1. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27353
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27353
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
2. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27355
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27355
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
3. Numara FootPrints 'MRchat.pl' and 'MRABLoad2.pl' Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 27373
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27373
Summary:
Numara FootPrints is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input.
Successful attacks can compromise the affected application and possibly the underlying computer.
Versions prior to FootPrints 8.1 are vulnerable.
4. Drupal Archive Module Cross-Site Scripting Vulnerabilities
BugTraq ID: 27436
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27436
Summary:
Archive module for Drupal is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to 5.x-1.8.
5. aconon Mail Template Parameter Directory Traversal Vulnerability
BugTraq ID: 27427
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27427
Summary:
aconon Mail is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
The issue affects aconon Mail 2007 Enterprise SQL 11.7.0 and 2004 Enterprise SQL 11.5.1; other versions may also be vulnerable.
6. SLAED CMS 'index.php' Local File Include Vulnerability
BugTraq ID: 27426
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27426
Summary:
SLAED CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
SLAED CMS 2.5 Lite is vulnerable to this issue; other versions may also be affected.
7. Liquid-Silver CMS 'update/index.php' Local File Include Vulnerability
BugTraq ID: 27425
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27425
Summary:
Liquid-Silver CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to access potentially sensitive information that may aid in further attacks.
8. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability
BugTraq ID: 27424
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27424
Summary:
A Comodo AntiVirus ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.
Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).
Comodo AntiVirus 2.0 is vulnerable to this issue; other versions may also be affected.
9. HFS HTTP File Server Multiple Security Vulnerabilities
BugTraq ID: 27423
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27423
Summary:
HFS HTTP File Server is prone to multiple security vulnerabilities.
These vulnerabilities include cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username spoofing issue and a log file forging issue.
A successful exploit could allow an attacker to deny service to legitimate users, create and execute arbitrary files in the context of the webserver process, falsify log information, or execute arbitrary script code in the browser of an unsuspecting user. Other attacks are also possible.
10. Siteman 'articles.php' File Disclosure Vulnerability
BugTraq ID: 27422
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27422
Summary:
Siteman is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to prevent access to arbitrary files.
An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.
This issue affects Siteman 1.1.9; other versions may be vulnerable as well.
11. Cisco Application Velocity System (AVS) Remote Default Account Vulnerabilities
BugTraq ID: 27421
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27421
Summary:
Cisco Application Velocity System (AVS) is prone to multiple default-account vulnerabilities. These issues stem from a design flaw that makes several accounts available to remote attackers.
Successful exploits allow remote attackers to gain administrative access to vulnerable appliances.
Versions of Cisco AVS prior to 5.1.0 are vulnerable.
Cisco is tracking these issues as Cisco Bug ID CSCsd94732.
12. Web Wiz Rich Text Editor Arbitrary HTML File Creation Vulnerability
BugTraq ID: 27420
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27420
Summary:
Web Wiz Rich Text Editor is prone to a vulnerability that permits the creation of an arbitrary HTML file.
An attacker can exploit this issue to place arbitrary HTML code on the vulnerable computer. This may aid in retrieving potentially sensitive information from an unsuspecting victim; other attacks are also possible.
This issue affects Rich Text Editor 4.0; other versions may also be vulnerable.
13. Multiple Web Wiz Products Remote Information Disclosure Vulnerability
BugTraq ID: 27419
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27419
Summary:
Web Wiz Forums, NewsPad, and Rich Text Editor are prone to a remote information-disclosure vulnerability because they fail to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve arbitrary files in the context of the webserver process. Information obtained may aid in further attacks; other attacks are also possible.
This issue affects Forums 9.07, NewsPad 1.02, and Rich Text Editor 4.0; other versions may also be vulnerable.
14. Lama Software 'MY_CONF[classRoot]' Multiple Remote File Include Vulnerabilities
BugTraq ID: 27380
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27380
Summary:
Lama Software is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
15. Coppermine Photo Gallery 'thumbnails.php' SQL Injection Vulnerability
BugTraq ID: 27372
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27372
Summary:
Coppermine Photo Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue may be related to the vulnerability documented in BID 24710 (Coppermine Photo Gallery Album Password Cookie SQL Injection Vulnerability). We will update this BID as more information emerges.
This issue affects Coppermine Photo Gallery 1.4.10; other versions may also be vulnerable.
16. Alice Gate2 Plus Wi-Fi Router Cross-Site Request Forgery Vulnerability
BugTraq ID: 27374
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27374
Summary:
Alice Gate2 Plus Wi-Fi routers are prone to a cross-site request-forgery vulnerability.
An attacker can exploit this issue to alter administrative configuration on affected devices. Specifically, altering the wireless encryption settings on devices has been demonstrated. Other attacks may also be possible.
17. IBM WebSphere Application Server serveServletsByClassnameEnabled Unspecified Vulnerability
BugTraq ID: 27371
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27371
Summary:
IBM WebSphere Application Server is prone to an unspecified vulnerability.
Currently, very little is known about this issue. We will update this BID as more information emerges.
WebSphere Application Server 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 are vulnerable.
18. boastMachine 'mail.php' SQL Injection Vulnerability
BugTraq ID: 27369
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27369
Summary:
boastMachine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
boastMachine 3.1 is vulnerable to this issue; other versions may also be affected.
19. MediaWiki Search Bar Cross-Site Scripting Vulnerability
BugTraq ID: 27370
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27370
Summary:
MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
20. MegaBBS 'upload.asp' Cross-Site Scripting Vulnerability
BugTraq ID: 27368
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27368
Summary:
MegaBBS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
MegaBBS 1.5.14b is vulnerable; other versions may also be affected.
21. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
BugTraq ID: 24215
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/24215
Summary:
Apache is prone to multiple denial-of-service vulnerabilities.
An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.
22. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
BugTraq ID: 25489
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/25489
Summary:
The Apache mod_proxy module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
23. Apache HTTP Server Mod_Cache Denial of Service Vulnerability
BugTraq ID: 24649
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/24649
Summary:
The Apache mod_cache module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
24. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
BugTraq ID: 24645
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/24645
Summary:
The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
25. BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 26897
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/26897
Summary:
BalaBit IT Security 'syslog-ng' is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
This issue affects versions prior to syslog-ng and syslog-ng-premium-edition 2.0.6 and 2.1.8.
26. Cairo PNG Image Processing Remote Integer Overflow Vulnerability
BugTraq ID: 26650
Remote: Yes
Last Updated: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/26650
Summary:
Cairo is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to overflow a buffer and to corrupt process memory.
Attackers may be able to execute arbitrary machine code in the context of an affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects versions prior to Cairo 1.4.12.
27. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
BugTraq ID: 27356
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27356
Summary:
X.Org X Server is prone to a local information-disclosure vulnerability.
Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
28. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
BugTraq ID: 27354
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27354
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of an affected computer. Failed exploit attempts will likely crash the computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
29. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27351
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27351
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
30. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
BugTraq ID: 27350
Remote: No
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27350
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
31. Tikiwiki CMS 'tiki-listmovies.php' Directory Traversal Vulnerability
BugTraq ID: 27008
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27008
Summary:
Tikiwiki CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
Versions prior to Tikiwiki CMS 1.9.9 are vulnerable.
32. TikiWiki 'tiki-special_chars.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27004
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27004
Summary:
TikiWiki is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
TikiWiki 1.9.8.3 is vulnerable; prior versions may also be affected.
33. Cisco PIX and ASA Appliance 'TTL Decrement' Denial of Service Vulnerability
BugTraq ID: 27418
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27418
Summary:
Multiple Cisco security appliances are prone to a denial-of-service vulnerability when the Time-To-Live (TTL) decrement feature is enabled for handling IP packets.
An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition.
The following devices are affected:
Cisco PIX 500 Series Security Appliance
Cisco 5500 Series Adaptive Security Appliance (ASA)
Devices running software versions from 7.2(2) and up to 7.2(3)006 or 8.0(3) that have the TTL decrement feature enabled are vulnerable to this issue.
NOTE: The TTL decrement feature is not configured by default on the devices listed above. Devices that do not support the TTL decrement feature are not vulnerable.
34. SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer Overflow Vulnerability
BugTraq ID: 27417
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27417
Summary:
The SDL_image library is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The issue occurs when handling malformed GIF images.
Attackers can leverage this issue to execute arbitrary code in the context of an application using the library. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
Versions prior to SDL_image 1.2.7 are vulnerable.
35. PHP cURL 'safe mode' Security Bypass Vulnerability
BugTraq ID: 27413
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27413
Summary:
PHP cURL is prone to a 'safe mode' security-bypass vulnerability.
Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks.
The issue affects PHP 5.2.5 and 5.2.4.
36. LulieBlog 'voircom.php' SQL Injection Vulnerability
BugTraq ID: 27416
Remote: Yes
Last Updated: 2008-01-24
Relevant URL: http://www.securityfocus.com/bid/27416
Summary:
LulieBlog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
LulieBlog 1.0.2 is vulnerable to this issue; other versions may also be affected.
37. Foojan WMS 'index.php' SQL Injection Vulnerability
BugTraq ID: 27415
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27415
Summary:
Foojan WMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects Foojan WMS 1.0; other versions may also be vulnerable.
38. Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability
BugTraq ID: 27406
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27406
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local JavaScript files.
Attackers can exploit this issue to gain access to potentially sensitive information that could aid in further attacks.
Firefox 2.0.0.11 is vulnerable; other versions may also be affected.
NOTE: For an exploit to succeed, a user must have an addon installed that does not store its contents in a '.jar' file.
39. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
BugTraq ID: 27139
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27139
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.
Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. The discoverer of this issue reports that code execution may also be possible, but this has not been confirmed.
NOTE: ICMP RDP (Router Discovery Protocol) must be enabled for this issue to occur. Router Discovery Processing is disabled by default on Microsoft Windows Server 2000. The option is also disabled by default on Microsoft Windows XP and Windows Server 2003, unless the host receives the 'perform router discovery' option from a DHCP server.
40. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
BugTraq ID: 27100
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27100
Summary:
Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.
NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003.
41. yaSSL Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 27140
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27140
Summary:
yaSSL is prone to multiple remote buffer-overflow vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the library. Failed attacks will cause denial-of-service conditions.
yaSSL 1.7.5 is vulnerable to these issues; other versions are also likely to be affected.
42. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
BugTraq ID: 25498
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25498
Summary:
PHP 5.2.3 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.
43. Exiv2 EXIF File Handling Integer Overflow Vulnerability
BugTraq ID: 26918
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26918
Summary:
Exiv2 is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling EXIF files.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploits may crash the application.
Exiv2 0.15 is reported vulnerable to this issue; other versions may also be affected.
44. Belong Software Site Builder Administration Pages Authentication Bypass Vulnerability
BugTraq ID: 27402
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27402
Summary:
Belong Software Site Builder is prone to a vulnerability that results in unauthorized administrative access. The application fails to authenticate users when certain pages are accessed.
Attackers can leverage this issue to compromise the application, which could aid in other attacks.
Site Builder 0.1 beta is vulnerable; other versions may also be affected.
45. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability
BugTraq ID: 26438
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26438
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.
This issue affects version 2.6.23.1; previous versions may also be affected.
46. Linux Kernel SysFS_ReadDir NULL Pointer Dereference Vulnerability
BugTraq ID: 24631
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/24631
Summary:
The Linux kernel is prone to a NULL-pointer dereference vulnerability.
A local attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.
UPDATE (June 26, 2007): Given the nature of this issue, remote code execution may also be possible but has not been confirmed.
47. util-linux mount umount Local Privilege Escalation Vulnerability
BugTraq ID: 25973
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25973
Summary:
The 'util-linux' package is prone to a local privilege-escalation vulnerability that stems from a design error.
Exploiting this issue could allow attackers to execute arbitrary code with elevated privileges by using mount helpers such as the 'mount.nfs' application.
This vulnerability affects util-linux 2.12r; other versions may also be affected.
48. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BugTraq ID: 25163
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25163
Summary:
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.
Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.
OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.
49. OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability
BugTraq ID: 27188
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27188
Summary:
OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
This issue occurs in the PAM (Pluggable Authentication Module) authentication code.
Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
Versions in the OpenPegasus 2.6 series are vulnerable.
50. Perl Unicode Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 26350
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26350
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.
Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.
Perl 5.8 is vulnerable to this issue; other versions may also be affected.
51. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 25831
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25831
Summary:
OpenSSL is prone to an off-by-one buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.
NOTE: This issue was introduced in the fix for the vulnerability described in BID 20249 (OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability).
52. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability
BugTraq ID: 26454
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26454
Summary:
Samba is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
This issue occurs only when Samba is configured as a Primary or Backup Domain Controller.
Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute remote code, but the vendor doesn't think that this is possible.
Samba 3.0.0 through 3.0.26a are vulnerable.
53. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26455
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26455
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
NOTE: This issue occurs only when Samba is configured with the 'wins support' option enabled in the host's 'smb.conf' file.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
Samba 3.0.0 through 3.0.26a are vulnerable.
54. YaBB SE Cookie Security Bypass Vulnerability
BugTraq ID: 27414
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27414
Summary:
YaBB SE is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.
Exploiting this issue may allow an attacker to obtain sensitive information, compromise the application, and execute arbitrary script code in the context of webserver process; other attacks are also possible.
This issue affects YaBB SE 1.5.5 and prior versions.
55. Lycos File Upload Component 'FileUploader.dll' ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 27411
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27411
Summary:
Lycos File Upload Component ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
This issue affects 'FileUploader.dll' 2.0.0.2; other versions may also be vulnerable.
56. Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
BugTraq ID: 27409
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27409
Summary:
Apache 'mod_negotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and influence or misrepresent how web content is served, cached, or interpreted; other attacks are also possible.
57. SetCMS 'set' Parameter Local File Include Vulnerability
BugTraq ID: 27407
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27407
Summary:
SetCMS is prone to a local file-include vulnerability because the application fails to properly initialize the 'set' parameter.
Exploiting this issue allows attackers to execute arbitrary commands in the context of the user running the application.
A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.
This issue affects SetCMS 3.6.5; other versions may also be affected.
58. PHP-Nuke Search Module 'sid' Parameter SQL Injection Vulnerability
BugTraq ID: 27408
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27408
Summary:
PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
59. EasySiteNetwork Recipe Website Script 'list.php' SQL Injection Vulnerability
BugTraq ID: 27405
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27405
Summary:
EasySiteNetwork Recipe Website Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
60. ELOG Cross-Site Scripting Vulnerability and Denial of Service Vulnerability
BugTraq ID: 27399
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27399
Summary:
ELOG is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability because the application fails to properly handle user-supplied input.
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to ELOG 2.7.1 are vulnerable.
61. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
BugTraq ID: 26701
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26701
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
Versions of the Linux kernel prior to 2.6.24-rc4 are vulnerable.
62. Linux Kernel VFS Unauthorized File Access Vulnerability
BugTraq ID: 27280
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27280
Summary:
The Linux kernel is prone to an unauthorized file-access vulnerability affecting the VFS (Virtual Filesystem) module.
A local attacker can exploit this issue to access arbitrary files on the affected computer. Successfully exploiting this issue may grant the attacker elevated privileges on affected computers. Other attacks are also possible.
This issue affects kernel versions prior to 2.6.23.14.
63. Xen 'copy_to_user()' Local Security Bypass Vulnerability
BugTraq ID: 26954
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26954
Summary:
Xen is prone to a local security-bypass vulnerability that affects PAL emulation.
Local attackers can leverage this issue to access arbitrary memory regions from HVM guest systems. This could allow attackers to obtain potentially sensitive information that could aid in further attacks.
This issue affects Xen 3.1.2 on IA64 platforms; other versions may also be vulnerable.
64. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 27305
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27305
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Reportedly, the issue affects the following versions:
Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac.
The following versions are not affected:
Microsoft Office Excel 2007
Microsoft Office Excel 2007 Service Pack 1
Microsoft Excel 2008 for Mac
Microsoft Office Excel 2003 Service Pack 3.
Few details regarding this vulnerability are available. The vendor is investigating the issue and will be releasing updates. We will update this BID when more information emerges.
65. aflog Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 27398
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27398
Summary:
The 'aflog' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect aflog 1.01; other versions may also be affected.
66. IBM WebSphere Prior to 6.0.2.25 Multiple Remote Vulnerabilities
BugTraq ID: 27400
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27400
Summary:
IBM WebSphere Application Server is prone to multiple remote vulnerabilities, including a buffer-handling vulnerability, multiple information-disclosure vulnerabilities, and several vulnerabilities with unknown impact.
Very little information is known about these issues. We will update this BID as more information emerges.
Versions prior to IBM WebSphere Application Server 6.0.2.25 are vulnerable.
67. DeluxeBB 'attachments_header.php' Cross-Site Scripting Vulnerability
BugTraq ID: 27401
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27401
Summary:
DeluxeBB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects DeluxeBB 1.1; other versions may also be vulnerable.
68. MoinMoin MOIN_ID Cookie Remote Authentication Bypass Vulnerability
BugTraq ID: 27404
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27404
Summary:
MoinMoin is prone to an authentication-bypass vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to gain unauthorized access to the affected application, which may lead to further attacks.
Versions in the MoinMoin 1.5 series are vulnerable.
69. SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability
BugTraq ID: 27206
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27206
Summary:
SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
Successfully exploiting this issue allows remote attackers to execute arbitrary shell commands with the privileges of the database server. Multiple database commands expose this issue, including one that is available prior to authentication.
MaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected.
70. HP-UX ARPA Transport Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 25147
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/25147
Summary:
HP-UX running ARPA Transport software is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows attackers to cause denial-of-service conditions.
71. LulieBlog 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 27290
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27290
Summary:
LulieBlog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
These issues affect LulieBlog 1.0.1; other versions may also be affected.
NOTE: To exploit these issues, the attacker may require administrative access.
72. Multiple Vendors BIND 'inet_network()' Off-by-One Buffer Overflow Vulnerability
BugTraq ID: 27283
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27283
Summary:
Multiple applications that use the 'libbind' BIND library are prone to an off-by-one buffer-overflow vulnerability because the 'inet_network()' function fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.
73. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability
BugTraq ID: 27063
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27063
Summary:
ClamAV is prone to a vulnerability due to a flaw in its Bzip2 decompression support.
Successful exploits of this vulnerability may potentially allow remote attackers to execute arbitrary code in the context of the vulnerable application or to trigger denial-of-service conditions. These effects have not been confirmed.
No further technical details are currently available. We will update this BID as more information emerges.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
74. Boost Library Regular Expression Remote Denial of Service Vulnerabilities
BugTraq ID: 27325
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27325
Summary:
The Boost library is prone to a remote denial-of-service vulnerability because it fails to adequately verify user-supplied input on regular expressions.
Successful exploits may allow remote attackers to cause denial-of-service conditions on applications that use the affected library.
This issue affects Boost 1.33.1 and 1.34.1; other versions may also be affected.
75. Mantis 'Most Active Bugs' Summary Cross Site Scripting Vulnerability
BugTraq ID: 27367
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27367
Summary:
Mantis is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to Mantis 1.1.1 are vulnerable.
76. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
BugTraq ID: 26927
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26927
Summary:
ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.
Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
77. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
BugTraq ID: 27352
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27352
Summary:
X.Org X Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code with the privileges of the server. Failed attacks will cause denial-of-service conditions.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
78. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 26946
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/26946
Summary:
ClamAV is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
79. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 27198
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27198
Summary:
The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects xine-lib 1.1.9 and prior versions.
80. Citrix Presentation Server IMA Service Buffer Overflow Vulnerability
BugTraq ID: 27329
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27329
Summary:
Citrix Presentation Server is prone to a buffer-overflow vulnerability because the IMA service fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of the IMA server process. Failed exploit attempts will likely result in denial-of-service conditions.
The issue affects the following versions:
Citrix MetaFrame and Presentation Server 4.5 (and earlier)
Citrix Access Essentials 2.0 (and earlier)
Citrix Desktop Server 1.0 (and earlier)
81. PHP-Nuke News Module Index.PHP SQL Injection Vulnerability
BugTraq ID: 21277
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/21277
Summary:
The PHP-Nuke News module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
PHP-Nuke 7.9 and prior versions are vulnerable.
82. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 20327
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/20327
Summary:
Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
83. Novemberborn sIFR 'txt' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 27394
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27394
Summary:
Novemberborn sIFR is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to sIFR 2.0.3 and 3r278 are vulnerable.
84. GlobalLink 'GLChat.ocx' ActiveX Control 'ChatRoom()' Buffer Overflow Vulnerability
BugTraq ID: 27393
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27393
Summary:
GlobalLink 'GLChat.ocx' ActiveX control is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
GlobalLink 'GLChat.ocx' ActiveX control 2.5.1.33 is reported affected by this issue; other versions may also be vulnerable.
85. F5 BIG-IP 'SearchString' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 27272
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27272
Summary:
F5 BIG-IP is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BIG-IP firmware version 9.4.3 is vulnerable; other versions may also be affected.
86. PacerCMS 'id' Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 27397
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27397
Summary:
PacerCMS is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
These issues affect versions prior to PacerCMS 0.6.1.
NOTE: To exploit these issues, the attacker may require 'staff member' access.
87. PacerCMS 'submit.php' Multiple HTML Injection Vulnerabilities
BugTraq ID: 27386
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27386
Summary:
PacerCMS is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to PacerCMS 0.6.1 are vulnerable.
NOTE: This BID was originally published under the title 'PacerCMS 'submit.php' Cross-Site Scripting Vulnerability'. Further analysis reveals that these issues are HTML-injection vulnerabilities.
88. IBM WebSphere Business Modeler Repository Arbitrary File Deletion Vulnerability
BugTraq ID: 27389
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27389
Summary:
IBM WebSphere Business Modeler is prone to a vulnerability that allows users to delete arbitrary files from repositories.
Attackers can use this issue to delete arbitrary files from repositories, making the resources unavailable for legitimate users.
This issue affects IBM WebSphere Business Modeler Basic 6.0.2.1 and Advanced 6.0.2.1.
89. Fujitsu Interstage HTTP Server Multiple Unspecified Denial Of Service Vulnerabilities
BugTraq ID: 27391
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27391
Summary:
Fujitsu Interstage HTTP Server is prone to multiple unspecified denial-of-service vulnerabilities.
Remote attackers can exploit these issues to deny service to legitimate users.
Currently, very little is known about these issues. We will update this BID as more information emerges.
90. Frimousse 'explorerdir.php' File Disclosure Vulnerability
BugTraq ID: 27385
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27385
Summary:
Frimousse is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to prevent access to arbitrary files.
An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.
This issue affects Frimousse 0.0.2; other versions may be vulnerable as well.
91. Small Axe Weblog 'ffile' Parameter Remote File Include Vulnerability
BugTraq ID: 27383
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27383
Summary:
Small Axe Weblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
This issue affects Small Axe Weblog 0.3.1; other versions may also be vulnerable.
92. IBM Tivoli Provisioning Manager for OS Deployment Denial of Service Vulnerability
BugTraq ID: 27387
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27387
Summary:
IBM Tivoli Provisioning Manager for OS Deployment is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the server process, which could lead to denial-of-service conditions.
Versions prior to IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.3 are vulnerable.
93. IBM Tivoli Business Service Manager Password Disclosure Vulnerability
BugTraq ID: 27388
Remote: No
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27388
Summary:
IBM Tivoli Business Service Manager is prone to a local password-disclosure vulnerability due to a design error.
Exploiting this issue may allow a local attacker to access certain unencrypted passwords, potentially allowing them to access the application in an unauthorized manner. This may aid in further attacks.
This issue affects IBM Tivoli Business Service Manager 4.1.1.
94. singapore Modern Template 'gallery' Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 27382
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27382
Summary:
singapore Modern template is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Modern 1.3.2 and prior versions are reported vulnerable. Reports indicate that Modern 1.3.2 ships with singapore 0.10.1 by default.
95. Mooseguy Blog System 'blog.php' SQL Injection Vulnerability
BugTraq ID: 27377
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27377
Summary:
Mooseguy Blog System (MGBS) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mooseguy Blog System 1.0 is vulnerable to this issue; other versions may also be affected.
96. OZ Journals 'printpreview' Local File Disclosure Vulnerability
BugTraq ID: 27375
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27375
Summary:
OZ Journals is prone to a local file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to retrieve potentially sensitive information that may aid in further attacks.
This issue affects OZ Journals 2.1.1; other versions may also be affected.
97. AlstraSoft Forum Pay Per Post Exchange 'index.php' SQL Injection Vulnerability
BugTraq ID: 27381
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27381
Summary:
Forum Pay Per Post Exchange is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
98. IDMOS CMS 'download.php' Local File Include Vulnerability
BugTraq ID: 27379
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27379
Summary:
IDMOS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to access potentially sensitive information that may aid in further attacks.
IDMOS 1.0 is vulnerable to this issue; other versions may also be affected.
99. MyBB 'private.php' SQL Injection Vulnerability
BugTraq ID: 27378
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27378
Summary:
MyBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects MyBB 1.2.11; earlier versions may also be vulnerable.
100. Citadel SMTP RCPT TO Remote Buffer Overflow Vulnerability
BugTraq ID: 27376
Remote: Yes
Last Updated: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27376
Summary:
Citadel is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Versions prior to Citadel 7.11 are vulnerable to this issue.
SECURITYFOCUS NEWS ARTICLES
1. Legitimate sites serving up stealthy attacks
By: Robert Lemos
The Random JS infection kit serves up malicious code that hides itself by attempting to compromise each visitor only once and using a different file name each time.
http://www.securityfocus.com/news/11501
2. Malware hitches a ride on digital devices
By: Robert Lemos
Some consumers reported that their holiday gifts came with an unwelcome passenger, a Trojan horse. Infections at the factory and in retail stores will likely become more common.
http://www.securityfocus.com/news/11499
3. Senate delays vote on spy bill
By: Robert Lemos
A bill that would modernize the United States' legal framework for eavesdropping and grant telecommunications companies retroactive immunity for wiretapping customers will have to wait until January.
http://www.securityfocus.com/news/11498
4. Researchers reverse Netflix anonymization
By: Robert Lemos
Two computer scientists show that a large set of transactional data poses privacy risks by finding a way to link movie ratings from the Netflix Prize dataset to publicly available information.
http://www.securityfocus.com/news/11497
source
No comments:
Post a Comment