How to answer the people who think you’re nuts? - “I’ve been doing a lot of radio interviews and I turn into a self-righteous bore when the host inevitably asks, ‘How could you let your son take the subway alone?’”
Clutterers Anonymous dot Net - “Clutter is anything we don’t need, want, or use that takes our time, energy or space, and destroys our serenity.”
Spark 35: Your Digital Legacy - I’ll be a regular contributor to the CBC’s wonderful Spark (podcast). My first segment with Nora Young is on the basics of backup. (Hint: Next Christmas, send Uncle Joe a DVD with those hard-copy photos)
TwitterSnooze! v0.13 - “TwitterSnooze is inspired by a Merlin Mann post and was written by Andrew Parker.” Yay, nice! I think silent “snoozing” should be part of every social app. Warning, though; if your snoozed friend is the brittle type, note that re-following them will generate an email that gives you away. Caveat Twittor. [via del/andrewdparker]
How To Overclock Your Graphics Card - Overclocking is more popular than ever, but the fun is not just limited to boosting your CPU's speed - your GPU can be overclocked too. They tell you why and how to do it.
BUGTRAQ SUMMARY 1. 2Wire Routers 'H04_POST' Access Validation Vulnerability BugTraq ID: 27516 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27516 Summary: Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions.
Unauthenticated attackers can leverage this issue to change the password of arbitrary user accounts on the router. Successful attacks will completely compromise affected devices.
2Wire routers that have the 'H04_POST' page are affected by this issue.
UPDATE: This BID has been retired because it has been found to be a duplicate of BID 27246 (2Wire Routers Cross-Site Request Forgery Vulnerability).
UPDATE (February 1, 2008): This BID is being reinstated. Further investigation and new information reveal that this vulnerability differs from the one described in BID 27246.
2. Savant Webserver Buffer Overflow Vulnerability BugTraq ID: 5686 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/5686 Summary: A buffer-overflow vulnerability has been reported in Savant webserver. If the argument to a GET request exceeds 291 bytes in length, a stack overrun will occur. Remote attackers may be exploit this condition to execute arbitrary instructions on the affected host.
3. Drupal OpenID Module 'claimed_id' Provider Spoofing Vulnerability BugTraq ID: 27542 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27542 Summary: The OpenID module for Drupal is prone to a vulnerability that allows attackers to set up malicious OpenID Providers to spoof a legitimate OpenID Authority.
Attackers can exploit this issue to gain unauthorized access to websites that rely on OpenID authentication.
Versions prior to OpenID 5.x-1.1 are vulnerable.
4. Drupal Secure Site Module Authentication Bypass Vulnerability BugTraq ID: 27543 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27543 Summary: The Secure Site module for Drupal is prone to an authentication-bypass vulnerability because of an error in the IP-authentication feature.
An attacker can exploit this issue to gain unauthorized access to the affected application. This may lead to further attacks.
This issue affects Secure Site for Drupal 5.x and 4.7.x. Note that Drupal Core without this module is not affected by this issue.
5. Chilkat FTP 'ChilkatCert.dll' ActiveX Control Insecure Method Vulnerability BugTraq ID: 27540 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27540 Summary: Chilkat FTP ActiveX control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer).
Successful exploits can compromise affected computers or cause denial-of-service conditions; other attacks are possible.
This issue affects Chilkat FTP ActiveX 2.0; other versions may also be affected.
6. QuickTicket QTI_CheckName.PHP Local File Include Vulnerability BugTraq ID: 24670 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/24670 Summary: QuickTicket is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
This issue affects QuickTicket versions prior to 1.5.
7. Skype Web Content Zone Remote Code Execution Vulnerability BugTraq ID: 27338 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27338 Summary: Skype is prone to a vulnerability that allows arbitrary code to run. The issue occurs because the application uses Windows 'Web content Zones' in an insecure manner.
Attackers can leverage the issue by enticing an unsuspecting user to use a Skype dialog on a malicious web object. Successful exploits will allow arbitrary code to run in the context of the user running the application.
Skype 3.5 and 3.6 series are vulnerable.
8. 2Wire Routers Cross-Site Request Forgery Vulnerability BugTraq ID: 27246 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27246 Summary: Multiple 2Wire routers are prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to execute arbitrary actions on an affected device.
9. Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution Vulnerability BugTraq ID: 27536 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27536 Summary: Gnumeric is prone to a vulnerability that lets remote attakers execute arbitrary code.
Attackers may exploit this issue to corrupt memory and execute machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
The issue affects Gnumeric 1.6.3; other versions may also be vulnerable.
10. OpenBSD bgplg 'cmd' Parameter Cross-Site Scripting Vulnerability BugTraq ID: 27535 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27535 Summary: OpenBSD bgplg is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
bgplg shipped with OpenBSD 4.1 is vulnerable; other versions may also be affected.
11. VirtueMart Information Disclosure Vulnerability BugTraq ID: 27532 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27532 Summary: VirtueMart is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
Attackers can exploit this issue to view arbitrary files and obtain potentially sensitive information in the context of the webserver process. Information obtained could aid in further attacks.
The issue affects VirtueMart 1.0.13a and prior versions.
12. ELOG 'logbook' HTML Injection Vulnerability BugTraq ID: 27526 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27526 Summary: ELOG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
This issue affects versions prior to ELOG 2.7.2.
13. SwiftView ActiveX Control and Browser Plugin Stack Buffer Overflow Vulnerability BugTraq ID: 27527 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27527 Summary: SwiftView is prone to a stack-based buffer-overflow vulnerability. This issue affects both the SwiftView ActiveX control and the browser plugin.
Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected application. Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
14. ChronoEngine ChronoForms mosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities BugTraq ID: 27531 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27531 Summary: ChronoEngine ChronoForms component for Joomla! is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to execute malicious PHP code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
These issues affect ChronoForms 2.3.5; other versions may also be vulnerable.
15. DeltaScripts PHP Links 'vote.php' SQL Injection Vulnerability BugTraq ID: 27530 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27530 Summary: DeltaScripts PHP Links is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects PHP Links 1.3 and prior versions.
16. DeltaScripts PHP Links 'smarty.php' Remote File Include Vulnerability BugTraq ID: 27529 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27529 Summary: DeltaScripts PHP Links is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
This issue affects PHP Links 1.3 and prior versions.
17. Ruby Net::HTTP SSL Insecure Certificate Validation Weakness BugTraq ID: 25847 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/25847 Summary: Ruby's Net::HTTP library is prone to an insecure-certificate-validation weakness because the library fails to properly perform validity checks on X.509 certificates.
Successfully exploiting this issue may allow attackers to perform man-in-the-middle attacks against applications that insecurely use the affected library. Other attacks may also be possible.
NOTE: This issue is related to multiple weaknesses covered by BID 26421 - Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses.
18. Ruby Multiple Libraries SSL Multiple Insecure Certificate Validation Weaknesses BugTraq ID: 26421 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/26421 Summary: Ruby is prone to multiple weaknesses related to its validation of certificates. The problem is that multiple libraries fail to properly perform validity checks on X.509 certificates.
Successfully exploiting these issues may allow attackers to perform man-in-the-middle attacks against applications that insecurely use an affected library. Other attacks may also be possible.
NOTE: These issues are related to a weakness covered by BID 25847 (Ruby Net::HTTP SSL Insecure Certificate Validation Weakness).
19. QuickTalk Forum Lang Parameter Multiple Local File Include Vulnerabilities BugTraq ID: 24671 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/24671 Summary: QuickTalk Forum is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues may allow an unauthorized user to view files and execute local scripts.
These issues affect QuickTalk Forum 1.3; other versions may also be vulnerable.
20. RETIRED: Endian Firewall 'userlist.php' Cross Site Scripting Vulnerability BugTraq ID: 27477 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27477 Summary: Endian Firewall is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
Endian Firewall 2.1.2 is reported vulnerable; other versions may also be affected.
NOTE: This BID is being retired because information from the vendor indicates that the device is not prone to this issue.
21. BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability BugTraq ID: 27358 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27358 Summary: BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue allows an attacker to access potentially sensitive information that could aid in further attacks.
BitDefender Security for File Servers, BitDefender Enterprise Manger, and other BitDefender products that include the Update Server are vulnerable. This issue affects Update Server when running on Windows; Linux and UNIX variants may also be affected.
22. WordPress WassUp Plugin 'spy.php' SQL Injection Vulnerability BugTraq ID: 27525 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27525 Summary: WordPress WassUp plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects WassUp 1.4.3; other versions may also be vulnerable.
23. Logitech VideoCall Multiple ActiveX Controls Multiple Buffer Overflow Vulnerabilities BugTraq ID: 24254 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/24254 Summary: Multiple Logitech VideoCall ActiveX controls are prone to multiple buffer-overflow vulnerabilities because they fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
24. PeerCast HandshakeHTTP Multiple Buffer Overflow Vulnerabilities BugTraq ID: 26899 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/26899 Summary: PeerCast is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
Successfully exploiting these issues will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.
These issues affect PeerCast 0.12.17, SVN 334 and prior versions.
25. LanDesk Management Suite Alert Service AOLSRVR.EXE Buffer Overflow Vulnerability BugTraq ID: 23483 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/23483 Summary: LANDesk Management Suite is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue would result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.
This issue affects LANDesk Management Suite 8.7; prior versions may also be affected.
26. libxml2 'xmlCurrentChar()' UTF-8 Parsing Remote Denial of Service Vulnerability BugTraq ID: 27248 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27248 Summary: The libxml2 library is prone to a denial-of-service vulnerability because of an infinite-loop flaw.
Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.
Versions prior to libxml2 2.6.31 are affected by this issue.
27. Alt-N WebAdmin Remote File Disclosure Vulnerability BugTraq ID: 7439 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/7439 Summary: Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitive information.
28. Alt-N WebAdmin Remote File Viewing Vulnerability BugTraq ID: 7438 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/7438 Summary: Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system.
NOTE: The user must have administrative privileges in WebAdmin to access these files.
29. 'distcc' Access Control Bypass Vulnerability BugTraq ID: 11319 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/11319 Summary: The access controls for the 'distcc' program may malfunction under certain circumstances and may not be enforced.
A remote attacker may potentially exploit this vulnerability to access the affected 'distcc' service, regardless of access-control rules that are set in place.
This vulnerability is addressed in 'distcc' 2.16.
30. IrfanView FPX File Remote Memory Corruption Vulnerability BugTraq ID: 27479 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27479 Summary: IrfanView is prone to a remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects IrfanView 4.10; other versions may also be affected.
31. Citrix Presentation Server IMA Service Buffer Overflow Vulnerability BugTraq ID: 27329 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27329 Summary: Citrix Presentation Server is prone to a buffer-overflow vulnerability because the IMA service fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of the IMA server process. Failed exploit attempts will likely result in denial-of-service conditions.
The issue affects the following versions:
Citrix MetaFrame and Presentation Server 4.5 (and earlier) Citrix Access Essentials 2.0 (and earlier) Citrix Desktop Server 1.0 (and earlier)
32. Corel WordPerfect Office PRS Stack Buffer Overflow Vulnerability BugTraq ID: 23177 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/23177 Summary: Corel WordPerfect Office is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. A successful attack can result in the compromise of the application. Failed attempts will likely result in denial-of-service conditions.
WordPerfect X3 version 13.0.0.565 is vulnerable to this issue; other versions may also be affected.
33. Joomla! and Mambo NeoReferences Component 'catid' Parameter SQL Injection Vulnerability BugTraq ID: 27564 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27564 Summary: The NeoReferences component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects NeoReferences 1.3.1; other versions may also be affected.
34. Archimede Net 2000 'E-Guest_show.php' SQL Injection Vulnerability BugTraq ID: 27563 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27563 Summary: Archimede Net 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
35. eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer Overflow Vulnerability BugTraq ID: 19164 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/19164 Summary: eIQnetworks Enterprise Security Analyzer Topology Server is prone to a remote buffer-overflow vulnerability.
This issue can facilitate a remote compromise due to arbitrary code execution.
Enterprise Security Analyzer versions prior to 2.5.0 are vulnerable. OEM vendors' versions prior to 4.6 are also vulnerable.
36. RETIRED: Solaris in.telnetd TTYPROMPT Buffer Overflow Vulnerability BugTraq ID: 5531 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/5531 Summary: The telnet server shipped with Sun Microsystem's Solaris operating system is vulnerable to a buffer-overflow condition. Remote attackers may exploit this vulnerability to gain root access on target hosts.
**RETRACTION NOTE: It has been determined that this report was sent out in error and that the listed patches likely correct BID 3064 ("Multiple Vendor Telnetd Buffer Overflow Vulnerability"). This alert was originally published after the discovery of functional exploit code that appeared to exploit telnetd. It has since been determined that the code, an exploit for BID 3681 ("Multiple Vendor System V Derived 'login' Buffer Overflow Vulnerability"), was leaked from Internet Security Systems. It has been removed from the SecurityFocus archives. This BID will be retired.
37. AskJeeves Toolbar Settings Plugin ActiveX Control Remote Heap Based Buffer Overflow Vulnerability BugTraq ID: 25785 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/25785 Summary: AskJeeves Toolbar Settings Plugin ActiveX control is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
38. IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflow Vulnerabilities BugTraq ID: 11084 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/11084 Summary: Multiple buffer-overflow vulnerabilities are reported to reside in the Iimlib/Imlib2 libraries. These issues may be triggered when handling malformed bitmap images.
A remote attacker could exploit these vulnerabilities to cause a denial of service in applications that use the vulnerable library to render images. Reportedly, attackers may also exploit these vulnerabilities to execute arbitrary code.
39. Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability BugTraq ID: 11043 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/11043 Summary: Ipswitch WhatsUp Gold is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers.
An attacker might leverage this issue to execute arbitrary code on the affected computer with the privileges of the user that started the vulnerable application.
40. GAMSoft Telsrv DoS Vulnerability BugTraq ID: 1478 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/1478 Summary: GAMSoft Telsrv telnet server is prone to a trivial denial-of-service attack. If a malicious user were to connect to port 23 and supply a username of approximately 4550 characters, the telnet application would crash. Restarting the service is required to regain normal functionality.
In some cases, Telsrv will return an error message that contains a valid username and password in plain-text format. This can be used to gain unauthorized access to the telnet server.
41. Hummingbird Connectivity 10 LPD Daemon Stack Overflow Vulnerability BugTraq ID: 13788 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/13788 Summary: Hummingbird Connectivity 10 LPD daemon is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform sufficient boundary checks on user-supplied data.
A successful exploit will allow an unauthenticated attacker to obtain SYSTEM-level access to a vulnerable computer.
42. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability BugTraq ID: 22553 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/22553 Summary: Total Video Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects Total Video Player 1.03; other versions may also be vulnerable.
43. IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities BugTraq ID: 23071 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/23071 Summary: The IASystemInfo.dll ActiveX control of InterActual Player and CinePlayer is prone to buffer-overflow vulnerabilities. This software fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.
InterActual Player version 2.60.12.0717 is vulnerable to these issues; other versions may also be affected.
CinePlayer version 3.2 is vulnerable to these issues; other versions may also be affected.
44. Trend Micro ServerProtect SpntSvc.EXE Remote Stack Based Buffer Overflow Vulnerability BugTraq ID: 23868 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/23868 Summary: Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.
45. Trend Micro OfficeScan Client ActiveX Control Remote Buffer Overflow Vulnerability BugTraq ID: 22585 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/22585 Summary: Trend Micro OfficeScan Client is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
46. Trend Micro ServerProtect EarthAgent.EXE Remote Stack Based Buffer Overflow Vulnerability BugTraq ID: 23866 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/23866 Summary: Trend Micro ServerProtect is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.
47. Novell NetWare CIFS.NLM Denial of Service Vulnerability BugTraq ID: 14701 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/14701 Summary: NetWare CIFS.NLM is prone to a remote denial-of-service vulnerability.
Reportedly, the W32.Randex.CCC worm can trigger this issue resulting in a denial-of-service condition due to an ABEND.
48. Novell NetMail IMAP Unspecified Buffer Overflow Vulnerability BugTraq ID: 15491 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/15491 Summary: Novell NetMail is prone to a buffer-overflow vulnerability in an unspecified IMAP command. Successful exploits may result in a denial of service or arbitrary code execution.
NetMail 3.52D is affected, but earlier versions may also be vulnerable.
Details regarding the precise nature of this vulnerability are not currently available. We will update this BID as more information emerges.
49. Novell Netmail NMAP STOR Buffer Overflow Vulnerability BugTraq ID: 21725 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/21725 Summary: Novell Netmail is prone to a remotely exploitable buffer overflow vulnerability because it fails to do proper bounds checking on NMAP (Network Messaging Application Protocol) STOR command parameters.
A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.
50. Novell Netmail IMAP SUBSCRIBE Buffer Overflow Vulnerability BugTraq ID: 21728 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/21728 Summary: Novell Netmail is prone to a remotely exploitable buffer-overflow vulnerability because it fails to do proper bounds checking on arguments for IMAP SUBSCRIBE commands.
A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.
51. Sun Solaris NFS 'netgroups' Security Bypass Vulnerability BugTraq ID: 26872 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/26872 Summary: Sun Solaris is prone to a security-bypass vulnerability due to an unspecified error.
A successful attack will allow an unauthorized remote user to gain superuser access to shared NFS resources on the vulnerable system with 'netgroups' access configured.
This issue affects Sun Solaris 10 with the following kernel patches:
- kernel patches 120011-04 (and later) that are prior to 127111-05 on SPARC platforms - kernel patches 120012-04 (and later) that are prior to 127954-03 on x86 platforms
52. PCRE Regular Expression Library Multiple Security Vulnerabilities BugTraq ID: 26346 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/26346 Summary: PCRE regular-expression library is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.
53. PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities BugTraq ID: 26550 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/26550 Summary: PCRE regular-expression library is prone to multiple remote denial-of-service vulnerabilities because a memory-calculation error occurs for certain regular expressions.
Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.
These issues affect versions prior to PCRE 7.0.
54. PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities BugTraq ID: 26462 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/26462 Summary: PCRE regular-expression library is prone to multiple integer- and buffer-overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library.
55. PCRE Perl Compatible Regular Expression Subpattern Memory Allocation Denial Of Service Vulnerability BugTraq ID: 26727 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/26727 Summary: PCRE (Perl Compatible Regular Expressions) is prone to a denial-of-service vulnerability. The library fails to allocate sufficient memory for quantified subpatterns that contain certain data.
A successful attack can cause an application using the library to crash, denying service to legitimate users.
Versions prior to PCRE 6.7 are vulnerable.
56. PCRE Perl Compatible Regular Expressions Library POSIX Denial Of Service Vulnerability BugTraq ID: 26725 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/26725 Summary: PCRE (Perl Compatible Regular Expressions) is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied regular expressions.
A successful attack will cause an application using the library to crash, denying service to legitimate users.
Versions prior to PCRE 6.7 are vulnerable.
57. Novell Netmail IMAP APPEND Buffer Overflow Vulnerability BugTraq ID: 21723 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/21723 Summary: Novell Netmail is prone to a remotely exploitable buffer-overflow vulnerability because it fails to do proper bounds checking on a client-supplied IMAP APPEND parameter.
A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.
58. PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities BugTraq ID: 27163 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27163 Summary: PostgreSQL is prone to multiple remote vulnerabilities, including:
- Three privilege-escalation vulnerabilities - Three denial-of-service vulnerabilities
An attacker can exploit these issues to gain complete control of the affected application or to cause a denial-of-service condition.
These issues affect PostgreSQL 8.2, 8.1, 8.0, 7.4, and 7.3; other versions may also be affected.
59. LightBlog 'cp_upload_image.php' Arbitrary File Upload Vulnerability BugTraq ID: 27562 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27562 Summary: LightBlog is prone to a vulnerability that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
LightBlog 9.5 is affected; other versions may also be vulnerable.
60. LiveCart Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 27087 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27087 Summary: LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected.
61. SunGard Banner Student 'add1' Parameter Cross-Site Scripting Vulnerability BugTraq ID: 27490 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27490 Summary: Banner Student is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Banner Student 7.3 is vulnerable; other versions may also be affected.
62. UltraVNC VNCViewer 'ClientConnection.cpp' Remote Buffer Overflow Vulnerability BugTraq ID: 27561 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27561 Summary: UltraVNC VNCViewer is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied string lengths before copying them into static process buffers.
An attacker might leverage this issue to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application.
UltraVNC 1.0.2 and UltraVNC 104 release candidates released prior to January 25, 2008 are vulnerable to this issue.
NOTE: This issue affects only VNCViewer. The UltraVNC server is not affected.
63. Uniwin eCart Professional 'rp' Cross-Site Scripting Vulnerabilities BugTraq ID: 27560 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27560 Summary: Uniwin eCart Professional is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to Uniwin eCart Professional 2.0.16.
64. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities BugTraq ID: 27528 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27528 Summary: The 'xdg-utils' package is prone to a remote command-execution vulnerabilities.
An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious file.
Successful exploits will allow attackers to execute arbitrary commands with the privileges of the user running the affected application.
65. MySpace Uploader 'MySpaceUploader.ocx' ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 27533 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27533 Summary: MySpace Uploader ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
The Symantec DeepSight team has confirmed that this issue can be used to execute code or crash the vulnerable application using 'MySpaceUploader.ocx' 1.0.0.4 and 1.0.0.5; other versions may also be vulnerable.
66. Facebook Photo Uploader 4 'ImageUploader4.1.ocx' ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 27534 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27534 Summary: Facebook Photo Uploader ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions.
The Symantec DeepSight team has confirmed that this issue leads to a crash in 'ImageUploader4.1.ocx' 4.5.57.0; other versions may also be vulnerable. We will update this BID as more information emerges.
67. Aurigma Image Uploader 'ImageUploader4.ocx' ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 27539 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27539 Summary: Aurigma Image Uploader ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Image Uploader 4.5.70.0 is vulnerable; other versions may also be affected.
NOTE: This issue may be related to the issues covered in BID 27533 (MySpace Uploader 'MySpaceUploader.ocx' ActiveX Control Buffer Overflow) and BID 27534 (Facebook Photo Uploader 4 'ImageUploader4.1.ocx' ActiveX Control Buffer Overflow Vulnerability).
68. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability BugTraq ID: 27350 Remote: No Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27350 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
69. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability BugTraq ID: 27355 Remote: No Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27355 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
70. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability BugTraq ID: 27354 Remote: No Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27354 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of an affected computer. Failed exploit attempts will likely crash the computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
71. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability BugTraq ID: 27353 Remote: No Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27353 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
72. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability BugTraq ID: 27351 Remote: No Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27351 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
73. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability BugTraq ID: 27352 Remote: No Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27352 Summary: X.Org X Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code with the privileges of the server. Failed attacks will cause denial-of-service conditions.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
74. VideoLAN VLC Multiple Remote Code Execution Vulnerabilities BugTraq ID: 27015 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27015 Summary: VideoLAN VLC media player is prone to multiple remote code-execution vulnerabilities, including multiple buffer-overflow issues and a format-string issue.
Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application.
VLC 0.8.6d is vulnerable to these issues; other versions may also be affected.
75. Invision Gallery Index.PHP SQL Injection Vulnerability BugTraq ID: 20327 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/20327 Summary: Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects versions prior to Invision Gallery 2.1.0.
76. Nilson's Blogger 'comments.php' Local File Include Vulnerability BugTraq ID: 27559 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27559 Summary: Nilson's Blogger is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to include local files in the context of the webserver process. This may allow the attacker to obtain potentially sensitive information; other attacks are also possible.
This issue affects Nilson's Blogger 0.11; other versions may also be vulnerable.
77. Joomla! and Mambo CatalogShop Component 'id' Parameter SQL Injection Vulnerability BugTraq ID: 27558 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27558 Summary: The CatalogShop component for Mambo and Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects CatalogShop 1.0 b1; other versions may also be affected.
78. Joomla! and Mambo AkoGallery Component 'id' Parameter SQL Injection Vulnerability BugTraq ID: 27557 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27557 Summary: The AkoGallery component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
79. PulseAudio Local Privilege Escalation Vulnerability BugTraq ID: 27449 Remote: No Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27449 Summary: PulseAudio is prone to a local privilege-escalation vulnerability because the application fails to properly ensure that it has dropped its privileges.
Exploiting this issue could allow attackers to perform certain actions with superuser privileges.
This vulnerability affects versions prior to PulseAudio 0.9.9.
80. Sun Java RunTime Environment XML Parsing Unspecified Vulnerability BugTraq ID: 27553 Remote: Yes Last Updated: 2008-02-01 Relevant URL: http://www.securityfocus.com/bid/27553 Summary: Sun Java Runtime Environment (JRE) is prone to an unspecified vulnerability that can occur when parsing malicious XML content.
Exploiting this issue will allow JRE to process external references even if it has been configured not to do so. Attackers can leverage this issue to launch further attacks or to cause denial-of-service conditions.
This issue affects JDK and JRE 6 Update 3 and earlier.
81. Linux Kernel Page Faults Using NUMA Local Denial of Service Vulnerability BugTraq ID: 27556 Remote: No Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27556 Summary: The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain page faults when using NUMA (Non-Uniform Memory Access) methods.
Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.
Linux kernel 2.6.9 and prior versions are vulnerable. This issue affects the Itanium architecture; other architectures may also be vulnerable.
82. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability BugTraq ID: 27555 Remote: No Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27555 Summary: The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.
This issue affects Linux kernel 2.4.21 through 2.6.18-53 running on the PowerPC architecture.
83. Linux Kernel VFS Unauthorized File Access Vulnerability BugTraq ID: 27280 Remote: No Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27280 Summary: The Linux kernel is prone to an unauthorized file-access vulnerability affecting the VFS (Virtual Filesystem) module.
A local attacker can exploit this issue to access arbitrary files on the affected computer. Successfully exploiting this issue may grant the attacker elevated privileges on affected computers. Other attacks are also possible.
This issue affects kernel versions prior to 2.6.23.14.
84. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability BugTraq ID: 26701 Remote: No Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/26701 Summary: The Linux kernel is prone to an information-disclosure vulnerability.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
Versions of the Linux kernel prior to 2.6.24-rc4 are vulnerable.
85. Liferay Enterprise Portal Admin Portlet Shutdown Message HTML Injection Vulnerability BugTraq ID: 27554 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27554 Summary: Liferay Enterprise Portal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
This issue affects versions prior to Liferay Enterprise Portal 4.4.0 and 4.3.7.
86. Joomla! and Mambo com_restaurant Component 'id' Parameter SQL Injection Vulnerability BugTraq ID: 27551 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27551 Summary: The Joomla! and Mambo 'com_restaurant' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
87. Liferay Enterprise Portal 'User-Agent' HTTP Header Script Injection Vulnerability BugTraq ID: 27550 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27550 Summary: Liferay Enterprise Portal is prone to a script-code-injection vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to inject arbitrary script code into 'Forgot Password' emails sent by the affected application. This may help the attacker obtain potentially sensitive information that can aid in other attacks.
Versions prior to Liferay Enterprise Portal 4.4.0 and 4.3.7 are vulnerable.
88. Liferay Enterprise Portal User-Agent HTTP Header Cross Site Scripting Vulnerability BugTraq ID: 27547 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27547 Summary: Liferay Enterprise Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Liferay Enterprise Portal 4.3.6.
89. Liferay Enterprise Portal User Profile Greeting HTML Injection Vulnerability BugTraq ID: 27546 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27546 Summary: Liferay Enterprise Portal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
This issue affects versions prior to Liferay Enterprise Portal 4.4.0 and 4.3.7.
90. Linux Kernel 'isdn_common.c' Local Buffer Overflow Vulnerability BugTraq ID: 27497 Remote: No Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27497 Summary: The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.
This issue affects versions prior to Linux kernel 2.6.25.
91. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability BugTraq ID: 26605 Remote: No Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/26605 Summary: The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.
This issue affects the Linux kernel versions prior to 2.6.23.10.
92. Linux Kernel wait_task_stopped Local Denial of Service Vulnerability BugTraq ID: 26477 Remote: No Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/26477 Summary: The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain process-exit conditions.
Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.
Linux kernel versions prior to 2.6.23.8 as well as 2.6.24-rc1 and 2.6.24-rc1 are vulnerable.
93. ImageMagick Image Filename Remote Command Execution Vulnerability BugTraq ID: 16093 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/16093 Summary: ImageMagick is prone to a remote shell command-execution vulnerability.
Successful exploitation can allow arbitrary commands to be executed in the context of the affected user. Note that attackers could exploit this issue through other applications that use ImageMagick as the default image viewer.
ImageMagick 6.2.4.5 is reportedly vulnerable. Other versions may be affected as well.
94. ImageMagick File Name Handling Remote Format String Vulnerability BugTraq ID: 12717 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/12717 Summary: ImageMagick is reported prone to a remote format-string vulnerability.
Reportedly, this issue arises when the application handles malformed filenames. An attacker can exploit this vulnerability by crafting a malicious file with a name that contains format specifiers and sending the file to an unsuspecting user.
Note that there are other attack vectors that may not require user interaction, since the application can be used with custom printing systems and web applications.
A successful attack may crash the application or lead to arbitrary code execution.
All versions of ImageMagick are considered vulnerable at the moment.
95. Sun Java System Access Manager Multiple Vulnerabilities BugTraq ID: 25842 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/25842 Summary: Sun Java System Access Manager is prone to multiple remote vulnerabilities that result from configuration errors.
Exploiting these issues can allow remote attackers to gain unauthorized access to the application or execute arbitrary code in the context of the application.
Sun Java System Access Manager 7.1 is affected by these issues.
96. sflog! 'index.php' Multiple Local File Include Vulnerabilities BugTraq ID: 27541 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27541 Summary: The 'sflog!' program is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues may allow an attacker to access potentially sensitive information in the context of the affected application.
These issues affect sflog! 0.96; other versions may also be affected.
97. Livelink ECM UTF-7 Cross Site Scripting Vulnerability BugTraq ID: 27537 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27537 Summary: Livelink ECM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects versions up to and including Livelink ECM 9.7.0.
98. Mindmeld 'MM_GLOBALS['home']' Multiple Remote File Include Vulnerabilities BugTraq ID: 27538 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27538 Summary: Mindmeld is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Mindmeld 1.2.0.10; other versions may also be affected.
99. Drupal Project Issue Tracking Module Multiple Input Validation Vulnerabilities BugTraq ID: 27545 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27545 Summary: The Project Issue Tracking module for Drupal is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These issues include a cross-site scripting vulnerability as well as a vulnerability that allows attacker to upload arbitrary code.
Successfully exploiting these issues can allow an attacker to upload and execute arbitrary code in the context of the application. This may help the attacker steal cookie-based authentication credentials, and launch additional attacks.
Note that Drupal Core without this module is not affected by these issues.
100. Drupal Comment Upload Module Upload Validation Function Arbitrary File Upload Vulnerability BugTraq ID: 27544 Remote: Yes Last Updated: 2008-01-31 Relevant URL: http://www.securityfocus.com/bid/27544 Summary: The Drupal Comment Upload module is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process.
SECURITYFOCUS NEWS ARTICLES
1. Universities fend off phishing attacks By: Robert Lemos Online fraudsters send e-mail messages that masquerade as help-desk requests for usernames and passwords. http://www.securityfocus.com/news/11504
2. Antivirus firms, test labs to form standards group By: Robert Lemos The makers of antivirus software as well as independent and media-sponsored testing labs have agreed to create an industry group to standardize on methods of evaluating anti-malware programs. http://www.securityfocus.com/news/11502
3. Legitimate sites serving up stealthy attacks By: Robert Lemos The Random JS infection kit serves up malicious code that hides itself by attempting to compromise each visitor only once and using a different file name each time. http://www.securityfocus.com/news/11501
4. Malware hitches a ride on digital devices By: Robert Lemos Some consumers reported that their holiday gifts came with an unwelcome passenger, a Trojan horse. Infections at the factory and in retail stores will likely become more common. http://www.securityfocus.com/news/11499
1. GIMP The GNU Image Manipulation Program is a powerful and free piece of software that can handle all basic image editing tasks and much more beyond that. The fact that it’s open source and available for UNIX platforms, Mac and Windows makes it extremely flexible.
2. Paint.NET This is probably the most powerful free photo editing software on the market. It can complete simple tasks such as red eye correction, resizing, cropping, but it also supports layers. The program is open source and a great collection of user created plugins is available from its online community. It’s hard to recommend one over the other here, so depending on what you want to do with these programs, Paint.NET and GIMP are probably equally great…given you are a Windows user.
3. Autostitch This is the perfect tool if you want to create panorama images from a series of photos. It works fully automatic and doesn’t require user input. The program can handle both horizontal and vertical stitching. The demo is fully functional and free. One thing you have to be prepared for though is the amount of system resources this program will occupy, depending on the options you select.
4. Microsoft Reserach Group Shot If you need to take a photo of a large group of people, chances are that no matter how many shots you take, there won’t be a single photo everyone is happy with. This is where you should give Microsoft Group Shot a chance. With this software you can select your favorite parts in each shot of the series and the program will merge all your photos into the perfect composite image. Unfortunately, it appears the beta software download has expired, however future releases are around the corner.
5. TKexe Kalender It’s the New Year and maybe you still need a paper calendar. To quickly create a personal and unique edition, try this easy to use software.
6. Opanda PhotoFilter Filters can make a photo very interesting and special. But it’s tiring to carry around filters for your camera or play with camera or software settings endlessly to yield the desired results. Easier yet, use Opanda PhotoFilter to post process your snapshots. The program comes equipped with more than 100 different settings simulating Kodak, Cokin and Hoya filters.
7. Foto Mosaik Create a mosaic picture from hundreds or thousands of photos. The mosaic image is the eagle displayed in the top left, the rest of the image is a zoom into the single tiles, indicated by the red frame.
8. Win Morph Morph, warp and distort images in a professional and high quality way. This program gives you all the freedom you could possibly ask for from a free package. It works as standalone application or as a plugin for various video editors, it offers advanced keyframing, blending and distortion tools for total control and can even do dynamic morphing with various input (JPEG,BMP,PCX,PNG,PBM,TGA,TIFF) and output (JPEG,BMP,PNG,TGA,TIFF,AVI,MPEG and SWF) file formats. Are you sold, yet? No wait, it’s free!
9. Free Digital Camera Enhancer This is the tool to give your digital images the final touch. Reduce noise caused by bad light situations, smooth skin in portraits, correct the midtones, and add saturation. Naturally, this will work best on bad images.
10. JPEG Lossless Rotator With most programs, the simple act of rotating your JPEG photo into the right orientation and saving it causes a loss of quality. JPEG Lossless Rotator does the job without recoding your photo. Rather it performs a special lossless block transformation which leaves the quality of your photo untouched. Yes, this is a tool for freaks…or geeks. source
Del.icio.us was a big discovery for me. The ability to access my bookmarks anywhere, share them with others, and discover my friends’ favorites: Wow!
But I had a moment of truth the day I clicked a months-old bookmark only to discover that one of my favorite pages on Web design had vanished. D’oh! I’d really depended on that material! Suddenly apprehensive, I started going through all of my del.icio.us links one-by-one, discovering that a large percentage had vanished off the face of the Web. It felt almost like I’d had a hard drive failure. Only then did I realize how much I’d come to depend on Web-based content. Sure, for finding the odd missing page, there’s always Archive.org, but that saves pages intermittently and it’s a fairly clunky solution for an ongoing problem. What I really needed was a social bookmarking service that cached a full version of each bookmarked page with all the graphics and formatting intact.
Get Digging
Enter Diigo. I’m surprised this excellent social bookmarking service doesn’t have a higher profile online. It’s fast, easy, and it saves a cache of every page by default. I really don’t see how del.icio.us can compete, considering that Diigo looks much nicer and still manages to respond more crisply.
(Yes, there are other social bookmarking sites out there, and were I a true productivity blogger and not a dilettante, I’d give you a point-by-point feature comparison with a nifty chart. In this case, I’m going to fall back on “trust me.” Diigo’s the best I’ve tried, and I’ve tried a bunch.)
But getting the most out of Diigo isn’t as simple as swapping out your del.icio.us quick bookmarks and moving on. Strategy counts.
A Method to the Bookmarking Madness
There are some types of sites you shouldn’t bother archiving. I use Gmail, Google Calendar, and Toodledo constantly, but if any of them goes down, an archived version won’t do me a lick of good. For sites I simply access frequently, I keep a bookmark tab on my Netvibes page.
Use Diigo for static pages with useful content. Here are some suggested uses from my own Diigo love affair:
Research. Why bother copying and pasting articles you’ll be using in your next paper or presentation when you can add them to a searchable database in one click?
Publicity. If you have a blog, podcast, or other promotable work, you’ll want to clip all the reviews, blog mentions, etc. Diigo’s perfect for quickly and easily capturing those mentions for posterity and, since it’s shareable, you can show off your best clips in a snap.
Want List. It’s not really a resolution, but I do plan to cut down on my expenditures in 2008, and one way that’s always worked well for me in the past is creating a “want list.” When I see a nifty notebook or gadget or safety razor I want to buy, I add it to the want list with the date. 30 days later, if it still sounds awesome, I’ll buy it. But often my enthusiasm for that nifty cable wrap I saw on Cool Tools has waned and I’ve saved twenty bucks.
Lifehacks. Obviously. If you’re like me, you’re constantly gathering tips and advice on productivity and technology from around the Web. Save them here and go over them periodically to see which ones actually worked in practice and which were quickly forgotten.
Recipes. Several recipe sites let you aggregate your favorites, but if you get your recipes from multiple sites, you can use Diigo to keep them all in the same place.
Blogging. One of the big advantages of a social bookmarking service is the social part. Diigo makes it easy to share your links, post them to your blog, or even do an automatic daily post of links to your site.
Best of all, Diigo can automatically post any new links to the other social bookmarking sites of your choice, so there’s no need to re-sync if you try Diigo and end up not liking the experience. Your old account will be up-to-date and ready to roll.
When you sign up, make sure to take a quick tour through the robust tools available on the site, from the browser toolbar to the “diigolet” quick link. With Diigo, capturing Web-based content (and sharing it with others) is quick, easy, and seamless. source
1. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability BugTraq ID: 27353 Remote: No Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27353 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
2. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability BugTraq ID: 27355 Remote: No Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27355 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
3. Numara FootPrints 'MRchat.pl' and 'MRABLoad2.pl' Multiple Remote Command Execution Vulnerabilities BugTraq ID: 27373 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27373 Summary: Numara FootPrints is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input.
Successful attacks can compromise the affected application and possibly the underlying computer.
Versions prior to FootPrints 8.1 are vulnerable.
4. Drupal Archive Module Cross-Site Scripting Vulnerabilities BugTraq ID: 27436 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27436 Summary: Archive module for Drupal is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to 5.x-1.8.
5. aconon Mail Template Parameter Directory Traversal Vulnerability BugTraq ID: 27427 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27427 Summary: aconon Mail is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
The issue affects aconon Mail 2007 Enterprise SQL 11.7.0 and 2004 Enterprise SQL 11.5.1; other versions may also be vulnerable.
6. SLAED CMS 'index.php' Local File Include Vulnerability BugTraq ID: 27426 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27426 Summary: SLAED CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
SLAED CMS 2.5 Lite is vulnerable to this issue; other versions may also be affected.
7. Liquid-Silver CMS 'update/index.php' Local File Include Vulnerability BugTraq ID: 27425 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27425 Summary: Liquid-Silver CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to access potentially sensitive information that may aid in further attacks.
8. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability BugTraq ID: 27424 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27424 Summary: A Comodo AntiVirus ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.
Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).
Comodo AntiVirus 2.0 is vulnerable to this issue; other versions may also be affected.
9. HFS HTTP File Server Multiple Security Vulnerabilities BugTraq ID: 27423 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27423 Summary: HFS HTTP File Server is prone to multiple security vulnerabilities.
These vulnerabilities include cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username spoofing issue and a log file forging issue.
A successful exploit could allow an attacker to deny service to legitimate users, create and execute arbitrary files in the context of the webserver process, falsify log information, or execute arbitrary script code in the browser of an unsuspecting user. Other attacks are also possible.
10. Siteman 'articles.php' File Disclosure Vulnerability BugTraq ID: 27422 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27422 Summary: Siteman is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to prevent access to arbitrary files.
An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.
This issue affects Siteman 1.1.9; other versions may be vulnerable as well.
11. Cisco Application Velocity System (AVS) Remote Default Account Vulnerabilities BugTraq ID: 27421 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27421 Summary: Cisco Application Velocity System (AVS) is prone to multiple default-account vulnerabilities. These issues stem from a design flaw that makes several accounts available to remote attackers.
Successful exploits allow remote attackers to gain administrative access to vulnerable appliances.
Versions of Cisco AVS prior to 5.1.0 are vulnerable.
Cisco is tracking these issues as Cisco Bug ID CSCsd94732.
12. Web Wiz Rich Text Editor Arbitrary HTML File Creation Vulnerability BugTraq ID: 27420 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27420 Summary: Web Wiz Rich Text Editor is prone to a vulnerability that permits the creation of an arbitrary HTML file.
An attacker can exploit this issue to place arbitrary HTML code on the vulnerable computer. This may aid in retrieving potentially sensitive information from an unsuspecting victim; other attacks are also possible.
This issue affects Rich Text Editor 4.0; other versions may also be vulnerable.
13. Multiple Web Wiz Products Remote Information Disclosure Vulnerability BugTraq ID: 27419 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27419 Summary: Web Wiz Forums, NewsPad, and Rich Text Editor are prone to a remote information-disclosure vulnerability because they fail to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve arbitrary files in the context of the webserver process. Information obtained may aid in further attacks; other attacks are also possible.
This issue affects Forums 9.07, NewsPad 1.02, and Rich Text Editor 4.0; other versions may also be vulnerable.
14. Lama Software 'MY_CONF[classRoot]' Multiple Remote File Include Vulnerabilities BugTraq ID: 27380 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/27380 Summary: Lama Software is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
15. Coppermine Photo Gallery 'thumbnails.php' SQL Injection Vulnerability BugTraq ID: 27372 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/27372 Summary: Coppermine Photo Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue may be related to the vulnerability documented in BID 24710 (Coppermine Photo Gallery Album Password Cookie SQL Injection Vulnerability). We will update this BID as more information emerges.
This issue affects Coppermine Photo Gallery 1.4.10; other versions may also be vulnerable.
16. Alice Gate2 Plus Wi-Fi Router Cross-Site Request Forgery Vulnerability BugTraq ID: 27374 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/27374 Summary: Alice Gate2 Plus Wi-Fi routers are prone to a cross-site request-forgery vulnerability.
An attacker can exploit this issue to alter administrative configuration on affected devices. Specifically, altering the wireless encryption settings on devices has been demonstrated. Other attacks may also be possible.
17. IBM WebSphere Application Server serveServletsByClassnameEnabled Unspecified Vulnerability BugTraq ID: 27371 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/27371 Summary: IBM WebSphere Application Server is prone to an unspecified vulnerability.
Currently, very little is known about this issue. We will update this BID as more information emerges.
WebSphere Application Server 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 are vulnerable.
18. boastMachine 'mail.php' SQL Injection Vulnerability BugTraq ID: 27369 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/27369 Summary: boastMachine is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
boastMachine 3.1 is vulnerable to this issue; other versions may also be affected.
19. MediaWiki Search Bar Cross-Site Scripting Vulnerability BugTraq ID: 27370 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/27370 Summary: MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
20. MegaBBS 'upload.asp' Cross-Site Scripting Vulnerability BugTraq ID: 27368 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/27368 Summary: MegaBBS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
MegaBBS 1.5.14b is vulnerable; other versions may also be affected.
21. Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities BugTraq ID: 24215 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/24215 Summary: Apache is prone to multiple denial-of-service vulnerabilities.
An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.
22. Apache HTTP Server Mod_Proxy Denial of Service Vulnerability BugTraq ID: 25489 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/25489 Summary: The Apache mod_proxy module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
23. Apache HTTP Server Mod_Cache Denial of Service Vulnerability BugTraq ID: 24649 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/24649 Summary: The Apache mod_cache module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
24. Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability BugTraq ID: 24645 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/24645 Summary: The Apache HTTP Server mod_status module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
25. BalaBit IT Security syslog-ng NULL-Pointer Dereference Denial of Service Vulnerability BugTraq ID: 26897 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/26897 Summary: BalaBit IT Security 'syslog-ng' is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
This issue affects versions prior to syslog-ng and syslog-ng-premium-edition 2.0.6 and 2.1.8.
26. Cairo PNG Image Processing Remote Integer Overflow Vulnerability BugTraq ID: 26650 Remote: Yes Last Updated: 2008-01-22 Relevant URL: http://www.securityfocus.com/bid/26650 Summary: Cairo is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to overflow a buffer and to corrupt process memory.
Attackers may be able to execute arbitrary machine code in the context of an affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects versions prior to Cairo 1.4.12.
27. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability BugTraq ID: 27356 Remote: No Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27356 Summary: X.Org X Server is prone to a local information-disclosure vulnerability.
Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
28. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability BugTraq ID: 27354 Remote: No Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27354 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of an affected computer. Failed exploit attempts will likely crash the computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
29. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability BugTraq ID: 27351 Remote: No Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27351 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
30. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability BugTraq ID: 27350 Remote: No Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27350 Summary: X.Org X Server is prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
31. Tikiwiki CMS 'tiki-listmovies.php' Directory Traversal Vulnerability BugTraq ID: 27008 Remote: Yes Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27008 Summary: Tikiwiki CMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
Versions prior to Tikiwiki CMS 1.9.9 are vulnerable.
32. TikiWiki 'tiki-special_chars.php' Cross-Site Scripting Vulnerability BugTraq ID: 27004 Remote: Yes Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27004 Summary: TikiWiki is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
TikiWiki 1.9.8.3 is vulnerable; prior versions may also be affected.
33. Cisco PIX and ASA Appliance 'TTL Decrement' Denial of Service Vulnerability BugTraq ID: 27418 Remote: Yes Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27418 Summary: Multiple Cisco security appliances are prone to a denial-of-service vulnerability when the Time-To-Live (TTL) decrement feature is enabled for handling IP packets.
An attacker can exploit this issue to cause the affected devices to reload, denying service to legitimate users. Repeat attacks will result in a prolonged denial-of-service condition.
The following devices are affected:
Cisco PIX 500 Series Security Appliance Cisco 5500 Series Adaptive Security Appliance (ASA)
Devices running software versions from 7.2(2) and up to 7.2(3)006 or 8.0(3) that have the TTL decrement feature enabled are vulnerable to this issue.
NOTE: The TTL decrement feature is not configured by default on the devices listed above. Devices that do not support the TTL decrement feature are not vulnerable.
34. SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer Overflow Vulnerability BugTraq ID: 27417 Remote: Yes Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27417 Summary: The SDL_image library is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The issue occurs when handling malformed GIF images.
Attackers can leverage this issue to execute arbitrary code in the context of an application using the library. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
Versions prior to SDL_image 1.2.7 are vulnerable.
35. PHP cURL 'safe mode' Security Bypass Vulnerability BugTraq ID: 27413 Remote: Yes Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27413 Summary: PHP cURL is prone to a 'safe mode' security-bypass vulnerability.
Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks.
The issue affects PHP 5.2.5 and 5.2.4.
36. LulieBlog 'voircom.php' SQL Injection Vulnerability BugTraq ID: 27416 Remote: Yes Last Updated: 2008-01-24 Relevant URL: http://www.securityfocus.com/bid/27416 Summary: LulieBlog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
LulieBlog 1.0.2 is vulnerable to this issue; other versions may also be affected.
37. Foojan WMS 'index.php' SQL Injection Vulnerability BugTraq ID: 27415 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27415 Summary: Foojan WMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects Foojan WMS 1.0; other versions may also be vulnerable.
38. Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure Vulnerability BugTraq ID: 27406 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27406 Summary: Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local JavaScript files.
Attackers can exploit this issue to gain access to potentially sensitive information that could aid in further attacks.
Firefox 2.0.0.11 is vulnerable; other versions may also be affected.
NOTE: For an exploit to succeed, a user must have an addon installed that does not store its contents in a '.jar' file.
39. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability BugTraq ID: 27139 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27139 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.
Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. The discoverer of this issue reports that code execution may also be possible, but this has not been confirmed.
NOTE: ICMP RDP (Router Discovery Protocol) must be enabled for this issue to occur. Router Discovery Processing is disabled by default on Microsoft Windows Server 2000. The option is also disabled by default on Microsoft Windows XP and Windows Server 2003, unless the host receives the 'perform router discovery' option from a DHCP server.
40. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability BugTraq ID: 27100 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27100 Summary: Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.
NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003.
41. yaSSL Multiple Remote Buffer Overflow Vulnerabilities BugTraq ID: 27140 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27140 Summary: yaSSL is prone to multiple remote buffer-overflow vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the library. Failed attacks will cause denial-of-service conditions.
yaSSL 1.7.5 is vulnerable to these issues; other versions are also likely to be affected.
42. PHP 5.2.3 and Prior Versions Multiple Vulnerabilities BugTraq ID: 25498 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/25498 Summary: PHP 5.2.3 and prior versions are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to bypass security restrictions, cause a denial-of-service condition, and potentially execute code.
43. Exiv2 EXIF File Handling Integer Overflow Vulnerability BugTraq ID: 26918 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26918 Summary: Exiv2 is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling EXIF files.
Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploits may crash the application.
Exiv2 0.15 is reported vulnerable to this issue; other versions may also be affected.
44. Belong Software Site Builder Administration Pages Authentication Bypass Vulnerability BugTraq ID: 27402 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27402 Summary: Belong Software Site Builder is prone to a vulnerability that results in unauthorized administrative access. The application fails to authenticate users when certain pages are accessed.
Attackers can leverage this issue to compromise the application, which could aid in other attacks.
Site Builder 0.1 beta is vulnerable; other versions may also be affected.
45. Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability BugTraq ID: 26438 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26438 Summary: The Linux kernel is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges or cause the affected kernel to crash, denying service to legitimate users.
This issue affects version 2.6.23.1; previous versions may also be affected.
46. Linux Kernel SysFS_ReadDir NULL Pointer Dereference Vulnerability BugTraq ID: 24631 Remote: No Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/24631 Summary: The Linux kernel is prone to a NULL-pointer dereference vulnerability.
A local attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.
UPDATE (June 26, 2007): Given the nature of this issue, remote code execution may also be possible but has not been confirmed.
47. util-linux mount umount Local Privilege Escalation Vulnerability BugTraq ID: 25973 Remote: No Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/25973 Summary: The 'util-linux' package is prone to a local privilege-escalation vulnerability that stems from a design error.
Exploiting this issue could allow attackers to execute arbitrary code with elevated privileges by using mount helpers such as the 'mount.nfs' application.
This vulnerability affects util-linux 2.12r; other versions may also be affected.
48. OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability BugTraq ID: 25163 Remote: No Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/25163 Summary: OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.
Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.
OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.
49. OpenPegasus Management Server PAM Authentication 'cimservera.cpp' Buffer Overflow Vulnerability BugTraq ID: 27188 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27188 Summary: OpenPegasus is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
This issue occurs in the PAM (Pluggable Authentication Module) authentication code.
Attackers can leverage this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
Versions in the OpenPegasus 2.6 series are vulnerable.
50. Perl Unicode Regular Expression Buffer Overflow Vulnerability BugTraq ID: 26350 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26350 Summary: Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.
Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers.
Perl 5.8 is vulnerable to this issue; other versions may also be affected.
51. OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability BugTraq ID: 25831 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/25831 Summary: OpenSSL is prone to an off-by-one buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.
NOTE: This issue was introduced in the fix for the vulnerability described in BID 20249 (OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability).
52. Samba NMBD Logon Request Remote Buffer Overflow Vulnerability BugTraq ID: 26454 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26454 Summary: Samba is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
This issue occurs only when Samba is configured as a Primary or Backup Domain Controller.
Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute remote code, but the vendor doesn't think that this is possible.
Samba 3.0.0 through 3.0.26a are vulnerable.
53. Samba NMBD_Packets.C NetBIOS Replies Stack-Based Buffer Overflow Vulnerability BugTraq ID: 26455 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26455 Summary: Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
NOTE: This issue occurs only when Samba is configured with the 'wins support' option enabled in the host's 'smb.conf' file.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
Samba 3.0.0 through 3.0.26a are vulnerable.
54. YaBB SE Cookie Security Bypass Vulnerability BugTraq ID: 27414 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27414 Summary: YaBB SE is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.
Exploiting this issue may allow an attacker to obtain sensitive information, compromise the application, and execute arbitrary script code in the context of webserver process; other attacks are also possible.
This issue affects YaBB SE 1.5.5 and prior versions.
55. Lycos File Upload Component 'FileUploader.dll' ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 27411 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27411 Summary: Lycos File Upload Component ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
This issue affects 'FileUploader.dll' 2.0.0.2; other versions may also be vulnerable.
56. Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability BugTraq ID: 27409 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27409 Summary: Apache 'mod_negotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, and influence or misrepresent how web content is served, cached, or interpreted; other attacks are also possible.
57. SetCMS 'set' Parameter Local File Include Vulnerability BugTraq ID: 27407 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27407 Summary: SetCMS is prone to a local file-include vulnerability because the application fails to properly initialize the 'set' parameter.
Exploiting this issue allows attackers to execute arbitrary commands in the context of the user running the application.
A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.
This issue affects SetCMS 3.6.5; other versions may also be affected.
58. PHP-Nuke Search Module 'sid' Parameter SQL Injection Vulnerability BugTraq ID: 27408 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27408 Summary: PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
59. EasySiteNetwork Recipe Website Script 'list.php' SQL Injection Vulnerability BugTraq ID: 27405 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27405 Summary: EasySiteNetwork Recipe Website Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
60. ELOG Cross-Site Scripting Vulnerability and Denial of Service Vulnerability BugTraq ID: 27399 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27399 Summary: ELOG is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability because the application fails to properly handle user-supplied input.
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to ELOG 2.7.1 are vulnerable.
61. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability BugTraq ID: 26701 Remote: No Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26701 Summary: The Linux kernel is prone to an information-disclosure vulnerability.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
Versions of the Linux kernel prior to 2.6.24-rc4 are vulnerable.
62. Linux Kernel VFS Unauthorized File Access Vulnerability BugTraq ID: 27280 Remote: No Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27280 Summary: The Linux kernel is prone to an unauthorized file-access vulnerability affecting the VFS (Virtual Filesystem) module.
A local attacker can exploit this issue to access arbitrary files on the affected computer. Successfully exploiting this issue may grant the attacker elevated privileges on affected computers. Other attacks are also possible.
This issue affects kernel versions prior to 2.6.23.14.
63. Xen 'copy_to_user()' Local Security Bypass Vulnerability BugTraq ID: 26954 Remote: No Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26954 Summary: Xen is prone to a local security-bypass vulnerability that affects PAL emulation.
Local attackers can leverage this issue to access arbitrary memory regions from HVM guest systems. This could allow attackers to obtain potentially sensitive information that could aid in further attacks.
This issue affects Xen 3.1.2 on IA64 platforms; other versions may also be vulnerable.
64. Microsoft Excel Header Parsing Remote Code Execution Vulnerability BugTraq ID: 27305 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27305 Summary: Microsoft Excel is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Reportedly, the issue affects the following versions:
Microsoft Office Excel 2003 Service Pack 2 Microsoft Office Excel Viewer 2003 Microsoft Office Excel 2002 Microsoft Office Excel 2000 Microsoft Excel 2004 for Mac.
The following versions are not affected:
Microsoft Office Excel 2007 Microsoft Office Excel 2007 Service Pack 1 Microsoft Excel 2008 for Mac Microsoft Office Excel 2003 Service Pack 3.
Few details regarding this vulnerability are available. The vendor is investigating the issue and will be releasing updates. We will update this BID when more information emerges.
65. aflog Multiple SQL Injection and Cross-Site Scripting Vulnerabilities BugTraq ID: 27398 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27398 Summary: The 'aflog' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect aflog 1.01; other versions may also be affected.
66. IBM WebSphere Prior to 6.0.2.25 Multiple Remote Vulnerabilities BugTraq ID: 27400 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27400 Summary: IBM WebSphere Application Server is prone to multiple remote vulnerabilities, including a buffer-handling vulnerability, multiple information-disclosure vulnerabilities, and several vulnerabilities with unknown impact.
Very little information is known about these issues. We will update this BID as more information emerges.
Versions prior to IBM WebSphere Application Server 6.0.2.25 are vulnerable.
67. DeluxeBB 'attachments_header.php' Cross-Site Scripting Vulnerability BugTraq ID: 27401 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27401 Summary: DeluxeBB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects DeluxeBB 1.1; other versions may also be vulnerable.
68. MoinMoin MOIN_ID Cookie Remote Authentication Bypass Vulnerability BugTraq ID: 27404 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27404 Summary: MoinMoin is prone to an authentication-bypass vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to gain unauthorized access to the affected application, which may lead to further attacks.
Versions in the MoinMoin 1.5 series are vulnerable.
69. SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability BugTraq ID: 27206 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27206 Summary: SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
Successfully exploiting this issue allows remote attackers to execute arbitrary shell commands with the privileges of the database server. Multiple database commands expose this issue, including one that is available prior to authentication.
MaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected.
70. HP-UX ARPA Transport Unspecified Remote Denial Of Service Vulnerability BugTraq ID: 25147 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/25147 Summary: HP-UX running ARPA Transport software is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows attackers to cause denial-of-service conditions.
71. LulieBlog 'id' Parameter Multiple SQL Injection Vulnerabilities BugTraq ID: 27290 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27290 Summary: LulieBlog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
These issues affect LulieBlog 1.0.1; other versions may also be affected.
NOTE: To exploit these issues, the attacker may require administrative access.
72. Multiple Vendors BIND 'inet_network()' Off-by-One Buffer Overflow Vulnerability BugTraq ID: 27283 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27283 Summary: Multiple applications that use the 'libbind' BIND library are prone to an off-by-one buffer-overflow vulnerability because the 'inet_network()' function fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.
73. ClamAV BZ_GET_FAST Bzip2 Decompression Vulnerability BugTraq ID: 27063 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27063 Summary: ClamAV is prone to a vulnerability due to a flaw in its Bzip2 decompression support.
Successful exploits of this vulnerability may potentially allow remote attackers to execute arbitrary code in the context of the vulnerable application or to trigger denial-of-service conditions. These effects have not been confirmed.
No further technical details are currently available. We will update this BID as more information emerges.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
74. Boost Library Regular Expression Remote Denial of Service Vulnerabilities BugTraq ID: 27325 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27325 Summary: The Boost library is prone to a remote denial-of-service vulnerability because it fails to adequately verify user-supplied input on regular expressions.
Successful exploits may allow remote attackers to cause denial-of-service conditions on applications that use the affected library.
This issue affects Boost 1.33.1 and 1.34.1; other versions may also be affected.
75. Mantis 'Most Active Bugs' Summary Cross Site Scripting Vulnerability BugTraq ID: 27367 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27367 Summary: Mantis is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to Mantis 1.1.1 are vulnerable.
76. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability BugTraq ID: 26927 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26927 Summary: ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.
Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
77. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability BugTraq ID: 27352 Remote: No Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27352 Summary: X.Org X Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code with the privileges of the server. Failed attacks will cause denial-of-service conditions.
NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.
78. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability BugTraq ID: 26946 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/26946 Summary: ClamAV is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.
Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.
ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.
79. xine-lib 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability BugTraq ID: 27198 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27198 Summary: The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects xine-lib 1.1.9 and prior versions.
80. Citrix Presentation Server IMA Service Buffer Overflow Vulnerability BugTraq ID: 27329 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27329 Summary: Citrix Presentation Server is prone to a buffer-overflow vulnerability because the IMA service fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of the IMA server process. Failed exploit attempts will likely result in denial-of-service conditions.
The issue affects the following versions:
Citrix MetaFrame and Presentation Server 4.5 (and earlier) Citrix Access Essentials 2.0 (and earlier) Citrix Desktop Server 1.0 (and earlier)
81. PHP-Nuke News Module Index.PHP SQL Injection Vulnerability BugTraq ID: 21277 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/21277 Summary: The PHP-Nuke News module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
PHP-Nuke 7.9 and prior versions are vulnerable.
82. Invision Gallery Index.PHP SQL Injection Vulnerability BugTraq ID: 20327 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/20327 Summary: Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
83. Novemberborn sIFR 'txt' Parameter Cross-Site Scripting Vulnerability BugTraq ID: 27394 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27394 Summary: Novemberborn sIFR is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to sIFR 2.0.3 and 3r278 are vulnerable.
84. GlobalLink 'GLChat.ocx' ActiveX Control 'ChatRoom()' Buffer Overflow Vulnerability BugTraq ID: 27393 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27393 Summary: GlobalLink 'GLChat.ocx' ActiveX control is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
GlobalLink 'GLChat.ocx' ActiveX control 2.5.1.33 is reported affected by this issue; other versions may also be vulnerable.
85. F5 BIG-IP 'SearchString' Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 27272 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27272 Summary: F5 BIG-IP is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BIG-IP firmware version 9.4.3 is vulnerable; other versions may also be affected.
86. PacerCMS 'id' Parameter Multiple SQL Injection Vulnerabilities BugTraq ID: 27397 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27397 Summary: PacerCMS is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
These issues affect versions prior to PacerCMS 0.6.1.
NOTE: To exploit these issues, the attacker may require 'staff member' access.
87. PacerCMS 'submit.php' Multiple HTML Injection Vulnerabilities BugTraq ID: 27386 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27386 Summary: PacerCMS is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to PacerCMS 0.6.1 are vulnerable.
NOTE: This BID was originally published under the title 'PacerCMS 'submit.php' Cross-Site Scripting Vulnerability'. Further analysis reveals that these issues are HTML-injection vulnerabilities.
88. IBM WebSphere Business Modeler Repository Arbitrary File Deletion Vulnerability BugTraq ID: 27389 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27389 Summary: IBM WebSphere Business Modeler is prone to a vulnerability that allows users to delete arbitrary files from repositories.
Attackers can use this issue to delete arbitrary files from repositories, making the resources unavailable for legitimate users.
This issue affects IBM WebSphere Business Modeler Basic 6.0.2.1 and Advanced 6.0.2.1.
89. Fujitsu Interstage HTTP Server Multiple Unspecified Denial Of Service Vulnerabilities BugTraq ID: 27391 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27391 Summary: Fujitsu Interstage HTTP Server is prone to multiple unspecified denial-of-service vulnerabilities.
Remote attackers can exploit these issues to deny service to legitimate users.
Currently, very little is known about these issues. We will update this BID as more information emerges.
90. Frimousse 'explorerdir.php' File Disclosure Vulnerability BugTraq ID: 27385 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27385 Summary: Frimousse is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to prevent access to arbitrary files.
An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.
This issue affects Frimousse 0.0.2; other versions may be vulnerable as well.
91. Small Axe Weblog 'ffile' Parameter Remote File Include Vulnerability BugTraq ID: 27383 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27383 Summary: Small Axe Weblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
This issue affects Small Axe Weblog 0.3.1; other versions may also be vulnerable.
92. IBM Tivoli Provisioning Manager for OS Deployment Denial of Service Vulnerability BugTraq ID: 27387 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27387 Summary: IBM Tivoli Provisioning Manager for OS Deployment is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the server process, which could lead to denial-of-service conditions.
Versions prior to IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.3 are vulnerable.
93. IBM Tivoli Business Service Manager Password Disclosure Vulnerability BugTraq ID: 27388 Remote: No Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27388 Summary: IBM Tivoli Business Service Manager is prone to a local password-disclosure vulnerability due to a design error.
Exploiting this issue may allow a local attacker to access certain unencrypted passwords, potentially allowing them to access the application in an unauthorized manner. This may aid in further attacks.
This issue affects IBM Tivoli Business Service Manager 4.1.1.
94. singapore Modern Template 'gallery' Parameter Cross-Site Scripting Vulnerability BugTraq ID: 27382 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27382 Summary: singapore Modern template is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Modern 1.3.2 and prior versions are reported vulnerable. Reports indicate that Modern 1.3.2 ships with singapore 0.10.1 by default.
95. Mooseguy Blog System 'blog.php' SQL Injection Vulnerability BugTraq ID: 27377 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27377 Summary: Mooseguy Blog System (MGBS) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mooseguy Blog System 1.0 is vulnerable to this issue; other versions may also be affected.
96. OZ Journals 'printpreview' Local File Disclosure Vulnerability BugTraq ID: 27375 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27375 Summary: OZ Journals is prone to a local file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to retrieve potentially sensitive information that may aid in further attacks.
This issue affects OZ Journals 2.1.1; other versions may also be affected.
97. AlstraSoft Forum Pay Per Post Exchange 'index.php' SQL Injection Vulnerability BugTraq ID: 27381 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27381 Summary: Forum Pay Per Post Exchange is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
98. IDMOS CMS 'download.php' Local File Include Vulnerability BugTraq ID: 27379 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27379 Summary: IDMOS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to access potentially sensitive information that may aid in further attacks.
IDMOS 1.0 is vulnerable to this issue; other versions may also be affected.
99. MyBB 'private.php' SQL Injection Vulnerability BugTraq ID: 27378 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27378 Summary: MyBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects MyBB 1.2.11; earlier versions may also be vulnerable.
100. Citadel SMTP RCPT TO Remote Buffer Overflow Vulnerability BugTraq ID: 27376 Remote: Yes Last Updated: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27376 Summary: Citadel is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Versions prior to Citadel 7.11 are vulnerable to this issue.
SECURITYFOCUS NEWS ARTICLES
1. Legitimate sites serving up stealthy attacks By: Robert Lemos The Random JS infection kit serves up malicious code that hides itself by attempting to compromise each visitor only once and using a different file name each time. http://www.securityfocus.com/news/11501
2. Malware hitches a ride on digital devices By: Robert Lemos Some consumers reported that their holiday gifts came with an unwelcome passenger, a Trojan horse. Infections at the factory and in retail stores will likely become more common. http://www.securityfocus.com/news/11499
3. Senate delays vote on spy bill By: Robert Lemos A bill that would modernize the United States' legal framework for eavesdropping and grant telecommunications companies retroactive immunity for wiretapping customers will have to wait until January. http://www.securityfocus.com/news/11498
4. Researchers reverse Netflix anonymization By: Robert Lemos Two computer scientists show that a large set of transactional data poses privacy risks by finding a way to link movie ratings from the Netflix Prize dataset to publicly available information. http://www.securityfocus.com/news/11497
