SecurityFocus
2. JazerNorth Scout Tracker Multiple Unspecified Vulnerabilitie...
BugTraq ID: 11066
Remote: Yes
Date Published: Aug 28 2004
Relevant URL:
http://www.securityfocus.com/bid/11066
Summary:
Scout Tracker version 0.10 has been released. This version addresses various unspecified security vulnerabilities associated with passwords and user groups.
Scout Tracker versions 0.9 and prior are affected by these issues.
This BID will be updated as more information becomes available.
7. Xedus Web Server Multiple Vulnerabilities
BugTraq ID: 11071
Remote: Yes
Date Published: Aug 30 2004
Relevant URL:
http://www.securityfocus.com/bid/11071
Summary:
It is reported that Xedus is susceptible to multiple vulnerabilities.
The first reported issue is a denial of service vulnerability. The affected application is unable to service multiple simultaneous connections, denying access to the hosted site for legitimate users.
The second reported issue is a cross-site scripting vulnerability in included sample scripts. This vulnerability is due to a failure of the application to properly sanitize user-supplied URI input before including it in the output of the scripts.
The third reported issue is a directory traversal vulnerability. The affected application will reportedly serve documents located outside of the configured web root. This may allow an attacker the ability to read arbitrary, potentially sensitive files on the hosting computer with the privileges of the web server. This may aid malicious users in further attacks.
These vulnerabilities are reported to exist in version 1.0 of Xedus.
9. Web Animations Password Protect Multiple Input Validation Vu...
BugTraq ID: 11073
Remote: Yes
Date Published: Aug 31 2004
Relevant URL:
http://www.securityfocus.com/bid/11073
Summary:
Password Protect is reported prone to a multiple cross-site scripting and SQL injection vulnerabilities. These issues occur due to insufficient sanitization of user-supplied input. Successful exploitation of these issues may result in arbitrary HTML and script code execution and/or compromise of the underlying database.
It is reported that these issues could be exploited to gain unauthorized administrative access to the application.
All versions of Password Protect are considered vulnerable to these issues.
10. PvPGN Remote Buffer Overflow Vulnerability
BugTraq ID: 11074
Remote: Yes
Date Published: Aug 29 2004
Relevant URL:
http://www.securityfocus.com/bid/11074
Summary:
PvPGN is reported prone to a remote buffer overflow vulnerability. This issue can allow an attacker to execute arbitrary code to gain unauthorized access to a vulnerable computer.
An attacker can trigger this vulnerability by supplying an excessively long string value through the 'watchall' and 'unwatchall' commands.
All versions of PvPGN including 1.6.5 and prior are affected by this vulnerability.
11. CDRTools RSH Environment Variable Privilege Escalation Vulne...
BugTraq ID: 11075
Remote: No
Date Published: Aug 31 2004
Relevant URL:
http://www.securityfocus.com/bid/11075
Summary:
CDRTools is reportedly vulnerable to an RSH environment variable privilege escalation vulnerability. This issue is due to a failure of the application to properly implement security controls when executing an application specified by the RSH environment variable.
An attacker may leverage this issue to gain superuser privileges on a computer running the affected software.
13. Bsdmainutils Calendar Information Disclosure Vulnerability
BugTraq ID: 11077
Remote: No
Date Published: Aug 31 2004
Relevant URL:
http://www.securityfocus.com/bid/11077
Summary:
The calendar utility contained in the bsdmainutils package on Debian GNU/Linux systems is reported susceptible to an information disclosure vulnerability. This is due to a lack of proper file authorization checks by the application.
The application fails to enforce permissions of included files when run as the superuser with the '-a' argument, therefore it is possible for a local attacker to create a calendar file that will disclose the contents of arbitrary, potentially sensitive files. This may aid them in further attacks against the affected computer.
By default, the package is installed with a crontab file that will not call the calendar utility. Systems are only affected if the crontab is enabled by administrators.
Debian GNU/Linux computers with bsdmainutils versions prior to 6.0.15 are reported to be vulnerable.
14. MIT Kerberos 5 Multiple Double-Free Vulnerabilities
BugTraq ID: 11078
Remote: Yes
Date Published: Aug 31 2004
Relevant URL:
http://www.securityfocus.com/bid/11078
Summary:
There are multiple double-free vulnerabilities reported to exist in MIT Kerberos 5.
All vulnerabilities stem from inconsistent memory handling routines in the krb5 library.
These vulnerabilities are exploitable in various ways:
- An attacker can execute arbitrary code in the context of a KDC server process, potentially compromising the entire Kerberos realm.
- An attacker can execute arbitrary code in the context of a krb524d server process, potentially compromising the entire Kerberos realm if it is running on the same computer as a KDC.
- An attacker can execute arbitrary code in the context of various other server processes utilizing the krb5 library.
- An attacker impersonating a KDC or application server may be able to execute arbitrary code in the context of a client process attempting to authenticate.
Versions up to and including 1.3.4 are reported vulnerable.
15. MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability
BugTraq ID: 11079
Remote: Yes
Date Published: Aug 31 2004
Relevant URL:
http://www.securityfocus.com/bid/11079
Summary:
It is reported that MIT Kerberos V is susceptible to a denial of service vulnerability in its ASN.1 decoder.
This vulnerability presents itself when the krb5 library attempts to decode a malformed ASN.1 buffer.
As a result of this vulnerability, a remote attacker may be able to deny all Kerberos service in a realm by sending malicious UDP packets to all KDCs (Key Distribution Center). The affected KDCs would then stop servicing further authentication requests. All services utilizing Kerberos for authentication would fail to allow further requests.
MIT Kerberos V versions 1.2.2 through to 1.3.4 are reportedly affected by this vulnerability.
16. PHPScheduleIt HTML Injection Vulnerability
BugTraq ID: 11080
Remote: Yes
Date Published: Aug 31 2004
Relevant URL:
http://www.securityfocus.com/bid/11080
Summary:
phpScheduleIt is reported to contain an HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before including it in dynamically generated web page content.
This may allow an attacker to inject malicious HTML and script code into the application. An unsuspecting user viewing the schedule will have the attacker-supplied script code executed within their browser in the context of the vulnerable site. This issue may be leverage to steal cookie based authentication credentials. Other attacks are also possible.
Although this issue reportedly affects version 1.0.0RC1 of the affected software, it is likely that other versions are affected as well.
17. SuSE Linux PTMX Unspecified Local Denial Of Service Vulnerab...
BugTraq ID: 11081
Remote: No
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11081
Summary:
Reportedly SuSE Linux is vulnerable to a local ptmx denial of service vulnerability; fixes are available. The underlying cause of this issue is currently unknown; this BID will be updated as more information is released.
An attacker may leverage this issue to cause the affected computer to hang or crash, denying service to legitimate users.
18. pLog User Registration HTML Injection Vulnerability
BugTraq ID: 11082
Remote: Yes
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11082
Summary:
pLog is prone to an HTML injection vulnerability that is exposed via the user registration form. Fields in the form are not adequately sanitized of HTML and script code.
This may permit execution of hostile script code when a user views pages that include the injected code. The hostile code would be rendered in the context of the site hosting the vulnerable software. Exploitation could allow for theft of cookie-based authentication credentials or other attacks.
20. IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflow Vul...
BugTraq ID: 11084
Remote: Yes
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11084
Summary:
Multiple buffer overflow vulnerabilities are reported to exist in the Iimlib/Imlib2 libraries. These issues may be triggered when handling malformed bitmap images.
These vulnerabilities could be exploited by a remote attacker to cause a denial of service in applications that use the vulnerable library to render images. It is also reported that these vulnerabilities may be exploited to execute code arbitrary code.
22. Newtelligence DasBlog Request Log HTML Injection Vulnerabili...
BugTraq ID: 11086
Remote: Yes
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11086
Summary:
DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input data before using it in the generation of dynamic web pages.
This may allow an attacker to inject malicious HTML and script code into the application. An administrator displaying the 'Activity and Events Viewer' will have the attacker-supplied script code executed within their browser in the context of the vulnerable site. This issue may be leverage to steal cookie based authentication credentials. Other attacks are also possible.
Although this issue reportedly affects versions 1.3 through 1.6 of the affected software.
23. TorrentTrader Download.PHP SQL Injection Vulnerability
BugTraq ID: 11087
Remote: Yes
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11087
Summary:
TorrentTrader is vulnerable to a remote SQL injection vulnerability in the 'download.php' script. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
An attacker may exploit this issue to manipulate and inject SQL queries onto the underlying database. It will be possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to make attacks against the underlying database.
24. PHPWebSite Multiple Input Validation Vulnerabilities
BugTraq ID: 11088
Remote: Yes
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11088
Summary:
It is reported that phpWebSite is susceptible to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities.
The cross-site scripting issue is present in a parameter of the comments module script. An attacker can exploit these issues by creating a malicious link to the vulnerable module containing HTML and script code and send this link to a vulnerable user. When the user follows the link, the attacker-supplied code renders in the user's browser.
An SQL injection issue exists in the application as well. This issue affects a parameter of the calendar module script. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker.
Finally, a HTML Injection vulnerability is reported to affect the application. The problem is said to occur in the notes module due to a lack of sufficient sanitization performed on user supplied data.
Attackers may potentially exploit this issue to manipulate web content, take unauthorized site actions in the context of the victim, or to steal cookie-based authentication credentials.
These vulnerabilities were reported in phpWebsite 0.9.3-4, previous versions are also reported to be vulnerable.
26. Opera Web Browser Empty Embedded Object JavaScript Denial Of...
BugTraq ID: 11090
Remote: Yes
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11090
Summary:
Opera is a web browser available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.
Opera Web Browser is reported to be susceptible to a JavaScript denial of service vulnerability. This vulnerability presents itself when Opera attempts to execute a specific JavaScript command. Upon executing this command, Opera will reportedly crash.
This vulnerability was reported to exist in version 7.23 of Opera for Microsoft Windows. Other versions are also likely affected. Version 7.54 does not seem to be susceptible.
27. Oracle 10g Database DBMS_SCHEDULER Remote Command Execution ...
BugTraq ID: 11091
Remote: Yes
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11091
Summary:
Oracle 10g Database is reported prone to a remote command execution vulnerability. It is reported that the vulnerability exists in the scheduler functionality that was added to Oracle 10g R1.
A remote authenticated attacker may exploit this vulnerability to execute arbitrary commands in the context of the vulnerable software.
This issue was originally announced as an undisclosed issue in BID 10871.
29. LHA Multiple Code Execution Vulnerabilities
BugTraq ID: 11093
Remote: Yes
Date Published: Sep 01 2004
Relevant URL:
http://www.securityfocus.com/bid/11093
Summary:
LHA is reported prone to multiple vulnerabilities. These issues include multiple local and remote buffer overflow vulnerabilities and a remote command execution vulnerability. Successful exploitation of these issues may allow an attacker to execute arbitrary code and gain unauthorized access to a vulnerable computer.
The following specific issues were reported:
The application is prone to a stack overflow vulnerability when processing a malicious archive.
Multiple local buffer overflow vulnerabilities were reported as well. These issues can be triggered by supplying an excessive string value to the application through the command line.
Additionally, a remote command execution issue affects the application. This issue is triggered when LHA processes a directory with a malformed name.
LHA versions 1.14 and prior are affected by these issues.
30. Apache mod_ssl Denial Of Service Vulnerability
BugTraq ID: 11094
Remote: Yes
Date Published: Sep 02 2004
Relevant URL:
http://www.securityfocus.com/bid/11094
Summary:
Apache mod_ssl is reported susceptible to a denial of service vulnerability.
This issue presents itself during SSL connections to a vulnerable Apache server. The affected software may enter into an infinite loop in certain circumstances. This will consume CPU resources and potentially cause further connections to the affected server to fail.
All Apache versions from 2.0 through to 2.0.50 are reported vulnerable.
33. CuteNews 'index.php' Cross-Site Scripting Vulnerability
BugTraq ID: 11097
Remote: Yes
Date Published: Sep 02 2004
Relevant URL:
http://www.securityfocus.com/bid/11097
Summary:
It is reported that CuteNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
This vulnerability is reported to exist in versions 1.3.6 and prior of CuteNews.
34. Squid Proxy NTLM Authentication Denial Of Service Vulnerabil...
BugTraq ID: 11098
Remote: Yes
Date Published: Sep 02 2004
Relevant URL:
http://www.securityfocus.com/bid/11098
Summary:
Squid is reported to be susceptible to a denial of service vulnerability in its NTLM authentication module.
This vulnerability presents itself when attacker supplied input data is passed to the affected NTLM module without proper sanitization.
This vulnerability allows an attacker to crash the NTLM helper application. Squid will respawn new helper applications, but with a sustained, repeating attack, it is likely that proxy authentication depending on the NTLM helper application would fail. Failure of NTLM authentication would result in the Squid application denying access to legitimate users of the proxy.
Squid versions 2.x and 3.x are all reported to be vulnerable to this issue. A patch is available from the vendor.
35. Oracle Database Server ctxsys.driload Access Validation Vuln...
BugTraq ID: 11099
Remote: Yes
Date Published: Sep 03 2004
Relevant URL:
http://www.securityfocus.com/bid/11099
Summary:
Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database.
This issue corresponds to one of the unspecified vulnerabilities mentioned in BID 10871 and addressed by Oracle Alert #68.
36. Oracle Database Server dbms_system.ksdwrt Remote Buffer Over...
BugTraq ID: 11100
Remote: Yes
Date Published: Sep 03 2004
Relevant URL:
http://www.securityfocus.com/bid/11100
Summary:
A remotely exploitable buffer overflow exists in Oracle Database Server.
The issue can be triggered when an overly long string is passed to an internal logging function. Authorized users could exploit this issue to execute arbitrary code in the context of the server process or to cause a denial of service.
This issue corresponds to one of the unspecified vulnerabilities mentioned in BID 10871 and addressed by Oracle Alert #68.
38. Dynalink RTA 230 ADSL Router Default Backdoor Account Vulner...
BugTraq ID: 11102
Remote: Yes
Date Published: Sep 03 2004
Relevant URL:
http://www.securityfocus.com/bid/11102
Summary:
The Dynalink RTA 230 ADSL router is reported susceptible to a default backdoor account vulnerability.
It is reported that the firmware contains a backdoor account. This account is not visible or modifiable from the web administration interface. Both the web configuration application and the telnet service are not listening on the WAN interface by default.
Attackers with network access to internal interfaces of the device can gain complete access to a vulnerable access point by using the default credentials.
Other devices utilizing similar firmware may also be affected, but this has not been confirmed. Other potential devices reported are:
- US Robotics 9105 and 9106
- Siemens SE515
- Buffalo WMR-G54
39. PhpMyBackupPro Unspecified Potential Input Validation Vulner...
BugTraq ID: 11103
Remote: Yes
Date Published: Aug 29 2004
Relevant URL:
http://www.securityfocus.com/bid/11103
Summary:
phpMyBackupPro is reported prone to multiple unspecified input validation vulnerabilities. These issues were identified by the vendor. The cause and impact of these issues is currently unknown, however, they are reported to occur due to insufficient validation of some configuration entries and validation of mySQL username and password values. It is conjectured that these issues may allow an attacker to gain unauthorized access to the application. Disclosure of database backups is a possibility as well.
phpMyBackupPro versions 0.6.2 and prior are affected by these issues.
