Summary of Security Items from February 9 through February 15, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only Vendor & Software Name DescriptionCommon Name
CVSS ResourcesSoftphone 3.0.1.14, 3.0.1.46, 3.0.1.47
Multiple vulnerabilities have been reported in Smartphone that could let remote malicious users to cause a Denial of Service.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
eStara Softphone Multiple Denial of Service Not Available Security Focus, ID: 16629, February 14, 2006 GA's Forum
An input validation vulnerability has been reported in GA's Forum that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
GA's Forum SQL Injection
7 Security Tracker, Alert ID: 1015600, February 8, 2006 Insight Manager 4.2, 4.2 SP1, 4.2 SP2, 5.0, 5.0 SP1, 5.0 SP2, and 5.0 SP3
A Directory Traversal vulnerability has been reported in Insight Manager that could let remote malicious users obtain arbitrary file access.
Currently we are not aware of any exploits for this vulnerability.
HP Insight Manager Arbitrary File Access
3.3 Security Tracker, Alert ID: 1015605, February 9, 2006 PSC 1210 All-in-One Drivers
An unspecified vulnerability has been reported in PSC 1210 All-in-One Drivers.
Currently we are not aware of any exploits for this vulnerability.
HP PSC 1210 All-in-One Drivers Unspecified Vulnerability
4.9 Secunia, Advisory: SA18770, February 10, 2006 HTML Help Workshop 4.74.8702.0
A buffer overflow vulnerability has been reported in HTML Help Workshop that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script, htmlws.c, has been published.
Microsoft HTML Help Workshop Arbitrary Code Execution
7 Secunia, Advisory: SA18740, February 6, 2006
Internet Explorer 5.0.1 SP4
A vulnerability has been reported in Internet Explorer, WMF image parsing, that could let remote malicious users to execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Internet Explorer Arbitrary Code Execution
7 Microsoft, Security Bulletin MS06-004, February 14, 2006
Technical Cyber Security Alert TA06-045A
Internet Explorer various versions
A vulnerability has been reported in Internet Explorer that could let remote malicious users to execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Internet Explorer Arbitrary Code Execution
7 Microsoft, Security Advisory 913333, February 7, 2006
Technical Cyber Security Alert TA06-045A
PowerPoint 2000 SP3
A vulnerability has been reported in PowerPoint 2000 that could let remote malicious users disclose information.
Currently we are not aware of any exploits for this vulnerability.
Microsoft PowerPoint 2000 Information Disclosure
Not Available Microsoft, Security Bulletin MS06-010, February 14, 2006
Windows IGMPv3 XP and Server 2003 various versions
A vulnerability has been reported in Windows IGMPv3 that could let remote malicious users cause a Denial of Service.
There is no exploit code required.
Microsoft Windows IGMPv3 Denial of Service
Not Available Microsoft, Security Bulletin MS06-007 V1.1, February 14, 2006 Windows Korean Input Method Editor XP, Server 2003, and Office 2003 various versions
A vulnerability has been reported in WIndows Korean Input Method Editor that could let local malicious users obtain elevated privileges.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Windows Korean Input Method Editor Privilege Elevation
Not Available Microsoft, Security Bulletin MS06-009, February 14, 2006
Windows Media Player 7.1, 8.0, 9.0, 10.0
A buffer overflow vulnerability has been reported in Windows Media Player, bitmap handling, that could let remote malicious users execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Windows Media Player Arbitrary Code Execution
Not Available Microsoft, Security Bulletin MS06-005, February 14, 2006
Technical Cyber Security Alert TA06-045A
Windows Media Player XP, 2000, and Server 2003 various versions
A buffer overflow vulnerability has been reported in Windows Media Player, plugin for non-Microsoft browsers, that could let remote malicious users execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Windows Media Player Arbitrary Code Execution
Not Available Microsoft, Security Bulletin MS06-006, February 14, 2006
Technical Cyber Security Alert TA06-045A
Windows Web Client XP and Server 2003 various versions
A buffer overflow vulnerability has been reported in Windows Web Client that could let local or remote malicious users to execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Windows Web Client Arbitrary Code Execution
Not Available Microsoft, Security Bulletin MS06-008, February 14, 2006
Mirabilis ICQ Lite 4.0, 4.1, 2003 a, b A vulnerability has been reported in Mirabilis ICQ that could let remote malicious users to execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required.
Mirabilis ICQ Arbitrary Code Execution Not Available Security Focus, ID: 16655, February 15, 2006 Winamp 5.13
A buffer overflow vulnerability has been reported in Winamp that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required.
Winamp Arbitrary Code Execution
Not Available Security Tracker, Alert ID: 1015621, February 14, 2006 Whomp Real Estate Manager XP 2005
A vulnerability has been reported in Whomp Real Estate Manager XP 2005 that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
Whomp Real Estate Manager XP 2005 SQL Injection
7 Secunia, Advisory: SA18780, February 9, 2006 CSM Suite 5.0, CSM Appliance
A vulnerability has been reported in CSM Suite and CSM Appliance that could let remote malicious users bypass security restrictions.
No workaround or patch available at time of publishing.
There is no exploit code required.
Testing indicates this issues is not reproducible, and has been retired.
WebWasher Security Bypassing
Retired Security Focus, ID: 16047, December 22, 2005
Security Focus, ID: 16047, February 14, 2006
UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
Mac OS X Server 10.4-10.4.4, 10.3-10.3.9, 10.2-10.2.8, 10.1-10.1.5, OS X 10.4-10.4.4, 10.3-10.3.9, 10.2-10.2.8, 10.1-10.1.5, 10.0-10.0.4 | A Denial of Service vulnerability has been reported due to a failure to properly handle the execution of an undocumented system call. Currently we are not aware of any exploits for this vulnerability. | Apple Mac OS X Undocumented System Call Denial of Service | Not Available | Security Focus, Bugtraq ID: 16654, February 14, 2006 |
DataparkSearch Engine 4.16-4.36 | A Cross-Site Scripting vulnerability has been reported in the Search template due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. | DataparkSearch Engine Cross-Site Scripting | Security Focus, Bugtraq ID: 16572, February 9, 2006 | |
DocMGR 0.54.2 & prior | A file include vulnerability has been reported in 'process.php' due to insufficient verification of the 'includeModule' and 'siteModInfo' parameters before using to include files, which could let a remote malicious user obtain sensitive information and compromise a system. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, docmgr_0542_ | DocMGR Remote File Include | Not Available | Security Focus, Bugtraq ID: 16601, February 13, 2006 |
GnuPG / gpg prior to 1.4.2.1 | A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.
There is no exploit code required; however, a Proof of Concept exploit has been published. | GnuPG Detached Signature Verification Bypass | 4.9 | GnuPG Advisory, February 15, 2006 |
Honeyd prior to 1.5 | A vulnerability has been reported in the IP reassembly code, which could let a remote malicious user enumerate the existence of simulated Honeyd hosts.
Currently we are not aware of any exploits for this vulnerability. | Honeyd IP Reassembly Remote Virtual Host Detection | Not Available | Security Focus, Bugtraq ID: 16595, February 13, 2006 |
Kronolith 2.0.5, 2.0.4 | HTML injection vulnerabilities have been reported due to insufficient sanitization of the calendar name and certain event data fields, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. | Horde Kronolith HTML Injection | Secunia Advisory: SA17971, December 12, 2005 Debian Security Advisory, | |
AIX 5.3, 5.3L | A Denial of Service vulnerability has been reported due to an unspecified error in the AIX 5300-03 unix_mp and unix_64 kernels. No workaround or patch available at time of publishing. There is no exploit code required. | IBM AIX Denial of Service | Secunia Advisory: SA18795, February 14, 2006 | |
AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2 | A buffer overflow vulnerability has been reported in the 'ARP' command, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. | IBM AIX ARP Buffer Overflow | Security Focus, Bugtraq ID: 16584, February 8, 2006 | |
ImageMagick 6.2.4 .5 | A vulnerability has been reported in the delegate code that is used by various ImageMagick utilities when handling an image filename due to an error, which could let a remote malicious user execute arbitrary commands; and a format string vulnerability has been reported when handling filenames received via command line arguments, which could let a remote malicious user execute arbitrary code. There is no exploit code required. | ImageMagick Utilities Image Filename Remote Command Execution | Secunia Advisory: SA18261, December 30, 2005 Ubuntu Security Notice, USN-246-1, January 24, 2006 Debian Security Advisory, Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006 Gentoo Linux Security Advisory, GLSA 200602-06, February 13, 2006 RedHat Security Advisory, RHSA-2006:0178-4, February 14, 2006 | |
M-Vault Server 11.3 | A vulnerability has been reported due to an error in the LDAP server when handling certain requests, which could let a malicious user cause a Denial of Service and possibly execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Isode M-Vault Server LDAP | Not Available | Secunia Advisory: SA18818 , February 14, 2006 |
libpng 1.0.16, 1.0.17, 1.2.6, 1.2.7 | A buffer overflow vulnerability has been reported in 'png_set_strip Currently we are not aware of any exploits for this vulnerability. | libpng Buffer Overflow | Secunia Advisory: SA18654, February 1, 2006 RedHat Security Advisory, RHSA-2006:0205-4, February 13, 2006 | |
Linux kernel 2.6-2.6.15 | An integer overflow vulnerability has been reported in 'INVALIDATE_ A Proof of Concept exploit script has been published. | Linux Kernel Integer Overflow | Fedora Update Notification, Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006 SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006 | |
OpenSSH 3.x, 4.x; RedHat Fedora Core3 & Core4 | A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges. There is no exploit code required. | OpenSSH SCP Shell Command Execution | Security Focus, Bugtraq ID: 16369, January 24, 2006 Fedora Security Advisory, FEDORA-2006-056, January 24, 2006 Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006 Security Focus, Bugtraq ID: 16369, January 31, 2006 Secunia Advisory: SA18798, February 13, 2006 SUSE Security Announcement, SUSE-SA:2006:008, February 14, 2006 | |
Linux kernel 2.6.10, 2.6 | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability was reported in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability was reported in the 'setsid()' function; and a vulnerability was reported in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0177">
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0176">CVE-2005-0176 | Ubuntu Security RedHat Security Advisory, SUSE Security Announce- Fedora Security Conectiva Linux Security Announce- Fedora Update Notification RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 RedHat Security Advisories, RHSA-2005 RedHat Security Advisory, Avaya Security Advisory, ASA-2005-120, June 3, 2005 FedoraLegacy: FLSA:152532, June 4, 2005 RedHat Security Advisory, Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 Trustix Secure Linux Security Advisory, 2006-0006, February 10, 2006 | |
Linux Kernel 2.6.x; RedHat Fedora Core4 | A remote Denial of Service vulnerability has been reported in the 'ip_options_echo()' function due to an error when constructing an ICMP response. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ICMP Error Handling Remote Denial of Service | Secunia Advisory: SA18766, February 8, 2006 Trustix Secure Linux Security Advisory, 2006-0006, February 10, 2006 Ubuntu Security Notice, USN-250-1, February 13, 2006 | |
Linux kernel 2.6-2.6.14
| Multiple vulnerabilities have been reported: a Denial of Service vulnerability was reported in 'mm/mempolicy.c' when handling the policy system call; a remote Denial of Service vulnerability was reported in 'net/ipv4/fib_ frontend.c' when validating the header and payload of fib_lookup netlink messages; an off-by-one buffer overflow vulnerability was reported in 'kernel/sysctl.c,' which could let a malicious user cause a Denial of Service and potentially execute arbitrary code; and a buffer overflow vulnerability was reported in the DVB (Digital Video Broadcasting) driver subsystem, which could let a malicious user cause a Denial of Service or potentially execute arbitrary code. An exploit script has been published. | Linux Kernel Multiple Vulnerabilities | Secunia Advisory: SA18216, January 4, 2006 SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006 | |
Linux kernel 2.6-2.6.14 .4; SuSE Linux Professional 10.0 OSS, 10.0, Linux Personal 10.0 OSS | A vulnerability has been reported in the NFS implementation due to insufficient validation of remote user privileges before setting ACLs, which could let a remote malicious user bypass access controls.
There is no exploit code required. | Linux Kernel NFS ACL Access Control Bypass | Security Focus, Bugtraq ID: 16570, February 9, 2006 SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006 | |
Linux kernel prior to 2.6.15 | A memory disclosure vulnerability has been reported in the 'ProcFS' kernel, which could let a malicious user obtain sensitive information. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ProcFS Kernel Memory Disclosure | Security Focus, Bugtraq ID: 16284, January 17, 2006 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 Ubuntu Security Notice, USN-244-1, January 18, 2006 SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006 | |
Norman Ramsey Noweb 2.9 a, 2.10 c; | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user overwrite critical files. There is no exploit code required. | Noweb Insecure Temporary File Creation | Not Available | Debian Security Advisory, DSA-968-1, February 13, 2006 |
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; | A Denial of Service vulnerability has been reported in the 'mq_open' system call. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'mq_open' System Call Denial of Service | Security Focus, Bugtraq ID: 16283, January 17, 2006 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 Ubuntu Security Notice, USN-244-1, January 18, 2006 SUSE Security Announcement, SUSE-SA:2006:006, February 9, 2006 | |
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; GNU Libtasn1 prior to 1.2.10, | A remote Denial of Service vulnerability has been reported due to improper decoding of DER encoded data. This could possibly lead to the execution of arbitrary code. A Proof of Concept exploit has been published. | GnuTLS libtasn1 DER Decoding Remote Denial of Service | Security Tracker Alert ID: 1015612, February 11, 2006 RedHat Security Advisory, RHSA-2006:0207-01, February 10, 2006 Fedora Update Notification, Mandriva Security Advisory, MDKSA-2006:039, February 13, 2006 | |
NeoMail 1.28 | A vulnerability has been reported in 'neomail-prefs.pl' due to insufficient validation of the Session ID in the 'addfolder()' and 'deletefolder()' parameters, which could let a remote malicious user bypass certain security restrictions. There is no exploit code required. | NeoMail Security Bypass | Not Available | Secunia Advisory: SA18785, February 14, 2006 |
pam_mysql prior to 0.6.2; 0.7 - 0.7pre2 | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the SQL logging facility; and a vulnerability was reported in the 'pam_get_item()' due to a double-free error in the authentication and authentication token alteration code when handling a pointer, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. Currently we are not aware of any exploits for these vulnerabilities. | PAM-MySQL SQL Logging & Double-Free | Secunia Advisory: SA18598, February 9, 2006 | |
PowerD 2.0.2 | A format string vulnerability has been reported in 'powerd.c' when logging input received via the 'WHATIDO' command, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. An exploit script, gexp-powerd.c, has been published. | PowerD Remote Format String | Not Available | Secunia Advisory: SA18841, February 13, 2006 |
PyBlosxom 1.3.1, 1.3 | An information disclosure vulnerability has been reported in 'PATH_INFO' when it contains multiple '/' at the beginning, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | PyBlosxom Information Disclosure | Not Available | Secunia Advisory: SA18858, February 14, 2006 |
Heimdal prior to 0.6.6 & 0.7.2 | A vulnerability has been reported in the 'rshd' server when storing forwarded credentials due to an unspecified error, which could let a malicious user obtain elevated privileges. Update to version 0.7.2 or 0.6.6. Currently we are not aware of any exploits for this vulnerability. | Heimdal RSHD Server Elevated Privileges | Security Tracker Alert ID: 1015591, February 7, 2006 Ubuntu Security Notice, USN-247-1, February 09, 2006 | |
scponly 4.1 & prior | Several vulnerabilities have been reported: a vulnerability was reported in 'scponlyc' due to a design error, which could let a malicious user execute arbitrary code with root privileges; and a vulnerability was reported due to an error in the validation of user-supplied command line, which could let a malicious user bypass security restrictions. There is no exploit code required. | scponly Privilege Escalation & Security Bypass | Secunia Advisory: SA18223, December 23, 2005 Gentoo Linux Security Advisory, GLSA 200512-17, December 29, 2005 Debian Security Advisory, | |
Siteframe Beaumont 5.0.1 | A Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'q' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Siteframe Beaumont Cross-Site Scripting | Security Focus, Bugtraq ID: 16596, February 13, 2006 | |
Solaris 10.0 _x86, 10.0 | A vulnerability has been reported in 'in.rexecd' due to an unspecified error, which could let a malicious user execute arbitrary commands with elevated privileges on Kerberos systems. Currently we are not aware of any exploits for this vulnerability. | Sun Solaris 'in.rexecd' Elevated Privileges | Not Available | Sun(sm) Alert Notification Sun Alert ID: 102186, February 14, 2006 |
Novell Linux Desktop 1.0, Linux Professional 10.0, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, Linux Personal 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1 | A buffer overflow vulnerability has been reported in the 'nfs-server,' which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | SUSE NFS-SERVER Remote Buffer Overflow | SuSE Security Announcement, SUSE-SA:2006:005, January 25, 2006 Debian Security Advisory, | |
Novell Linux Desktop 9.0, Linux Professional 10.0 OSS, 9.3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0, Linux Personal 10.0 OSS, .3 x86_64, 9.3, 9.2 x86_64, 9.2, 9.1 x86_64, 9.1, 9.0 x86_64, 9.0 | A vulnerability has been reported because LD sometimes leaves empty RPATH components in certain binaries, which could let a malicious execute arbitrary code. There is no exploit code required. | SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution | SuSE Security Announcement, SUSE-SA:2006:007, February 10, 2006 | |
Virtual Hosting Control System Virtual Hosting Control System 2.4.7 .1, 2.4.6 .2, 2.2 | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the login page due to insufficient sanitization of the username field before storing in the admin log, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in the 'gui/admin/change Patches available (this does not fix the 'gui/admin/chang There is no exploit code required; however, Proof of Concept exploits and an exploit script, rs_vhcs_simple_poc.html, have been published. | Virtual Hosting Control System Multiple Input Validation & Access Validation | Not Available | Security Focus, Bugtraq ID: 16600, February 13, 2006 |
Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
2200net Calendar 1.2 | SQL injection vulnerabilities have been reported in 'main.php' due to insufficient sanitization of the 'username' and 'password' fields during login and the 'fm_data[id]' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | 2200net Calendar System SQL Injection | Secunia Advisory: SA18781, February 9, 2006 | |
Ansilove prior to 1.03 | Several vulnerabilities have been reported: a vulnerability was reported in the loaders script, (load_*.php) due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported due to insufficient sanitization of the filenames of uploaded files, which could let a remote malicious user execute arbitrary PHP code. There is no exploit code required. | Ansilove File Disclosure & File Upload | Security Focus, Bugtraq ID: 16603, February 13, 2005 | |
CRE Loaded 6.15 | A vulnerability has been reported in the '/admin/htmlarea/popups/ There is no exploit code required. | CRE Loaded Files.PHP Access Validation | Secunia Advisory: SA18648, January 30, 2006 Security Focus, Bugtraq ID: 16415, February 7, 2006 | |
Traffic Anomaly Detector Module 5.0(3), 5.0(1), Traffic Anomaly Detector 5.0(3), 5.0(1), | A vulnerability has been reported when the devices have been configured to authenticate users against an external TACACS+ server but an external TACACS+ server is not specified in the configuration using the tacacs-server host command, which could let a remote malicious user obtain unauthorized access to devices or obtain elevated privileges. There is no exploit code required. | Cisco Multiple Products TACACS+ Authentication Bypass | Not Available | Cisco Security Advisory, cisco-SA-20060215, February 15, 2006 |
Clever Copy 2.0 a, 2.0 | An HTTP injection vulnerability has been reported due to insufficient sanitization of the 'Referer' and 'X-Forwarded-For' HTTP headers before using, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Clever Copy HTML Injection | Secunia Advisory: SA18790, February 10, 2006 | |
contentServ 3.1 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. The vendor has released a hotfix to address this issue. Contact the vendor for further information. There is no exploit code required. | ContentServ SQL Injection | 7 | Security Focus, Bugtraq ID: 15956, December 19, 2005 Security Focus, Bugtraq ID: 15956, February 8, 2006 |
CPAINT prior to 2.0.3 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'cpaint_ There is no exploit code required; however, a Proof of Concept exploit has been published. | CPAINT Cross-Site Scripting | GulfTech Security Research Team Advisory, February 9, 2006 | |
Dragonfly CMS 9.0.6 .1 | A file include vulnerability has been reported in the 'install.php' script due to insufficient validation of the 'newlang' parameter and in the 'installlang' cookie parameter, which could let a remote malicious user execute arbitrary PHP code. There is no exploit code required; however, a Proof of Concept exploit scripts, cpg_dragonfly_exploit.php and dragonfly9.0.6.1_incl_xpl.html, have been published. | CPG Dragonfly File Include | 7 | Security Tracker Alert ID: 1015601, February 8, 2006 |
QwikiWiki 1.5 | A Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'query' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | QwikiWiki Cross-Site Scripting | Not Available | Security Focus, Bugtraq ID: 16638, February 14, 2006 |
PHP Classifieds 6.20 | An SQL injection vulnerability has been reported in 'member_login.php' due to insufficient sanitization of the 'username' and 'password' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required; however, a Proof of Concept exploit has been published. | DeltaScripts PHP Classifieds SQL Injection | Not Available | Security Focus, Bugtraq ID: 16642, February 14, 2005 |
Dotproject 2.0.1, 2.0 | Several vulnerabilities have been reported: a file include vulnerability was reported in 'baseDir' parameter in '/includes/db_adodb.php,' '/includes/db_connect.php,' '/includes/session.php,' '/modules/admin/ No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Dotproject File Include & Information Disclosure | Not Available | Secunia Advisory: SA18879, February 15, 2006 |
e107 website system 0.x | HTML injection vulnerabilities have been reported due to insufficient sanitization of certain BBcode before using, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. | e107 BBCode HTML Injection | Not Available | Secunia Advisory: SA18816, February 13, 2006 |
FarsiNews 2.5, 2.1 Beta2, 2.1 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information; and a file include vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user include arbitrary files. The vendor has released an update to address this issue. Please contact the vendor for further information. There is no exploit code required; however, a Proof of Concept exploit has been published. | FarsiNews Directory Traversal & File Include | Security Focus, Bugtraq ID: 16580, February 13, 2006 | |
FortiOS 3.0 beta, 2.8 MR10 | Several vulnerabilities have been reported: a vulnerability was reported because the URL blocking functionality can be bypassed, which could let a remote malicious user bypass antivirus protection; and a vulnerability was reported because the virus scanning functionality can be bypassed when FTP files are sent under certain conditions. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts, http_req.pl and Fortinet-url.txt, have been published. | FortiGate URL Filter & Virus Scanning Bypass | Not Available | Secunia Advisory: SA18844, February 13, 2006 |
PHP-Nuke 7.8 & prior | A Cross-Site Scripting vulnerability has been reported in 'header.php' due to insufficient sanitization of the 'pagetitle' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPNuke Cross-Site Scripting | Security Focus, Bugtraq ID: 16608, February 13, 2006 | |
phphd 1.0 | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'check.php' due to insufficient sanitization of the 'username' parameter during login and other unspecified parameters, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'check.php' due to an error in the authentication process, which could let a remote malicious user bypass the authentication process; and a Cross-Site Scripting vulnerability was reported in 'add.php' due to insufficient sanitization of unspecified parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Hinton Design PHPHD Multiple Input Validation & Authentication Bypass | Secunia Advisory: SA18793, February 10, 2006 | |
phpht topsites 1.3 | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'username' parameter due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'check.php' due to an error in the authentication process, which could let a remote malicious user obtain unauthorized access; a Cross-Site Scripting vulnerability was reported in 'link_edited.php' and 'link_added.php' due to insufficient sanitization before using, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | phpht Topsites Input Validation | Secunia Advisory: SA18782, February 9, 2006 | |
phpstatus 1.0 | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'check.php' due to insufficient sanitization of the 'username' parameter during login before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'check.php' due to an error in the authentication process, which could let a remote malicious user bypass the authentication process; and a Cross-Site Scripting vulnerability was reported in the administration section due to insufficient sanitization of unspecified parameters and scripts before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Hinton Design PHPStatus Multiple Input Validation | Secunia Advisory: SA18791, February 10, 2006 | |
Hitachi Business Logic - Container 03-00-/B, 03-00, 02-03 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
There is no exploit code required. | Hitachi Business Logic Cross-Site Scripting & SQL Injection | Not Available | HS06-002, Hitachi Security Advisory, February 13, 2006 |
HiveMail 1.2.2, 1.3 RC1, 1.3 Beta 1, 1.3 | Several vulnerabilities have been reported: a vulnerability was reported in 'addressbook.update.php' due to insufficient sanitization of the 'contactgroupid' parameter, in 'addressbook.add.php' due to insufficient sanitization of the 'messageid' parameter, in 'folders.update.php' due to insufficient sanitization of the 'folderid' parameter, and in the 'calendar.event.php,' index.php,' 'pop.download.php,' 'read.bounce.php,' 'rules.block.php' and 'language.php' scripts due to insufficient sanitization, which could let a remote malicious user execute arbitrary PHP code; and a Cross-Site Scripting and SQL injection vulnerability was reported due to insufficient sanitization of the '$_SERVER['PHP_SELF']' references, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | HiveMail Multiple Vulnerabilities | Not Available | GulfTech Security Research Team Advisory, February 10, 2006 |
Domino Web Access 6.5.1-6.5.4, 6.0.1-6.0.5, 7.0, 6.5, 6.0 | Multiple vulnerabilities have been reported: a vulnerability was reported because attached files can be opened in the context of the site if the user clicks on it, which could lead to the execution of arbitrary JavaScript code; a vulnerability was reported due to insufficient sanitization of the email subject before displaying to the user as the browser title, which could lead to the execution of arbitrary JavaScript; a vulnerability was reported because it is possible to bypass certain security checks related to 'javascript:' URLs, which could lead to the execution of arbitrary JavaScript code; a vulnerability was reported due to insufficient sanitization of the attachment filename before displaying to the user, which could lead to the execution of arbitrary JavaScript; and a remote Denial of Service vulnerability was reported in the LDAP service when processing bind requests due to a NULL pointer dereference. There is no exploit code required: however Proof of Concept exploits have been published. | IBM Lotus Domino iNotes Multiple HTML & Script Injection | Not Available | Secunia Advisory: SA16340, February 10, 2006 |
Tivoli Directory Server 6.0 .0 | A Denial of Service vulnerability has been reported in the LDAP server due to an error when handling certain requests. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | IBM Tivoli Directory Server LDAP Denial of Service | Not Available | Secunia Advisory: SA18779, February 13, 2006 |
Lotus Notes 6.x, 7.x | Multiple vulnerabilities have been reported: a vulnerability was reported in 'kvarcve.dll' when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in 'uudrdr.dll' when handling 'UUE' files that contain an encoded file with an overly long filename, which could let a remote malicious user execute arbitrary code; a Directory Traversal vulnerability was reported in 'kvarcve.dll' when generating the preview of a compressed file from ZIP, UUE, and TAR archives, which could let a remote malicious user delete arbitrary files; a vulnerability was reported in the 'TAR' reader when extracting files from a TAR archive that contain a long filename, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the HTML speed reader due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in the HTML speed reader when checking if a link references a local file due to a boundary error, which could let a remote malicious user execute arbitrary code. These issues have been addressed in Lotus Notes versions 6.5.5 and 7.0.1. Please contact the vendor to obtain fixes. Currently we are not aware of any exploits for these vulnerabilities. | IBM Lotus Notes Multiple Vulnerabilities | Not Available | Secunia Advisory: SA16280, February 10, 2006 |
ImageVue 0.16.1 | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'dir.php' and 'readfolder.php' scripts because a remote malicious user can obtain sensitive information; a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'bgcol' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'admin.upload.php' due to insufficient sanitization of the file extension, which could let a remote malicious user upload arbitrary files.
No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | ImageVue Multiple Vulnerabilities | Not Available | Secunia Advisory: SA18802, February 14, 2006 |
Invision Board 2.0.1 | A remote Denial of Service vulnerability has been reported in user registration. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, IPB_sedXPL.pl, has been published. | Invision Power Board User Registration Remote Denial of Service | Not Available | Security Focus, Bugtraq ID: 16616, February 14, 2006 |
DB_eSession 1.0.2 | An SQL injection vulnerability was reported due to insufficient sanitization of the 'deleteSession()' function before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Lawrence Osiris DB_eSession SQL Injection | Not Available | Security Focus, Bugtraq ID: 16598, February 13, 2006 |
LinPHA 0.9.0-0.9.4, 1.0 | A vulnerability has been reported in 'docs/index.php' due to insufficient verification of the 'lang' parameter before used to include files, which could let a remote malicious user include arbitrary files and execute arbitrary PHP code. No workaround or patch available at time of publishing. A Proof of Concept exploit script, linpha_10_local.txt, has been published. | LinPHA File Inclusion & PHP Code Injection | Not Available | Security Focus, Bugtraq ID: 16592, February 13, 2006 |
Mantis 1.0.0 RC4, RC3, 1.0 .0rc2, rc1, a1-a3, 0.10-0.19.4, 0.9.1, 0.9 | A Cross-Site Scripting vulnerability has been reported in 'config_defaults There is no exploit code required. | Mantis Cross-Site Scripting | Security Focus, Bugtraq ID: 16561, February 9, 2006 | |
Mantis 1.00rc4 & prior | Multiple input validation vulnerabilities have been reported including Cross-Site Scripting in 'view_all_set.php,' 'manage_user_page.php,' and 'proj_doc_delete.php' and SQL injection in 'manage_user_page.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code. There is no exploit code required; however, Proof of Concept exploits have been published. | Mantis Multiple Input Validation | Not Available | BuHa Security-Advisory #7, February 14, 2006 |
Metamail 2.7 | A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Metamail Remote Buffer Overflow | Not Available | Security Focus, Bugtraq ID: 16611, February 13, 2006 |
Flyspray 0.9.7; | A file include vulnerability has been reported in the ADODBPath due to insufficient sanitization of user-supplied input, which could let a remote malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploit scripts, egs_10rc4_php5_ | Flyspray ADODBPath Remote File Include | Not Available | Security Focus, Bugtraq ID: 16618, February 14, 2006 |
SSH Communications SSH Tectia Server 4.4.0 (A & T), 4.3.6 (A & T) & prior, SSH Secure Shell Server 3.2.9 & prior; Attachmate | A vulnerability has been reported in the SFTP component during logging of accessed file names due to an unspecified error, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | SSH Tectia Server SFTP Logging Arbitrary Code Execution | Not Available | Security Tracker Alert ID: 1015619, February 13, 2006 |
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha; adzapper 20060115, 20050316, 20030726 | A remote Denial of Service vulnerability has been report in the 'squid_redirect' script when handling URLs that contain a large number of forward slashes. There is no exploit code required. | Adzapper Remote Denial of Service | Security Focus, Bugtraq ID: 16558, February 9, 2006 Debian Security Advisory, | |
Elog Web Logbook prior to 2.5.7 r1558-4; | Multiple vulnerabilities have been reported: several buffer overflow vulnerabilities were reported in 'elogd.c' due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code; a buffer overflow vulnerability was reported in 'elogd.c' when writing to the log file, which could let a remote malicious user cause a Denial of Service or possibly execute arbitrary code; a vulnerability was reported in 'elog.c' and 'elogd.c' because different responses are generated depending on whether or a username is valid, which could let a remote malicious user obtain sensitive information; and a remote Denial of Service vulnerability was reported in 'elogd.c' when handling the 'fail' parameter. Exploitation of some of these issues does not require exploit code. | ELOG Web Logbook Multiple Remote | Debian Security Advisory, DSA-967-1, February 10, 2006 | |
PostNuke Development Team PostNuke 0.761; moodle 1.5.3; Mantis 1.0.0RC4, 0.19.4; Cacti 0.8.6 g; ADOdb 4.68, 4.66; AgileBill 1.4.92 & prior | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'server.php' test script, which could let a remote malicious user execute arbitrary SQL code and PHP script code; and a vulnerability was reported in the 'tests/tmssql.php' text script, which could let a remote malicious user call an arbitrary PHP function. There is no exploit code required; however, a Proof of Concept exploit has been published. | ADOdb Insecure Test Scripts | Secunia Advisory: SA17418, January 9, 200 Security Focus, Bugtraq ID: 16187, February 7, 2006 Security Focus, Bugtraq ID: 16187, February 9, 2006 | |
U.S.Robotics USR80540; | A remote Denial of Service vulnerability has been reported when attempting to reassemble certain IP packets. No workaround or patch available at time of publishing. There is no exploit code required; however, an exploit script, dlink_udp_dos.c, has been published. | Multiple D-Link Products Remote Denial of Service | Not Available | Security Focus, Bugtraq ID: 16621, February 14, 2006 |
indexu 5.0.1, 5.0 | A file include vulnerability has been reported in 'Application.PHP' due to insufficient verification of the 'base_path' parameter, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Indexu File Include | ECHO_ADV_ 26$2006, February 9, 2006 | |
Nokia N70 | Several vulnerabilities have been reported: a vulnerability was reported in the Bluetooth stack when handling certain requests, which could lead to a remote Denial of Service or a 'System Error' message displayed; and a remote Denial of Service vulnerability was reported in the Bluetooth stack when handling short malformed L2CAP packets.
No workaround or patch available at time of publishing. Exploit scripts, loop.sh and replay_l2cap_packet | Nokia Cell Phones Bluetooth Denials of Service | Not Available | Secunia Advisory: SA18724, February 14, 2006 |
OTRS (Open Ticket Request System) 2.0.0-2.0.3, 1.3.2, 1.0 .0 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'login' function due to insufficient sanitization of the 'login' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; an SQL injection vulnerability was reported in the 'AgentTicketPlain' function due to insufficient sanitization of the 'TicketID' and 'ArticleID' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of HTML email attachments before displaying, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'index.pl' due to insufficient sanitization of the 'QueueID' and 'Action' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required; however, Proof of Concept exploits have been published. | OTRS SQL Injection & Cross-Site Scripting | OTRS Security Advisory, OSA-2005-01, November 22, 2005 SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005 Debian Security Advisory, | |
Papoo 2.1.2 | Cross-Site Scripting vulnerabilities have been reported in new account registration due to insufficient sanitization of the username field, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Papoo Multiple Cross-Site Scripting | Security Focus, Bugtraq ID: 16573, February 9, 2006 | |
PHP iCalendar 2.0.1, 2.1, 2.0 | A file include vulnerability has been reported in 'functions/template.php' due to insufficient verification of the 'file' parameter and in 'serach.php' due to insufficient verification of the 'getdate' parameter, which could let a remote malicious user execute arbitrary PHP code. There is no exploit code required. | PHP ICalendar Remote File Include | Secunia Advisory: SA18778, February 10, 2006 | |
Gastebuch 1.3.2 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'URL' field, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required; however, a Proof of Concept exploit has been published. | Gastebuch Cross-Site Scripting | Not Available | Security Focus, Bugtraq ID: 16615, February 14, 2006 |
PHP-MySQL Timesheet 2.0, 1.0 | SQL injection vulnerabilities have been reported due to insufficient sanitization of the 'yr,' 'month,' 'day,' and 'job' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | PHP/MYSQL Timesheet Multiple SQL Injection | Secunia Advisory: SA18822, February 13, 2006 | |
Plume CMS 1.0.2 | A vulnerability has been reported in 'prepend.php' due to insufficient verification of the '_PX_config[manager_path]' parameter before using to include files, which could let a remote malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required. | Plume CMS File Include | Not Available | Security Focus, Bugtraq ID: 16662, February 15, 2006 |
PostgreSQL 8.1.2, 8.1.1, 8.1 | Several vulnerabilities have been reported: a vulnerability was reported in the 'SET ROLE" command when previous role settings are restored after an error, which could let a malicious user obtain superuser privileges; and a Denial of Service vulnerability was reported due to an error in the 'SET SESSION AUTHORIZATION' command if compiled with 'Asserts' enabled. There is no exploit code required. | PostgreSQL Privilege Escalation & Denial of Service | Not Available | Secunia Advisory: SA18890, February 15, 2006 |
PwsPHP 1.2.3 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit and an exploit script, PwsPHP_SQL_ | PwsPHP SQL Injection | Security Focus, Bugtraq ID: 16567, February 9, 2006 | |
Magic Calendar Lite 1.02 | An SQL injection vulnerability has been reported in 'cms/index.php' due to insufficient sanitization of the 'total_login' and 'total_password' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Magic Calendar Lite SQL Injection | Secunia Advisory: SA18855, February 14, 2006 | |
Magic News Lite 1.2.3 | Several vulnerabilities have been reported: a file include vulnerability was reported in 'preview.php' due to insufficient verification on of the 'php_script_path' parameter before using to include files, which could let a remote malicious user include arbitrary files; and a vulnerability was reported in 'profile.php' due to insufficient initialization of the '$passwd,' '$admin_password,' '$new_passwd,' and '$confirm_passwd' variables, which could let a remote malicious user change the administrator's password. No workaround or patch available at time of publishing. There is no exploit code required. | Reamday Enterprises Magic News Lite File Include & Profile Update | 1.9 (CVE-2006-0724) 1.9 (CVE-2006-0723) | Secunia Advisory: SA18878, February 15, 2006 |
Magic News Lite 1.2.3, Magic Downloads 1.1.3 | Multiple vulnerabilities have been reported regarding the overwriting of application variables due to insufficient initialization of various application variables, which could let a remote malicious user obtain administrative access.
No workaround or patch available at time of publishing. There is no exploit code required. | Multiple Reamday Enterprises Products Variable Overwrite | 1.9 (CVE-2006-0724) 1.9 (CVE-2006-0723) 1.9 (CVE-2006-0722) | Security Focus, Bugtraq ID: 16665, February 15, 2006 |
Blackberry Enterprise Server for Novell Groupwise 4.0, SP1-SP3, Blackberry Enterprise Server for Exchange 4.0, SP1-SP3, 3.6.1, 3.6 SP4 Hot Fix 2, 3.6 SP 1a, 3.6, Blackberry Enterprise Server for Domino 4.0, SP1-SP3, 2.2 SP4 Hot Fix 2, 2.2 SP4, SP3a, SP2a, SP2, 2.2 | A buffer overflow vulnerability has been reported in the BlackBerry Attachment Service when processing a malformed Word document, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | BlackBerry Enterprise Server Malformed Word Attachment Buffer Overflow | Not Available | Black Knowledge Base Article, KB-04791, February 9, 2006 |
CALimba 0.99.2 beta & prior | SQL injection vulnerabilities have been reported in 'rb/cls/rb_auth.php' due to insufficient sanitization of the 'login' and 'password' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | CALimba SQL Injection | Secunia Advisory: SA18856, February 14, 2006 | |
RunCMS 1.3a3 | An SQL injection vulnerability has been reported in '/modules/messages No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | RunCMS SQL Injection | 7 | Secunia Advisory: SA18831, February 14, 2006 |
RunCMS 1.2 & prior | Several vulnerabilities have been reported: a vulnerability was reported in the 'FCKEDITOR' connector because it is possible to upload arbitrary files, which could let a remote malicious user execute arbitrary PHP code; and a vulnerability was reported in 'class.forumposts.php' due to insufficient verification of the 'bbPath[path]' parameter and in 'forumpoll Proof of Concept exploit scripts, fckeditor_22_xpl.php and | RunCMS Remote Code Execution | Secunia Advisory: SA18800, February 10, 2006 | |
Time Tracking Software 3.0 | Multiple vulnerabilities have been reported: a vulnerability was reported in 'edituser.php' due to insufficient credential validation, which could let a remote malicious user modify data; SQL injection vulnerabilities were reported in several unspecified parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in the Registration Form due to insufficient sanitization of the UserName field before saving, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing. There is no exploit code required. | Time Tracking Software Multiple Input Validation | Security Focus, Bugtraq ID: 16630, February 14, 2006 | |
SmE GB Host 1.21 | An SQL injection vulnerability has been reported in 'login.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Scriptme SmE GB Host SQL Injection | Not Available | Security Focus, Bugtraq ID: 16609, February 13, 2006 |
SmE GB Host 1.21, SmE Blog Host 0 | A Cross-Site Scripting vulnerability has been reported in the BBcode URL tag due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | Scriptme Applications Cross-Site Scripting | Security Focus, Bugtraq ID: 16585, February 13, 2006 | |
PHP Event Calendar 1.5 | An HTML injection vulnerability has been reported due to insufficient sanitization of the 'username' and 'password' fields when updating user information before storing, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | PHP Event Calendar HTML Injection | Security Focus, Bugtraq ID: 16588, February 13, 2006 | |
sNews 1.3 | Multiple input validation vulnerabilities have been reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | sNews Multiple Input Validation | Not Available | Security Focus, Bugtraq ID: 16647, February 14, 2006 |
SPIP 1.8.2g & prior | Several vulnerabilities have been reported: a vulnerability was reported in 'spip_rss.php' due to insufficient validation of user-supplied input, which could let a remote malicious user execute arbitrary PHP code; and an SQL injection vulnerability was reported in 'spip_acces_doc.php3' due to insufficient validation of the 'file' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits and an exploit script, spip_182g_shell_ | SPIP Arbitrary Code Execution | 4.7 7 | Security Tracker Alert ID: 1015602, February 9, 2006 |
Java Web Start 1.x, Java JDK 1.5.x, Java JRE 1.5.x / 5.x | A vulnerability has been reported due to an unspecified error, which could let an untrusted application obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. | Java Web Start Sandbox Security Bypass | Sun(sm) Alert Notification | |
Sun JDK & JRE 5.0 Update 5 & prior, SDK & JRE 1.4.2_09 & prior, SDK & JRE 1.3.1_16 & prior | Seven vulnerabilities have been reported in Sun Java JRE (Java Runtime Environment) due to various unspecified errors in the 'reflection' APIs, which could let a remote malicious user compromise a user's system.
Currently we are not aware of any exploits for these vulnerabilities. | Sun Java JRE 'reflection' APIs Sandbox Security Bypass | Sun(sm) Alert Notification Gentoo Linux Security Advisory, GLSA 200602-07, February 15, 2006 | |
Sun ONE Directory Server 5.2 patch 3 & patch 4, 5.2, 5.2 2005Q1, Java System Directory Server 5.2 2004Q2, 5.2 2003Q4, | A remote Denial of Service vulnerability has been reported due to a failure to handle malformed network traffic. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Sun ONE Directory Server Remote Denial of Service | Not Available | Security Focus, Bugtraq ID: 16550, February 10, 2006 |
IPB Army System 2.1 & prior | An SQL injection vulnerability has been reported in 'army.php' due to insufficient sanitization of the 'userstat' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, exploit scripts, ipb_army_ | IPB Army System SQL Injection | Not Available | Security Focus, Bugtraq ID: 16606, February 13, 2006 |
CSTRIKE Dedicated Server 1.6 Windows, CSTRIKE Dedicated Server 1.6 Linux | A remote Denial of Service vulnerability has been reported in the CSTRIKE dedicated server. No workaround or patch available at time of publishing. An exploit scripts, csdos.pl and halfLifeDoS.txt , have been published. | Valve Software Half-Life CSTRIKE Server Remote Denial of Service | 2.3 | Security Focus, Bugtraq ID: 16619, February 14, 2006 |
WebGUI prior to 6.8.6-gamma. | A vulnerability has been reported There is no exploit code required. | WebGUI User Creation Security Bypass | Not Available | Secunia Advisory: SA18819, February 13, 2006 |
WHMComplete | A vulnerability has been reported in the Resellers Group, which could let a remote malicious user obtain sensitive information. The vendor has released WHMCompleteSolution 2.3 to address this issue. Please contact the vendor to obtain a fix. There is no exploit code required. | WHMComplete | Security Focus, Bugtraq ID: 16560, February 9, 2006 | |
WordPress 2.0 | An HTML injection vulnerability has been reported in the Comment Post section due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code. This vulnerability has been disputed by the vendor. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | WordPress HTML Injection | 2.3 | Security Focus, Bugtraq ID: 16656, February 15, 2006 |
XMB Forum 1.9-1.9.3, 1.8, SP1-SP3 | Multiple input validation vulnerabilities have been reported including Cross-SIte Scripting and SQL injection vulnerabilities due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | XMB Forum Multiple Input Validation | Not Available | Security Focus, Bugtraq ID: 16604, February 13, 2006 |
Xpdf 3.01 | A heap-based buffer overflow vulnerability has been reported when handling PDF splash images with overly large dimensions, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Xpdf PDF Splash Remote Buffer Overflow | Secunia Advisory: SA18677, February 1, 2006 Gentoo Linux Security Advisories, GLSA 200602-04 & GLSA 200602-05, February 12, 2006 Fedora Update Notifications, RedHat Security Advisories, RHSA-2006:0201-3 & RHSA-2006:0206-3, February 13, 2006 Ubuntu Security Notice, USN-249-1, February 13, 2006 Debian Security Advisories, |
Wireless Trends & Vulnerabilities This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.
- BlackBerry Enterprise Server Malformed Word Attachment Buffer Overflow: A corrupt Microsoft Word (.doc) file opened on a BlackBerry® wireless device could potentially provide a means to execute arbitrary code on the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.
- Nokia Cell Phones Bluetooth Denials of Service: Two remote Denial of Service vulnerabilities were reported in Nokia cell phones in the Bluetooth stack.
- RSA turns everyday gadgets into security tokens: RSA Security is expected to announce a new user authentication method designed to replace traditional security tokens with cell phones, PDAs and other devices loaded with RSA's SecurID algorithm.
- Wi-Fi for dummies: The average user has no idea of the risks associated with public Wi-Fi hotspots. The article discusses some simple tips to keep network access secure.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
- Spyware remains rampant as Winamp exploited:According to a new study by the University of Washington, one in twenty executables on the Internet contain spyware.The study, which sampled more than 20 million Internet addresses, also found other disturbing trends. Among them: one in 62 Internet domains contains "drive-by download attacks," which try to force spyware onto the user's computer simply by visiting the website.
- Worms use Google to hunt for victims:According to McAfee's senior vice president for Risk Management, malware authors are increasingly starting to create digital pests that use the Google search engine to find their next victim.
This automated vulnerability detection is the latest trend in a technique that is know as "Google hacking". Google hacking is a technique where online criminals use search engines to find sensitive information on the internet. - Hackers look for holes in hosted applications: According to co-founder and chief hacking officer of enterprise security specialist at eEye, hosted web applications could soon become a target for e-criminals as they gain in popularity among enterprise users. Because hosted applications are run by a third party, research firms are not able to audit that software for vulnerabilities.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank Common Name Type of Code face="Arial, Helvetica, sans-serif">Trend Date face="Arial, Helvetica, sans-serif">Description1 Netsky-P Win32 Worm Stable March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. 2 Lovgate.w Win32 Worm Stable April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. 3 Mytob-GH Win32 Worm Stable November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. 4 Netsky-D Win32 Worm Stable March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. 5 Mytob.C Win32 Worm Stable March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. 6 Mytob-BE Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. 7 Sober-Z Win32 Worm Stable December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security. 8 Zafi-B Win32 Worm Stable June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. 9 Mytob-AS Win32 Worm Stable June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. 10 Zafi-D Win32 Worm Stable December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. Table updated February 13, 2006
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.