Summary of Security Items from March 30 through April 5, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only Common Name
AN HTTPD 1.42n A vulnerability has been reported in AN HTTPD that could let remote malicious users disclose information, script source.
Contact the vendor for AN HTTPD 1.42p.
Currently we are not aware of any exploits for this vulnerability.
AN HTTPD Information Disclosure
3.3 Secunia, Advisory: SA19326, April 3, 2006 NOD32 Antivirus 2.5
A vulnerability has been reported in NOD32 Antivirus that could let local malicious users obtain arbitrary file creation rights.
Upgrade to NOD32 Antivirus 2.51.26 via tool's online update capabilities.
There is no exploit code required.
NOD32 Antivirus Arbitrary File Creation
Not Available Secunia, Advisory: SA19054, April 5, 2006 EzASPSite 2.0 RC3 An input validation vulnerability has been reported in ExASPSite that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required.
EzASPSite Default.ASP SQL Injection Vulnerability
3.3 Secunia, Advisory: SA19441, March 30, 2006 Color LaserJet Toolbox 2500 and 4600 for Windows
An input validation vulnerability has been reported in Color LaserJet Toolbox that could let remote malicious users disclose information.
A Proof of Concept exploit has been published.
HP Color LaserJet Toolbox Information Disclosure
Not Available Security Focus, ID: 17367, April 4, 2006 VirusScan 10.0.21, SecurityCenter Agent 6.0.0.16
A buffer overflow vulnerability has been reported in VirusScan, DUNZIP32.dll, that could let remote malicious users obtain unauthorized access.
Upgrade to newest version of DUNZIP32.dll via tools online update capabilities.
There is no exploit code required.
McAfee VirusScan Unauthorized Access
10 Secunia, Advisory: SA19460, March 30, 2006 WebShield SMTP 4.5 MR1a
A vulnerability has been reported in WebShield that could let remote malicious users execute arbitrary code.
There is no exploit code required.
McAfee WebShield Arbitrary Code Execution
10 Security Tracker, Alert ID: 1015861, April 4, 2006 Office XP, XP SP1, XP SP2, XP SP3
A vulnerability has been reported in Office XP, array index, that could let remote malicious users cause a Denial of Service.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script, excel_03262006.rar, has been published.
Microsoft Office XP Denial of Service
1.4 Security Focus, ID: 17252, March 27, 2006 Windows Help File Viewer
A heap overflow vulnerability has been reported in Windows Help File Viewer that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Windows Help File Viewer Arbitrary Code Execution
5.6 Security Focus, ID: 17325, March 31, 2006 RealPlayer 8, 10, 10.0.6, 10.5, RealOne Player, and RealPlayer Enterprise
A buffer overflow vulnerability has been reported in RealPlayer, Mimio Broadcast file processing, that could let remote malicious users execute arbitrary code.
There is no exploit code required.
RealPlayer Arbitrary Code Execution
7 Security Tracker, Alert ID: 1015810, March 24, 2006
SiteSearch Indexer 3.5 An input validation vulnerability has been reported in SiteSearch Indexer, searchresults.asp, that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
SiteSearch Indexer Cross-Site Scripting
2.3 Security Focus, ID: 17332, March 31, 2006 SynchronEyes 6.0
Multiple vulnerabilities have been reported in SynchronEyes that could let remote malicious users cause a Denial of Service.
No workaround or patch available at time of publishing.
There is no exploit code required.
SynchronEyes Denial of Service
Not Available Security Focus, ID: 17373, April 4, 2006 Total Commander prior to 6.54 A buffer overflow vulnerability has been reported in Total Commander that could let remote malicious users execute arbitrary code.
There is no exploit code required.
Total Commander Arbitrary Code Execution Not Available Security Tracker, Alert ID: 1015852, March 31, 2006 UltraVNC 1.0.1 Multiple buffer overflow vulnerabilities have been reported in UltraVNC that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script, uvncbof.zip, has been published.
UltraVNC Arbitrary Code Execution
Not Available Security Focus, ID: 17378, April 4, 2006
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
Mac OS X Server 10.4.5, OS X 10.4.5 | A vulnerability has been reported on Intel-based Macintosh computers due to an unspecified error, which could let a remote malicious user bypass the firmware password. Currently we are not aware of any exploits for this vulnerability. | Mac OS X Firmware Password Bypass | 4.9 | Apple Security Advisory, APPLE-SA-2006-04-03, April 3, 2006 |
Safari RSS 2.3 pre-release, 2.0-2.0.2, 1.3, 1.2-1.2.3, 1.0, 1.1, Beta 2, Mac OS X Server 10.4-10.4.5, Mac OS X 10.4-10.4.5 | A remote Denial of Service vulnerability has been reported in 'ImageIO' due to a failure to process malicious image files. No workaround or patch available at time of publishing. There is no exploit code required. | Apple Mac OS X Remote Denial of Service | 2.3 | Security Focus, Bugtraq ID: 17321, March 30, 2006 |
BusyBox Linux Utilities | A vulnerability has been reported in 'passwd' due to a design flaw that results in password hashes being created in an insecure manner, which could let a malicious user bypass security restrictions. No workaround or patch available at time of publishing. Precomputed password hashes can be used to exploit this vulnerability. | BusyBox Insecure Password Hash | 1.6 | Secunia Advisory: SA19477, March 31, 2006 |
Crafty Syntax Image Gallery 3.1g. | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'slides.php' due to insufficient sanitization of the 'limitquery_s' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported due to insufficient verification of images during the upload process, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, an exploit script, crappy_syntax.pl, has been published. | Crafty Syntax Image Gallery SQL Injection & Image Verification | Not Available | Secunia Advisory: SA19478, April 5, 2006 |
FreeRADIUS 1.0-1.0.5 | A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service. Currently we are not aware of any exploits for this vulnerability. | FreeRADIUS EAP-MSCHAPv2 Authentication Bypass | 8 | Security Focus, Bugtraq ID: 17171, March 21, 2006 SUSE Security Announcement, SUSE-SA:2006:019, March 28, 2006 RedHat Security Advisory, RHSA-2006:0271-11, April 4, 2006 Gentoo Linux Security Advisory, GLSA 200604-03, April 4, 2006 |
Mailman 2.1-2.1.5, 2.0-2.0.14 | A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename. There is no exploit code required. | GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service | Secunia Advisory: SA17511, November 14, 2005 Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005 SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006 Ubuntu Security Notice, USN-242-1 January 16, 2006 Debian Security Advisory, DSA-955-1, January 25, 2006 RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006 Trustix Secure Linux Security Advisory #2006-0012, March 10, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 | |
GNU Privacy Guard prior to 1.4.2.2. | A vulnerability has been reported caused due to an error in the detection of unsigned data, which could let a remote malicious user inject arbitrary data and bypass verification. There is no exploit code required. | GnuPG Unsigned Data Injection Detection | GNU Security Advisory, March 9, 2006 Debian Security Advisory, DSA 993-1, March 10, 2006 Gentoo Linux Security Advisory, GLSA 200603-08, March 10, 2006 SUSE Security Announcement, SUSE-SA:2006:014, March 10, 2006 Slackware Security Advisory, SSA:2006-072-02, March 13, 2006 RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006 Ubuntu Security Notice, USN-264-1, March 13, 2006 Trustix Secure Linux Security Advisory #2006-0014, March 20, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 | |
GnuPG / gpg prior to 1.4.2.1 | A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.
There is no exploit code required; however, a Proof of Concept exploit has been published. | GnuPG Detached Signature Verification Bypass | 4.9 | GnuPG Advisory, February 15, 2006 Fedora Update Notification, Debian Security Advisory, Mandriva Security Advisory, MDKSA-2006:043, February 17, 2006 Ubuntu Security Notice, USN-252-1, February 17, 2006 Gentoo Linux Security Advisory, GLSA 200602-10, February 18, 2006 SuSE Security Announcement, SUSE-SA:2006:009, February 20, 2006 SUSE Security Announcement, SUSE-SA:2006:013, March 1, 2006 SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006 Slackware Security Advisory, SSA:2006-072-02, March 13, 2006 RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 |
XFIT/S/ZGN 0, | A remote Denial of Service vulnerability has been reported due to an unspecified error when the service receives data unexpectedly. Currently we are not aware of any exploits for this vulnerability. | Hitachi XFIT/S Remote Denial of Service | 2.3 | Hitachi Security Advisory, HS06-004, March 31, 2006 |
Horde Application Framework 3.0.9 & prior | A vulnerability has been reported in 'services/go.php' due to insufficient verification of the 'url' parameter before using in a 'readfile()' call, which could let a remote malicious user obtain sensitive information. Currently we are not aware of any exploits for this vulnerability. | Horde Information Disclosure | 2.3 | Secunia Advisory: SA19246, March 15, 2006 Gentoo Linux Security Advisory, GLSA 200604-02, April 4, 2006 |
Kaffeine Media Player 0.4.2-0.7.1 | A buffer overflow vulnerability has been reported in the 'http_peek()' function when creating HTTP request headers for retrieving remote playlists, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Kaffeine Buffer Overflow | 5.6 | KDE Security Advisory, April 4, 2006 Debian Security Advisory, Mandriva Linux Security Advisory MDKSA-2006:065, April 5, 2006 Gentoo Linux Security Advisory, GLSA 200604-04, April 5, 2006 |
MediaWiki 1.5.7 | An HTML injection vulnerability has been reported in the Encoded Page Link due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerability can be exploited via a web client. | MediaWiki HTML Injection | 2.3 | Security Focus, Bugtraq ID: 17269, March 27, 2006 SUSE Security Summary Report, SUSE-SR:2006:007, March 31, 2006 Gentoo Linux Security Advisory, GLSA 200604-01, April 4, 2006 |
mpg123 0.59 r | A vulnerability has been reported when handling MP3 streams, which could let a remote malicious user corrupt memory or possibly execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept Denial of Service exploit script, mpg1DoS3.pl, has been published. | MPG123 Malformed MP3 File Memory Corruption | Not Available | Security Focus, Bugtraq ID: 17365, April 4, 2006 |
Linux kernel 2.6- 2.6.14 | A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPV6 Denial of Service | Secunia Advisory: SA17261, October 21, 2005 Fedora Update Notifications, Security Focus, Bugtraq ID: 15156, October 31, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 SmoothWall Advisory, March 15, 2006 Debian Security Advisory, Debian Security Advisory, Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
RedHat Fedora Core4, Enterprise Linux WS 3, WS 2.1 IA64, WS 2.1, ES 3, ES 2.1 IA64, ES 2.1, AS 3, AS 2.1 IA64, AS 2.1, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; | A Cross-site scripting vulnerability has been reported in 'phpinfo()' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. A CVS fix is available. Vulnerability may be exploited with a web client. | PHP 'PHPInfo' Cross-Site Scripting | Not Available | Security Focus, Bugtraq ID: 17362, April 4, 2006 |
Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1 | A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences. Currently we are not aware of any exploits for this vulnerability. | Squid NTLM Authentication Remote Denial of Service | Secunia Advisory: SA16992, September 30, 2005 Ubuntu Security Notice, USN-192-1, September 30, 2005 Debian Security Advisory, DSA 828-1, September 30, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005 SCO Security Advisory, SCOSA-2005.44, November 1, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 RedHat Security Advisory, RHSA-2006:0052-7, March 7, 2006 RedHat Security Advisory, RHSA-2006:0045-8, March 15, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 | |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in the attachment-scrubber utility. Update to version 2.1.6 or later. There is no exploit code required. | GNU Mailman Attachment Scrubber Remote Denial of Service | Security Focus, Bugtraq ID: 17311, March 29, 2006 Mandriva Security Advisory, MDKSA-2006:061, March 29, 2006 Ubuntu Security Notice, USN-267-1, April 03, 2006 Debian Security Advisory, | |
Linux kernel
| A vulnerability has been reported in the 'restore_sigcontext()' function due to a failure to restrict access to the 'ar.rsc' register, which could let a malicious user cause a Denial of Service or obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 64 Bit 'AR-RSC' Register Access | Security Tracker Alert ID: 1014275, June 23, 2005 SUSE Security Announce- RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Debian Security Advisories, DSA 921-1 & 922-1, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 Debian Security Advisory, Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
Linux kernel 2.6-2.6.12 .1 | A vulnerability has been reported due to insufficient authorization before accessing a privileged function, which could let a malicious user bypass IPSEC policies.
This issue has been addressed in Linux kernel 2.6.13-rc7. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPSec Policies Authorization Bypass | Ubuntu Security Notice, USN-169-1, August 19, 2005 Security Focus, Bugtraq ID 14609, August 19, 2005 Security Focus, Bugtraq ID 14609, August 25, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005 Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 Debian Security Advisory, Debian Security Advisory, Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
Linux kernel 2.6-2.6.14 | A Denial of Service vulnerability has been in 'sysctl.c' due to an error when handling the un-registration of interfaces in '/proc/sys/net/ipv4/conf/.' There is no exploit code required. | Linux Kernel 'Sysctl' Denial of Service | Secunia Advisory: SA17504, November 9, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 Debian Security Advisory, Debian Security Advisory, Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39 | A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands. There is no exploit code required; however, a Proof of Concept exploit has been published. | Linux Kernel Console Keymap Arbitrary Command Injection | Security Focus, Bugtraq ID: 15122, October 17, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 Fedora Update Notification, Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 SmoothWall Advisory, March 15, 2006 Debian Security Advisory, Debian Security Advisory, Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS; | A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel PTrace 'CLONE_ | Secunia Advisory: SA17761, November 29, 2005 Fedora Update Notification, SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006 Debian Security Advisory, Debian Security Advisory, Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
Linux kernel 2.6-2.6.15 | A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space. An exploit script has been published. | Linux Kernel PrintK Local Denial of Service | Security Focus, Bugtraq ID: 15627, November 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 Debian Security Advisory, Debian Security Advisory, DSA-1018-1, March 24, 2006 Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
RealOne Helix Player 1.x, | Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the handling of the 'chunked' Transfer-Encoding method due to a boundary error, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported when processing SWF files due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to the incorrect use of the 'CreateProcess()' API when executing other programs, which could let a remote malicious user execute arbitrary code. A Proof of Concept exploit script, realplayer-swf-PoC.pl.txt, has been published. | RealNetworks Products Multiple Buffer Overflow | Secunia Advisory: SA19358, March 27, 2006 Gentoo Linux Security Advisory, GLSA 200603-24, March 26, 2006 SUSE Security Announcement, SUSE-SA:2006:018, March 23, 2006 RedHat Security Advisory, RHSA-2006:0257-9, March 22, 2006 Packetstorm, April 1, 2006 | |
SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
| A Denial of Service vulnerability has been reported in FlowLable. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPv6 FlowLable Denial of Service | Security Focus, Bugtraq ID: 15729, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 Debian Security Advisory, Debian Security Advisory, Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in the kernel driver for compressed ISO file systems when attempting to mount a malicious compressed ISO image. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel ISO File System Remote Denial of Service | Ubuntu Security Notice, USN-169-1, August 19, 2005 SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 Debian Security Advisory, Debian Security Advisory. Debian Security Advisory, DSA 1018-2, April 5, 2006 | |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in the email date parsing functionality due to an error in the handling of dates. There is no exploit code required. | GNU Mailman Remote Denial of Service | Security Focus, Bugtraq ID: 16248, January 16, 2006 Ubuntu Security Notice, USN-242-1 January 16, 2006 Debian Security Advisory, DSA-955-1, January 25, 2006 RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006 Trustix Secure Linux Security Advisory #2006-0012, March 10, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 | |
VServer util-vserver 0.30.210, 0.30.209, util-vserver 0; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha | A vulnerability has been reported in the util-vserver package 'suexec,' which could let a remote malicious user obtain elevated privileges. No workaround or patch available at time of publishing. There is no exploit code required. | Util-VServer Elevated Privileges | Not Available | Security Focus, Bugtraq ID: 17361, April 4, 2006 |
Openwall | A vulnerability has been reported in the 'crypt_gensalt' functions for BSDI-style extended DES-based and Currently we are not aware of any exploits for this vulnerability. | Openwall 'crypt_blowfish' Information Disclosure | Secunia Advisory: SA18772, February 8, 2006 | |
Vixie Cron 4.1 | A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information. There is no exploit code required; however, a Proof of Concept exploit script has been published. | Security Focus, 13024, April 6, 2005 Fedora Update Notification, Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:361-19, October 5, 2005 RedHat Security Advisory, RHSA-2006:0117-7, March 15, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 | ||
RedHat initscripts 7.93.24, Enterprise Linux WS 4, ES 4, AS 4m Desktop 4.0 | A vulnerability has been reported when the 'sbin/service' command is run due to an error when handling certain variables, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. | Red Hat Initscripts Elevated Privileges | 7 | RedHat Security Advisory, RHSA-2006:0016-18, March 7, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 |
Samba 3.0.21, a-c | A vulnerability has been reported because the 'winbindd' daemon saves the machine trust account credentials to world-readable winbind log files in clear text, which could let a malicious user obtain sensitive information. There is no exploit code required. | Samba Machine Trust Account Information Disclosure | 1.6 | Secunia Advisory: SA19455, March 30, 2006 Trustix Secure Linux Security Advisory #2006-0018, April 4, 2006 |
Sendmail prior to 8.13.6 | A vulnerability has been reported due to a race condition caused by the improper handling of asynchronous signals, which could let a remote malicious user execute arbitrary code. A Proof of Concept exploit script, sendtest.c, has been published. | Sendmail Asynchronous Signal Handling Remote Code Execution | 8 | Internet Security Systems Protection Advisory, March 22, 2006 Technical Cyber Security Alert TA06-081A RedHat Security Advisories, RHSA-2006:0264-8 & RHSA-2006:0265-9, March 22, 2006 Sun(sm) Alert Notification Gentoo Linux Security Advisory, GLSA 200603-21, March 22, 2006 SUSE Security Announcement, SUSE-SA:2006:017, March 22, 2006 FreeBSD Security Advisory, FreeBSD-SA-06:13, March 22, 2006 Slackware Security Advisory, SSA:2006-081-01, March 22, 2006 Avaya Security Advisory, ASA-2006-074, March 24, 2006 Debian Security Advisory, HP Security Bulletin, NetBSD Security Advisory, /NetBSD-SA2006-010, March 28, 2006 SGI Security Advisory, 20060302-01-P, March 22, 2006 F-Secure Security Bulletin, FSC-2006-2, March 28, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 |
storeBackup 1.18-1.18.4 | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information. There is no exploit code required. | StoreBackup Insecure Temporary File Creation | Security Focus, Bugtraq ID: 14985, September 30, 2005 SUSE Security Summary Report, Debian Security Advisory, | |
Solaris 9.0 _x86, 9.0, 8.0 _x86, 8.0, | A vulnerability has been reported in the SunPlex Manager GUI due to an unspecified error, which could let a malicious user obtain sensitive information. There is no exploit code required. | Sun Cluster SunPlex Manager Information Disclosure | 1 | Sun(sm) Alert Notification Sun Alert ID: 102278, March 29, 2006 |
Open Motif 2.2.3 | Two buffer overflow vulnerabilities have been reported in libUil (User Interface Language): a buffer overflow vulnerability was reported in 'diag_issue_diagnostic()' due to the use of the vsprintf() libc procedure, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'open_source_ Currently we are not aware of any exploits for these vulnerabilities. | Security Focus, Bugtraq ID: 15678, December 2, 2005 Gentoo Linux Security Advisory, GLSA 200512-16, December 28, 2005 Red Hat Security Advisory, RHSA-2006:0272-01, April 4, 2006 | ||
xine-lib 1.1.1 | A buffer overflow vulnerability has been reported when processing a malformed MPEG stream due to a failure to properly bounds check user-supplied input data prior to copying it to an insufficiently-sized memory buffer, No workaround or patch available at time of publishing. A Proof of Concept exploit script, xinelib_poc.pl, has been published. | Xine-Lib Malformed MPEG Stream Buffer Overflow | Not Available | Security Focus, Bugtraq ID: 17370, April 4, 2006 |
| Multiple Operating Systems - Windows/UNIX/Linux/Other | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
MonAlbum 0.8.7 | SQL injection vulnerabilities have been reported in 'image_agrandir.php' due to insufficient sanitization of the 'pnom' and 'pcourriel' parameters and in 'index.php' due to insufficient sanitization of the 'pc' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | MonAlbum SQL Injection | 4.7 | Secunia Advisory: SA19503, April 3, 2006 |
AngelineCMS 0.8.1 | A file include vulnerability has been reported in 'Loadkernel.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, an exploit script, angelineCMS.pl, has been published. | AngelineCMS Remote File Include | Not Available | Security Focus, Bugtraq ID: 17371, April 4, 2006 |
libapreq2 2.0.6 | A remote Denial of Service vulnerability has been reported due to errors in the 'apreq_parse_ Currently we are not aware of any exploits for this vulnerability. | Apache Libapreq2 Remote Denial of Service | 2.3 | Security Focus, Bugtraq ID: 16710, February 17, 2006 Debian Security Advisory, Debian Security Advisory, DSA 1000-2, April 3, 2006 |
Struts prior to 1.2.9 | Multiple vulnerabilities have been reported: a vulnerability was reported in 'RequestProcessor' because all actions can be cancelled, which could let a remote malicious user bypass security restrictions; a remote Denial of Service vulnerability was reported in 'ActionForm' because the public method 'getMultipartRequest Vulnerabilities can be exploited through a web client. | Apache Struts Multiple Vulnerabilities | 7 3.3 2.3 | Security Focus, Security Tracker Alert ID: 1015856, April 1, 2006 |
aphpkb 0.57 | Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | Andy's PHP Knowledgebase Multiple Cross-Site Scripting | 7 | Security Focus, Bugtraq ID: 17377, March 27, 2006 |
Arab Portal 2.0.1 Stable | Multiple input-validation vulnerabilities have been reported including Cross-Site Scripting and SQL injection, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published. | ArabPortal Multiple Input Validation | Security Focus, Bugtraq ID: 17375, April 4, 2006 | |
aWebBB 1.2 | Several vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported in 'post.php' due to insufficient sanitization of the 'tname' and 'fpost' parameters, in 'editac.php' due to insufficient sanitization of the 'fullname,' 'emailadd,' 'country,' 'sig,' and 'otherav' parameters, and in 'register.php' due to insufficient sanitization of the 'fullname,' 'emailadd,' and 'country' parameters, which could let a remote malicious user execute arbitrary HTML and script code; and SQL injection vulnerabilities were reported in 'accounts.php,' 'changep.php,' 'editac.php,' 'feedback.php,' 'fpass.php,' 'login.php,' 'post.php,' 'reply.php,' and reply_log.php' due to insufficient sanitization of the 'username' parameter, in 'dpost.php' due to insufficient sanitization of the 'p' parameter, in 'ndis.php' and 'list.php' due to insufficient sanitization of the 'c' parameter, and in 'search.php' due to insufficient sanitization of the 'q' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through use of a web client. | AWebBB Multiple Input Validation | 2.3 1.9 | Secunia Advisory: SA19486, April 3, 2006 |
Barracuda Spam Firewall with firmware prior to 3.3.03.022 and with spamdef prior to 3.0.10045 | Several buffer overflow vulnerabilities have been reported: a buffer overflow vulnerability was reported when a remote malicious user submits email that contains a specially crafted LHA archive with a long filename, which could lead to the execution of arbitrary code; and a buffer overflow vulnerability was reported when a remote malicious user submits an email that contains a specially crafted ZOO archive, which could lead to the execution of arbitrary code. Update to firmware version 3.3.03.022. Currently we are not aware of any exploits for these vulnerabilities. | Barracuda Spam Firewall Buffer Overflows | 10 3.9 | Security Tracker Alert ID: 1015866, April 4, 2006 |
BASE Basic Analysis and Security Engine BASE Basic Analysis and Security Engine 1.2-1.2.2 | A vulnerability has been reported in 'base_maintenance.php' due to an unspecified error, which could let a remote malicious user bypass authentication mechanisms. Vulnerability could be exploited with a web client. | Basic Analysis and Security Engine Authentication Bypass | 2.3 | Secunia Advisory: SA19510, April 3, 2006 |
CSS11500 Content Services Switch 7.30 (00.09)S, 7.30 (00.08)S, 7.20 (03.10)S, 7.20 (03.09)S, 7.10 (05.07)S, 7.5, 7.4, CSS11500 Content Services Switch | A remote Denial of Service vulnerability has been reported in the HTTP compression functionality Currently we are not aware of any exploits for this vulnerability. | Cisco 11500 Content Services Switch Remote Denial of Service | 2.3 | Cisco Security Advisory, cisco-sa-20060405, April 5, 2006 |
Claroline 1.7.4, 1.7.2, 1.6, rc1, beta, 1.5.4, 1.5.3, 1.5 | Multiple vulnerabilities have been reported: a Directory Traversal vulnerability was reported in 'rqmkhtml.php' due to insufficient sanitization of the 'file' parameter before using to view files, which could let a remote malicious user obtain sensitive information; a Cross-Site Scripting vulnerability was reported in 'rqmkhtml.php' due to insufficient sanitization of the 'file' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a file include vulnerability was reported in 'claroline/ No workaround or patch available at time of publishing. Vulnerabilities can be exploited with a web client; however, Proof of Concept exploit scripts, claroline-1.7.4-remote-and | Claroline Multiple Vulnerabilities | 7 2.3 4.9 | Secunia Advisory: SA19461, April 3, 2006 |
CzarNews 1.14 | Several vulnerabilities have been reported: a script insertion vulnerability was reported in 'news.php' due to insufficient sanitization of the 'email' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'cn_auth.php' due to insufficient sanitization of the 'usern' and 'passw' parameters, in 'news.php' due to insufficient sanitization of the 's' parameter, and in 'dpost.php' due to insufficient sanitization of the 'a' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. Vulnerabilities could be exploited with a web client. | CzarNews Script Insertion & SQL Injection | 2.3
| Secunia Advisory: SA19541, April 5, 2006 |
DbbS 2.0-alpha & prior | An SQL injection vulnerability has been reported in 'topics.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | DbbS SQL Injection | 7 | Security Focus, Bugtraq ID: 17338, March 31, 2006 |
| DIA
DIA 0.87-0.94 | Multiple remote buffer overflow vulnerabilities have been reported due to a failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers, which could let a remote malicious user execute arbitrary code. The vendor has released version 0.95-pre6, along with a patch for 0.94 to address these issues. Currently we are not aware of any exploits for these vulnerabilities. | DIA XFIG File Import Multiple Remote Buffer Overflows | 5.6 | Security Focus, Bugtraq ID: 17310, March 29, 2006 Mandriva Security Advisory, MDKSA-2006:062, April 3, 2006 Debian Security Advisory, |
Esqlanelapse 2.2, 2.0 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerability could be exploited with a web client. | Esqlanelapse Cross-Site Scripting | 2.3 | Security Focus, Bugtraq ID: 17331, April 1, 2006 |
Exponent CMS prior to 0.96.5 RC 1 | Vulnerabilities have been reported in the banner module and image functionality due to unspecified input validation errors, which could let a remote malicious user execute arbitrary PHP code. The vendor has released version 0.96.5-RC1 to address this issue. Vulnerabilities can be exploited through a web client. | Exponent CMS Arbitrary Script Execution | 7 7 2.3 7 | Security Focus, Bugtraq ID: 17357, April 3, 2006 |
Blank'N'Berg 0.2 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported due to insufficient validation of the '_path' parameter, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the '_path' parameter before displaying, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Vulnerabilities may be exploited with a web client; however, Proof of Concept exploits have been published. | Blank'N'Berg Directory Traversal & Cross-Site Scripting | 4.7 4.7 | Security Tracker Alert ID: 1015854, March 31, 2006 |
gtd-php 0.5 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to various fields in 'newProject.php,' 'newList.php,' 'newWaitingOn.php,' newChecklist.php,' 'newContext.php,' 'newCategory.php,' and 'newGoal.php' before using, which could let a remote malicious user execute arbitrary HTML and script code; and a Script Insertion vulnerability was reported due to insufficient sanitization of the 'listTItle' parameter in 'listReport.php,' in 'projectReport.php' due to insufficient sanitization of the 'projectName' parameter, and in 'checklistReport.php' due to insufficient sanitization of the 'checklistTitle' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited via a web client. | gtd-php Cross-Site Scripting & Script Insertion | 2.3 | Secunia Advisory: SA19512, April 3, 2006 |
Groupmax World Wide Web 2.x, 3.x, World Wide Web Desktop 5.x, 6.x, World Wide Web Desktop for Jichitai 6.x,World Wide Web Desktop for Scheduler 5.x, World Wide Web for Scheduler 2.x, 3.x | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerability can be exploited through a web client. | Hitachi Groupmax World Wide Web Cross-Site Scripting | 4.7 | Hitachi Security Advisory, HS06-005, March 31, 2006 |
Horde 3.0-3.0.9, 3.1 | A vulnerability has been reported in Help Viewer which could let a remote malicious user execute arbitrary PHP code.
Vulnerability can be exploited via a web client. | Horde Help Viewer Remote PHP Code Execution | 7 | Security Focus, Bugtraq ID: 17292, March 29, 2006 SUSE Security Summary Report, SUSE-SR:2006:007, March 31, 2006 Gentoo Linux Security Advisory, GLSA 200604-02, April 4, 2006 |
Interact 2.1, 2.1.1 | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'login.php' script because different error responses are returned depending on whether the username is valid or invalid, which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to insufficient sanitization of the 'search_terms' parameter in 'search.php' and various fields when creating an account, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'login.php' due to insufficient sanitization of the 'user_name' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | Interact Multiple Vulnerabilities | Not Available | Secunia Advisory: SA19488, April 5, 2006 |
Site Man 0 | An SQL injection vulnerability has been reported in 'admin_login.asp' due to insufficient sanitization of the 'txtpassword' parameter before using in a SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | SiteMan SQL Injection | 7 | Secunia Advisory: SA19500, April 3, 2006 |
Doomsday Engine 1.9, 1.8.6 | Format string vulnerabilities have been reported in the 'Con_Message()' and 'conPrintf()' functions when connecting to port 13209/tcp and passing a specially crafted JOIN command, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. Vulnerabilities can be exploited through use of a web client; however, a Proof of Concept exploit has been published. | Doomsday Engine Format Strings |
| Security Tracker Alert ID: 1015860, April 4, 2006 Gentoo Linux Security Advisory, GLSA 200604-05, April 6, 2006 |
KGB Archiver 1.1.5 21 | A Directory Traversal vulnerability has been reported when decompressing archives due to an input validation error, which could let a remote malicious user obtain sensitive information. There is no exploit code required. | KGB Archiver Directory Traversal | 2.3 | Secunia Advisory: SA19511, April 3, 2006 |
lucidCMS 2.0.0 RC4 | Cross-Site Scripting vulnerabilities have been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published. | LucidCMS Cross-Site Scripting | 2.3 2.3 | Security Focus, Bugtraq ID: 17360, April 3, 2006 |
Mantis 1.0.1, 1.0.0rc5 & prior | Cross-Site Scripting vulnerabilities have been reported in 'view_all_set.php' due to insufficient sanitization of the 'start_day,' 'start_year,' and 'start_month' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | Mantis Cross-Site Scripting | 7 | Security Focus, Bugtraq ID: 17326, March 31, 2006 |
MediaSlash Gallery 0 | A file include vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | MediaSlash Gallery Remote File Include | 7 | Security Focus, Bugtraq ID: 17323, March 30, 2006 |
MyBulletinBoard 1.10 | An HTML injection vulnerability has been reported due to insufficient sanitization of the 'email' BBcode tag when posting a message, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited via a web client. | MyBulletinBoard Email HTML Injection | 7 | Security Focus, Bugtraq ID: 17368, April 4, 2006 |
MySQL 5.0.18 | A vulnerability has been reported when handling query logging due to a discrepancy between the handling of NULL bytes in input data, which could let a remote malicious user bypass certain security restrictions. A Proof of Concept exploit has been published. | MySQL Query Logging Bypass | 4.9 | Security Focus, Bugtraq ID: 16850, February 27, 2006 Mandriva Security Advisory, MDKSA-2006:064, April 3, 2006 |
NetBSD 3.0, 2.1, 2.0-2.0.3, 1.6-1.6.2 | A vulnerability has been reported in 'If_Bridge(4)' because used stack memory is not zero out by IOCTL calls, which could let a malicious user obtain sensitive information. Currently we are not aware of any exploits for this vulnerability. | NetBSD Information Disclosure | 1.6 | NetBSD Security Advisory, NetBSD-SA2006-005, March 30, 2006 |
NetBSD 1.x | A vulnerability has been reported because the 'mail' program creates records with insecure permissions when the 'set record' setting is present in a user's .mailrc and the default umask is set, which could let a malicious user obtain sensitive information. Currently we are not aware of any exploits for this vulnerability. | NetBSD mail(1) Insecure File Permissions | 1.6 | NetBSD Security Advisory, NetBSD-SA2006-007, March 30, 2006 |
Oxygen 1.1-1.1.3 | An SQL injection vulnerability has been reported in 'post.php' due to insufficient sanitization of the 'fid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Oxygen SQL Injection | 2.3 | Secunia Advisory: SA19481, March 31, 2006 |
PHP 4.3.x, 4.4.x, 5.0.x, 5.1.x | A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information. The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP Information Disclosure | 2.3 | Secunia Advisory: SA19383, March 29, 2006 Mandriva Security Advisory, MDKSA-2006:063, April 2, 2006 |
phpBB 2.0.19 | A Cross-Site Scripting vulnerability has been reported in 'profile.php' due to insufficient sanitization of the 'cur_password' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through use of a web client. | phpBB Cross-Site Scripting | 2.3 | Secunia Advisory: SA19494, April 3, 2006 |
phpMyChat 0.14.5, 0.14.4 | An SQL injection vulnerability has been reported in 'MessagesL.PHP3' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, an exploit script, phpMyChat_0.14.5_ | PHPMyChat SQL Injection | Not Available | Security Focus, Bugtraq ID: 17382, April 5, 2006 |
PHPNuke-Clan 3.0.1 | A file include vulnerability has been reported in 'modules/vWar_account/ No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, an exploit script, pnc.pl.txt, has been published. | PHPNuke-Clan Remote File Include | 7 | Security Focus, Bugtraq ID: 17356, April 3, 2006 |
Submit-A-Link 0 | An HTML injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, Proof of Concept exploit scripts, linksubmit_poc.pl and linksubmit.txt, have been published. | PHPSelect Submit-A-Link HTML Injection | 7 | Security Focus, Bugtraq ID: 17348, April 1, 2006 |
qliteNews 2005.07.01 | An SQL injection vulnerability has been reported in 'loginprocess.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | qliteNews SQL Injection | 5.6 | Secunia Advisory: SA19476, March 31, 2006 |
RedCMS 0.1 | Several vulnerabilities have been reported: a script insertion vulnerability was reported in 'register.php' due to insufficient sanitization of the 'Email,' 'Location,' and "website' fields before storing in a member's profile, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'login.php' and 'register.php' due to insufficient sanitization of the 'username' parameter and in 'profile.php' due to insufficient sanitization of the 'u' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited with a web client. | RedCMS SQL Injection & Script Insertion | 5.6 5.6 | Secunia Advisory: SA19475, March 31, 2006 |
ReloadCMS 1.2.5 | A vulnerability has been reported due to insufficient sanitization of the 'User-Agent' header field in an HTTP request before displaying, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, reloadcms_poc, has been published. | ReloadCMS HTML Injection | Not Available | Security Focus, Bugtraq ID: 17353, April 2, 2006 |
X-Changer 0.2 | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'from,' 'into,' and 'id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | X-Changer SQL Injection | 7 | Secunia Advisory: SA19459, March 31, 2006 |
Image Gallery 0 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published. | Softbiz Image Gallery Multiple SQL Injection | Not Available | Security Focus, Bugtraq ID: 17339, March 31, 2006 |
v-creator prior to 1.3-pre3 | A vulnerability has been reported in 'VCEngine.php' due to an input validation error in the 'enrypt()' and 'decrypt()' functions, which could let a remote malicious user execute arbitrary shell commands. Vulnerability has been fixed in version 1.3-pre3. Vulnerability can be exploited via a web client. | V-creator Remote Shell Code Execution | 7 | Security Focus, Bugtraq ID: 17328, April 3, 2006 |
QLnews 1.2 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'autorx' and 'newsx' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'admin.php' due to insufficient sanitization of input passed to configuration parameters before storing in 'config.php' which could let a remote malicious user execute arbitrary php code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited with a web client. | QLnews Multiple Input Validation | 7 7 | Security Focus, Bugtraq ID: 17335, April 3, 2006 |
VBook 2.0 | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'autor,' 'email,' 'www,' 'temat,' and 'tresc' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'x' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'config.php' due to insufficient sanitization of configuration parameters in 'admin.php' before storing, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | VBook Input Validation | 5.6 7 8 | Secunia Advisory: SA19448, March 30, 2006 |
VNews 1.2 | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'admin/admin.php' due to insufficient sanitization of the 'loginvar' parameter, in 'news.php' due to insufficient sanitization of the 'news' parameter, and in 'news.php' due to insufficient sanitization of the 'nom' parameter, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported in 'news.php' due to insufficient sanitization of the 'autorkomentarza' and 'tresckomentarza' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the administration section when editing variables in 'admin/config.php' before storing, which could let a remote malicious user arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | VNews Multiple Input Validation | 7 2.3 6 | Secunia Advisory: SA19435, March 30, 2006 |
VWar 1.3-1.5 | A file include vulnerability was reported in 'get_header.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_R12.pl, has been published. | VWar Remote File Include | 7 | Security Focus, Bugtraq ID: 17358, April 3, 2006 |
VWar 1.5 & prior | A file include vulnerability has been reported in 'include/ Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, VWar_1.5.0_RCE.php, has been published. | Virtual War File Inclusion | 5.6 | Secunia Advisory: SA19438, March 29, 2006 Secunia Advisory: SA19438, April 4, 2006 |
WebAPP 0.9.9 .3.2 | Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | WebAPP Cross-Site Scripting | 2.3 | Secunia Advisory: SA19506, April 3, 2006 |
Bugzero 4.3.1 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'msg' parameter in various scripts and in 'edit.jsp' due to insufficient sanitization of the 'entryld' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'edit.jsp' due to insufficient sanitization of the 'projectld' parameter and in 'error.jsp' due to insufficient sanitization of the 'error' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploits have been published. | Bugzero Multiple Cross-Site Scripting | 4.7 | Security Focus, Bugtraq ID: 17351, April 3, 2006 |
wpBlog 0.4 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'postid' parameter before using an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | wpBlog SQL Injection | 5.6 | Secunia Advisory: SA19538, April 4, 2006 |
ZDaemon 1.08.01, X-Doom VI 1.6.7 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'is_client_wad_ok' function, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported in the 'ZD_MissingPlayer(),' 'ZD_UseItem(),' and 'ZD_ValidClient()' functions when an invalid value is submitted. No workaround or patch available at time of publishing. A Proof of Concept exploit script, zdaebof.zip, has been published. | Zdaemon Remote Buffer Overflow & Denial of Service | 7 2.3 | Security Focus, Bugtraq ID: 17340, March 31, 2006 |
Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code
that has been identified during the current reporting period.
- Security Worries Hang Up Mobile Plans: Based on concerns over IT security, research indicates that many companies are putting a hold on the introduction of new wireless technologies. A survey published by Symantec and the research arm of UK-based newsmaker The Economist, the threat of virus attacks, potential flaws in smart phone software and a lack of wireless network access controls have forced many enterprise firms to slow down their adoption of additional mobile applications and devices.
- Municipal Wi-Fi Could Cause Headaches: According to the chief technology officer for AirDefense, the largest concern is the ability to compromise the security of the corporate local area network (LAN) regardless of how it is set up. "Even if you have a policy of no Wi-Fi [usage], suddenly Wi-Fi is available on the lamp pole outside."
- 802.11w fills wireless security holes: New cryptographic algorithms have been introduced by IEEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, that patch the holes in the original Wired Equivalent Privacy specification. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network.
- Spy program snoops on cell phones: New software that hides on cell phones and captures call logs and text messages is being sold as a way to monitor kids and spouses. But according to one security company, it is a Trojan horse. The FlexiSpy application captures call logs, text messages and mobile Internet activity, among other things.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
- Multiple Buffer Overflow Vulnerabilities in RealNetworks, Inc.'s Products: US-CERT is aware of multiple vulnerabilities in RealNetworks, Inc.'s Products. Each of these vulnerabilities may result in a buffer overflow within RealPlayer that could allow a remote attacker execute arbitrary code.
- US Takes Interest in DDoS Attacks: Senior levels of the US government are taking an interest in recent distributed Denial of Service (DDoS) attacks against the internet's domain name system. In recent months, there have been large-scale and ongoing attacks against several DNS infrastructure providers, using a newly discovered method that enables the bad guys to greatly amplify the amount of attack traffic they can throw at their targets.
- Active Exploitation of Cross-site Scripting Vulnerability in eBay.com: US-CERT is aware of an active exploitation of a cross-site scripting vulnerability in the eBay website. Successful exploitation may either allow an attacker to obtain sensitive data from stored cookies or redirect auction viewers to phishing sites where further disclosure of login credentials or personal information can occur. US-CERT VU#808921
- Hackers Serve Rootkits with Bagles: According to F-Secure, the latest Bagle.GE variant loads a kernel-mode driver to hide the processes and registry keys of itself and other Bagle-related malware from security scanners.
The use of offensive rootkits in existing virus threats signals an aggressive push by attackers to get around existing anti-virus software and maintain a persistent and undetectable presence on infected machines. - Survey: Identity theft hits 3 percent: According to a study based on the National Crime Victimization Survey (NCVS), an estimated 3.1 percent of American households became victims of identity theft in 2004. The study, which surveyed 42,000 households, found the most likely families to suffer identity theft included those with a young head of household (18 to 24 years of age) and those in the highest income bracket (greater than $75,000 per year). Identity theft was identified as the unauthorized use or attempted use of existing credit cards, accounts such as checking or brokerage accounts, or the misuse of information to obtain new credit accounts or to commit crimes.
- 0603-exploits.tgz: Packet Storm new exploits for March, 2006.
- Vendors failing to secure applications: According to Alan Pallar, director of research for Sans, weak digital security in businesses helps hackers to fund criminal activity. Software application vendors are still failing to sell secure products and it is a problem that is leaving customers open to hacking attacks.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
1 Netsky-P Win32 Worm March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. 2 Zafi-B Win32 Worm June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. 3 Lovgate.w Win32 Worm April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. 4 Mytob.C Win32 Worm March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. 5 Mytob-GH Win32 Worm November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. 6 Nyxum-D Win32 Worm March 2006 A mass-mailing worm that turns off anti-virus, deletes files, downloads code from the internet, and installs in the registry. This version also harvests emails addresses from the infected machine and uses its own emailing engine to forge the senders address. 7 Netsky-D Win32 Worm March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. 8 Mytob-BE Win32 Worm June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. 9 Mytob-AS Win32 Worm June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. 10 Zafi-D Win32 Worm December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. Table updated April 3, 2006
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.