SecurityFocus
1. Belchior Foundry VCard Authentication Bypass Vulnerability
BugTraq ID: 9910
Remote: Yes
Date Published: Mar 17 2004
Relevant URL:
http://www.securityfocus.com/bid/9910
Summary:
It has been reported that vCard is prone to a remote authentication bypass
vulnerability. This issue is due to a design error that would allow a
malicious user access to certain admin functionality without having to
first authenticate to the application.
This issue may be leveraged to manipulate the application database,
potentially destroying data.
2. PHP-Nuke Error Manager Module Multiple Vulnerabilities
BugTraq ID: 9911
Remote: Yes
Date Published: Mar 18 2004
Relevant URL:
http://www.securityfocus.com/bid/9911
Summary:
It has been reported that Error Manager is prone to multiple
vulnerabilities. These issues are due to failure to validate user input,
failure to handle exceptional conditions and simple design errors.
These issues may be leveraged to carry out cross-site scripting attacks,
reveal information about the application configuration and initiate HTML
injection attacks against the affected system.
8. Jetty Unspecified Denial Of Service Vulnerability
BugTraq ID: 9917
Remote: Yes
Date Published: Mar 18 2004
Relevant URL:
http://www.securityfocus.com/bid/9917
Summary:
An unspecified denial of service vulnerability has been reported in Jetty
Java HTTP Servlet Server. It is conjectured that this may be exploited
remotely.
10. SquidGaurd NULL URL Character Unauthorized Access Vulnerabil...
BugTraq ID: 9919
Remote: Yes
Date Published: Mar 19 2004
Relevant URL:
http://www.securityfocus.com/bid/9919
Summary:
Reportedly SquidGaurd is prone to a remote NULL URL character unauthorized
access vulnerability. This issue is due to a failure of the application
to properly filter out invalid URIs.
Successful exploitation of this issue may allow a remote attacker to
bypass access controls resulting in unauthorized access to
attacker-specified resources. This may allow the attacker to gain
unauthorized access to sensitive resources.
Although it has not been confirmed, this issue may be related to the issue
defined in BID 9778.
12. Apache Connection Blocking Denial Of Service Vulnerability
BugTraq ID: 9921
Remote: Yes
Date Published: Mar 19 2004
Relevant URL:
http://www.securityfocus.com/bid/9921
Summary:
Apache is prone to an issue that may permit remote attackers to cause a
denial of service issue via a listening socket on a rarely accessed port.
This will reportedly block out new connections to the server until another
connection on the rarely accessed socket is initiated.
The functionality that exposes this issue is reportedly enabled by default
on all platforms except Windows.
13. FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vuln...
BugTraq ID: 9922
Remote: No
Date Published: Mar 19 2004
Relevant URL:
http://www.securityfocus.com/bid/9922
Summary:
It has been reported that the FVWM fvwm_make_browse_menu.sh script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.
An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.
This issue is related to the issue described in BID 9161.
16. FVWM fvwm_make_directory_menu.sh Scripts Command Execution V...
BugTraq ID: 9925
Remote: No
Date Published: Mar 19 2004
Relevant URL:
http://www.securityfocus.com/bid/9925
Summary:
It has been reported that the FVWM 'fvwm_make_directory_menu.sh' script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.
An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.
This issue is related to the issue described in BID 9161.
17. Samba SMBPrint Sample Script Insecure Temporary File Handlin...
BugTraq ID: 9926
Remote: No
Date Published: Mar 19 2004
Relevant URL:
http://www.securityfocus.com/bid/9926
Summary:
It has been reported that the 'smbprint-new.sh' sample Samba script is
prone to a local insecure temporary file handling symbolic link
vulnerability. This issue is due to a design error that allows the
application to insecurely write to a temporary file that is created with a
predictable file name.
An attacker may exploit this issue to corrupt arbitrary files. This
corruption may potentially result in the elevation of privileges, or in a
system wide denial of service.
It should be noted that the 'smbprint-new.sh' is a sample script located
in the 'examples' directory. This script is not intended for commercial
use. The 'smbprint' script included in the 'packaging' directory is not
vulnerable to this issue. Individual package distributions may vary.
18. Tarantella Enterprise 3 TTAArchives.CGI Remote Cross-Site Sc...
BugTraq ID: 9927
Remote: Yes
Date Published: Mar 19 2004
Relevant URL:
http://www.securityfocus.com/bid/9927
Summary:
Reportedly the 'ttaarchives.cgi' script bundled with Tarantella Enterprise
3 is prone to a remote cross-site scripting vulnerability. This issue is
due to a failure of the application to sufficiently sanitize user supplied
URI input.
This issue may be leveraged to steal cookie based authentication
credentials, other attacks are possible as well.
19. Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripti...
BugTraq ID: 9928
Remote: Yes
Date Published: Mar 19 2004
Relevant URL:
http://www.securityfocus.com/bid/9928
Summary:
Reportedly the 'ttacab.cgi' script bundled with Tarantella Enterprise 3 is
prone to a remote cross-site scripting vulnerability. This issue is due
to a failure of the application to sufficiently sanitize user supplied URI
input.
This issue may be leveraged to steal cookie based authentication
credentials, other attacks are possible as well.
20. Borland Interbase Database User Privilege Escalation Vulnera...
BugTraq ID: 9929
Remote: No
Date Published: Mar 20 2004
Relevant URL:
http://www.securityfocus.com/bid/9929
Summary:
By default, insecure permissions are set on the file storing the user
database that is shipped with Borland Interbase. The permissions, 0666,
permit all users to write to the file. This configuration error can be
exploited to gain administrative access within the database. The
consequences of this flaw may extend further if the database supports
applications.
21. Apache Error Log Escape Sequence Injection Vulnerability
BugTraq ID: 9930
Remote: Yes
Date Published: Mar 20 2004
Relevant URL:
http://www.securityfocus.com/bid/9930
Summary:
It has been reported that the Apache web server is prone to a remote error
log escape sequence injection vulnerability. This issue is due to an
input validation error that may allow escape character sequences to be
injected into apache log files.
This may facilitate exploitation of issues such as those found in BIDs
6936 and 6938.
This issue may allow an attacker to carry out a number of actions
including arbitrary file creation and code execution on the affected
system.
24. Apache mod_disk_cache Module Client Authentication Credentia...
BugTraq ID: 9933
Remote: Yes
Date Published: Mar 20 2004
Relevant URL:
http://www.securityfocus.com/bid/9933
Summary:
It has been reported that Apache mod_disk_cache module may be prone to a
weakness that could result in an attacker gaining access to proxy or
standard authentication credentials. The mod_disk_cache module is
reported to store HTTP Hop-by-hop headers including user login and
password information in plaintext format on disk.
This issue could be used in conjunction with other possible
vulnerabilities in a host to gain access to user authentication
credentials. Successful exploitation of this issue may lead to further
attacks agains vulnerable users of the affected host.
Apache versions 2.0.49 and prior with mod_disk_cache enabled are assumed
to be affected by this issue.
27. XWeb Directory Traversal Vulnerability
BugTraq ID: 9937
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9937
Summary:
XWeb is reportedly prone to directory traversal attacks. Remote attackers
may exploit this issue to gain access to sensitive files outside of the
server root. This would occur in the context of the server, i.e.: any
files the server could access would also be accessible to the attacker.
28. phpBB profile.php avatarselect Cross-Site Scripting Vulnerab...
BugTraq ID: 9938
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9938
Summary:
It has been reported that phpBB may be prone to a cross-site scripting
vulnerability that may allow an attacker to execute arbitrary HTML or
script code in a user's browser. The issue exists due to insufficient
sanitization of user-supplied input via the 'avatarselect' form parameter
of 'profile.php' script.
phpBB 2.0.6d has been reported to be prone to this issue, however, other
versions could be affected as well.
29. Xine Bug Reporting Script Insecure Temporary File Creation V...
BugTraq ID: 9939
Remote: No
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9939
Summary:
The xine bug reporting scripts (xine-bugreport and xine-check) create
temporary files in an insecure manner. A malicious local user could take
advantage of this issue by mounting a symbolic link attack to corrupt
other system files, most likely resulting in destruction of data.
Privilege escalation is also theoretically possible. This issue is only
exposed when the vulnerable scripts are run to submit a bug report to the
vendor.
It should be noted that xine-bugreport and xine-check are separate
instances of the same script.
30. JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerabi...
BugTraq ID: 9940
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9940
Summary:
It has been reported that VBulletin is prone to a cross-site scripting
vulnerability in the 'ptivate.php' script. This issue is reportedly due to
a failure to sanitize user input and so allow for injection of HTML and
script code that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based
authentication credentials or other attacks.
31. Joel Palmius Mod_Survey Survey Input Field HTML Injection Vu...
BugTraq ID: 9941
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9941
Summary:
Mod_Survey is prone to HTML injection attacks via survey input fields.
They may permit remote attackers to persistently inject HTML and script
code into surveys, which may be rendered in the web browser of
administrative or other users.
Exploitation could permit for theft of cookie-based authentication
credentials. Other attacks are also possible.
32. phpBB Multiple Input Validation Vulnerabilities
BugTraq ID: 9942
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9942
Summary:
It has been reported that phpBB may be prone to multiple vulnerabilities
that could allow an attacker to carry out SQL injection and cross-site
scripting attacks. These vulnerabilities result from insufficient
sanitization of user-supplied input via the 'id' parameter of
'admin_smilies.php' module and the 'style_id' parameter of 'admin_styles'
module.
phpBB versions 2.0.7a and prior are reported to be prone to these issues.
33. JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scrip...
BugTraq ID: 9943
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9943
Summary:
It has been reported that VBulletin is prone to a cross-site scripting
vulnerability in the 'index.php' script in both the 'admincp' and 'modcp'
application directories. This issue is reportedly due to a failure to
sanitize user input and so allow for injection of HTML and script code
that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based
authentication credentials or other attacks.
36. PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure ...
BugTraq ID: 9946
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9946
Summary:
Reportedly MS-Analysis is prone to a remote information disclosure
vulnerability. This issue is due to a design error that displays
sensitive system information when certain errors are triggered.
The problem presents itself when an error condition is triggered in all
scripts residing in the 'scripts' directory of the MS-Analysis directory.
It has also been reported that this issue affects the 'mstrack.php' and
'title.php' scripts in the MS-Analysis root directory.
These issues may be leveraged to gain sensitive information about the
affected system potentially aiding an attacker in mounting further
attacks.
37. PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vu...
BugTraq ID: 9947
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9947
Summary:
It has been reported that MS-Analysis is prone to a multiple cross-site
scripting vulnerabilities. These issues are due to a failure of the
application to properly sanitize user supplied URI parameters.
These issues could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
38. PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injectio...
BugTraq ID: 9948
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9948
Summary:
Reportedly the MS-Analysis module is prone to a remote SQL injection
vulnerability. This issue is due to a failure to properly sanitize user
supplied HTTP header input before using it in an SQL query.
As a result of this, a malicious user may influence database queries in
order to view or modify sensitive information, potentially compromising
the software or the database. It may be possible for an attacker to
disclose the administrator password hash by exploiting this issue.
40. ReGet Software ReGet Directory Traversal Vulnerability
BugTraq ID: 9951
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9951
Summary:
It has been reported that ReGet may be prone to a directory traversal
vulnerability that may allow remote attackers to upload files to arbitrary
locations on a target system. The attacker may supply encoded directory
traversal sequences in the URI parameter so that the requested file is
saved outside of the default download directory specified by the user.
ReGet Deluxe 3.0 build 121 has been reported to be prone to this issue,
however, other versions could be affected as well.
41. Ethereal Multiple Vulnerabilities
BugTraq ID: 9952
Remote: Yes
Date Published: Mar 22 2004
Relevant URL:
http://www.securityfocus.com/bid/9952
Summary:
Ethereal 0.10.3 has been released to address multiple vulnerabilities.
These issues include:
- Thirteen stack-based buffer overruns in various protocol dissectors
(NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP).
- A denial of service that is triggered by a zero length Presentation
protocol selector.
- Specially crafted RADIUS packets may cause a crash in Ethereal.
- Corrupt color filter files may cause a crash in Ethereal.
These issues may result in a denial of service or potentially be leveraged
to execute arbitrary code in the instance of the buffer overruns.
43. Foxmail Remote Buffer Overflow Vulnerability
BugTraq ID: 9954
Remote: Yes
Date Published: Mar 23 2004
Relevant URL:
http://www.securityfocus.com/bid/9954
Summary:
It has been reported that Foxmail is prone to a remote buffer overflow
vulnerability. This issue is due to a failure of the application to
verify buffer boundaries when processing user supplied email headers.
A remote attacker may potentially exploit this issue to cause the email
client to crash, denying service to the victim user. It is also possible
to further leverage this issue in order to execute arbitrary code; this
code would be executed in the security context of the user running the
affected email client.
44. Hibyte HiGuest Message Field HTML Injection Vulnerability
BugTraq ID: 9955
Remote: Yes
Date Published: Mar 23 2004
Relevant URL:
http://www.securityfocus.com/bid/9955
Summary:
Hibyte's HiGuest guestbook software is prone to HTML injection attacks.
This issue is exposed via the message form field in the guestbook entry
submission form.
Exploitation could permit remote attackers to persistently inject hostile
HTML and script code into guestbook content. This could allow for theft
of cookie-based authentications or other attacks, such as those which
misrepresent guestbook content.
45. SSH Communications SSH Tectia Server Private Key Disclosure ...
BugTraq ID: 9956
Remote: No
Date Published: Mar 23 2004
Relevant URL:
http://www.securityfocus.com/bid/9956
Summary:
It has been reported that SSH Tectia Server may be prone to a private key
disclosure vulnerability due to an unspecified weakness in the password
change mechanism functionality employed by the server. Because of this, a
local attacker may be able to gain access to the private host key of a
vulnerable system. It has been reported that the password change
mechanism is not enabled by default.
SSH Tectia Server for Unix versions 4.0.3 and 4.0.4 are affected by this
issue. Tectia Server for Windows is not vulnerable to this issue.
47. Common Desktop Environment DTLogin Unspecified Remote Double...
BugTraq ID: 9958
Remote: Yes
Date Published: Mar 23 2004
Relevant URL:
http://www.securityfocus.com/bid/9958
Summary:
It has been reported that a double free vulnerability exists in the
dtlogon process of CDE. This issue presents itself due to the free()
function being called on the same allocated chunk of memory more than
once. This problem occurs prior to any authorization.
Successful exploitation of this issue could lead to the corruption of an
arbitrary location in memory, ultimately allowing for the attacker to
control the execution flow of the affected process.
50. FluidGames The Rage Game Server Remote Denial of Service Vul...
BugTraq ID: 9961
Remote: Yes
Date Published: Mar 23 2004
Relevant URL:
http://www.securityfocus.com/bid/9961
Summary:
It has been reported that The Rage is prone to a denial of service
vulnerability when processing client request packets containing 0 for the
values of the client IP address and Port number. This issue results in an
exceptional condition causing the server to enter an infinite loop leading
to a hang.
The Rage 1.01 and prior are reported to be affected by this issue.
51. Sun Solaris vfs_getvfssw function Local Privilege Escalation...
BugTraq ID: 9962
Remote: No
Date Published: Mar 23 2004
Relevant URL:
http://www.securityfocus.com/bid/9962
Summary:
It has been reported that Sun Solaris may be prone to a local privilege
escalation vulnerability that may allow an attacker to gain root access to
a vulnerable system. The issue exists due to insufficient sanitization of
user-supplied data via the vfs_getvfssw() function in the Solaris kernel.
An attacker can load a user-specified kernel modules by using directory
traversal sequences and employing the mount() or sysfs() system calls.
54. CPanel Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 9965
Remote: Yes
Date Published: Mar 24 2004
Relevant URL:
http://www.securityfocus.com/bid/9965
Summary:
Reportedly cPanel is prone to multiple cross-site scripting
vulnerabilities. These issues are due to a failure of the application to
properly validate user supplied URI input.
These issues could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
57. rident.pl Symbolic Link Vulnerability
BugTraq ID: 9968
Remote: No
Date Published: Mar 24 2004
Relevant URL:
http://www.securityfocus.com/bid/9968
Summary:
It has been reported that rident.pl may be prone to a symbolic link
vulnerability that may allow an attacker to corrupt or overwrite arbitrary
files. This issue exists because the script writes output to a temporary
file as 'rident.pid' in 'tmp' directory.
It has been reported that a user will require root privileges to invoke
the affected script; this may increase the impact of this vulnerability.
