulnerable; other versions may also be affected.

57. phpRaider Resistance Field HTML Injection Vulnerability
BugTraq ID: 27976
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27976
Summary:
phpRaider is prone to an HTML-injection vulnerability because it fails to
sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in
the context of the affected site, to steal cookie-based authentication
credentials, or to control how the site is rendered to the user; other attacks
are also possible.

phpRaider 1.0.7 is vulnerable; other versions may also be affected.

58. H-Sphere SiteStudio Unspecified Vulnerability
BugTraq ID: 28002
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28002
Summary:
H-Sphere SiteStudio is prone to an unspecified vulnerability.

Very few technical details are currently available. We will update this BID as
more information emerges.

Successful attacks can compromise the application.

Versions prior to H-Sphere SiteStudio 1.8b are affected.

59. WordPress Sniplets Plugin Multiple Input Validation Vulnerabilities
BugTraq ID: 27985
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27985
Summary:
WordPress Sniplets plugin is prone to multiple input-validation vulnerabilities
because the application fails to sanitize user-supplied input. These issues
include multiple cross-site scripting vulnerabilities, a remote file-include
vulnerability, and a remote command-execution vulnerability.

A successful exploit may allow an attacker to compromise the application, steal
cookie-based authentication credentials, and execute arbitrary code and commands
within the context of the webserver process. 


WordPress Sniplets 1.1.2 is vulnerable; other versions may also be affected.

60. KAME Project IPv6 IPComp Header Denial Of Service Vulnerability
BugTraq ID: 27642
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27642
Summary:
The KAME project is prone to a denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash affected
computers, denying service to legitimate users.

Operating systems that have IPv6 networking derived from the KAME project's IPv6
implementation may be vulnerable to this issue. Please see the references for a
list of vendors that may be affected by this issue.

61. Galore Simple Shop 'section' Parameter SQL Injection Vulnerability
BugTraq ID: 27977
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27977
Summary:
Simple Shop component for Joomla! and Mambo is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

62. MyServer Mutltiple HTTP Methods '204 Not Content' Error Remote Denial of
Service Vulnerabilities
BugTraq ID: 27981
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27981
Summary:
MyServer is prone to multiple remote denial-of-service vulnerabilities because
it fails to adequately handle HTTP method requests that return a '204 No
Content' error.

Successful attacks will deny service to legitimate users.

MyServer 0.8.11 is vulnerable; other versions may also be affected.

63. Matt's Whois 'mwhois.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27974
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27974
Summary:
Matt's Whois is prone to a cross-site scripting vulnerability because it fails
to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

64. wyrd Insecure Temporary File Creation Vulnerability
BugTraq ID: 27848
Remote: No
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27848
Summary:
The 'wyrd' program is prone to a security vulnerability that allows attackers to
create temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform
symbolic-link attacks, overwriting arbitrary files in the context of the
affected application. 

Successfully mounting a symlink attack may allow the attacker to delete or
corrupt sensitive files, which may result in a denial of service. Other attacks
may also be possible.

This issue affects wyrd 1.4.3-b3; other versions may also be vulnerable.

65. PHP-Nuke Kose_Yazilari Module 'artid' Parameter Multiple SQL Injection
Vulnerabilities
BugTraq ID: 27991
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27991
Summary:
The Kose_Yazilari module for PHP-Nuke is prone to multiple SQL-injection
vulnerabilities because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

66. XOOPS XM-Memberstats Module 'letter' and 'sortby' Parameters Multiple SQL
Injection Vulnerabilities
BugTraq ID: 27979
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27979
Summary:
XOOPS XM-Memberstats is prone to multiple SQL-injection vulnerabilities because
it fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting these issues could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

These issues affect XOOPS XM-Memberstats 2.0e; other versions may also be
affected.

67. PHP-Nuke Sell Module 'cid' Parameter SQL Injection Vulnerability
BugTraq ID: 27980
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27980
Summary:
The 'Sell' module for PHP-Nuke is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

68. Joomla! and Mambo 'com_wines' Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27975
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27975
Summary:
The 'com_wines' component for Joomla! and Mambo is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

69. Joomla! and Mambo 'com_inter' Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27994
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27994
Summary:
The Joomla! and Mambo 'com_inter' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

70. Gary's Cookbook 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27972
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27972
Summary:
Gary's Cookbook module for Joomla! and Mambo is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

71. Joomla! and Mambo 'com_blog' Component 'pid' Parameter SQL Injection
Vulnerability
BugTraq ID: 27971
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27971
Summary:
The 'com_blog' component for Joomla! and Mambo is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

72. Multiple Vendor PEAP Certificate Verification Security Bypass Vulnerability
BugTraq ID: 27935
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27935
Summary:
Multiple VoIP products are prone to a security-bypass vulnerability in their
PEAP implementation because their software fails to properly validate server
certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle
attacks by impersonating trusted authentication servers. This will aid in
further attacks.

The following products are prone to this issue:
- Vocera Communications System badges
- Cisco Wireless IP Phone 7921

Other devices and packages may also be affected.

73. Linux Kernel Prior to 2.6.24.1 'copy_from_user_mmap_sem()' Memory Access
Vulnerability
BugTraq ID: 27796
Remote: No
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27796
Summary:
The Linux kernel is prone to a memory-access vulnerability because it fails to
adequately validate a user-supplied pointer value. 

A local attacker can exploit this issue to read arbitrary memory locations on
the affected computer.

This issue affects Linux Kernel 2.6.22 through 2.6.24.

74. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow
Vulnerability
BugTraq ID: 23674
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/23674
Summary:
IncrediMail is prone to a stack-based buffer-overflow vulnerability because it
fails to sufficiently check boundaries of user-supplied input before copying it
to an insufficiently sized memory buffer.

 An attacker may exploit this  issue by enticing victims into opening a
malicious webpage or HTML email  that invokes the affected control.
 
 Successful exploits will corrupt  process memory, allowing attacker-supplied
arbitrary code to run in the context of the client application using the
affected ActiveX control.

75. Pagetool Index.PHP SQL Injection Vulnerability
BugTraq ID: 24640
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/24640
Summary:
Pagetool is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Pagetool 1.07 is vulnerable to this issue; other versions may also be
vulnerable.

76. F5 BIG-IP Application Security Manager 'report_type' Cross-Site Scripting
Vulnerability
BugTraq ID: 27462
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27462
Summary:
F5 BIG-IP Application Security Manager is prone to a cross-site scripting
vulnerability because the web management interface fails to properly sanitize
user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected device. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

This issue affects F5 BIG-IP Application Security Manager 9.4.3; other versions
may also be vulnerable.

77. Symark PowerBroker Client Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 28015
Remote: No
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28015
Summary:
Symark PowerBroker Client is prone to multiple local buffer-overflow
vulnerabilities because it fails to perform adequate boundary checks on
user-supplied input. The issues affect the following setuid binaries: 'pbksh',
'pbsh' and 'pbrun'.

Attackers can exploit these issues to execute arbitrary code with superuser
privileges. Successful exploits will completely compromise affected computers.

These issues affect versions 2.8 2.8 upto and including 5.0.1

78. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow
Vulnerability
BugTraq ID: 28012
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28012
Summary:
Mozilla Thunderbird is prone to a remote heap-based buffer-overflow
vulnerability because it fails to properly bounds-check user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute
arbitrary machine code in the context of the vulnerable application; failed
exploit attempts will likely crash the application. This may facilitate the
remote compromise of affected computers.

The issue affects Mozilla Thunderbird versions prior to 2.0.0.12.

79. Microsoft Word Unspecified Remote Code Execution Vulnerability
BugTraq ID: 28011
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28011
Summary:
Microsoft Word is prone to an unspecified remote code-execution vulnerability.

Very few details are available regarding this issue. We will update this BID as
more information emerges.

 It is unknown at this time which specific versions of the application are
affected.

80. Various IP Security Camera ActiveX Controls 'url' Attribute Buffer Overflow
Vulnerability
BugTraq ID: 28010
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28010
Summary:
Various IP Security Camera ActiveX controls are prone to a remote
buffer-overflow vulnerability because the applications fail to properly
bounds-check user-supplied data before copying it into insufficiently sized
memory buffers.

Exploiting this issue may allow remote attackers to execute arbitrary code in
the context of applications using the affected ActiveX control (typically
Internet Explorer) and to compromise affected computers. Failed attempts will
likely result in denial-of-service conditions.

This issue affects the following ActiveX controls:

- D-Link MPEG4 SHM Audio Control ('VAPGDecoder.dll') 1.7.0.5.
- 4xem VatCtrl Class ('VATDecoder.dll') 1.0.0.51.
 - Vivotek RTSP MPEG4 SP Control ('RtspVapgDecoderNew.dll') 2.0.0.39.

81. VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution Vulnerability
BugTraq ID: 28007
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28007
Summary:
VideoLAN VLC media player is prone to a remote code-execution vulnerability
because it fails to adequately parse specially crafted MP4 files.

An attacker can exploit this issue to execute arbitrary code, which can result
in the complete compromise of the computer.  Failed exploit attempts will result
in a denial-of-service condition. 

VideoLAN VLC media player versions prior to 0.8.6e are vulnerable.

82. Nortel UNIStim IP Phone Remote Ping Denial of Service Vulnerability
BugTraq ID: 28004
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28004
Summary:
Nortel UNIStim IP Phone products are prone to a remote denial-of-service
vulnerability because the software fails to properly handle unexpected network
datagrams.

Successfully exploiting this issue allows remote attackers to crash affected
phones, denying service to legitimate users.

Phones with firmware 0604DAS is vulnerable to this issue; other versions are
also reportedly affected, but specific version information is not currently
available.

83. S9Y Serendipity 'Real Name' Field HTML Injection Vulnerability
BugTraq ID: 28003
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28003
Summary:
Serendipity is prone to an HTML-injection vulnerability because it fails to
sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in
the context of the affected site, to steal cookie-based authentication
credentials, or to control how the site is rendered to the user; other attacks
are also possible.

Serendipity versions prior to 1.3-beta1 are vulnerable.

84. KVM Block Device Backend Local Security Bypass Vulnerability
BugTraq ID: 28001
Remote: No
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28001
Summary:
KVM (Kernel-based Virtual Machine) is prone to a local security-bypass
vulnerability because it fails to validate user-supplied input.

Local attackers can leverage this issue to access memory outside of the
virtualization jail.  This could allow attackers to write to arbitrary host
memory locations or crash the underlying KVM host.  Other attacks may also be
possible.

85. MiniNuke 'members.asp' SQL Injection Vulnerability
BugTraq ID: 28000
Remote: Yes
Last Updated: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28000
Summary:
MiniNuke is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

86. Joomla! and Mambo 'com_publication' Component 'pid' Parameter SQL Injection
Vulnerability
BugTraq ID: 27970
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27970
Summary:
The Joomla! and Mambo 'com_publication' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

87. Sun Solaris Internet Protocol 'ip(7P)' Security Bypass and Denial Of Service
Vulnerability
BugTraq ID: 27967
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27967
Summary:
Sun Solaris is prone to a security-bypass and denial-of-service vulnerability
because of an unspecified error in the Internet Protocol implementation.

A successful attack of this issue will allow privileged remote users to bypass
firewall rules or create denial-of-service conditions.

This issue affects Solaris 8, 9, and 10 for SPARC and x86 platforms.

88. TikiWiki 'tiki-edit_article.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27968
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27968
Summary:
TikiWiki is prone a cross-site scripting vulnerability because it fails to
sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.
 
The issue affects versions prior to TikiWiki 1.9.10.1.

89. Fujitsu Interstage Application Server Single Sign-On Buffer Overflow
Vulnerability
BugTraq ID: 27966
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27966
Summary:
Fujitsu Interstage Application Server is prone to a remote buffer-overflow
vulnerability because it fails to perform adequate boundary checks on
user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of
the affected application. Failed attacks will likely cause denial-of-service
conditions.

This issue affects the following applications:

Interstage Application Server Enterprise Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3,
9.0.0, and 9.0.0A
Interstage Application Server Standard-J Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3,
9.0.0, and 9.0.0A
Interstage Apworks Enterprise Edition 8.0.0
Interstage Apworks Standard-J Edition 8.0.0
Interstage Studio Enterprise Edition 8.0.1 and 9.0.0
Interstage Studio Standard-J Edition 8.0.1 and 9.0.0

90. OpenBSD IPv6 Routing Headers Remote Denial of Service Vulnerability
BugTraq ID: 27965
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27965
Summary:
OpenBSD is prone to a remote denial-of-service vulnerability because of a flaw
in the affected kernel when processing certain TCP packets.
 
Exploiting this issue allows remote attackers to trigger kernel panics, denying
further service to legitimate users.

OpenBSD 4.2 is vulnerable to this issue; other versions may also be affected.

91. Portail Web Php Multiple Remote And Local File Include Vulnerabilities
BugTraq ID: 27962
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27962
Summary:
Portail Web Php is prone to multiple remote and local file-include
vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to execute arbitrary local and
remote scripts in the context of the webserver process or access potentially
sensitive information. This may result in a compromise of the application and
the underlying system; other attacks are also possible.

These issues affect Portail Web Php 2.5.1.1 and prior versions.

92. LWS php User Base 'unverified.inc.php' Local File Include Vulnerability
BugTraq ID: 27964
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27964
Summary:
LWS php User Base is prone to a local file-include vulnerability because it
fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive
information and execute arbitrary local scripts in the context of the affected
application.

This issue affects php User Base 1.3 BETA; other versions may also be
vulnerable.

93. LWS php User Base 'header.inc.php' Remote File Include Vulnerability
BugTraq ID: 27963
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27963
Summary:
LWS php User Base is prone to a remote file-include vulnerability because it
fails to properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file
containing malicious PHP code and execute it in the context of the webserver
process. This may facilitate a compromise of the application and the underlying
system; other attacks are also possible.

php User Base 1.3 BETA is vulnerable; other versions may also be affected.

94. LWS php Download Manager 'body.inc.php' Local File Include Vulnerability
BugTraq ID: 27961
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27961
Summary:
LWS php Download Manager is prone to a local file-include vulnerability because
it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an attacker to access potentially sensitive
information and execute arbitrary local scripts in the context of the affected
application.

This issue affects php Download Manager 1.1 and 1.0; other versions may also be
vulnerable.

95. PHPEcho CMS 'Smarty.class.php' Remote File Include Vulnerability
BugTraq ID: 27960
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27960
Summary:
PHPEcho CMS is prone to a remote file-include vulnerability because it fails to
properly sanitize user-supplied input.

An attacker can exploit this issue to include an arbitrary remote file
containing malicious PHP code and execute it in the context of the webserver
process. This may facilitate a compromise of the application and the underlying
system; other attacks are also possible.

PHPEcho CMS 2.0-rc3 is vulnerable; other versions may also be affected.

96. auraCMS 'lihatberita' Module 'id' Parameter SQL Injection Vulnerability
BugTraq ID: 27959
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27959
Summary:
auraCMS is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

97. Joomla! and Mambo 'com_hello_world' Component 'id' Parameter SQL Injection
Vulnerability
BugTraq ID: 27956
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27956
Summary:
The Joomla! and Mambo 'com_hello_world' component is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

98. PHP-Nuke Gallery Module 'aid' Parameter SQL Injection Vulnerability
BugTraq ID: 27957
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27957
Summary:
The Gallery module for PHP-Nuke is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Gallery 1.3 is vulnerable; other versions may also be affected.

99. PHP-Nuke Sections Module 'artid' Parameter SQL Injection Vulnerability
BugTraq ID: 27958
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27958
Summary:
The Sections module for PHP-Nuke is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

100. PHP-Nuke Recipe Module 'recipeid' Parameter SQL Injection Vulnerability
BugTraq ID: 27955
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/27955
Summary:
The Recipe module for PHP-Nuke is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Recipe 1.3 is vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Worries over "good worms" rise again
By: Robert Lemos
A Microsoft researcher studies the use of self-propagation for patching, but for
most of the security industry, any worm is a bad worm.
http://www.securityfocus.com/news/11506

2. Federal agencies miss deadline on secure configs
By: Robert Lemos
The U.S. government has made progress on moving to a standard configuration for
Windows XP and Windows Vista systems, but work remains.
http://www.securityfocus.com/news/11505

3. Universities fend off phishing attacks
By: Robert Lemos
Online fraudsters send e-mail messages that masquerade as help-desk requests for
usernames and passwords.
http://www.securityfocus.com/news/11504

4. Antivirus firms, test labs to form standards group
By: Robert Lemos
The makers of antivirus software as well as independent and media-sponsored
testing labs have agreed to create an industry group to standardize on methods
of evaluating anti-malware programs.
http://www.securityfocus.com/news/11502

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
1. [SJ-JOB] Technical Support Engineer, San Mateo
http://www.securityfocus.com/archive/77/488605

2. [SJ-JOB] Disaster Recovery Coordinator, Kansas City
http://www.securityfocus.com/archive/77/488619

3. [SJ-JOB] Penetration Engineer, Redmond
http://www.securityfocus.com/archive/77/488578

4. [SJ-JOB] Security Consultant, New York
http://www.securityfocus.com/archive/77/488604

5. [SJ-JOB] Sales Engineer, San Jose
http://www.securityfocus.com/archive/77/488610

6. [SJ-JOB] Customer Support, South Plainfield
http://www.securityfocus.com/archive/77/488566

7. [SJ-JOB] Security Consultant, Copenhagen
http://www.securityfocus.com/archive/77/488574

8. [SJ-JOB] Sales Engineer, Reston
http://www.securityfocus.com/archive/77/488577

9. [SJ-JOB] Sales Engineer, Alpharetta
http://www.securityfocus.com/archive/77/488603

10. [SJ-JOB] Customer Support, South Plainfield
http://www.securityfocus.com/archive/77/488557

11. [SJ-JOB] Sales Engineer, Reston
http://www.securityfocus.com/archive/77/488575

12. [SJ-JOB] Software Engineer, Alpharetta
http://www.securityfocus.com/archive/77/488580

13. [SJ-JOB] Sales Engineer, San Jose
http://www.securityfocus.com/archive/77/488582

14. [SJ-JOB] Sales Engineer, Philadelphia
http://www.securityfocus.com/archive/77/488559

15. [SJ-JOB] Customer Support, South Plainfield
http://www.securityfocus.com/archive/77/488561

16. [SJ-JOB] Security Engineer, Canberra
http://www.securityfocus.com/archive/77/488562

17. [SJ-JOB] Sales Engineer, Canberra
http://www.securityfocus.com/archive/77/488563

18. [SJ-JOB] Sales Engineer, Ottawa
http://www.securityfocus.com/archive/77/488558

19. [SJ-JOB] Security Researcher, South Plainfield
http://www.securityfocus.com/archive/77/488564

20. [SJ-JOB] Certification & Accreditation Engineer, Arlinton
http://www.securityfocus.com/archive/77/488565

21. [SJ-JOB] Information Assurance Analyst, Herndon
http://www.securityfocus.com/archive/77/488573

22. [SJ-JOB] Security Architect, South Plainfield
http://www.securityfocus.com/archive/77/488581

23. [SJ-JOB] Certification & Accreditation Engineer, Arlington
http://www.securityfocus.com/archive/77/488549

24. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488554

25. [SJ-JOB] Sr. Security Analyst, Arlington
http://www.securityfocus.com/archive/77/488555

26. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488556

27. [SJ-JOB] Senior Software Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488576

28. [SJ-JOB] Security Consultant, Copenhagen
http://www.securityfocus.com/archive/77/488579

29. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488550

30. [SJ-JOB] Sales Engineer, Deerfield Beach
http://www.securityfocus.com/archive/77/488552

31. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488560

32. [SJ-JOB] Security Consultant, Boston
http://www.securityfocus.com/archive/77/488544

33. [SJ-JOB] Sr. Security Engineer, South Plainfield
http://www.securityfocus.com/archive/77/488546

34. [SJ-JOB] Application Security Architect, South Plainfield
http://www.securityfocus.com/archive/77/488547

35. [SJ-JOB] Security Consultant, Dallas
http://www.securityfocus.com/archive/77/488548

36. [SJ-JOB] Principal Software Engineer, Deerfield Beach
http://www.securityfocus.com/archive/77/488541

37. [SJ-JOB] Security Architect, LONDON
http://www.securityfocus.com/archive/77/488542

38. [SJ-JOB] Sales Engineer, Dallas
http://www.securityfocus.com/archive/77/488543

39. [SJ-JOB] Sales Engineer, Chicago
http://www.securityfocus.com/archive/77/488545

40. [SJ-JOB] Security Engineer, Chicago
http://www.securityfocus.com/archive/77/488553

41. [SJ-JOB] Management, Pentagon City
http://www.securityfocus.com/archive/77/488534

42. [SJ-JOB] Jr. Security Analyst, Washington, DC
http://www.securityfocus.com/archive/77/488536

43. [SJ-JOB] Manager, Information Security, Chicago
http://www.securityfocus.com/archive/77/488538

44. [SJ-JOB] Management, Reston
http://www.securityfocus.com/archive/77/488539

45. [SJ-JOB] Security Engineer, Reston
http://www.securityfocus.com/archive/77/488540

46. [SJ-JOB] Director, Computer Security, New Jersey
http://www.securityfocus.com/archive/77/488518

47. [SJ-JOB] Management, San Mateo
http://www.securityfocus.com/archive/77/488519

48. [SJ-JOB] Training / Awareness Specialist, San Mateo
http://www.securityfocus.com/archive/77/488520

49. [SJ-JOB] Security Engineer, New Jersey
http://www.securityfocus.com/archive/77/488533

50. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/488523

51. [SJ-JOB] Management, Alpharetta
http://www.securityfocus.com/archive/77/488526

52. [SJ-JOB] Security Consultant, Los Angeles
http://www.securityfocus.com/archive/77/488530

53. [SJ-JOB] Sales Engineer, New York
http://www.securityfocus.com/archive/77/488537

54. [SJ-JOB] Auditor, Columbia
http://www.securityfocus.com/archive/77/488535

55. [SJ-JOB] Application Security Engineer, Ottawa
http://www.securityfocus.com/archive/77/488513

56. [SJ-JOB] Sales Representative, Boston
http://www.securityfocus.com/archive/77/488516

57. [SJ-JOB] Software Engineer, Palm Beach Gardens
http://www.securityfocus.com/archive/77/488521

58. [SJ-JOB] Sales Representative, Atlanta
http://www.securityfocus.com/archive/77/488527

59. [SJ-JOB] Database Security Architect, Houston
http://www.securityfocus.com/archive/77/488529

60. [SJ-JOB] Technology Risk Consultant, Various
http://www.securityfocus.com/archive/77/488504

61. [SJ-JOB] Information Assurance Analyst, London
http://www.securityfocus.com/archive/77/488508

62. [SJ-JOB] Sales Representative, Chicago
http://www.securityfocus.com/archive/77/488517

63. [SJ-JOB] Security Consultant, Thousand Oaks
http://www.securityfocus.com/archive/77/488522

64. [SJ-JOB] Security Engineer, Huntsville
http://www.securityfocus.com/archive/77/488507

65. [SJ-JOB] Forensics Engineer, Various
http://www.securityfocus.com/archive/77/488510

66. [SJ-JOB] Application Security Engineer, Dover
http://www.securityfocus.com/archive/77/488512

67. [SJ-JOB] Security Consultant, Various
http://www.securityfocus.com/archive/77/488524

68. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/488505

69. [SJ-JOB] Penetration Engineer, Dallas
http://www.securityfocus.com/archive/77/488509

70. [SJ-JOB] Threat Analyst, Huntsville
http://www.securityfocus.com/archive/77/488532

71. [SJ-JOB] Sr. Security Engineer, Stamford
http://www.securityfocus.com/archive/77/488501

72. [SJ-JOB] Sr. Security Engineer, Washington, DC Metro Area
http://www.securityfocus.com/archive/77/488525

73. [SJ-JOB] Chief Scientist, Huntsville
http://www.securityfocus.com/archive/77/488528

74. [SJ-JOB] Chief Scientist, Huntsville
http://www.securityfocus.com/archive/77/488531

75. [SJ-JOB] Security Engineer, Huntsville
http://www.securityfocus.com/archive/77/488503

76. [SJ-JOB] Security Engineer, Kansas City
http://www.securityfocus.com/archive/77/488506

77. [SJ-JOB] Security Engineer, San Francisco
http://www.securityfocus.com/archive/77/488511

78. [SJ-JOB] Certification & Accreditation Engineer, Washington DC
http://www.securityfocus.com/archive/77/488497

79. [SJ-JOB] Security Consultant, Thousand Oaks
http://www.securityfocus.com/archive/77/488498

80. [SJ-JOB] Security Engineer, Seattle
http://www.securityfocus.com/archive/77/488499

81. [SJ-JOB] Sr. Security Engineer, Austin/Richardson
http://www.securityfocus.com/archive/77/488500

82. [SJ-JOB] Security Consultant, Thousand Oaks
http://www.securityfocus.com/archive/77/488502

83. [SJ-JOB] Security Engineer, Arlington
http://www.securityfocus.com/archive/77/488487

84. [SJ-JOB] Information Assurance Engineer, Annapolis Junction
http://www.securityfocus.com/archive/77/488488

85. [SJ-JOB] Senior Software Engineer, St. Paul
http://www.securityfocus.com/archive/77/488491

86. [SJ-JOB] Management, Phoenix
http://www.securityfocus.com/archive/77/488494

87. [SJ-JOB] Management, New York
http://www.securityfocus.com/archive/77/488496

88. [SJ-JOB] CISO, London
http://www.securityfocus.com/archive/77/488489

89. [SJ-JOB] Application Security Architect, Washington
http://www.securityfocus.com/archive/77/488490

90. [SJ-JOB] Software Engineer, Columbia
http://www.securityfocus.com/archive/77/488495

V.   INCIDENTS LIST SUMMARY
---------------------------
1. CanSecWest 2008 Mar 26-28
http://www.securityfocus.com/archive/75/488624

2. Possible Mail server compromise ?
http://www.securityfocus.com/archive/75/487488

VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. GNU objdump 2.15 [FreeBSD] 2004-05-23 shows: ... "BFD: Please report this
bug." While analyzing crafted ELF.
http://www.securityfocus.com/archive/82/488729

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter
http://www.securityfocus.com/archive/88/488429

VIII. SUN FOCUS LIST SUMMARY
----------------------------

IX. LINUX FOCUS LIST SUMMARY
----------------------------
1. CanSecWest 2008 Mar 26-28
http://www.securityfocus.com/archive/91/488611

XI.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: CISO Executive Summit & Roundtable-Middle East,
12th-14th May, Bahrain, Ritz-Carlton 


Over 20 speakers from across The Middle East, Europe, U.S & Asia will gather
together for the MIS training.s CISO Executive Summit Middle East, Sheraton
Bahrain Hotel, Kingdom of Bahrain 12-14 May 2008. This dynamic international
speaker line up will provide a broad perspective on the security threats faced
today and in the future. Take away actionable strategies that will enable you to
limit the risk within your organisation. International case studies from the
industries leading associations and organisations will provide you with the
knowledge to identify the warning signs of key threats to your company. 
Register now at www.mistieruope.com/CISOME
[ terug ]