Nov 08th 2005 (SF)
92 issues reported(SF)
1. MG2 Authentication Bypass Vulnerability
2. PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability
3. Subdreamer Multiple Remote SQL Injection Vulnerabilities
4. OpenVPN Client Remote Format String Vulnerability
5. Invision Gallery Index.PHP SQL Injection Vulnerability
6. Snitz Forum Post.ASP Cross-Site Scripting Vulnerability
7. NTop Insecure Temporary File Creation Vulnerability
8. PHPBB Global Variable Deregistration Bypass Vulnerabilities
9. PHPCafe Tutorial Manager Index.PHP SQL Injection Vulnerability
10. OaBoard Forum.PHP Multiple SQL Injection Vulnerabilities
11. PHPBB Multiple Unspecified Vulnerabilities
12. IBM AIX CHCONS Local Buffer Overflow Vulnerability
13. PHP PHPInfo Cross-Site Scripting Vulnerability
14. PHP Parse_Str Register_Globals Activation Weakness
15. PHP File Upload GLOBAL Variable Overwrite Vulnerability
16. Comersus BackOffice Multiple Input Validation And Information Disclosure Vulnerabilities
17. Apple Mac OS X Security Update 2005-10-31 Multiple Local Vulnerabilities
18. IOFTPD Username Enumeration Vulnerability
19. Belchior Foundry vCard Pro Addrbook.PHP SQL Injection Vulnerability
20. EyeOS Desktop.PHP HTML Injection Vulnerability
21. EyeOS User And Password Information Disclosure Vulnerability
22. Elite Forum HTML Injection Vulnerability
23. Multiple Vendor ReadDir_R Buffer Overflow Vulnerability
24. VUBB Index.PHP Cross-Site Scripting Vulnerability
25. OpenVMS Unspecified Local Denial of Service Vulnerability
26. Pax File Permission Modification Race Condition Weakness
27. NetBSD Insecure Temporary File Creation Vulnerability
28. NetBSD KernFS Local Kernel Memory Disclosure Vulnerability
29. XMB Forum Post.PHP SQL Injection Vulnerability
30. Microsoft Internet Explorer Malformed HTML Parsing Denial of Service Vulnerability
31. Cisco Management Center for IPS Sensors Configuration Download Weakness
32. OpenVPN Server Remote Denial Of Service Vulnerability
33. Sun Java System Communications Express Information Disclosure Vulnerability
34. Cisco Airespace WLAN Controller Unauthorized Network Access Vulnerability
35. RhinoSoft Serv-U FTP Server Unspecified Denial of Service Vulnerability
36. News2Net Index.PHP SQL Injection Vulnerability
37. Cisco IOS System Timers Heap Buffer Overflow Exploitation
38. phpWebThings Forum.PHP Cross-Site Scripting Vulnerability
39. PHPWebThing Forum.PHP SQL Injection Vulnerability
40. MailWatch for MailScanner Authenticate Function SQL Injection Vulnerability
41. Asus VideoSecurity Online Web Server Authentication Buffer Overflow Vulnerability
42. Glider Collect'N Kill Remote Buffer Overflow Vulnerability
43. Asus VideoSecurity Online Web Server Directory Traversal Vulnerability
44. Battle Carry Remote Denial of Service Vulnerability
45. Simple PHP Blog Multiple Input Validation Vulnerabilities
46. F-Secure Web Console Directory Traversal Vulnerability
47. GraphOn GO-Global For Windows Remote Buffer Overflow Vulnerability
48. Invision Gallery Image Upload HTML Injection Vulnerability
49. Johannes F. Kuhlmann FlatFrag Multiple Remote Buffer Overflow And Denial Of Service Vulnerabilities
50. NeroNet Limited Directory Traversal Vulnerability
51. NetBSD SO_LINGER DIAGNOSTIC Checking Local Denial of Service Vulnerability
52. NetBSD Local PTrace Privilege Escalation Vulnerability
53. IPSwitch WhatsUp Small Business 2004 Report Service Directory Traversal Vulnerability
54. Scorched 3D Multiple Vulnerabilities
55. F-Prot Antivirus ZIP Attachment Version Scan Evasion Vulnerability
56. PHP Handicapper Multiple Cross-Site Scripting Vulnerabilities
57. CutePHP CuteNews Directory Traversal Vulnerability
58. vBulletin Image Upload HTML Injection Vulnerability
59. PHP Handicapper Process_signup.PHP SQL Injection Vulnerability
60. Libungif Colormap Handling Memory Corruption Vulnerability
61. Microsoft November Advance Notification Unspecified Security Vulnerabilities
62. PHP Handicapper Process_signup.PHP HTTP Response Splitting Vulnerability
63. Movable Type Arbitrary Blog Creation Path Vulnerability
64. IBM WebSphere Application Server QueryString Information Disclosure Vulnerability
65. Libungif Null Pointer Dereference Denial of Service Vulnerability
66. Movable Type Blog Entry Posting HTML Injection Vulnerability
67. Apple QuickTime Embedded Pascal Style Remote Integer Overflow Vulnerability
68. Apple QuickTime Null Pointer Dereference Denial of Service Vulnerability
69. Apple QuickTime Movie Attributes Remote Integer Overflow Vulnerability
70. Apple QuickTime Compressed PICT Data Remote Buffer Overflow Vulnerability
71. Sun Java Development Kit Font Serialization Remote Denial of Service Vulnerability
72. Galerie ShowGallery.PHP SQL Injection Vulnerability
73. CHFN User Modification Privilege Escalation Vulnerability
74. Cerberus Helpdesk Information Disclosure Vulnerability
75. Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability
76. Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
77. Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability
78. GpsDrive Friendsd Remote Format String Vulnerability
79. Acme Thttpd Insecure Temporary File Creation Vulnerability
80. IBM Lotus Domino Multiple Vulnerabilities
81. PunBB/Blog:CMS Image Upload HTML Injection Vulnerability
82. IBM AIX SWCONS Local Buffer Overflow Vulnerability
83. JPortal Multiple SQL Injection Vulnerabilities
84. Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
85. PunBB/BLOG:CMS Origin Spoofing Vulnerability
86. cPanel Chat Message Field HTML Injection Vulnerability
87. PunBB/BLOG:CMS Unspecified Information Disclosure Vulnerability
88. Ocean12 ASP Calendar Manager Authentication Bypass Vulnerability
89. Ocean12 ASP Calendar Manager SQL Injection Vulnerability
90. Multiple Vendor Web Browser Cookie Hostname Handling Weakness
91. Macromedia Flash Array Index Memory Access Vulnerability
92. ibProArcade User ID SQL Injection Vulnerability


Oct 26th 2005 (SF)
57 issues reported(SF)
1. Sun Solaris Proc Filesystem Local Denial Of Service Vulnerability
2. Flexbackup Multiple Insecure Temporary File Creation Vulnerabilities
3. Lynx NNTP Article Header Buffer Overflow Vulnerability
4. Comersus BackOffice Plus Multiple Cross-Site Scripting Vulnerabilities
5. PHP Safedir Restriction Bypass Vulnerabilities
6. Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
7. OpenWBEM Multiple Unspecified Remote Buffer Overflow Vulnerabilities
8. Linux Kernel Console Keymap Local Command Injection Vulnerability
9. RARLAB WinRAR Command Line Processing Buffer Overflow Vulnerability
10. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
11. E107 Resetcore.PHP SQL Injection Vulnerability
12. IBM DB2 Universal Database Multiple Vulnerabilities
13. NetFlow Analyzer 4 Cross-Site Scripting Vulnerability
14. NetPBM PNMToPNG Buffer Overflow Vulnerability
15. Rockliffe MailSite Express Arbitrary File Upload Vulnerability
16. Microsoft Windows Unspecified Remote Code Execution Vulnerability
17. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
18. MySource Multiple Cross-Site Scripting Vulnerabilities
19. MySource Multiple Remote File Include Vulnerabilities
20. Oracle October Security Update Multiple Vulnerabilities
21. Xerver Multiple Input Validation Vulnerabilities
22. HP-UX LPD Arbitrary Command Execution Vulnerability
23. PHPNuke Modules.PHP Search Module Remote Directory Traversal Vulnerability
24. HP-UX FTP Server Directory Listing Vulnerability
25. Oracle Workflow Multiple Unspecified Cross-Site Scripting Vulnerabilities
26. Yiff-Server File Permission Bypass Weakness
27. Paros HSQLDB Remote Authentication Bypass Vulnerability
28. Symantec LiveUpdate for Macintosh Local Privilege Escalation Vulnerability
29. Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege Escalation Vulnerability
30. Cisco 11500 Content Services Switch Malformed SSL Client Certificate Denial of Service Vulnerability
31. Oracle Workflow Wf_monitor Cross-Site Scripting Vulnerability
32. Oracle Application Server 10g emagent.exe Stack Overflow Vulnerability
33. Oracle Workflow Wf_route Cross-Site Scripting Vulnerability
34. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13
35. Chipmunk Multiple Cross-Site Scripting Vulnerabilities
36. PHP-Nuke Modules.PHP NukeFixes Addon Remote Directory Traversal Vulnerability
37. Debian Module-Assistant Insecure Temporary File Creation Vulnerability
38. Splatt Forums Remote Authentication Bypass Vulnerability
39. BMV PostScript File Handling Integer Overflow Vulnerability
40. Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
41. Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
42. Squid FTP Server Response Denial Of Service Vulnerability
43. Ethereal Service Location Protocol Dissection Stack Buffer Overflow Vulnerability
44. SCO UnixWare PPP Prompt Local Buffer Overflow Vulnerability
45. SCO OpenServer Backupsh Local Buffer Overflow Vulnerability
46. ZipGenius Multiple Archive Formats File Name Buffer Overflow Vulnerabilities
47. AL-Caricatier SS.PHP Authentication Bypass Vulnerability
48. Oracle Application Server HTTP Response Splitting Vulnerability
49. TikiWiki Unspecified Cross-Site Scripting Vulnerability
50. SUSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
51. Nuked Klan Multiple HTML Injection Vulnerabilities
52. BMC Control M Agent Insecure File Permission Vulnerability
53. Zomplog Detail.PHP HTML Injection Vulnerability
54. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
55. phpBB Avatar Upload HTML Injection Vulnerability
56. eBASEweb Unspecified SQL Injection Vulnerability
57. FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities

SecurityFocus


1. Sun Solaris Proc Filesystem Local Denial Of Service Vulnerability
BugTraq ID: 15115
Remote: No
Date Published: 2005-10-16
Relevant URL: http://www.securityfocus.com/bid/15115
Summary: Sun Solaris is prone to a local denial of service vulnerability.

A local unauthorized user can cause a system panic in the '/proc' filesystem and cause a denial of service.

2. Flexbackup Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 15116
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15116
Summary: Flexbackup creates several temporary files in an insecure manner.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

Flexbackup 1.2.1 and earlier versions are affected.


3. Lynx NNTP Article Header Buffer Overflow Vulnerability
BugTraq ID: 15117
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15117
Summary: Lynx is prone to a buffer overflow when handling NNTP article headers.

This issue may be exploited when the browser handles NNTP content, such as through 'news:' or 'nntp:' URIs. Successful exploitation will result in code execution in the context of the program user.

4. Comersus BackOffice Plus Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15118
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15118
Summary: BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

5. PHP Safedir Restriction Bypass Vulnerabilities
BugTraq ID: 15119
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15119
Summary: PHP is prone to multiple vulnerabilities that permit an attacker to bypass the 'safedir' directory restriction.

An attacker can exploit these vulnerabilities to possible execute arbitrary code currently existing on a vulnerable system, or to retrieve the contents of arbitrary files, all in the security context of the Web server process.

Information obtained may aid in further attacks against the affected system; other attacks are also possible.

These issues have been addressed in the latest CVS version.

6. Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
BugTraq ID: 15120
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15120
Summary: Multiple packages in Gentoo Linux are susceptible to an insecure RUNPATH vulnerability. This issue is due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries.

This vulnerability may result in arbitrary code being executed in the context of users executing the vulnerable executables. This may facilitate privilege escalation.

This issue is only exploitable by users that are members of the 'portage' group.

7. OpenWBEM Multiple Unspecified Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15121
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15121
Summary: OpenWBEM is susceptible to multiple unspecified remote buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it to insufficiently sized memory buffers.

These issues are identified as multiple integer overflow and buffer overflow vulnerabilities. No further details are currently available. This BID will be updated as further information is disclosed.

These issues allow remote attackers to execute arbitrary machine code with superuser privileges, facilitating a complete system compromise.

8. Linux Kernel Console Keymap Local Command Injection Vulnerability
BugTraq ID: 15122
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15122
Summary: The Linux kernel is susceptible to a local command injection vulnerability via console keymap modifications. This issue is due to the ability of unprivileged users to alter the system-wide console keymap.

Local users may modify the console keymap to include scripted macro commands. This allows attackers to execute arbitrary commands with the privileges of the user that uses the console after them, potentially facilitating privilege escalation.

9. RARLAB WinRAR Command Line Processing Buffer Overflow Vulnerability
BugTraq ID: 15123
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15123
Summary: A remote, client-side buffer overflow vulnerability has been reported in the command line processing of RARLAB WinRAR. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

10. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
BugTraq ID: 15124
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15124
Summary: The Opera Web browser is prone to multiple vulnerabilities that may result in a browser crash. These issues are exposed when the browser attempts to parse certain malformed HTML content. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.

11. E107 Resetcore.PHP SQL Injection Vulnerability
BugTraq ID: 15125
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15125
Summary: e107 is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

An attacker can exploit this vulnerability to gain administrative access to the affected application. This may ultimately lead to a system compromise in the security context of the Web server process.

12. IBM DB2 Universal Database Multiple Vulnerabilities
BugTraq ID: 15126
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15126
Summary: IBM DB2 Universal Database is prone to multiple vulnerabilities.

These issues may allow attackers to carry out denial of service attacks and other unauthorized actions.

These issues affect DB2 versions prior to 8 FixPak 10 also known as version 8.2 FixPak 3.

13. NetFlow Analyzer 4 Cross-Site Scripting Vulnerability
BugTraq ID: 15127
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15127
Summary: NetFlow Analyzer 4 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.


14. NetPBM PNMToPNG Buffer Overflow Vulnerability
BugTraq ID: 15128
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15128
Summary: pnmtopng is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. This issue reportedly only occurs when the '-trans' command line option is utilized.

This issue allows attackers to create malicious PNM files, that when parsed by the affected utility, allow arbitrary machine code to be executed. This occurs in the context of the user running the affected utility.

This vulnerability was reported in version 10.0 of NetPBM. Other versions may also be affected.

15. Rockliffe MailSite Express Arbitrary File Upload Vulnerability
BugTraq ID: 15129
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15129
Summary: MailSite Express is prone to an arbitrary file upload vulnerability.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

16. Microsoft Windows Unspecified Remote Code Execution Vulnerability
BugTraq ID: 15130
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15130
Summary: Microsoft Windows is prone to an unspecified remote code execution vulnerability.

Reportedly, this vulnerability affects Windows Media Player and Internet Explorer, allowing a remote attacker to execute arbitrary code and potentially gain unauthorized access in the context of the user running an affected client.

Due to a lack of information, further details cannot be described at the moment. This BID will be updated when more information becomes available.

17. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 15131
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15131
Summary: Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

Due to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers.

Reportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks.

Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed.

18. MySource Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15132
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15132
Summary: MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.


19. MySource Multiple Remote File Include Vulnerabilities
BugTraq ID: 15133
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15133
Summary: MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

20. Oracle October Security Update Multiple Vulnerabilities
BugTraq ID: 15134
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15134
Summary: Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are affected by multiple vulnerabilities.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats.

Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well.

Specific details regarding these vulnerabilities are not currently available.

This record will be updated and split into individual BIDs for each issue as further information is disclosed.

21. Xerver Multiple Input Validation Vulnerabilities
BugTraq ID: 15135
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15135
Summary: Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit a vulnerability to disclose the contents of any Web accessible script. Information obtained may aid in further attacks.

An attacker can retrieve a directory listing of any Web accessible folders. Information obtained may aid in further attacks.

An attacker can perform cross-site scripting attacks. This may be leveraged to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

22. HP-UX LPD Arbitrary Command Execution Vulnerability
BugTraq ID: 15136
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15136
Summary: HP-UX lpd is affected by a remote arbitrary command execution vulnerability.

A successful attack can facilitate a complete compromise.

Reportedly, this issue was silently addressed by HP in HP security bulletin HPSBUX0208-213.

23. PHPNuke Modules.PHP Search Module Remote Directory Traversal Vulnerability
BugTraq ID: 15137
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15137
Summary: PHPNuke Search Module is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input.

A remote attacker may view files that are only intended to be accessible to authenticated and authorized users. Information obtained may be used in further attacks.




24. HP-UX FTP Server Directory Listing Vulnerability
BugTraq ID: 15138
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15138
Summary: The FTP server included with HP-UX is prone to a vulnerability that may be leveraged by unauthenticated attackers to obtain directory listings.

An attacker does not require authentication credentials to carry out this attack. A successful attack can disclose sensitive information, which may aid in the exploitation of other vulnerabilities.

Reportedly, this issue was silently addressed by HP.

25. Oracle Workflow Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 15139
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15139
Summary: Oracle Workflow is prone to multiple unspecified cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Reports indicate these issues were addressed in the Oracle October Critical Patch Update (see BID 15134). However, these issues were not listed in the database matrix of that update.

Due to the availability of more information, this BID has been separated into BID 15145 (Oracle Workflow Wf_monitor Cross-Site Scripting Vulnerability) and BID 15147 (Oracle Workflow Wf_route Cross-Site Scripting Vulnerability). This record is being retired.

26. Yiff-Server File Permission Bypass Weakness
BugTraq ID: 15140
Remote: No
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15140
Summary: Yiff-Server is prone to a file permissions bypass weakness. This is due to a design error which allows local users to access the files of other users, regardless of the permissions on the given files.

This vulnerability has been confirmed in version 2.14.5; other versions may also be affected.



27. Paros HSQLDB Remote Authentication Bypass Vulnerability
BugTraq ID: 15141
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15141
Summary: Paros is prone to a remote authentication bypass vulnerability.

This issue may result in the disclosure of sensitive information, and possible execution of commands on the victim machine.

Paros version 3.2.5 is affected; earlier versions may also be vulnerable.


28. Symantec LiveUpdate for Macintosh Local Privilege Escalation Vulnerability
BugTraq ID: 15142
Remote: No
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15142
Summary: Symantec LiveUpdate for Macintosh is affected by a local privilege escalation vulnerability.

A successful attack can allow the attacker to gain complete control over the affected computer.

29. Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege Escalation Vulnerability
BugTraq ID: 15143
Remote: No
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15143
Summary: Symantec Norton Antivirus for Macintosh is susceptible to a local privilege escalation vulnerability. This issue is due to a failure of the application to properly utilize the PATH environment variable in a setuid-superuser binary.

This vulnerability allows local attackers to gain superuser privileges, leading to complete compromise of the affected computer.

30. Cisco 11500 Content Services Switch Malformed SSL Client Certificate Denial of Service Vulnerability
BugTraq ID: 15144
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15144
Summary: Cisco 11500 Content Services Switch is prone to a denial of service condition when processing malformed SSL client certificates.

Cisco 11500 Content Services Switch running WebNS operating system versions 7.1 through 7.5 are vulnerable to this issue.


31. Oracle Workflow Wf_monitor Cross-Site Scripting Vulnerability
BugTraq ID: 15145
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15145
Summary: Oracle Workflow is prone to a cross-site scripting vulnerability.

This issue affects the 'wf_monitor' script.

An attacker may leverage this vulnerability to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

This issue was addressed in Oracle Critical Patch Update - October 2005 BID 15134 (Oracle October Security Update Multiple Vulnerabilities). This issue was also reported in BID 15139 (Oracle Workflow Multiple Unspecified Cross-Site Scripting Vulnerabilities). Due to the availability of more information, this vulnerability is being assigned a new BID.

32. Oracle Application Server 10g emagent.exe Stack Overflow Vulnerability
BugTraq ID: 15146
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15146
Summary: Oracle Application Server 10g is prone to a buffer overflow. Successful exploitation could allow arbitrary code execution with SYSTEM privileges.

This vulnerability was originally described in Oracle October Security Update Multiple Vulnerabilities (BID 15134). Due to the availability of additional information, it has been assigned its own record.


33. Oracle Workflow Wf_route Cross-Site Scripting Vulnerability
BugTraq ID: 15147
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15147
Summary: Oracle Workflow is prone to a cross-site scripting vulnerability.

This issue affects the 'wf_route' script.

An attacker may leverage this vulnerability to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

This issue was addressed in Oracle Critical Patch Update - October 2005 BID 15134 (Oracle October Security Update Multiple Vulnerabilities). This issue was also reported in BID 15139 (Oracle Workflow Multiple Unspecified Cross-Site Scripting Vulnerabilities). Due to the availability of more information, this vulnerability is being assigned a new BID.

34. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13
BugTraq ID: 15148
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15148
Summary: Several vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.

These issues include:
- Buffer overflow vulnerabilities
- Null pointer dereference denial of service vulnerabilities
- Infinite loop denial of service vulnerabilities
- Memory exhaustion denial of service vulnerabilities
- Division by zero denial of service vulnerabilities
- Invalid pointer free() attempt denial of service vulnerabilities
- Unspecified denial of service vulnerabilities

These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.

Various vulnerabilities affect differing versions of Ethereal, from 0.7.7, through to 0.10.12.

35. Chipmunk Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15149
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15149
Summary: Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.


36. PHP-Nuke Modules.PHP NukeFixes Addon Remote Directory Traversal Vulnerability
BugTraq ID: 15150
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15150
Summary: PHP-Nuke NukeFixes Addon is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input.

A remote attacker may view files that are only intended to be accessible to authenticated and authorized users. Information obtained may be used in further attacks.




37. Debian Module-Assistant Insecure Temporary File Creation Vulnerability
BugTraq ID: 15151
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15151
Summary: Debian module-assistant creates temporary files in an insecure manner.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

38. Splatt Forums Remote Authentication Bypass Vulnerability
BugTraq ID: 15152
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15152
Summary: Splatt Forums is prone to a remote authentication bypass vulnerability.

An attacker may bypass the administrative logon process and make changes to posts with the effective rights of the forum administrator.


39. BMV PostScript File Handling Integer Overflow Vulnerability
BugTraq ID: 15153
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15153
Summary: BMV is prone to an integer overflow vulnerability.

This issue arises when the application handles a malformed PostScript file.

A successful attack may result in arbitrary code execution leading to unauthorized access. Reports indicate that BMV is installed as setuid root on some distributions by default, which may allow an attacker to gain superuser privileges by exploiting this issue.

40. Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
BugTraq ID: 15154
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15154
Summary: Linux kernel is prone to an issue where a world writable file is created in SYSFS. Exploitation could allow an attacker to obtain sensitive information.


41. Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
BugTraq ID: 15156
Remote: Unknown
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15156
Summary: Linux Kernel is reported prone to an unspecified denial of service vulnerability.

Reports indicate that this issue arises from an infinite loop and affects the routines responsible for handling IPv6.

No further details are available at the moment. This BID will be updated when more information becomes available.

42. Squid FTP Server Response Denial Of Service Vulnerability
BugTraq ID: 15157
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15157
Summary: Squid is prone to a remote denial of service vulnerability.

This is due to a flaw in the way that Squid communicates with ftp servers.

This issue has been reported in Squid version 2.5 and prior.


43. Ethereal Service Location Protocol Dissection Stack Buffer Overflow Vulnerability
BugTraq ID: 15158
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15158
Summary: A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Service Location Protocol dissector.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

This issue may be exploited by a single TCP packet to port 427, as Ethereal does not keep track of connection states. This allows malicious users to spoof the origin of attacks, as well as exploit this vulnerability when no services are actively listening on TCP port 427.

Note that this issue was originally disclosed in BID 15148 "Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13".

44. SCO UnixWare PPP Prompt Local Buffer Overflow Vulnerability
BugTraq ID: 15159
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15159
Summary: SCO UnixWare is prone to a local buffer overflow vulnerability.

The vulnerability presents itself when the application processes excessive data supplied through the Unixware point-to-point protocol (PPP) prompt.

UnixWare 7.1.4 and UnixWare 7.1.3 are reported to be affected by this issue.

45. SCO OpenServer Backupsh Local Buffer Overflow Vulnerability
BugTraq ID: 15160
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15160
Summary: backupsh is prone to a local buffer overflow vulnerability.

The vulnerability presents itself when the application processes excessive data, which may corrupt process memory. The specific details about this issue are not currently available.

A successful attack allows arbitrary machine code execution with group backup privileges.

OpenServer 5.0.7 is reported to be affected by this issue.

The authsh utility is also vulnerable to this issue and successful exploitation could result in an attacker gaining group auth privileges.

46. ZipGenius Multiple Archive Formats File Name Buffer Overflow Vulnerabilities
BugTraq ID: 15161
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15161
Summary: ZipGenius is prone to multiple buffer overflow issues when handling various archive formats.

These issues could be exploited to execute arbitrary code. Arbitrary code execution would occur in the context of the user who is running the application.

ZipGenius versions 5.5.1.468 and 6.0.2.1041 are reported to be vulnerable. Other versions may be affected as well.


47. AL-Caricatier SS.PHP Authentication Bypass Vulnerability
BugTraq ID: 15162
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15162
Summary: AL-Caricatier is prone to an authentication bypass vulnerability. This is due to a lack of proper validation of user-supplied input by the affected scripts.

This issue may result in the disclosure of sensitive information, and the attacker may gain administrative access to the application or site.

AL-Caricatier version 2.5 and earlier versions are vulnerable.


48. Oracle Application Server HTTP Response Splitting Vulnerability
BugTraq ID: 15163
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15163
Summary: Oracle Application Server is prone to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

This issue was addressed in Oracle Critical Patch Update - October 2005 BID 15134 (Oracle October Security Update Multiple Vulnerabilities). Due to the availability of more information, this vulnerability is being assigned a new BID.

49. TikiWiki Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 15164
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15164
Summary: TikiWiki is prone to an unspecified cross-site scripting vulnerability. This is due to a lack of proper sanitization of user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.


50. SUSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
BugTraq ID: 15165
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15165
Summary: Squid Proxy running on SUSE Linux is affected by a denial of service vulnerability.

Reports indicate that this issue arises when the application handles specially crafted HTTPS data. Due to the nature of the application, it is conjectured that this vulnerability poses a remote threat.

Successful exploitation may cause the service to crash.

SUSE Linux 9.0 is reported to be vulnerable to this issue.

This BID will be updated when more information is available.

51. Nuked Klan Multiple HTML Injection Vulnerabilities
BugTraq ID: 15166
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15166
Summary: Nuked Klan is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit these issues to control how the site is rendered to the user; other attacks are also possible.


52. BMC Control M Agent Insecure File Permission Vulnerability
BugTraq ID: 15167
Remote: No
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15167
Summary: BMC Control M Agent creates temporary files in an insecure manner.

The application creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to overwrite files in the context of the application.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

BMC Control M Agent version 6.1.03 is affected; earlier version may also be affected.


53. Zomplog Detail.PHP HTML Injection Vulnerability
BugTraq ID: 15168
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15168
Summary: Zomplog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

Zomplog version 3.4 and earlier are affected by this vulnerability.


54. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
BugTraq ID: 15169
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15169
Summary: phpMyAdmin is prone to a local file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.

phpMyAdmin 2.6.4-pl2 and earlier versions are reported to be vulnerable.


55. phpBB Avatar Upload HTML Injection Vulnerability
BugTraq ID: 15170
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15170
Summary: phpBB is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

This issue is only present when using the Microsoft Internet Explorer Web browser.


56. eBASEweb Unspecified SQL Injection Vulnerability
BugTraq ID: 15171
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15171
Summary: eBASEweb is prone to an unspecified SQL injecgtion vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

No further details have been provided.


57. FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
BugTraq ID: 15172
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15172
Summary: FlatNuke is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

It should be noted that a malicious user must have an account and be logged into the application to exploit these vulnerabilities.

SecurityFocus


1. MG2 Authentication Bypass Vulnerability
BugTraq ID: 15235
Remote: Yes
Date Published: 2005-10-29
Relevant URL: http://www.securityfocus.com/bid/15235
Summary:
MG2 is affected by an authentication bypass vulnerability. This issue can allow remote attackers to gain access to password protected image galleries.

All versions of MG2 are considered to be vulnerable at the moment. Minigal B13 is likely affected as well.

2. PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability
BugTraq ID: 15237
Remote: Yes
Date Published: 2005-10-29
Relevant URL: http://www.securityfocus.com/bid/15237
Summary:
PHP Advanced Transfer Manager can allow remote attackers to gain unauthorized access.
Access to sensitive files containing authentication credentials is not restricted, therefore an attacker can simply issue a GET request to obtain a user's password hash. This information can then allow them to successfully authenticate to the service using a cookie.

PHP Advanced Transfer Manager 1.30 is reported to be vulnerable. Other versions may be affected as well.

3. Subdreamer Multiple Remote SQL Injection Vulnerabilities
BugTraq ID: 15238
Remote: Yes
Date Published: 2005-10-29
Relevant URL: http://www.securityfocus.com/bid/15238
Summary:
Subdreamer is prone to multiple remote SQL injection vulnerabilities.

These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Subdreamer 2.2.1 is reported to be vulnerable. Other versions may be affected as well.

4. OpenVPN Client Remote Format String Vulnerability
BugTraq ID: 15239
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15239
Summary:
OpenVPN is reported prone to a remote format string vulnerability.

A malicious server can send specially crafted command options such as 'dhcp-option' including format specifiers to a client to trigger this vulnerability.

A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. This can result in unauthorized remote access.

This issue affects OpenVPN 2.0.x versions. OpenVPN running on Windows is not vulnerable to this issue.

5. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 15240
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15240
Summary:
Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

6. Snitz Forum Post.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 15241
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15241
Summary:
Snitz Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.


7. NTop Insecure Temporary File Creation Vulnerability
BugTraq ID: 15242
Remote: No
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15242
Summary:
ntop creates temporary files in an insecure manner.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

8. PHPBB Global Variable Deregistration Bypass Vulnerabilities
BugTraq ID: 15243
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15243
Summary:
phpBB is prone to multiple vulnerabilities resulting from improper deregistration of global variables.

These issues may allow remote attackers to execute arbitrary PHP code, carry out SQL injection, HTML injection, and cross-site scripting attacks.

phpBB 2.0.17 and prior versions are affected by these issues.

9. PHPCafe Tutorial Manager Index.PHP SQL Injection Vulnerability
BugTraq ID: 15244
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15244
Summary:
PHPcafe Tutorial Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

10. OaBoard Forum.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 15245
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15245
Summary:
OaBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

11. PHPBB Multiple Unspecified Vulnerabilities
BugTraq ID: 15246
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15246
Summary:
phpBB is prone to multiple unspecified vulnerabilities. Some of these issues result from insufficient sanitization of user-supplied data, however, the causes and impacts of other issues were not specified.

phpBB 2.0.17 and prior versions are affected by these issues.

Due to a lack of information, further details cannot be provided at the moment. It is possible that some of these issues were reported prior to the release of this record. This BID will be updated when more information becomes available.

12. IBM AIX CHCONS Local Buffer Overflow Vulnerability
BugTraq ID: 15247
Remote: No
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15247
Summary:
IBM AIX chcons is prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers. This issue presents itself when 'DEBUG MALLOC' is enabled.

If the affected utility has setuid-superuser privileges, then a successful attack allows arbitrary machine code execution with superuser privileges.

13. PHP PHPInfo Cross-Site Scripting Vulnerability
BugTraq ID: 15248
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15248
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

14. PHP Parse_Str Register_Globals Activation Weakness
BugTraq ID: 15249
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15249
Summary:
PHP is susceptible to a weakness that allows attackers to re-enable the 'register_globals' directive. This issue is due to a failure of the application to handle a memory limit exception.

The 'register_globals' directive will remain enabled for the rest of the lifetime of the affected process. If PHP is being run as an Apache module, then the process handling the malicious request will have 'register_globals' enabled for the duration of the processes life. If PHP is being run as a CGI process, this issue is not likely exploitable.

By exploiting this issue, remote attackers may be able to enable 'register_globals'. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.

15. PHP File Upload GLOBAL Variable Overwrite Vulnerability
BugTraq ID: 15250
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15250
Summary:
PHP is susceptible to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests.

By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.

16. Comersus BackOffice Multiple Input Validation And Information Disclosure Vulnerabilities
BugTraq ID: 15251
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15251
Summary:
Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities.

The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks.

An attacker can exploit these vulnerabilities to retrieve sensitive and privileged information, gain access to the application as an administrative user and perform cross-site scripting attacks to retrieve cookie-based authentication credentials from victim users; other attacks are also possible.

17. Apple Mac OS X Security Update 2005-10-31 Multiple Local Vulnerabilities
BugTraq ID: 15252
Remote: No
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15252
Summary:
Apple has released Security Update 2005-10-31 to address multiple Mac OS X local vulnerabilities.

The following vulnerabilities were addressed by the security update:

- A misleading file ownership display, resulting in a false sense of security.

- A software update failure, potentially resulting in a failure to install critical security fixes.

- A group membership alteration issue, potentially resulting in unauthorized access due to a delayed changes to group membership.

- An information disclosure issue with Keychain, potentially allowing unauthorized users to view already displayed plaintext passwords after the Keychain has automatically locked due to a timeout.

- Multiple information disclosure issues in the kernel, potentially allowing local users to gain access to sensitive information, aiding them in further attacks.

These vulnerabilities will be separated into individual BIDs upon further analysis of the issues.

18. IOFTPD Username Enumeration Vulnerability
BugTraq ID: 15253
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15253
Summary:
ioFTPD is prone to a username enumeration vulnerability. This issue is due to a design error in the application when verifying user-supplied input.
Attackers may exploit this vulnerability to discern valid usernames. This may aid them in brute force password cracking, or other attacks.

19. Belchior Foundry vCard Pro Addrbook.PHP SQL Injection Vulnerability
BugTraq ID: 15254
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15254
Summary:
vCard PRO is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.


20. EyeOS Desktop.PHP HTML Injection Vulnerability
BugTraq ID: 15255
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15255
Summary:
eyeOS is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

21. EyeOS User And Password Information Disclosure Vulnerability
BugTraq ID: 15256
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15256
Summary:
eyeOS is prone to an information disclosure vulnerability. This issue is due to a failure in the application to do proper access validation before granting access to sensitive and privileged information.

An attacker can exploit this vulnerability to obtain a list of valid usernames and their corresponding encrypted passwords. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.

22. Elite Forum HTML Injection Vulnerability
BugTraq ID: 15257
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15257
Summary:
Elite Forum is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.


23. Multiple Vendor ReadDir_R Buffer Overflow Vulnerability
BugTraq ID: 15259
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15259
Summary:
Certain uses of the 'readdir_r' function may result in a buffer overflow vulnerability. This issue is due to a race condition between the allocation of a memory buffer, and the usage of the buffer in further operations.

Specifically, the 'readdir_r' function fails to specify or require a specific size of memory buffer that it returns its results into. By using a memory buffer that is too small for the result, a buffer overflow may occur.

Attackers may exploit this issue to execute arbitrary machine code in the context of affected applications. Failed exploit attempts will likely result in crashes, denying service to legitimate users.

Operating systems with no difference in the maximum path lengths among differing file systems are not affected by this issue.

24. VUBB Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15260
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15260
Summary:
VUBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.


25. OpenVMS Unspecified Local Denial of Service Vulnerability
BugTraq ID: 15261
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15261
Summary:
OpenVMS is prone to an unspecified local denial of service vulnerability. This issue is most likely due to a failure in the software to handle exceptional conditions.

An attacker can exploit this vulnerability to cause the application to become unstable or halt, ultimately denying service to legitimate user.

Very little information is currently available on this vulnerability, this BID will be updated as further information becomes available.

26. Pax File Permission Modification Race Condition Weakness
BugTraq ID: 15262
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15262
Summary:
Pax is reported prone to a security weakness; the issue is only present when an archive is extracted into a world or group writable directory. It is reported that pax employs non-atomic procedures to write a file and later change the permissions on the newly extracted file.

A local attacker may leverage this issue to modify file permissions of target files.


27. NetBSD Insecure Temporary File Creation Vulnerability
BugTraq ID: 15263
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15263
Summary:
NetBSD creates temporary files in an insecure manner in the X build process. An attacker with local access could potentially exploit this issue to overwrite files in the context of the victim user.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

28. NetBSD KernFS Local Kernel Memory Disclosure Vulnerability
BugTraq ID: 15264
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15264
Summary:
The kernfs file system in NetBSD is prone to a kernel memory disclosure vulnerability. This issue arises due to insufficient sanitization of user-supplied arguments passed to 'kernfs_xread()'.

Information disclosed through this attack may be used to launch other attacks against a computer and potentially aid in a complete compromise.

29. XMB Forum Post.PHP SQL Injection Vulnerability
BugTraq ID: 15267
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15267
Summary:
XMB Nexus Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.



30. Microsoft Internet Explorer Malformed HTML Parsing Denial of Service Vulnerability
BugTraq ID: 15268
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15268
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue arises because the application fails to properly parse certain malformed HTML content.

An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application.

Few details are available at this time; this BID will be updated as further information is disclosed.

31. Cisco Management Center for IPS Sensors Configuration Download Weakness
BugTraq ID: 15269
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15269
Summary:
Cisco Management Center for IPS Sensors is prone to an issue that may cause some IPS signatures to be disabled during deployment.

Cisco IOS IPS devices configured by IPS MC 2.1 are prone to this issue. Cisco IDS/IPS solution, configured by either Cisco IPS MC v2.1, Cisco IDS MC, Cisco SDM or by using the Cisco IOS CLI are vulnerable as well.

32. OpenVPN Server Remote Denial Of Service Vulnerability
BugTraq ID: 15270
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15270
Summary:
OpenVPN server is prone to a remote denial of service vulnerability. This is due to a design error in which the server, running in TCP mode, will be unable to handle exceptional conditions.

This issue affects all OpenVPN 2.0 versions; the vendor has released version 2.0.4 to address this issue.


33. Sun Java System Communications Express Information Disclosure Vulnerability
BugTraq ID: 15271
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15271
Summary:
Sun Java System Communications Express is prone to an information disclosure vulnerability.

A remote attacker may obtain application configuration files.

34. Cisco Airespace WLAN Controller Unauthorized Network Access Vulnerability
BugTraq ID: 15272
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15272
Summary:
Cisco Airespace WLAN (Wireless LAN) devices are prone to an issue that may permit unauthorized parties to access a secure network.
This issue can occur when Cisco access points are configured to run in Lightweight Access Point Protocol (LWAPP) mode.

This vulnerability may allow unauthorized parties to send unencrypted network packets to a secure network by spoofing the MAC address of another host that has already authenticated. This may bypass the security of the wireless network as it may permit unauthorized access by hosts that have not authenticated.

35. RhinoSoft Serv-U FTP Server Unspecified Denial of Service Vulnerability
BugTraq ID: 15273
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15273
Summary:
Serv-U FTP server is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to handle exceptional conditions.

Specific details regarding this issue are not currently available, this BID will be updated as more information becomes available.

An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users.

36. News2Net Index.PHP SQL Injection Vulnerability
BugTraq ID: 15274
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15274
Summary:
News2Net is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

37. Cisco IOS System Timers Heap Buffer Overflow Exploitation
BugTraq ID: 15275
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15275
Summary:
Cisco IOS is prone to heap-based buffer overflow exploitation. Cisco has released an advisory stating that IOS upgrades are available to address the possibility of exploitation of heap-based buffer overflow vulnerabilities. It is not known at this time if the advisory addresses a specific heap overflow or just provides security enhancements to mitigate attempts to exploit other heap overflow vulnerabilities.

38. phpWebThings Forum.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15276
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15276
Summary:
phpWebThings is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

phpWebThings version 1.4.4 is affected; other versions may also be vulnerable.


39. PHPWebThing Forum.PHP SQL Injection Vulnerability
BugTraq ID: 15277
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15277
Summary:
phpWebThing is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

40. MailWatch for MailScanner Authenticate Function SQL Injection Vulnerability
BugTraq ID: 15278
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15278
Summary:
MailWatch for MailScanner is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.


41. Asus VideoSecurity Online Web Server Authentication Buffer Overflow Vulnerability
BugTraq ID: 15279
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15279
Summary:
Asus VideoSecurity Online is prone to a buffer overflow in the authentication mechanism of the included Web server. This issue only exists if authentication is enabled on the Web server.

The Web server included with Asus VideoSecurity Online is not enabled by default.

This vulnerability is reported to affect Asus VideoSecurity Online 3.5.0 and earlier.



42. Glider Collect'N Kill Remote Buffer Overflow Vulnerability
BugTraq ID: 15280
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15280
Summary:
Glider Connect'n Kill is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

An attacker can exploit this vulnerability to overflow a memory buffer, possibly resulting in a denial of service condition. Execution of arbitrary code may also be possible.

43. Asus VideoSecurity Online Web Server Directory Traversal Vulnerability
BugTraq ID: 15281
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15281
Summary:
Asus VideoSecurity Online is prone to a directory traversal vulnerability. Exploitation could allow a remote attacker to obtain sensitive information that could be used to mount further attacks.

The Web server included with Asus VideoSecurity Online is not enabled by default.

This vulnerability is reported to affect Asus VideoSecurity Online 3.5.0 and earlier.


44. Battle Carry Remote Denial of Service Vulnerability
BugTraq ID: 15282
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15282
Summary:
Battle Carry is prone to a remote denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions.

An attacker can exploit this vulnerability to crash the application, ultimately resulting in a denial of service to legitimate users.

45. Simple PHP Blog Multiple Input Validation Vulnerabilities
BugTraq ID: 15283
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15283
Summary:
Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks.


46. F-Secure Web Console Directory Traversal Vulnerability
BugTraq ID: 15284
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15284
Summary:
F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper are prone to a directory traversal vulnerability.

Reports indicate that the Web Console for the products can allow remote unauthorized attackers to view arbitrary files in the context of the application.

It should be noted that the Web Console for F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper is configured by default to accept connections from localhost only. The remote threat only arises if the application has been configured to accept connections from elsewhere. The default configuration only poses a local threat.

47. GraphOn GO-Global For Windows Remote Buffer Overflow Vulnerability
BugTraq ID: 15285
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15285
Summary:
GraphOn GO-Global For Windows is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

An attacker can exploit this vulnerability to overflow a memory buffer, possibly resulting in a denial of service condition. Execution of arbitrary code may also be possible.

Versions 3.1.0.3270 and prior are affected by this issue.

48. Invision Gallery Image Upload HTML Injection Vulnerability
BugTraq ID: 15286
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15286
Summary:
Invision Gallery is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

This issue is only present when using the Microsoft Internet Explorer Web browser.


49. Johannes F. Kuhlmann FlatFrag Multiple Remote Buffer Overflow And Denial Of Service Vulnerabilities
BugTraq ID: 15287
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15287
Summary:
Johannes F. Kuhlmann FlatFrag is prone to multiple remote buffer overflow and denial of service vulnerabilities. The buffer overflow issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. The denial of service issue is due to an attempt to dereference a NULL pointer.

An attacker may exploit these issues to crash the application, or execute arbitrary machine code in the context of the affected application.

Versions 0.3 and prior are affected by these issues.

50. NeroNet Limited Directory Traversal Vulnerability
BugTraq ID: 15288
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15288
Summary:
NeroNet is prone to a directory traversal vulnerability.

Reports indicate that this product can allow remote unauthorized attackers to view arbitrary files in the context of the application.

Exploitation of this vulnerability could lead to a loss of confidentiality. Information obtained may aid in further attacks against the underlying computer.

It is reported that NeroNET versions 1.2.0.2 and earlier are vulnerable.


51. NetBSD SO_LINGER DIAGNOSTIC Checking Local Denial of Service Vulnerability
BugTraq ID: 15289
Remote: No
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15289
Summary:
NetBSD is susceptible to a local denial of service condition due to a kernel-level bug in the SO_LINGER diagnostics checking code. NetBSD versions 2.x are affected.
This issue only affects NetBSD kernels compiled with the 'DIAGNOSTIC' directive enabled.

This issue allows local attackers to panic the kernel, denying further service to legitimate users.

52. NetBSD Local PTrace Privilege Escalation Vulnerability
BugTraq ID: 15290
Remote: No
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15290
Summary:
NetBSD is susceptible to a local privilege escalation vulnerability in its 'ptrace' process tracing facility. This issue is due to a failure of the kernel to properly validate if an executable is running with elevated privileges prior to allowing the process to be traced.

This issue allows local attackers to ptrace privileged processes. Attackers may call arbitrary system calls, and alter the behavior of the traced process. This likely leads to a full system compromise.

53. IPSwitch WhatsUp Small Business 2004 Report Service Directory Traversal Vulnerability
BugTraq ID: 15291
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15291
Summary:
IPSwitch WhatsUp Small Business 2004 is prone to a directory traversal vulnerability. Successful exploitation could allow a remote attacker to gain access to files outside the Web root. Sensitive information may be obtained in this manner.


54. Scorched 3D Multiple Vulnerabilities
BugTraq ID: 15292
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15292
Summary:
Scorched 3D is prone to multiple vulnerabilities. These issues include numerous buffer overflow, format string, denial of service and arbitrary code execution issues.

These issues are remote in nature and some vulnerabilities require successful authentication prior to exploitation.

Scorched 3D 39.1 and prior versions are affected by these issues.

55. F-Prot Antivirus ZIP Attachment Version Scan Evasion Vulnerability
BugTraq ID: 15293
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15293
Summary:
F-prot Antivirus is prone to a scan evasion vulnerability when dealing with ZIP archive attachments. This issue is due to a design error in the application that flags certain ZIP files as harmless when it is unable to decompress them.

An attacker can exploit this vulnerability by crafting a specially designed ZIP file containing malicious code and bypass the antivirus software.
56. PHP Handicapper Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15294
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15294
Summary:
PHP Handicapper is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

57. CutePHP CuteNews Directory Traversal Vulnerability
BugTraq ID: 15295
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15295
Summary:
CuteNews is affected by a directory traversal vulnerability.

An unauthorized attacker can retrieve or upload arbitrary files by supplying directory traversal strings '../' through an affected URI parameter.

Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system.
An attacker may also upload arbitrary scripts, which may be subsequently executed leading to a remote compromise in the context of the server.

CuteNews 1.4.1 is reported to be vulnerable to this issue. Other versions may be affected as well.

58. vBulletin Image Upload HTML Injection Vulnerability
BugTraq ID: 15296
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15296
Summary:
vBulletin is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

This issue is only present when using the Microsoft Internet Explorer Web browser.


59. PHP Handicapper Process_signup.PHP SQL Injection Vulnerability
BugTraq ID: 15298
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15298
Summary:
PHP Handicapper is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

60. Libungif Colormap Handling Memory Corruption Vulnerability
BugTraq ID: 15299
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15299
Summary:
libungif is prone to a memory corruption vulnerability.

Reports indicate that due to improper handling of colormaps in GIF files an attacker can trigger out-of-bounds writes and corrupt memory.

This may lead to a denial of service condition.

libungif 4.1.3 and prior versions are considered to be vulnerable to this issue.

61. Microsoft November Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 15300
Remote: Unknown
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15300
Summary:
Microsoft has released advanced notification for one security bulletin that will be released on November 8, 2005.

This bulletin affects Microsoft Windows.

62. PHP Handicapper Process_signup.PHP HTTP Response Splitting Vulnerability
BugTraq ID: 15301
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15301
Summary:
PHP Handicapper is vulnerable to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.


63. Movable Type Arbitrary Blog Creation Path Vulnerability
BugTraq ID: 15302
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15302
Summary:
Movable Type is prone to an arbitrary blog creation path vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

It should be noted that this vulnerability applies only when a validated user has sufficient permissions to create blog entries.

64. IBM WebSphere Application Server QueryString Information Disclosure Vulnerability
BugTraq ID: 15303
Remote: No
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15303
Summary:
A remote information disclosure vulnerability reportedly affects the IBM WebSphere Application Server.

A malicious user may leverage this issue to disclose potentially sensitive information, aiding them in further attacks.

65. Libungif Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 15304
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15304
Summary:
libungif is prone to a denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions.

Successful exploitation of this vulnerability will cause the application utilizing the affected library to crash, effectively denying service to legitimate users.

libungif 4.1.3 and prior versions are considered to be vulnerable to this issue.

66. Movable Type Blog Entry Posting HTML Injection Vulnerability
BugTraq ID: 15305
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15305
Summary:
Movable Type is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.


67. Apple QuickTime Embedded Pascal Style Remote Integer Overflow Vulnerability
BugTraq ID: 15306
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15306
Summary:
A remote integer overflow vulnerability affects Apple QuickTime. This issue is due to a failure of the application to properly validate integer signed-ness prior to using it to carry out critical operations.

An attacker may leverage this issue to cause the affected QuickTime client to crash, denying service to legitimate users. It has been speculated that this issue may also facilitate code execution; any code execution would occur with the privileges of the user that activated the affected software.

68. Apple QuickTime Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 15307
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15307
Summary:
QuickTime is prone to a denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions.

Successful exploitation of this vulnerability will cause the application to crash, effectively denying service to legitimate users.

69. Apple QuickTime Movie Attributes Remote Integer Overflow Vulnerability
BugTraq ID: 15308
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15308
Summary:
A remote integer overflow vulnerability affects Apple QuickTime. This issue is due to a failure of the application to properly validate integer signed-ness prior to using it to carry out critical operations.

An attacker may leverage this issue to cause the affected QuickTime client to crash, denying service to legitimate users. It has been speculated that this issue may also facilitate code execution; any code execution would occur with the privileges of the user that activated the affected software.

70. Apple QuickTime Compressed PICT Data Remote Buffer Overflow Vulnerability
BugTraq ID: 15309
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15309
Summary:
A remote buffer overflow vulnerability affects Apple QuickTime. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

An attacker may leverage this issue to cause the affected QuickTime client to crash, denying service to legitimate users. It has been speculated that this issue may also facilitate code execution; any code execution would occur with the privileges of the user that activated the affected software.

71. Sun Java Development Kit Font Serialization Remote Denial of Service Vulnerability
BugTraq ID: 15312
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15312
Summary:
The Sun Java Development Kit (JDK) is prone to a remote denial of service vulnerability. This is due to a font deserialization error. It has been demonstrated that this could be exploited to attack JBoss versions that employ affected versions of the JDK, though the issue itself exists in the JDK.

Successful exploitation could cause an application that implements the JDK to fail, denying service to legitimate users.


72. Galerie ShowGallery.PHP SQL Injection Vulnerability
BugTraq ID: 15313
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15313
Summary:
Galerie is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.


73. CHFN User Modification Privilege Escalation Vulnerability
BugTraq ID: 15314
Remote: No
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15314
Summary:
chfn is prone to a privilege escalation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

A local attacker can exploit this vulnerability to escalate privileges to that of the superuser account.

74. Cerberus Helpdesk Information Disclosure Vulnerability
BugTraq ID: 15315
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15315
Summary:
Cerberus Helpdesk is prone to an information disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary email attachments of other users in the security context of the Web server process. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.


75. Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability
BugTraq ID: 15316
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15316
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed TNEF files.

Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.


76. Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
BugTraq ID: 15317
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15317
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed CAB files.

Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.

77. Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability
BugTraq ID: 15318
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15318
Summary:
ClamAV is prone to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue occurs when the application attempts to handle FSG files.

Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.

78. GpsDrive Friendsd Remote Format String Vulnerability
BugTraq ID: 15319
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15319
Summary:
GpsDrive is prone to a remote format string vulnerability. A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. This can result in unauthorized remote access.


79. Acme Thttpd Insecure Temporary File Creation Vulnerability
BugTraq ID: 15320
Remote: No
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15320
Summary:
thttpd creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to overwrite files in the context of the Web server process.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.


80. IBM Lotus Domino Multiple Vulnerabilities
BugTraq ID: 15321
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15321
Summary:
IBM Lotus Domino is prone to multiple vulnerabilities. Some of these issues can be exploited to trigger a crash, however, some unspecified issues with unknown impacts have also been identified.

These issues affect Lotus Domino versions prior to 6.5.4 Fix Pack 2.

81. PunBB/Blog:CMS Image Upload HTML Injection Vulnerability
BugTraq ID: 15322
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15322
Summary:
PunBB and Blog:CMS are prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

This issue is only present when using the Microsoft Internet Explorer Web browser.


82. IBM AIX SWCONS Local Buffer Overflow Vulnerability
BugTraq ID: 15323
Remote: No
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15323
Summary:
IBM AIX swcons is prone to a local buffer overflow vulnerability.

If the affected utility has setuid-superuser privileges, then a successful attack allows arbitrary machine code execution with superuser privileges.

83. JPortal Multiple SQL Injection Vulnerabilities
BugTraq ID: 15324
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15324
Summary:
JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

84. Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
BugTraq ID: 15325
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15325
Summary:
A remote denial of service vulnerability affects Apache Tomcat. This issue is due to a failure of the application to efficiently handle multiple directory listing requests.

Once this issue has been triggered, the application fails to serve further requests to legitimate users until the Tomcat processes have been restarted.

An attacker may leverage this issue to trigger a denial of service condition in the affected software.

85. PunBB/BLOG:CMS Origin Spoofing Vulnerability
BugTraq ID: 15326
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15326
Summary:
PunBB and Blog:CMS allow attackers to hide addresses using the X_FORWARDED_FOR field in the HTTP header.

These applications accept the values supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply a fake IP address in the environment variable that would obscure the origin on the request.

86. cPanel Chat Message Field HTML Injection Vulnerability
BugTraq ID: 15327
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15327
Summary:
cPanel is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

It should be noted that the attacker will most likely need a cPanel account to exploit this vulnerability.


87. PunBB/BLOG:CMS Unspecified Information Disclosure Vulnerability
BugTraq ID: 15328
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15328
Summary:
PunBB and Blog:CMS are prone to an unspecified information disclosure vulnerability.

Very little information is available on this vulnerability. This BID will be updated as further information becomes available.

88. Ocean12 ASP Calendar Manager Authentication Bypass Vulnerability
BugTraq ID: 15329
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15329
Summary:
Ocean12 ASP Calendar Manager is prone to an authentication bypass vulnerability. This is due to to an access validation error in the application.

The application does properly verify access privileges and allows the attacker to gain access to restricted data.

Version 1.01 is affected; other versions may also be vulnerable.


89. Ocean12 ASP Calendar Manager SQL Injection Vulnerability
BugTraq ID: 15330
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15330
Summary:
Ocean12 ASP Calendar Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.


90. Multiple Vendor Web Browser Cookie Hostname Handling Weakness
BugTraq ID: 15331
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15331
Summary:
Multiple Web browsers are susceptible to a cookie hostname handling weakness that potentially discloses sensitive information. This issue is due to a failure of the Web browsers to properly ensure that cookies are properly associated to domain names.

This issue presents itself when the computer running the affected Web browser has the DNS resolver library configured with a search path.
This issue potentially allows remote attackers to gain access to potentially sensitive information stored in browser cookies, aiding them in further attacks. This may also aid attackers in phishing style attacks, by obfuscating the destination of URIs.

It should be noted that this issue is only exploitable if users utilize hostnames that are simultaneously valid regarding existing top level domains, and internally hosted domains.

91. Macromedia Flash Array Index Memory Access Vulnerability
BugTraq ID: 15332
Remote: Yes
Date Published: 2005-11-05
Relevant URL: http://www.securityfocus.com/bid/15332
Summary:
The Flash plug-in is vulnerable to an input validation error that can be reliably exploited to execute arbitrary code. The vulnerability is due to an input validation error for a critical array index value.
An attacker can exploit this vulnerability to execute arbitrary code. The most likely vector of attack is through a malicious SWF file designed to trigger the vulnerability that has been placed on a web site.

Macromedia Flash 6 and 7 are reported affected.

92. ibProArcade User ID SQL Injection Vulnerability
BugTraq ID: 15333
Remote: Yes
Date Published: 2005-11-05
Relevant URL: http://www.securityfocus.com/bid/15333
Summary:
A SQL injection attack due to an input validation error has been reported. The vulnerability is said to be in the "index.php" scripts on both PowerBoard and vBulletin installations when the module is enabled. The HTML variable "id" for PowerBoard users and "userid" for vBulletin users is reportedly not properly escaped before it is embedded in a SQL query string.