Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
SecurityFocus Newsletter #444
----------------------------------------

This issue is sponsored by bMighty

How Much Will A Security Breech Cost Your Company?  
Many smaller businesses have lax security policies, leaving their customers'
confidential data vulnerable to identity thieves. Learn the steps to protect
sensitive data.
www.bMighty.com
http://www.bmighty.com/security/showArticle.jhtml?articleID=206901276&cid=LSM-
sfS


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.    FRONT AND CENTER
       1.Integrating More Intelligence into Your IDS, Part 1
       2.Let's Go Crazy
II.   BUGTRAQ SUMMARY
       1. Project Alumni Index.PHP Act Parameter Local File Include
Vulnerability
       2. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow
Vulnerability
       3. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
       4. IBM WebSphere Application Server WebContainer HTTP Request Header
Security Weakness
       5. DeluxeBB CP.PHP Security Bypass Vulnerability
       6. Fcron Convert-FCronTab Directory Traversal Vulnerability
       7. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
       8. ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection
Vulnerabilities
       9. Adobe Flash Player On Opera Browser For Mac OSX Unspecified
Vulnerability
       10. ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password
Vulnerability
       11. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service
Vulnerability
       12. SAP MaxDB 'vserver' Component Remote Heap Memory Corruption
Vulnerability
       13. XWork AltSyntax OGNL Input Validation Vulnerability
       14. Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass
Vulnerability
       15. PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of Service
Vulnerability
       16. CourseMill Enterprise Learning Management System 'userlogin.jsp' SQL
Injection Vulnerability
       17. Asterisk Host-Based Authentication Security Bypass Vulnerability
       18. PhpBBGarage Garage.PHP SQL Injection Vulnerability
       19. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of
Service Vulnerabilities
       20. RemotelyAnywhere 'Accept-Charset' Parameter NULL Pointer Denial Of
Service Vulnerability
       21. EncapsGallery 'file' Parameter Multiple Cross-Site Scripting
Vulnerabilities
       22. PHP-Nuke Hadith Module 'cat' Parameter SQL Injection Vulnerability
       23. QuickTicket 'qti_usr.php' SQL Injection Vulnerability
       24. Kingsoft Antivirus Online Update Module ActiveX Control Remote Buffer
Overflow Vulnerability
       25. Argon Technology Client Management Services TFTP Server Directory
Traversal Vulnerability
       26. Acronis True Image Echo Enterprise Server Multiple Remote Denial of
Service Vulnerabilities
       27. MySQL Rename Table Function Access Validation Vulnerability
       28. Apple QuickTime MOV File STSD Heap Buffer Overflow Vulnerability
       29. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
       30. Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
       31. Project Alumni View and News Multiple SQL Injection Vulnerabilities
       32. Microsoft Office Web Components ActiveX Control URL Parsing Remote
Code Execution Vulnerability
       33. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
       34. ELinks HTTPS POST Request Information Disclosure Weakness
       35. Gallery Multiple Unauthorized Access Vulnerability
       36. Perforce P4Web Content-Length Header Remote Denial Of Service
Vulnerability
       37. Vim HelpTags Command Remote Format String Vulnerability
       38. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
       39. SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
       40. Yahoo! Toolbar Helper Class ActiveX Control Remote Buffer Overflow
Denial of Service Vulnerability
       41. CHCounter Stats/Index.PHP HTML Injection Vulnerability
       42. Novell GroupWise Man In The Middle Vulnerability
       43. MySQL Alter Table Function Information Disclosure Vulnerability
       44. Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
       45. File(1) Command File_PrintF Integer Underflow Vulnerability
       46. Project Alumni Multiple Cross-Site Scripting Vulnerabilities
       47. I Hear U Multiple Remote Denial Of Service Vulnerabilities
       48. FatWire Content Server Multiple Cross-Site Scripting Vulnerabilities
       49. Novell Client for Windows NWFILTER.SYS Local Privilege Escalation
Vulnerability
       50. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow
Vulnerability
       51. VMware Products Shared Folders 'MultiByteToWideChar()' Variant
Directory Traversal Vulnerability
       52. ngIRCd PART Command Parsing Denial Of Service Vulnerability
       53. Xen mov_to_rr RID Local Security Bypass Vulnerability
       54. IceBB HTTP_X_FORWARDED_FOR SQL Injection Vulnerability
       55. Tellmatic tm_includepath Parameter Multiple Remote File Include
Vulnerabilities
       56. APC Switched Rack PDU Authentication Bypass Vulnerability
       57. Dora Emlak Script Multiple SQL Injection Vulnerabilities
       58. ISC BIND Query_AddSOA Denial Of Service Vulnerability
       59. Einfacher Passworschutz Index.PHP Cross-Site Scripting Vulnerability
       60. Microsoft Internet Explorer DHTML Object Memory Corruption
Vulnerability
       61. TRAMP Extension For Emacs Multiple Insecure Temporary File Creation
Vulnerabilities
       62. X.Org X Server Composite Extension Local Buffer Overflow
Vulnerability
       63. The SWORD Project Diatheke Unspecified Remote Command Execution
Vulnerability
       64. Sylpheed and Sylpheed-Claws POP3 Format String Vulnerability
       65. QEMU Translation Block Local Denial of Service Vulnerability
       66. scponly Local Arbitrary Command Execution Weakness
       67. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer
Header Spoofing Weakness
       68. Microsoft Windows Media Player AIFF Parsing Divide-By-Zero Denial of
Service Vulnerability
       69. MySQL Security Invoker Privilege Escalation Vulnerability
       70. Symantec System Center Reporting Server Remote Privilege Escalation
Vulnerability
       71. Adobe Bridge Update Installer Local Privilege Escalation
Vulnerability
       72. X-Kryptor Secure Client Privilege Escalation Vulnerability
       73. PHP Hash Table Overwrite Arbitrary Code Execution Vulnerability
       74. Microsoft HTML Help ActiveX Control Remote Code Execution
Vulnerability
       75. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
       76. Horde IMP and Groupware Webmail Edition Multiple Input Validation
Vulnerabilities
       77. RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Memory
Corruption Vulnerability
       78. SARG User-Agent Processing HTML Injection and Stack Buffer Overflow
Vulnerabilities
       79. Sun Java SE Multiple Security Vulnerabilities
       80. Microsoft Excel Data Validation Record Heap Memory Corruption
Vulnerability
       81. VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution
Vulnerability
       82. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
       83. onlinetools.org EasyImageCatalogue Multiple Cross-Site Scripting
Vulnerabilities
       84. Adobe LiveCycle Workflow Management Login Page Cross-Site Scripting
Vulnerability
       85. Adobe ColdFusion Administration Interface Failed Login Audit
Vulnerability
       86. Red Hat Directory Server 7.1 Local Insecure Permissions Vulnerability
       87. PHP-Nuke zClassifieds Module 'cat' Parameter SQL Injection
Vulnerability
       88. Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
       89. Bloo 'index.php' Multiple SQL Injection Vulnerabilities
       90. Savvy Content Manager 'searchterms' Parameter Multiple Cross Site
Scripting Vulnerabilities
       91. RemotelyAnywhere HTTP Service Cross-Site Scripting Vulnerability
       92. PHP-Nuke NukeC30 Module 'id_catg' Parameter SQL Injection
Vulnerability
       93. Mapbender 'factor' Parameter Remote Code Injection Vulnerability
       94. Mapbender 'mod_gazetteer_edit.php' SQL Injection Vulnerability
       95. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site
Scripting Vulnerability
       96. Lighttpd 'mod_cgi' Information Disclosure Vulnerability
       97. phpBB Filebase Module 'filebase.php' SQL Injection Vulnerability
       98. phpMyNewsLetter 'archives.php' SQL Injection Vulnerability
       99. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation
Vulnerability
       100. Amber Script Show_Content.PHP Local File Include Vulnerability
III.  SECURITYFOCUS NEWS
       1. Browser makers focus on beating malware
       2. Law makers voice concerns over cybersecurity plan
       3. Worries over "good worms" rise again
       4. Federal agencies miss deadline on secure configs
IV.   SECURITY JOBS LIST SUMMARY
V.    INCIDENTS LIST SUMMARY
VI.   VULN-DEV RESEARCH LIST SUMMARY
VII.  MICROSOFT FOCUS LIST SUMMARY
       1. Temp directory is odd
VIII. SUN FOCUS LIST SUMMARY
IX.   LINUX FOCUS LIST SUMMARY
X.    UNSUBSCRIBE INSTRUCTIONS
XI.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1.Integrating More Intelligence into Your IDS, Part 1
By Don Parker and Ryan Wegner 
The more an intrusion detection system (IDS) knows about the network it is
trying to protect, the better it will be able to protect the network. This is
the fundamental principle behind target-based intrusion detection, where an IDS
knows about the hosts on the network.
http://www.securityfocus.com/infocus/1898

2.Let's Go Crazy
By Mark Rasch
On February 7, 2007 Stephanie Lenz of Gallatzin, Pennsylvania posted an
innocuous video of her 18-month-old son Holden pushing a baby toy while dancing
to a barely recognizable song in the background. 
http://www.securityfocus.com/columnists/467


II.  BUGTRAQ SUMMARY
--------------------
1. Project Alumni Index.PHP Act Parameter Local File Include Vulnerability
BugTraq ID: 26612
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26612
Summary:
Project Alumni is prone to a local file-include vulnerability because it fails
to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute
local scripts.

Project Alumni 1.0.9 is vulnerable to this issue; other versions may also be
affected.

2. RealPlayer/HelixPlayer ParseWallClockValue Function Buffer Overflow
Vulnerability
BugTraq ID: 24658
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24658
Summary:
RealPlayer and HelixPlayer are  prone to a buffer-overflow vulnerability because
the applications fail to bounds-check user-supplied data before copying it into
an insufficiently sized buffer. 

Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the application using the ActiveX control (typically
Internet Explorer). Failed exploit attempts likely result in denial-of-service
conditions.

3. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
BugTraq ID: 28188
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28188
Summary:
ASG-Sentry is prone to multiple remote vulnerabilities:

- A heap-based buffer-overflow vulnerability 
- A stack-based buffer-overflow vulnerability 
- A denial-of-service vulnerability 
- An arbitrary-file-deletion vulnerability

An attacker can exploit these issues to execute arbitrary code within the
context of the affected application, crash the affected application, consume all
CPU resources, and delete data contained in arbitrary files. Other attacks are
possible. 

These issues affect ASG-Sentry 7.0.0; other versions may also be affected.

4. IBM WebSphere Application Server WebContainer HTTP Request Header Security
Weakness
BugTraq ID: 26457
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26457
Summary:
IBM WebSphere Application Server is prone to a security weakness regarding an
HTTP request header. The software fails to sanitize a certain HTTP header when
the data is redirected to an error message. 

An attacker may exploit this issue to  steal cookie-based authentication
credentials and launch other attacks.

5. DeluxeBB CP.PHP Security Bypass Vulnerability
BugTraq ID: 26572
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26572
Summary:
DeluxeBB is prone to a security-bypass vulnerability because it fails to
properly validate user credentials before performing certain actions.

A successful exploit will allow the attacker to change other users' details,
including email details and passwords. This in turn may lead to a compromise of
the affected application.

This issue affects DeluxeBB 1.09 and prior versions.

6. Fcron Convert-FCronTab Directory Traversal Vulnerability
BugTraq ID: 25693
Remote: No
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/25693
Summary:
Fcron is prone to a directory-traversal vulnerability because it fails to
adequately sanitize user-supplied data to 'convert-fcrontab'.

Attackers can exploit this issue via symbolic-link attacks to create or
overwrite arbitrary files with superuser privileges.

Fcron 2.9.5 is vulnerable; other versions may also be affected.

7. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
BugTraq ID: 28186
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28186
Summary:
Motorola Timbuktu Pro  is prone to multiple denial-of-service vulnerabilities. 

Exploiting these issues will allow attackers to crash the affected application,
denying further service to legitimate users.

8. ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection
Vulnerabilities
BugTraq ID: 22685
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/22685
Summary:
ZephyrSoft Toolbox Address Book Continued is prone to multiple SQL-injection
vulnerabilities because the application fails to properly sanitize user-supplied
input before using it in SQL queries. 

A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.

ZephyrSoft Toolbox Address Book Continued versions 1.00 and 1.01 are confirmed
vulnerable to these issues.

9. Adobe Flash Player On Opera Browser For Mac OSX Unspecified Vulnerability
BugTraq ID: 26274
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26274
Summary:
Adobe Flash Player is prone to an unspecified vulnerability.

This issue occurs when Flash Player is running on Opera Browser for the Mac OS X
operating system.

Very few technical details are currently available. We will update this BID as
more information emerges.

Flash Player 9.0.47.0 and prior versions are vulnerable when running on Mac OS
X.

10. ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password
Vulnerability
BugTraq ID: 28184
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28184
Summary:
ZyXEL ZyWALL 1050 devices contain a default password for their Quagga and Zebra
daemon processes.  The device fails to change the default password when a
legitimate user sets a new password.
 
 Attackers can use this default password to gain unauthorized access to the
device. By gaining administrative access to Quagga or Zebra, an attacker can
modify network routes on the device, possibly redirecting traffic or denying
network service to legitimate users. The attacker may also be able to exploit
latent vulnerabilities in the daemon itself. 
 
ZyWALL 1050 is vulnerable; other devices may also be affected.

11. RealPlayer/HelixPlayer AU Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 25627
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/25627
Summary:
RealPlayer and Helix Player are  prone to a denial-of-service vulnerability when
handling malformed AU media files.

Successfully exploiting this issue allows remote attackers to deny service to
legitimate users.

12. SAP MaxDB 'vserver' Component Remote Heap Memory Corruption Vulnerability
BugTraq ID: 28183
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28183
Summary:
SAP MaxDB is prone to a heap-based memory-corruption vulnerability. 

An attacker can exploit this issue to execute arbitrary code within the context
of the affected application. Successfully exploiting this issue will compromise
the affected application and possibly the underlying computer. 

This issue affects MaxDB  7.6.0.37 running on the Linux operating system. Other
versions running on different platforms may also be affected.

13. XWork AltSyntax OGNL Input Validation Vulnerability
BugTraq ID: 25524
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/25524
Summary:
XWork is prone to an input-validation vulnerability because it fails to
adequately handle user-supplied input.

NOTE: This issue will occur only when the 'altSyntax' feature is enabled.

Attackers can exploit this issue to execute arbitrary OGNL expressions with the
privileges of the user running the application. Successful exploits can
compromise the application and possibly the underlying computer.

Versions prior to XWork 2.0.4 are vulnerable.

14. Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass
Vulnerability
BugTraq ID: 27644
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/27644
Summary:
Symantec Ghost Solution Suite is prone to an authentication-bypass
vulnerability. 

Attackers can exploit this issue by sending a spoofed ARP packet to the affected
client.

Successfully exploiting this issue will allow attackers to impersonate the
Symantec Ghost Solution Suite server and execute arbitrary commands on the
client with SYSTEM-level privileges, facilitating the complete compromise of
affected computers.
  
This issue affects Symantec Ghost Solution Suite 1.1, 2.0.0, and 2.0.1.

NOTE: Users who do not use the Ghost Console or the Ghost Management Agent are
not affected.

15. PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of Service
Vulnerability
BugTraq ID: 28187
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28187
Summary:
PacketTrap pt360 Tool Suite PRO TFTP server is prone to a remote
denial-of-service vulnerability because it fails to handle user-supplied input.
 
Successfully exploiting this issue allows remote attackers to crash the affected
application, denying service to legitimate users.

PacketTrap pt360 Tool Suite PRO TFTP server 2.0.3901.0 is affected; other
versions may also be vulnerable.

16. CourseMill Enterprise Learning Management System 'userlogin.jsp' SQL
Injection Vulnerability
BugTraq ID: 26865
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26865
Summary:
CourseMill Enterprise Learning Management System is prone to an SQL-injection
vulnerability because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

CourseMill Enterprise Learning Management  4.1 SP4 is vulnerable; other versions
may also be affected.

17. Asterisk Host-Based Authentication Security Bypass Vulnerability
BugTraq ID: 26928
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26928
Summary:
Asterisk is prone to a security-bypass vulnerability that affects the SIP and
IAX protocols.

An attacker can exploit this issue to bypass the host-based authentication
mechanism. Successfully exploiting this issue will allow an attacker to
impersonate any user. This may lead to false sense of security.

This issue affects versions prior to:
 
Asterisk Open Source 1.2.26
 Asterisk Open Source 1.4.16 
 Asterisk Business Edition B.2.3.6
 Asterisk Business Edition C.1.0-beta8

18. PhpBBGarage Garage.PHP SQL Injection Vulnerability
BugTraq ID: 26683
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26683
Summary:
PhpBBGarage is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

This issue affects PhpBBGarage 1.2.0 Beta 3; other versions may also be
affected.

19. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of
Service Vulnerabilities
BugTraq ID: 28182
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28182
Summary:
Acronis Snap Deploy is prone to a directory-traversal vulnerability and a
denial-of-service vulnerability. 

Exploiting these issues will allow attackers to obtain sensitive information or
crash the affected application, denying further service to legitimate users.

20. RemotelyAnywhere 'Accept-Charset' Parameter NULL Pointer Denial Of Service
Vulnerability
BugTraq ID: 28175
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28175
Summary:
RemotelyAnywhere is prone to a remote denial-of-service vulnerability because it
fails to adequately sanitize user-supplied input.

Exploiting this issue will cause the server to copy data to a NULL pointer,
which will crash the server, denying access to legitimate users.

This issue affects RemotelyAnywhere Server and Workstation 8.0.688; other
versions may also be affected.

21. EncapsGallery 'file' Parameter Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 28178
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28178
Summary:
EncapsGallery is prone to multiple cross-site scripting vulnerabilities because
it fails to properly sanitize user-supplied input. 

An attacker may leverage these issues to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

EncapsGallery 1.11.2 is vulnerable to these issues; other versions may also be
affected.

22. PHP-Nuke Hadith Module 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 28171
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28171
Summary:
The Hadith module for PHP-Nuke is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

23. QuickTicket 'qti_usr.php' SQL Injection Vulnerability
BugTraq ID: 28176
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28176
Summary:
QuickTicket is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

QuickTicket 1.4 and 1.5.0.3 are vulnerable; other versions may also be affected.

24. Kingsoft Antivirus Online Update Module ActiveX Control Remote Buffer
Overflow Vulnerability
BugTraq ID: 28172
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28172
Summary:
Kingsoft Antivirus Online Update Module ActiveX control is prone to a
buffer-overflow vulnerability because it fails to bounds-check user-supplied
data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of
an application running the control (typically Internet Explorer). Failed attacks
will cause denial-of-service conditions.

25. Argon Technology Client Management Services TFTP Server Directory Traversal
Vulnerability
BugTraq ID: 28160
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28160
Summary:
Argon Technology Client Management Services TFTP server is prone to a
directory-traversal vulnerability because it fails to sufficiently sanitize
user-supplied input data.

Exploiting this issue allows an attacker to access arbitrary files outside of
the TFTP server root directory. This can expose sensitive information that could
help the attacker launch further attacks.

Client Management Services 1.31 and prior versions are vulnerable.

26. Acronis True Image Echo Enterprise Server Multiple Remote Denial of Service
Vulnerabilities
BugTraq ID: 28169
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28169
Summary:
Acronis True Image Echo Enterprise Server is prone to multiple remote
denial-of-service vulnerabilities. 

An attacker can exploit these issues to crash the affected  application, denying
service to legitimate users.

27. MySQL Rename Table Function Access Validation Vulnerability
BugTraq ID: 24016
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24016
Summary:
MySQL is prone to an access-validation vulnerability because it fails to perform
adequate access control.

Attackers can exploit this issue to rename arbitrary tables. This could result
in denial-of-service conditions and may aid in other attacks.

Versions prior to MySQL 4.1.23, 5.0.42, and 5.1.18 are vulnerable.

28. Apple QuickTime MOV File STSD Heap Buffer Overflow Vulnerability
BugTraq ID: 23923
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23923
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails
to properly check boundaries on user-supplied data before  copying it into an
insuficiently sized memory buffer.

An attacker may exploit this issue by enticing  victims into opening a
maliciously crafted 'MOV' QuickTime movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the user running the application. Failed exploit attempts
likely result in denial-of-service conditions.

Versions of QuickTime 7 prior to 7.1.3 are vulnerable.

29. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails to
properly handle incoming duplicate blocks.

Remote attackers may exploit this issue to consume excessive CPU resources,
potentially denying service to legitimate users.

This issue occurs only when OpenSSH is configured to accept SSH Version One
traffic.

30. Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
BugTraq ID: 28181
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/28181
Summary:
Dovecot is prone to a security-bypass vulnerability because the application
fails to adequately sanitize user-supplied input. 

An attacker may exploit this issue to gain unauthorized access the affected
application. Successful exploits will compromise the application.

Versions prior to Dovecot 1.0.13 and 1.1.rc3 are vulnerable. The vendor states
that this issue affects only password databases that have blocking enabled.

NOTE: Reports indicate that this issue can be exploited only on versions after
Dovecot 1.0.10, which introduced the 'skip_password_check' field.

31. Project Alumni View and News Multiple SQL Injection Vulnerabilities
BugTraq ID: 26564
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26564
Summary:
Project Alumni is prone to multiple SQL-injection vulnerabilities because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting these issues could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

32. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code
Execution Vulnerability
BugTraq ID: 28135
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/28135
Summary:
Microsoft Office Web Components is prone to a remote code-execution
vulnerability.

An attacker may exploit this issue by enticing victims into opening a
maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the application using the ActiveX control (typically
Internet Explorer). Failed exploit attempts will likely result in
denial-of-service conditions.

33. OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
BugTraq ID: 25628
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25628
Summary:
OpenSSH is prone to a local authentication-bypass vulnerability because the
software fails to properly manage trusted and untrusted X11 cookies.

Successfully exploiting this issue allows local attackers to potentially launch
a forwarded X11 session through SSH in an unauthorized manner. Further details
are currently unavailable. We will update this BID as more information emerges.

This issue affects OpenSSH 4.6; previous versions  may be affected as well.

34. ELinks HTTPS POST Request Information Disclosure Weakness
BugTraq ID: 25799
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25799
Summary:
ELinks is prone to an information disclosure weakness.

In certain circumstances, the application may not encrypt HTTP POST data sent to
servers using SSL.

This issue creates a false sense of security for a user because they may assume
that sensitive data is being encrypted before it is sent to the remote server.
 
 Versions prior to ELinks 0.11.3 are vulnerable to this issue.

35. Gallery Multiple Unauthorized Access Vulnerability
BugTraq ID: 25580
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25580
Summary:
Gallery is prone to multiple unauthorized-access vulnerabilities in the WebDAC
and Reupload modules.

An attacker can exploit these issues to rename items, modify items, retrieve
item properties, locate items, replace items, and edit item data. 

These issues affect  versions prior to Gallery 2.2.3.

36. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability
BugTraq ID: 26806
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26806
Summary:
Perforce P4Web is prone to a remote denial-of-service vulnerability because it
fails to handle specially crafted HTTP requests.

An attacker can exploit this issue to cause the application to consume excessive
CPU and memory resources. Successful attacks will deny service to legitimate
users.

P4Web 2006.2 and prior versions running on Windows are affected.

37. Vim HelpTags Command Remote Format String Vulnerability
BugTraq ID: 25095
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25095
Summary:
Vim is prone to a remote format-string vulnerability because the application
fails to properly sanitize user-supplied input before including it in the
format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user
running the affected application. Failed exploit attempts may cause
denial-of-service conditions.
 
Vim 6.4 and 7.1 are vulnerable; other versions may also be affected.

38. tcpdump Print-bgp.C Remote Integer Underflow Vulnerability
BugTraq ID: 24965
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24965
Summary:
The 'tcpdump' utility is prone to an integer-underflow vulnerability because it
fails to bounds-check user-supplied input before copying it into an
insufficiently sized memory buffer.

 An attacker can exploit this issue to execute arbitrary malicious code in the
context of the user running the affected application. Failed exploit attempts
will likely crash the affected application.
 
This issue affects tcpdump 3.9.6 and prior versions.

39. SurgeMail IMAP SEARCH Command Remote Buffer Overflow Vulnerability
BugTraq ID: 25318
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25318
Summary:
SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to
properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary
machine code in the context of the affected service. Failed exploit attempts
likely result in denial-of-service conditions.

SurgeMail 38k is vulnerable; other versions may also be affected.

40. Yahoo! Toolbar Helper Class ActiveX Control Remote Buffer Overflow Denial of
Service Vulnerability
BugTraq ID: 26656
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26656
Summary:
Yahoo! Toolbar ActiveX Control is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in
Internet Explorer or other applications that use the vulnerable ActiveX control.
Reports indicate that code execution is not possible, but this has not been
confirmed.

Yahoo! Toolbar 1.4.1 is vulnerable to this issue; other versions may also be
affected.

41. CHCounter Stats/Index.PHP HTML Injection Vulnerability
BugTraq ID: 23462
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23462
Summary:
chCounter is prone to an HTML-injection vulnerability because it fails to
sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to execute HTML and script code in
the context of the affected site, to steal cookie-based authentication
credentials, or to control how the site is rendered to the user; other attacks
are also possible.
 
chCounter 3.1.3 is vulnerable; other versions may also be affected.

42. Novell GroupWise Man In The Middle Vulnerability
BugTraq ID: 24258
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24258
Summary:
Novell GroupWise is prone to a man-in-the-middle vulnerability. This issue stems
from a design error in the affected application.

An attacker may exploit this issue to access sensitive contents of encrypted
network traffic, such as authentication credentials. This may lead to other
attacks.

Versions of Novell GroupWise prior to 6.5 post-SP6 and 7 SP2 are vulnerable to
this issue.

43. MySQL Alter Table Function Information Disclosure Vulnerability
BugTraq ID: 24008
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24008
Summary:
MySQL is prone to an information-disclosure vulnerability because it fails to
perform adequate access control.

Exploiting this issue can allow an attacker to obtain potentially sensitive
information from partitioned tables. Information gained could aid in further
attacks.

Versions prior to 5.1.18 are vulnerable.

44. Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
BugTraq ID: 23438
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23438
Summary:
Apache suEXEC is prone to multiple local privilege-escalation weaknesses.

To exploit these issues, attackers must have permission to execute the
application. Permission is granted only to the same user as the webserver,
typically 'httpd', 'apache', or 'nobody'. Attackers may gain such permissions by
exploiting other applications running on the webserver such as CGI and PHP
scripts.

A local attacker can exploit these issues to execute arbitrary code with the
privileges of another user. Successful exploits may facilitate a compromise of
vulnerable computers.

Apache suEXEC 2.2.3 is vulnerable to these issues; other versions may also be
affected.

45. File(1) Command File_PrintF Integer Underflow Vulnerability
BugTraq ID: 23021
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability because the
command fails to adequately handle user-supplied data.

An attacker can leverage this issue to corrupt heap memory and execute arbitrary
code with the privileges of a user running the command. A successful attack may
result in the compromise of affected computers. Failed attempts will likely
cause denial-of-service conditions.

Versions prior to 4.20 are vulnerable.

46. Project Alumni Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26565
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26565
Summary:
Project Alumni is prone to multiple cross-site scripting vulnerabilities because
it fails to properly sanitize user-supplied input. 

An attacker may leverage these issues to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

47. I Hear U Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 26516
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26516
Summary:
Multiple denial-of-service vulnerabilities affect I Hear U because the
application fails to handle specially crafted packets. 
 
An attacker may leverage these issues to cause a remote denial-of-service
condition in affected applications.

These issues affect versions prior to I Hear U 0.5.7.

48. FatWire Content Server Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 26472
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26472
Summary:
FatWire Content Server is prone to multiple cross-site scripting vulnerabilities
because it fails to properly sanitize user-supplied input. 

An attacker may leverage these issues to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

FatWire Content Server 6.3 is vulnerable; other versions may also be affected.

49. Novell Client for Windows NWFILTER.SYS Local Privilege Escalation
Vulnerability
BugTraq ID: 26420
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26420
Summary:
Novell Client for Windows is prone to a local privilege-escalation vulnerability
because it fails to adequately handle user-supplied input.

 Authenticated attackers with the privileges to invoke executables can exploit
this issue to execute arbitrary code with kernel-level privileges.

Novell Client for Windows 4.91 is vulnerable; other versions may also be
affected.

50. Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow
Vulnerability
BugTraq ID: 28012
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/28012
Summary:
Mozilla Thunderbird is prone to a remote heap-based buffer-overflow
vulnerability because it fails to properly bounds-check user-supplied data.

Successfully exploiting this issue may allow remote attackers to execute
arbitrary machine code in the context of the vulnerable application; failed
exploit attempts will likely crash the application. This may facilitate the
remote compromise of affected computers.

The issue affects versions prior to Mozilla Thunderbird 2.0.0.12.

51. VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory
Traversal Vulnerability
BugTraq ID: 27944
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/27944
Summary:
Multiple VMware products are prone to a directory-traversal vulnerability that
affects shared folders.

Attackers who can access a guest operating system can exploit this issue to gain
full read and write access to the filesystem of the host operating system.
Successful attacks could compromise the affected host OS. Other attacks are
possible.

NOTE: This vulnerability occurs only on Windows hosts when 'Shared Folders' is
enabled and when a shared folder exists.

The issue affects the following:

VMware Workstation 6.0.2, 5.5.4, and earlier
VMware Player 2.0.2, 1.0.4, and earlier
VMware ACE 2.0.2, 1.0.2, and earlier.

NOTE: This issue occurs because of a fix that was introduced to address a
similar issue (CVE-2007-1744) that is documented in BID 23721 (VMware
Workstation Shared Folders Directory Traversal Vulnerability).

52. ngIRCd PART Command Parsing Denial Of Service Vulnerability
BugTraq ID: 27318
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/27318
Summary:
ngIRCd is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to deny service to legitimate users.

Versions prior to ngIRCd 0.10.4 and 0.11.0-pre2 are vulnerable.

53. Xen mov_to_rr RID Local Security Bypass Vulnerability
BugTraq ID: 26716
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26716
Summary:
Xen is prone to a local security-bypass vulnerability because it fails to
validate user-supplied input.

Local attackers can leverage this issue to read memory from VT-i domains other
than the one they have access to. This could allow attackers to obtain
potentially sensitive information that could aid in further attacks.

Versions prior to Xen 3.1.2 on IA64 platforms are vulnerable.

54. IceBB HTTP_X_FORWARDED_FOR SQL Injection Vulnerability
BugTraq ID: 26483
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26483
Summary:
IceBB is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

IceBB 1.0-rc6 and prior versions are vulnerable.

55. Tellmatic tm_includepath Parameter Multiple Remote File Include
Vulnerabilities
BugTraq ID: 26678
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26678
Summary:
Tellmatic is prone to multiple remote file-include vulnerabilities because it
fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and
the underlying system; other attacks are also possible.

 Tellmatic  1.0.7 and 1.0.7.1 are vulnerable; other versions may also be
affected.

56. APC Switched Rack PDU Authentication Bypass Vulnerability
BugTraq ID: 26636
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26636
Summary:
APC Switched Rack PDUs (Power Distribution Units) are prone to an
authentication-bypass vulnerability.

Attackers can exploit this issue to gain unauthorized access to affected
devices. Successful exploits will allow attackers to control the power
distribution to rack-mounted computer equipment. Attackers could leverage this
to cause denial-of-service conditions and possibly physical damage.

The following firmware versions running on PDU part number AP9732 are
vulnerable:

rpdu 3.5.5
aos 3.5.6

Other versions and devices may also be affected.

57. Dora Emlak Script Multiple SQL Injection Vulnerabilities
BugTraq ID: 26574
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26574
Summary:
Dora Emlak Script is prone to multiple SQL-injection vulnerabilities because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting these issues could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

These issues affect Dora Emlak Script 2.0; other versions may also be
vulnerable.

58. ISC BIND Query_AddSOA Denial Of Service Vulnerability
BugTraq ID: 23738
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23738
Summary:
ISC BIND is prone to a denial-of-service vulnerability because it fails to
handle certain sequences of malicious queries.

NOTE: Only applications configured with the 'recursion' directive/attribute 
enabled are vulnerable to this issue.

An attacker can exploit this issue to cause the application to exit, denying
service to legitimate users.

ISC BIND 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.

59. Einfacher Passworschutz Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 23395
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23395
Summary:
Einfacher Passworschutz is prone to a cross-site scripting vulnerability because
the application fails to properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

60. Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability
BugTraq ID: 26427
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26427
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability
because it fails to adequately handle user-supplied input to certain DHTML
object methods.

Attackers can exploit this issue to execute arbitrary code in the context of a
user running the application. Successful attacks would compromise the
application and possibly the underlying computer. Failed attacks will cause
denial-of-service conditions.

61. TRAMP Extension For Emacs Multiple Insecure Temporary File Creation
Vulnerabilities
BugTraq ID: 26072
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26072
Summary:
The TRAMP extension for Emacs creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform
symlink attacks, overwriting arbitrary files in the context of the affected
application. 

Successfully mounting a symlink attack may allow the attacker to overwrite or
corrupt sensitive files, which may result in a denial of service. Other attacks
may also be possible.

Versions prior to TRAMP 2.1.11 are vulnerable.

62. X.Org X Server Composite Extension Local Buffer Overflow Vulnerability
BugTraq ID: 25606
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25606
Summary:
The X.Org X Window System is prone to a local buffer-overflow vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated
privileges. This may facilitate a compromise of the affected computer.

63. The SWORD Project Diatheke Unspecified Remote Command Execution
Vulnerability
BugTraq ID: 27987
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/27987
Summary:
The SWORD Project's Diatheke front-end is prone to a vulnerability that can
allow arbitrary shell commands to run.

Successful exploits will compromise the application and possibly the underlying
webserver.

SWORD 1.5.9 is vulnerable; other versions may also be affected.

64. Sylpheed and Sylpheed-Claws POP3 Format String Vulnerability
BugTraq ID: 25430
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/25430
Summary:
Sylpheed and Sylpheed-Claws are prone to a format-string vulnerability. 

This issue presents itself because the applications fail to properly sanitize
POP3 server error responses that contain format specifiers.

A successful attack may crash the application or possibly lead to arbitrary code
execution. This may facilitate unauthorized access or privilege escalation in
the context of the user running the application.

Sylpheed 2.4.4, Sylpheed-Claws 1.9.100, and Sylpheed-Claws 'Claws Mail' 2.10.0
are vulnerable to this issue; other versions may also be affected.

65. QEMU Translation Block Local Denial of Service Vulnerability
BugTraq ID: 26666
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26666
Summary:
QEMU is prone to a local denial-of-service vulnerability because it fails to
perform adequate boundary checks when handling user-supplied input.

Attackers can exploit this issue to cause denial-of-service conditions. Given
the nature of the issue, attackers may also be able to execute arbitrary code,
but this has not been confirmed.

QEMU 0.9.0 is vulnerable; other versions may also be affected.

66. scponly Local Arbitrary Command Execution Weakness
BugTraq ID: 26900
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26900
Summary:
The 'scponly' program is prone to a weakness that can allow attackers to execute
arbitrary commands.

Attackers with scponly access can exploit this issue to bypass scponly security
restrictions. Successful attacks could compromise affected computers.

This issue affects scponly 4.6; other versions may also be affected.

67. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header
Spoofing Weakness
BugTraq ID: 26589
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26589
Summary:
Mozilla Firefox and SeaMonkey are prone to a weakness that allows an attacker to
spoof HTTP Referer headers. This issue stems from a race condition in the
affected application. The weakness arises because of a small timing difference
when using a modal 'alert()' dialog, which allows users to generate fake HTTP
Referer headers.

An attacker can exploit this issue to spoof HTTP referer headers. This may cause
other security mechanisms that rely on this data to fail or to return misleading
information.

This issue affects  versions prior to Mozilla FireFox 2.0.0.10 and Mozilla
SeaMonkey 1.1.7.

68. Microsoft Windows Media Player AIFF Parsing Divide-By-Zero Denial of Service
Vulnerability
BugTraq ID: 26648
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/26648
Summary:
Microsoft Windows Media Player is prone to a denial-of-service vulnerability
when processing a malformed AIFF file. 

A remote attacker can exploit this issue to crash the affected application,
denying service to legitimate users.

This issue affects Microsoft Windows Media Player 11; other versions may also be
affected.

69. MySQL Security Invoker Privilege Escalation Vulnerability
BugTraq ID: 24011
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24011
Summary:
MySQL is prone to a privilege-escalation vulnerability because it fails to
adequately restore access privileges during certain routines.

A remote authenticated attacker can exploit this issue to gain elevated
privileges on an affected database.

These versions are vulnerable:

MySQL 5 prior to 5.0.40
MySQL 5.1 prior to 5.1.18

70. Symantec System Center Reporting Server Remote Privilege Escalation
Vulnerability
BugTraq ID: 24313
Remote: Yes
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/24313
Summary:
Symantec System Center Reporting Server is prone to a remote
privilege-escalation vulnerability.

Attackers can exploit this issue to execute malicious code on an affected server
and gain the privileges of the user running the server. Successful attacks will
compromise the application and possibly the underlying computer.

Reporting Server is distributed with Symantec AntiVirus Corporate Edition 10.1
and later and Symantec Client Security 3.1 and later. 

Versions prior to Reporting Server 1.0.224.0, AntiVirus Corporate Edition
10.1.6.6000, and Client Security 3.1.6.6000 are vulnerable.

71. Adobe Bridge Update Installer Local Privilege Escalation Vulnerability
BugTraq ID: 23404
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/23404
Summary:
Adobe Bridge Update Installer is prone to a local privilege-escalation
vulnerability. This issue stems from a flaw in the update installer that allows
a nonadministrative user to gain administrative privileges.

Exploiting this issue allows local attackers to gain elevated privileges,
potentially leading to a complete compromise of affected computers.

This issue affects the Bridge 1.0.3 update on the Mac OS.

72. X-Kryptor Secure Client Privilege Escalation Vulnerability
BugTraq ID: 22424
Remote: No
Last Updated: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/22424
Summary:
X-Kryptor Secure Client is is prone to a local privilege-escalation
vulnerability. 

A local attacker may execute arbitrary code with SYSTEM privileges to completely
compromise a vulnerable computer.

73. PHP Hash Table Overwrite Arbitrary Code Execution Vulnerability
BugTraq ID: 23119
Remote: No
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/23119
Summary:
PHP is prone to an arbitrary-code-execution vulnerability. 

An attacker may exploit this issue to execute arbitrary code within the context
of the affected webserver.

This issue affects PHP 4 (prior to 4.4.5) and PHP 5 (prior to 5.2.1).

74. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 22478
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/22478
Summary:
The Microsoft HTML Help ActiveX control is prone to a remote code-execution
vulnerability. 

An attacker could exploit this issue to execute code in the context of the user
visiting a malicious web page.

75. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
BugTraq ID: 28147
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28147
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the
application fails to adequately validate user-supplied data.

Successfully exploiting this issue will allow attackers to execute arbitrary
code with the privileges of the currently logged-in user. This will facilitate
the remote compromise of affected computers.

76. Horde IMP and Groupware Webmail Edition Multiple Input Validation
Vulnerabilities
BugTraq ID: 27223
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/27223
Summary:
Horde IMP and Groupware Webmail Edition are prone to multiple input-validation
vulnerabilities because the software fails to sanitize certain HTML and HTTP
data.

Attackers can leverage these issues to have malicious HTML rendered in the
client, to delete arbitrary email messages, and to purge deleted email messages.

IMP 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail
Edition 1.0.3 are vulnerable; other versions may also be affected.

77. RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Memory Corruption
Vulnerability
BugTraq ID: 28157
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28157
Summary:
RealNetworks RealPlayer 'rmoc3260.dll' ActiveX control is prone to a
memory-corruption vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the application using the affected ActiveX control.
Failed exploit attempts will likely crash the application.

78. SARG User-Agent Processing HTML Injection and Stack Buffer Overflow
Vulnerabilities
BugTraq ID: 28077
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28077
Summary:
SARG is prone to an HTML-injection vulnerability and a stack-based
buffer-overflow vulnerability. 

An attacker can exploit these issues to execute arbitrary HTML and
attacker-supplied code in the context of the affected webserver, steal
cookie-based authentication credentials, and cause a denial-of-service
condition.

This issue affects SARG 2.2.3.1; prior versions may also be affected.

79. Sun Java SE Multiple Security Vulnerabilities
BugTraq ID: 28083
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28083
Summary:
Sun has released advisories addressing multiple vulnerabilities affecting the
following software:

JDK and JRE 6 Update 5
JDK and JRE 5.0 Update 15
SDK and JRE 1.4.2_17
SDK and JRE 1.3.1_22

80. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
BugTraq ID: 28094
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28094
Summary:
Microsoft Excel is prone to a heap memory-corruption vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a compromise
of vulnerable computers.

81. VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution Vulnerability
BugTraq ID: 28007
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28007
Summary:
VideoLAN VLC media player is prone to a remote code-execution vulnerability
because it fails to adequately parse specially crafted MP4 files.

An attacker can exploit this issue to execute arbitrary code, which can result
in the complete compromise of the computer.  Failed exploit attempts will result
in a denial-of-service condition. 

Versions prior to VideoLAN VLC media player 0.8.6e are vulnerable.

82. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28025
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28025
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to
legitimate users of the application. Attackers may be able to leverage some of
these vulnerabilities to execute arbitrary code, but this has not been
confirmed.

Wireshark 0.6.0 to 0.99.7 are affected.

83. onlinetools.org EasyImageCatalogue Multiple Cross-Site Scripting
Vulnerabilities
BugTraq ID: 28164
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28164
Summary:
onlinetools.org EasyImageCatalogue is prone to multiple cross-site scripting
vulnerabilities because it fails to properly sanitize user-supplied input. 

An attacker may leverage these issues to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

EasyImageCatalogue 1.31 is vulnerable; other versions may also be affected.

84. Adobe LiveCycle Workflow Management Login Page Cross-Site Scripting
Vulnerability
BugTraq ID: 28209
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28209
Summary:
Adobe LiveCycle Workflow is prone to a cross-site scripting vulnerability
because it fails to sufficiently sanitize user-supplied data.

An attacker could exploit this vulnerability to execute arbitrary script code in
the context of the affected website. This may allow the attacker to steal
cookie-based authentication credentials and to launch other attacks.

85. Adobe ColdFusion Administration Interface Failed Login Audit Vulnerability
BugTraq ID: 28207
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28207
Summary:
Adobe ColdFusion is prone to a vulnerability that allows attackers to conceal
login attempts to the administrative interface.

Attackers can exploit this issue to hide or obfuscate actual attack traces.

This issue affects ColdFusion MX 7 and ColdFusion 8.

86. Red Hat Directory Server 7.1 Local Insecure Permissions Vulnerability
BugTraq ID: 28204
Remote: No
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28204
Summary:
Red Hat Directory Server is prone to an insecure-permissions vulnerability.

A local attacker can exploit this issue to execute arbitrary code with the
privileges of the user running Directory Server or its applications.

Red Hat Directory Server 7.1 prior to Service Pack 4 is vulnerable.

87. PHP-Nuke zClassifieds Module 'cat' Parameter SQL Injection Vulnerability
BugTraq ID: 28211
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28211
Summary:
The zClassifieds module for PHP-Nuke is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.
        
Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

88. Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 28205
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28205
Summary:
Adobe ColdFusion is prone to multiple cross-site scripting vulnerabilities
because the application fails to sufficiently sanitize user-supplied data.

An attacker could exploit these vulnerabilities to execute arbitrary script code
in the context of the affected website. This may allow the attacker to steal
cookie-based authentication credentials and to launch other attacks.

These issues affect Adobe ColdFusion MX7 and 8.

89. Bloo 'index.php' Multiple SQL Injection Vulnerabilities
BugTraq ID: 28203
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28203
Summary:
Bloo is prone to multiple SQL-injection vulnerabilities because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Bloo 1.0 is vulnerable; other versions may also be affected.

90. Savvy Content Manager 'searchterms' Parameter Multiple Cross Site Scripting
Vulnerabilities
BugTraq ID: 28200
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28200
Summary:
Savvy Content Manager is prone to multiple cross-site scripting vulnerabilities
because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.

91. RemotelyAnywhere HTTP Service Cross-Site Scripting Vulnerability
BugTraq ID: 28199
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28199
Summary:
RemotelyAnywhere is prone to a cross-site scripting vulnerability because the
application fails to properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

92. PHP-Nuke NukeC30 Module 'id_catg' Parameter SQL Injection Vulnerability
BugTraq ID: 28197
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28197
Summary:
The NukeC30 module for PHP-Nuke is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in
an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

The NukeC30 module 3.0 is affected; other versions may also be vulnerable.

93. Mapbender 'factor' Parameter Remote Code Injection Vulnerability
BugTraq ID: 28195
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28195
Summary:
Mapbender is prone to a remote code-injection vulnerability because the
application fails to properly sanitize user-supplied input.

Exploiting this issue allows attackers to execute arbitrary code within the
context of the webserver.

This issue affects Mapbender 2.4 to 2.4.4; other versions may also be affected.

94. Mapbender 'mod_gazetteer_edit.php' SQL Injection Vulnerability
BugTraq ID: 28193
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28193
Summary:
Mapbender is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

Versions  prior to Mapbender 2.4.5 rc1 are vulnerable.

95. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting
Vulnerability
BugTraq ID: 28191
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28191
Summary:
ManageEngine ServiceDesk Plus is prone to a cross-site scripting vulnerability
because the application fails to properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch other
attacks.

ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Microsoft Windows is
vulnerable; other versions may be affected as well.

96. Lighttpd 'mod_cgi' Information Disclosure Vulnerability
BugTraq ID: 28100
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28100
Summary:
The 'lighttpd' program is prone to a vulnerability that in certain circumstances
may allow attackers to access source code because the application fails to
properly handle exceptional conditions.

Attackers can exploit this vulnerability to obtain potentially sensitive
information that may aid in further attacks.

This issue affects lighttpd 1.4.18; other versions may also be vulnerable.

97. phpBB Filebase Module 'filebase.php' SQL Injection Vulnerability
BugTraq ID: 28194
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28194
Summary:
phpBB Filebase module is prone to an SQL-injection vulnerability because it
fails to sufficiently sanitize user-supplied data before using it in an SQL
query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

All versions are considered vulnerable.

98. phpMyNewsLetter 'archives.php' SQL Injection Vulnerability
BugTraq ID: 28189
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28189
Summary:
phpMyNewsLetter is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying
database.

phpMyNewsLetter 0.8 beta 5 is vulnerable; other versions may also be affected.

99. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation
Vulnerability
BugTraq ID: 28185
Remote: No
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28185
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to execute arbitrary code with
superuser privileges.  This will lead to the complete compromise of an affected
computer.

This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms.  Other
UNIX variants are most likely affected.  Microsoft Windows versions are not
vulnerable to this issue.

100. Amber Script Show_Content.PHP Local File Include Vulnerability
BugTraq ID: 26561
Remote: Yes
Last Updated: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/26561
Summary:
Amber Script is prone to a local file-include vulnerability because it fails to
properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute
local scripts.

Amber Script 1.0 is vulnerable to this issue; other versions may also be
affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browser makers focus on beating malware
By: Robert Lemos
Microsoft announces two features in Internet Explorer 8 aimed at better securing
Web surfers, and Mozilla incorporates more security into Firefox 3.
http://www.securityfocus.com/news/11508

2. Law makers voice concerns over cybersecurity plan
By: Robert Lemos
Members of Congress seek more details of cyber attacks targeting the federal
government and worry that the recently announced Cyber Initiative will undermine
privacy.
http://www.securityfocus.com/news/11507

3. Worries over "good worms" rise again
By: Robert Lemos
A Microsoft researcher studies the use of self-propagation for patching, but for
most of the security industry, any worm is a bad worm.
http://www.securityfocus.com/news/11506

4. Federal agencies miss deadline on secure configs
By: Robert Lemos
The U.S. government has made progress on moving to a standard configuration for
Windows XP and Windows Vista systems, but work remains.
http://www.securityfocus.com/news/11505

IV.  SECURITY JOBS LIST SUMMARY
-------------------------------
V.   INCIDENTS LIST SUMMARY
---------------------------
VI.  VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Temp directory is odd
http://www.securityfocus.com/archive/88/489429

VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe@securityfocus.com
from the subscribed address. The contents of the subject or message body do not
matter. You will receive a confirmation request message to which you will have
to answer. Alternatively you can also visit
http://www.securityfocus.com/newslettersand unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.

XI.   SPONSOR INFORMATION
------------------------
This issue is sponsored by bMighty

How Much Will A Security Breech Cost Your Company?  
Many smaller businesses have lax security policies, leaving their customers'
confidential data vulnerable to identity thieves. Learn the steps to protect
sensitive data.
www.bMighty.com
http://www.bmighty.com/security/showArticle.jhtml?articleID=206901276&cid=LSM-
sfS
[ terug ]