SecurityFocus
1. MG2 Authentication Bypass Vulnerability
BugTraq ID: 15235
Remote: Yes
Date Published: 2005-10-29
Relevant URL:
http://www.securityfocus.com/bid/15235
Summary:
MG2 is affected by an authentication bypass vulnerability. This issue can allow remote attackers to gain access to password protected image galleries.
All versions of MG2 are considered to be vulnerable at the moment. Minigal B13 is likely affected as well.
2. PHP Advanced Transfer Manager Remote Unauthorized Access Vulnerability
BugTraq ID: 15237
Remote: Yes
Date Published: 2005-10-29
Relevant URL:
http://www.securityfocus.com/bid/15237
Summary:
PHP Advanced Transfer Manager can allow remote attackers to gain unauthorized access.
Access to sensitive files containing authentication credentials is not restricted, therefore an attacker can simply issue a GET request to obtain a user's password hash. This information can then allow them to successfully authenticate to the service using a cookie.
PHP Advanced Transfer Manager 1.30 is reported to be vulnerable. Other versions may be affected as well.
3. Subdreamer Multiple Remote SQL Injection Vulnerabilities
BugTraq ID: 15238
Remote: Yes
Date Published: 2005-10-29
Relevant URL:
http://www.securityfocus.com/bid/15238
Summary:
Subdreamer is prone to multiple remote SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Subdreamer 2.2.1 is reported to be vulnerable. Other versions may be affected as well.
4. OpenVPN Client Remote Format String Vulnerability
BugTraq ID: 15239
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15239
Summary:
OpenVPN is reported prone to a remote format string vulnerability.
A malicious server can send specially crafted command options such as 'dhcp-option' including format specifiers to a client to trigger this vulnerability.
A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. This can result in unauthorized remote access.
This issue affects OpenVPN 2.0.x versions. OpenVPN running on Windows is not vulnerable to this issue.
5. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 15240
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15240
Summary:
Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
6. Snitz Forum Post.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 15241
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15241
Summary:
Snitz Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
7. NTop Insecure Temporary File Creation Vulnerability
BugTraq ID: 15242
Remote: No
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15242
Summary:
ntop creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
8. PHPBB Global Variable Deregistration Bypass Vulnerabilities
BugTraq ID: 15243
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15243
Summary:
phpBB is prone to multiple vulnerabilities resulting from improper deregistration of global variables.
These issues may allow remote attackers to execute arbitrary PHP code, carry out SQL injection, HTML injection, and cross-site scripting attacks.
phpBB 2.0.17 and prior versions are affected by these issues.
9. PHPCafe Tutorial Manager Index.PHP SQL Injection Vulnerability
BugTraq ID: 15244
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15244
Summary:
PHPcafe Tutorial Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
10. OaBoard Forum.PHP Multiple SQL Injection Vulnerabilities
BugTraq ID: 15245
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15245
Summary:
OaBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
11. PHPBB Multiple Unspecified Vulnerabilities
BugTraq ID: 15246
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15246
Summary:
phpBB is prone to multiple unspecified vulnerabilities. Some of these issues result from insufficient sanitization of user-supplied data, however, the causes and impacts of other issues were not specified.
phpBB 2.0.17 and prior versions are affected by these issues.
Due to a lack of information, further details cannot be provided at the moment. It is possible that some of these issues were reported prior to the release of this record. This BID will be updated when more information becomes available.
12. IBM AIX CHCONS Local Buffer Overflow Vulnerability
BugTraq ID: 15247
Remote: No
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15247
Summary:
IBM AIX chcons is prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers. This issue presents itself when 'DEBUG MALLOC' is enabled.
If the affected utility has setuid-superuser privileges, then a successful attack allows arbitrary machine code execution with superuser privileges.
13. PHP PHPInfo Cross-Site Scripting Vulnerability
BugTraq ID: 15248
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15248
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
14. PHP Parse_Str Register_Globals Activation Weakness
BugTraq ID: 15249
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15249
Summary:
PHP is susceptible to a weakness that allows attackers to re-enable the 'register_globals' directive. This issue is due to a failure of the application to handle a memory limit exception.
The 'register_globals' directive will remain enabled for the rest of the lifetime of the affected process. If PHP is being run as an Apache module, then the process handling the malicious request will have 'register_globals' enabled for the duration of the processes life. If PHP is being run as a CGI process, this issue is not likely exploitable.
By exploiting this issue, remote attackers may be able to enable 'register_globals'. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.
15. PHP File Upload GLOBAL Variable Overwrite Vulnerability
BugTraq ID: 15250
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15250
Summary:
PHP is susceptible to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests.
By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.
16. Comersus BackOffice Multiple Input Validation And Information Disclosure Vulnerabilities
BugTraq ID: 15251
Remote: Yes
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15251
Summary:
Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities.
The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks.
An attacker can exploit these vulnerabilities to retrieve sensitive and privileged information, gain access to the application as an administrative user and perform cross-site scripting attacks to retrieve cookie-based authentication credentials from victim users; other attacks are also possible.
17. Apple Mac OS X Security Update 2005-10-31 Multiple Local Vulnerabilities
BugTraq ID: 15252
Remote: No
Date Published: 2005-10-31
Relevant URL:
http://www.securityfocus.com/bid/15252
Summary:
Apple has released Security Update 2005-10-31 to address multiple Mac OS X local vulnerabilities.
The following vulnerabilities were addressed by the security update:
- A misleading file ownership display, resulting in a false sense of security.
- A software update failure, potentially resulting in a failure to install critical security fixes.
- A group membership alteration issue, potentially resulting in unauthorized access due to a delayed changes to group membership.
- An information disclosure issue with Keychain, potentially allowing unauthorized users to view already displayed plaintext passwords after the Keychain has automatically locked due to a timeout.
- Multiple information disclosure issues in the kernel, potentially allowing local users to gain access to sensitive information, aiding them in further attacks.
These vulnerabilities will be separated into individual BIDs upon further analysis of the issues.
18. IOFTPD Username Enumeration Vulnerability
BugTraq ID: 15253
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15253
Summary:
ioFTPD is prone to a username enumeration vulnerability. This issue is due to a design error in the application when verifying user-supplied input.
Attackers may exploit this vulnerability to discern valid usernames. This may aid them in brute force password cracking, or other attacks.
19. Belchior Foundry vCard Pro Addrbook.PHP SQL Injection Vulnerability
BugTraq ID: 15254
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15254
Summary:
vCard PRO is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
20. EyeOS Desktop.PHP HTML Injection Vulnerability
BugTraq ID: 15255
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15255
Summary:
eyeOS is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
21. EyeOS User And Password Information Disclosure Vulnerability
BugTraq ID: 15256
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15256
Summary:
eyeOS is prone to an information disclosure vulnerability. This issue is due to a failure in the application to do proper access validation before granting access to sensitive and privileged information.
An attacker can exploit this vulnerability to obtain a list of valid usernames and their corresponding encrypted passwords. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
22. Elite Forum HTML Injection Vulnerability
BugTraq ID: 15257
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15257
Summary:
Elite Forum is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
23. Multiple Vendor ReadDir_R Buffer Overflow Vulnerability
BugTraq ID: 15259
Remote: No
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15259
Summary:
Certain uses of the 'readdir_r' function may result in a buffer overflow vulnerability. This issue is due to a race condition between the allocation of a memory buffer, and the usage of the buffer in further operations.
Specifically, the 'readdir_r' function fails to specify or require a specific size of memory buffer that it returns its results into. By using a memory buffer that is too small for the result, a buffer overflow may occur.
Attackers may exploit this issue to execute arbitrary machine code in the context of affected applications. Failed exploit attempts will likely result in crashes, denying service to legitimate users.
Operating systems with no difference in the maximum path lengths among differing file systems are not affected by this issue.
24. VUBB Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 15260
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15260
Summary:
VUBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
25. OpenVMS Unspecified Local Denial of Service Vulnerability
BugTraq ID: 15261
Remote: No
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15261
Summary:
OpenVMS is prone to an unspecified local denial of service vulnerability. This issue is most likely due to a failure in the software to handle exceptional conditions.
An attacker can exploit this vulnerability to cause the application to become unstable or halt, ultimately denying service to legitimate user.
Very little information is currently available on this vulnerability, this BID will be updated as further information becomes available.
26. Pax File Permission Modification Race Condition Weakness
BugTraq ID: 15262
Remote: No
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15262
Summary:
Pax is reported prone to a security weakness; the issue is only present when an archive is extracted into a world or group writable directory. It is reported that pax employs non-atomic procedures to write a file and later change the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of target files.
27. NetBSD Insecure Temporary File Creation Vulnerability
BugTraq ID: 15263
Remote: No
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15263
Summary:
NetBSD creates temporary files in an insecure manner in the X build process. An attacker with local access could potentially exploit this issue to overwrite files in the context of the victim user.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
28. NetBSD KernFS Local Kernel Memory Disclosure Vulnerability
BugTraq ID: 15264
Remote: No
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15264
Summary:
The kernfs file system in NetBSD is prone to a kernel memory disclosure vulnerability. This issue arises due to insufficient sanitization of user-supplied arguments passed to 'kernfs_xread()'.
Information disclosed through this attack may be used to launch other attacks against a computer and potentially aid in a complete compromise.
29. XMB Forum Post.PHP SQL Injection Vulnerability
BugTraq ID: 15267
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15267
Summary:
XMB Nexus Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
30. Microsoft Internet Explorer Malformed HTML Parsing Denial of Service Vulnerability
BugTraq ID: 15268
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15268
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue arises because the application fails to properly parse certain malformed HTML content.
An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application.
Few details are available at this time; this BID will be updated as further information is disclosed.
31. Cisco Management Center for IPS Sensors Configuration Download Weakness
BugTraq ID: 15269
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15269
Summary:
Cisco Management Center for IPS Sensors is prone to an issue that may cause some IPS signatures to be disabled during deployment.
Cisco IOS IPS devices configured by IPS MC 2.1 are prone to this issue. Cisco IDS/IPS solution, configured by either Cisco IPS MC v2.1, Cisco IDS MC, Cisco SDM or by using the Cisco IOS CLI are vulnerable as well.
32. OpenVPN Server Remote Denial Of Service Vulnerability
BugTraq ID: 15270
Remote: Yes
Date Published: 2005-11-01
Relevant URL:
http://www.securityfocus.com/bid/15270
Summary:
OpenVPN server is prone to a remote denial of service vulnerability. This is due to a design error in which the server, running in TCP mode, will be unable to handle exceptional conditions.
This issue affects all OpenVPN 2.0 versions; the vendor has released version 2.0.4 to address this issue.
33. Sun Java System Communications Express Information Disclosure Vulnerability
BugTraq ID: 15271
Remote: Yes
Date Published: 2005-11-02
Relevant URL:
http://www.securityfocus.com/bid/15271
Summary:
Sun Java System Communications Express is prone to an information disclosure vulnerability.
A remote attacker may obtain application configuration files.
34. Cisco Airespace WLAN Controller Unauthorized Network Access Vulnerability
BugTraq ID: 15272
Remote: Yes
Date Published: 2005-11-02
Relevant URL:
http://www.securityfocus.com/bid/15272
Summary:
Cisco Airespace WLAN (Wireless LAN) devices are prone to an issue that may permit unauthorized parties to access a secure network.
This issue can occur when Cisco access points are configured to run in Lightweight Access Point Protocol (LWAPP) mode.
This vulnerability may allow unauthorized parties to send unencrypted network packets to a secure network by spoofing the MAC address of another host that has already authenticated. This may bypass the security of the wireless network as it may permit unauthorized access by hosts that have not authenticated.
35. RhinoSoft Serv-U FTP Server Unspecified Denial of Service Vulnerability
BugTraq ID: 15273
Remote: Yes
Date Published: 2005-11-02
Relevant URL:
http://www.securityfocus.com/bid/15273
Summary:
Serv-U FTP server is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to handle exceptional conditions.
Specific details regarding this issue are not currently available, this BID will be updated as more information becomes available.
An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users.
36. News2Net Index.PHP SQL Injection Vulnerability
BugTraq ID: 15274
Remote: Yes
Date Published: 2005-11-02
Relevant URL:
http://www.securityfocus.com/bid/15274
Summary:
News2Net is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
37. Cisco IOS System Timers Heap Buffer Overflow Exploitation
BugTraq ID: 15275
Remote: Yes
Date Published: 2005-11-02
Relevant URL:
http://www.securityfocus.com/bid/15275
Summary:
Cisco IOS is prone to heap-based buffer overflow exploitation. Cisco has released an advisory stating that IOS upgrades are available to address the possibility of exploitation of heap-based buffer overflow vulnerabilities. It is not known at this time if the advisory addresses a specific heap overflow or just provides security enhancements to mitigate attempts to exploit other heap overflow vulnerabilities.