Summary of Security Items from November 24 through November 30, 2005
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, therefore the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to vulnerabilities that appeared in previous bulletins are listed in bold text. The text in the Risk column appears in red for vulnerabilities ranking High. The risks levels applied to vulnerabilities in the Cyber Security Bulletin are based on how the "system" may be impacted. The Recent Exploit/Technique table contains a "Workaround or Patch Available" column that indicates whether a workaround or patch has been published for the vulnerability which the script exploits.
Vulnerabilities
The table below summarizes vulnerabilities that have been identified, even if they are not being exploited. Complete details about patches or workarounds are available from the source of the information or from the URL provided in the section. CVE numbers are listed where applicable. Vulnerabilities that affect both Windows and Unix Operating Systems are included in the Multiple Operating Systems section.
Note: All the information included in the following tables has been discussed in newsgroups and on web sites.
The Risk levels defined below are based on how the system may be impacted:
Note: Even though a vulnerability may allow several malicious acts to be performed, only the highest level risk will be defined in the Risk column.
- High - A high-risk vulnerability is defined as one that will allow an intruder to immediately gain privileged access (e.g., sysadmin or root) to the system or allow an intruder to execute code or alter arbitrary system files. An example of a high-risk vulnerability is one that allows an unauthorized user to send a sequence of instructions to a machine and the machine responds with a command prompt with administrator privileges.
- Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.
- Low - A low-risk vulnerability is defined as one that will provide information to an intruder that could lead to further compromise attempts or a Denial of Service (DoS) attack. It should be noted that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered to be a "High" threat.
| Windows Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
| ASP-Rider 1.6 | A vulnerability has been reported in ASP-Rider that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script has been published. | ASP-Rider SQL Injection href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3931">CVE-2005-3931 | Medium | Secunia, Advisory: SA17792, November 30, 2005 |
| Freeftpd 1.0.10 | Multiple vulnerabilities have been reported in Freeftpd that could let remote malicious users cause a Denial of Service. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Freeftpd Denial of Service | Low | Security Focus , ID: 15557 , November 25, 2005 |
| MailEnable Professional 1.7, Enterprise 1.1 | A vulnerability has been reported in MailEnable that could let remote malicious users cause a Denial of Service. A vendor solution is available: A Proof of Concept exploit has been published. | MailEnable Denial of Service | Low | Security Tracker, Alert ID: 1015268, November 24, 2005 |
Internet Explorer | A vulnerability has been reported in Internet Explorer that could let remote malicious users to obtain unauthorized access. Vendor solutions available: Updated to provide information on proof of concept code, malicious software, and provide additional references. Currently we are not aware of any exploits for this vulnerability. | Microsoft Internet Explorer Unauthorized Access href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1790">CAN-2005-1790 | Medium | Microsoft, Security Advisory 911302, November 21, 2005 Microsoft, Security Advisory 911302, November 29, 2005 |
Windows Microsoft Distribution Transaction Coordinator (MSDTC) and COM+ | A buffer overflow vulnerability has been reported in Windows MSDTC and COM+ that could let local or remote malicious users execute arbitrary code, obtain elevated privileges or cause a Denial of Service. Vendor fix available: Vendor has identified potential issues associated with fix: Avaya: An exploit has been published. | Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service | High | Microsoft, Security Bulletin MS05-051, October 11, 2005 US-CERT VU#180868, Technical Cyber Security Alert TA05-284A, October 11, 2005 Microsoft, Security Advisory 909444, October 14, 2005 Avaya, ASA-2005-214, October 11, 2005 Nortel, Security Advisory Bulletin 2005006316, November 11, 2005 Security Focus, ID: 15056, November 27, 2005 |
A vulnerability has been reported in NetObjects Fusion that could let remote malicious users disclose information. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | NetObjects Fusion Information Disclosure href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3923">CVE-2005-3923 | Medium | Secunia, Advisory: SA17667, November 23, 2005 | |
OASYS Lite 1.0 | A vulnerability has been reported in OASYS Lite that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required. | OASYS Lite Cross-Site Scripting href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3850">CVE-2005-3850 | Medium | Security Focus, ID: 15605, November 28, 2005 |
OKBSYS Lite 1.0 | A vulnerability has been reported in OKBSYS Lite that could let remote malicious users conduct Cross-Site scripting. No workaround or patch available at time of publishing. There is no exploit code required. | OKBSYS Lite Cross-Site Scripting href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3851">CVE-2005-3851 | Medium | Security Focus, ID: 15607, November 28, 2005 |
WebAdmin, TruPrevent Personal 2006, 2005, Titanium 2006 Antivirus + Antispyware, Titanium 2005 Antivirus, Titanium | A heap overflow vulnerability has been reported when attempting to decompress ZOO archive files, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Panda Software Antivirus Library ZOO Archive Heap Overflow | High | Security Focus, Bugtraq ID: 15616, November 29, 2005 |
SpeedCommander 10.51, 11, Squeez 5.0, ZipStar 5.0 | Multiple buffer overflow vulnerabilities have been reported in SpeedCommander, Squeez, and ZipStar that could let remote malicious users execute arbitrary code. Upgrade to newest version: Currently we are not aware of any exploits for this vulnerability. | SpeedProject Arbitrary Code Execution | High | Secunia, Advisory: SA17420, November 24, 2005 |
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
Macintosh OS X
| Multiple vulnerabilities have been reported: a vulnerability was reported when handling HTTP headers in the Apache 2 web server due to an error, which could let a remote malicious user conduct HTTP request smuggling attacks; a vulnerability was reported in the Apache web server's 'mod_ssl' module due to an error, which could let a remote malicious user bypass security restrictions; a vulnerability was reported in 'CoreFoundation' when resolving certain URLs due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in curl when handling NTML authentication due to an error, which could let a remote malicious user compromise a user's system; a vulnerability was reported in 'iodbcadmintoo,' which could let a malicious user execute arbitrary commands with elevated privileges; a vulnerability was reported in OpenSSL when handling certain compatibility options due to an error, which could let a remote malicious user perform rollback attacks; a vulnerability was reported in 'passwordserver' when handling the creation of an Open Directory master server due to an error, which could let a malicious user obtain sensitive information; a vulnerability was reported in the PCRE library used by Safari's JavaScript due to an integer overflow error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in Safari when a downloaded file that contains an overly long filename is downloaded, which could let a remote malicious user save the file outside the designated directory; a vulnerability was reported in Safari because JavaScript dialog boxes don't indicate the web site that created them, which could let a remote malicious user spoof dialog boxes; a vulnerability was reported in Webkit when handling specially crafted content due to a boundary error, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in 'sudo' due to an error, which could let a malicious user execute arbitrary code; and a vulnerability was reported in the syslog server due to insufficient sanitization of messages before recording them, which could let a remote malicious user forge log entries and mislead the system administrator. Patch information available at: Currently we are not aware of any exploits for these vulnerabilities. | High | Apple Security Update, APPLE-SA-2005-11-29, November 29, 2005 | |
Centericq 4.20 | A remote Denial of Service vulnerability has been reported when handling malformed packets on the listening port for ICQ messages. Debian: A Proof of Concept exploit script has been published. | Centericq Empty Packet Remote Denial of Service | Low | Debian Security Advisory. DSA 912-1, November 30, 2005 |
CUPS 1.1.21, 1.1.22 rc1, 1.1.22 | A remote Denial of Service vulnerability exists when a malicious user submits a specially crafted HTTP GET request. Upgrades available at: Fedora: RedHat: SCO: A Proof of Concept exploit has been published. | CUPS HTTP | Low | Security Tracker Alert ID, 1012811, January 7, 2005 Fedora Update Notification, RedHat Security Advisory, RHSA-2005:772-8, September 27, 2005 SCO Security Advisory, SCOSA-2005.51, November 24, 2005 |
| Ezyhelp desk | Multiple vulnerabilities have been reported in Ezyhelpdesk that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Ezyhelpdesk SQL Injection | Medium | Secunia, Advisory: SA17697, November 23, 2005 |
DRZES HMS 3.2 | Several vulnerabilities have been reported: an SQL injection vulnerability has been reported in some input passed in the customer interface due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability has been reported in 'register_domain.php' due to insufficient sanitization of the 'sld' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | drzes HMS SQL Injection & Cross-Site Scripting | Medium | Secunia Advisory: SA17755, November 29, 2005 |
shtool 2.0.1 & prior | A vulnerability has been reported that could let a local malicious user gain escalated privileges. The vulnerability is caused due to temporary files being created insecurely. Gentoo: OpenPKG: RedHat: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> SGI: Ubuntu: Debian: Updates available at: There is no exploit code required. | GNU shtool Insecure | Medium | Secunia Advisory, SA15496, Gentoo Linux Security Advisory, GLSA 200506 OpenPKG Trustix Secure Linux Security Advisory, SGI Security Advisory, 20050703-01-U, July 15, 2005 Ubuntu Security Notice, USN-171-1, August 20, 2005 Debian Security Advisory, DSA 789-1, August 29, 2005 Security Focus, Bugtraq ID: 13767, November 25, 2005 |
HP-UX B.11.23, B.11.11, B.11.00 | A vulnerability has been reported in HP UX running xterm, which could let a malicious user obtain unauthorized access.
Update 1: Preliminary xterm files are available. Currently we are not aware of any exploits for this vulnerability. | HP-UX XTerm Unauthorized Access | Medium | HP Security Advisory, HPSBUX02075, November 14, 2005 HP Security Advisory, HPSBUX02075 Update 1, November 22, 2005 |
UnZip 5.52 | A vulnerability has been reported due to a security weakness when extracting an archive to a world or group writeable directory, which could let a malicious user modify file permissions. Fedora: SCO: Ubuntu: Trustix: Mandriva: Debian: Conectiva: There is no exploit code required. | Info-ZIP UnZip File Permission Modification | Medium | Security Focus, 14450, August 2, 2005 Fedora Update Notification, SCO Security Advisory, SCOSA-2005.39, September 28, 2005 Ubuntu Security Notice, USN-191-1, September 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0053, September 30, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:197, October 26, 2005 Debian Security Advisory, DSA 903-1, November 21, 2005 Conectiva Linux Announcement, CLSA-2005:1049, November 21, 2005 |
CHM lib 0.36, 0.35, 0.3-0.33, 0.2, 0.1 | A buffer overflow vulnerability has been reported in the '_chm_decompress_block()' function due to a boundary error when reading input, which could let a remote malicious user execute arbitrary code. Upgrades available at: SUSE: Debian: Gentoo: Currently we are not aware of any exploits for this vulnerability. | CHM Lib Remote Buffer Overflow | High | Security Focus, Bugtraq ID: 15211, October 26, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Debian Security Advisory, DSA 886-1, November 7, 2005 Gentoo Linux Security Advisory, GLSA 200511-23, November 28, 2005 |
ktools 0.3; | A buffer overflow vulnerability has been reported in the 'VGETSTRING()' marco when generating the output string using the "vsprintf()" function, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | KTools Remote Buffer Overflow | High | Zone-H Research Center Security Advisory 200503, November 27, 2005 |
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
| A vulnerability has been reported in the network bridging functionality, which could let a remote malicious user poison the bridge forwarding table.
Upgrades available at: Ubuntu: There is no exploit code required. | Linux Kernel Network Bridge Information Disclosure | Medium | Security Focus, Bugtraq ID: 15536, November 22, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | Multiple vulnerabilities have been reported: an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' due to the insufficient validation of the 'n_col' value before using to allocate memory, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when processing an XPM file that contains a large number of colors; and an integer overflow vulnerability was reported in '/gtk+/gdk-pixbuf/io-xpm.c' when performing calculations using the height, width, and colors of a XPM file, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. Updates available at: Fedora: RedHat: Gentoo: SuSE: Ubuntu: Mandriva: Trustix: Avaya: Debian: SGI: Currently we are not aware of any exploits for these vulnerabilities. | GTK+ GdkPixbuf XPM Image Rendering Library | High | Fedora Update Notifications RedHat Security Advisory, RHSA-2005:810-9, November 15, 2005 Gentoo Linux Security Advisory GLSA 200511-14, November 16, 2005 SUSE Security Announcement, SUSE-SA:2005:065, November 16, 2005 Ubuntu Security Notice, USN-216-1, November 16, 2005 Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005 Avaya Security Advisory, ASA-2005-229, November 21, 2005 Debian Security Advisory, DSA 911-1, November 29, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005
|
Gentoo Linux; | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user obtain sensitive information or cause a Denial of Service.
Gentoo: There is no exploit code required. | EIX Insecure Temporary File Creation | Medium | Gentoo Linux Security Advisory, GLSA 200511-19, November 22, 2005 |
Gentoo Linux; | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when loading malformed object files, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported which could let a malicious user obtain elevated privileges. Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-15.xml"> Ubuntu: http://security.ubuntu. Mandriva: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> TurboLinux: RedHat: RedHat: http://rhn.redhat. Avaya: Fedora: Mandriva: Currently we are not aware of any exploits for these vulnerabilities. | GDB Multiple Vulnerabilities
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704">CVE-2005-1704 | High | Gentoo Linux Security Advisory, GLSA 200505-15, May 20, 2005 Turbolinux Security Advisory, TLSA-2005-68, June 22, 2005 RedHat Security Advisory, RHSA-2005:659-9, September 28, 2005 RedHat Security Advisory, RHSA-2005:673-5 & RHSA-2005:709-6, October 5, 2005 Avaya Security Advisory, ASA-2005-222, October 18, 2005 Fedora Update Notifications, Mandriva Linux Security Advisory, MDKSA-2005:215, November 23, 2005 |
IPsec-Tools IPsec-Tools 0.5; KAME Racoon prior to 20050307 | A remote Denial of Service vulnerability has been reported when parsing ISAKMP headers. Upgrades available at: Fedora: RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-232.html"> Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-30.xml"> ALTLinux: SUSE: Ubuntu: SCO: SCO: Currently we are not aware of any exploits for this vulnerability. | Low | Fedora Update Notifications, RedHat Security Advisory, Gentoo Linux ALTLinux Security Advisory, SUSE Security Announcement, SUSE-SA:2005:020, March 31, 2005 Ubuntu Security Notice, USN-107-1, April 05, 2005 SCO Security Advisory, SCOSA-2005.37, September 9, 2005 SCO Security Advisory, SCOSA-2005.52, November 28, 2005 | |
Linux kernel 2.6-2.6.12, 2.4-2.4.31
| A remote Denial of Service vulnerability has been reported due to a design error in the kernel. The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue. Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Remote Denial of Service | Low | Ubuntu Security Notice, USN-219-1, November 22, 2005 |
Linux kernel 2.6-2.6.14 | A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself. Upgrades available at: Fedora: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel PTrace 'CLONE_THREAD' Denial of Service | Low | Secunia Advisory: SA17761, November 29, 2005 Fedora Update Notification, |
Linux kernel 2.6-2.6.15 | A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space. Patches available at: An exploit script has been published. | Linux Kernel PrintK Local Denial of Service | Low | Security Focus, Bugtraq ID: 15627, November 29, 2005 |
Linux kernel 2.6-2.6.15
| A Denial of Service vulnerability has been reported because processes are improperly auto-reaped when they are being ptraced. Patches available at: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel PTraced Denial of Service | Low | Security Focus, Bugtraq ID: 15625, November 29, 2005 |
MandrakeSoft Multi Network Firewall 2.0, Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0; | A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied NTLM user name data, which could let a remote malicious user execute arbitrary code. WGet: Daniel Stenberg: Mandriva: Ubuntu: Fedora: Trustix: Gentoo: RedHat: http://rhn.redhat. SUSE: Slackware: Conectiva: SGI: Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor WGet/Curl NTLM Username Buffer Overflow | High | Security Tracker Alert ID: 1015056, October 13, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:182 & 183, October 13, 200 Ubuntu Security Notice, USN-205-1, October 14, 2005 Fedora Update Notifications Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Gentoo Linux Security Advisory. GLSA 200510-19, October 22, 2005 RedHat Security Advisories, RHSA-2005:807-6 & RHSA-2005:812-5, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Slackware Security Advisory, SSA:2005-310-01, November 7, 2005 Conectiva Linux Announcement, CLSA-2005:1045, November 21, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 |
Miklos Szeredi FUSE 2.4 .0, 2.3.0, 2.3 -rc1, 2.2.1, 2.2;
| A vulnerability has been reported because fusermount fails to securely handle special characters specified in mount points, which could let a malicious user cause a Denial of Service or add arbitrary mount points.
Gentoo: Mandriva: There is no exploit code required. | FUSE Mount Options Corruption | Medium | Gentoo Linux Security Advisory, GLSA 200511-17, November 22, 2005 Mandriva Linux Security Advisory, MDKSA-2005:216, November 24, 2005 |
RedHat Enterprise Linux WS 4, WS 3, WS 2.1, IA64, ES 4, ES 3, ES 2.1, IA64, AS 4, AS 3, 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported due to a NULL pointer dereferencing error; and a vulnerability was reported due to a boundary error that causes an out-of-bounds memory access, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. Upgrades available at: Fedora: Gentoo: RedHat: SUSE: Ubuntu: Debian: Mandriva: SGI: Currently we are not aware of any exploits for these vulnerabilities. | Multiple Vendors libungif GIF File Handling | High | Security Tracker Alert ID: 1015149, November 3, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory GLSA 200511-03, November 4, 2005 RedHat Security Advisory, RHSA-2005: SUSE Security Summary Report, Ubuntu Security Notice, USN-214-1, November 07, 2005 Debian Security Advisory, DSA 890-1, November 9, 2005 Mandriva Linux Security Advisory, MDKSA-2005:207, November 10, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 |
Ubuntu Linux 4.1 ppc, ia64, ia32; | A Denial of Service vulnerability has been reported due to a resource leak when handling POSIX timers in the 'exec()' function. Upgrades available at: Ubuntu: Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Resource Leak Denial of Service | Low | Ubuntu Security Notice, USN-219-1, November 22, 2005 |
Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03 | A format string vulnerability has been reported in the 'miniserv.pl' script due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service. No workaround or patch available at time of publishing. An exploit has been published. | Perl 'miniserv.pl' script Format String | Low | Security Focus, Bugtraq ID: 15629, November 29, 2005 |
Net-SNMP 5.2.1, 5.2, 5.1-5.1.2, 5.0.3 -5.0.9, 5.0.1 | A remote Denial of Service vulnerability has been reported when handling stream-based protocols. Upgrades available at: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> Fedora: RedHat: Mandriva: Ubuntu: RedHat: Conectiva: Avaya: SUSE: Debian: Ubuntu: Conectiva: Currently we are not aware of any exploits for this vulnerability. | Net-SNMP | Low | Secunia Trustix Secure Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:720-04, August 9, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:137, August 11, 2005 Ubuntu Security Notice, USN-190-1, September 29, 2005 RedHat Security Advisory, RHSA-2005:395-18, October 5, 2005 Conectiva Linux Announcement, CLSA-2005:1032, October 13, 2005 Avaya Security Advisory, ASA-2005-225, October 18, 200 SUSE Security Summary Report, Announcement ID: SUSE-SR:2005:024, October 21, 2005 Debian Security Advisory, DSA 873-1, October 26, 2005 Ubuntu Security Notice, USN-190-2, November 21, 2005 Conectiva Linux Announcement, CLSA-2005:1050, November 21, 2005 |
NuFW 1.1, 1.0.11-1.0.15 | A Denial of Service vulnerability has been reported due to an error in packet parsing. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | NuFW Malformed Packet Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15645, November 29, 2005 |
Omnistar Live prior to 5.2 | A vulnerability has been reported in Omnistar Live that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Omnistar Live SQL Injection | Medium | Security Focus, ID: 15550, November 23, 2005 |
PCRE 6.1, 6.0, 5.0 | A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code. Updates available at: Ubuntu: Ubuntu: Fedora: Gentoo: Mandriva: SUSE: Slackware: Ubuntu: Debian: SUSE: Gentoo: Conectiva: Gentoo: Debian: Gentoo: Debian: Conectiva: TurboLinux: Avaya: Trustix: HP: Trustix: Updated available at: Currently we are not aware of any exploits for this vulnerability. | PCRE Regular Expression Heap Overflow | High | Secunia Advisory: SA16502, August 22, 2005 Ubuntu Security Notice, USN-173-1, August 23, 2005 Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005 SUSE Security Announcements, SUSE-SA:2005:048 & 049, August 30, 2005 Slackware Security Advisories, SSA:2005-242-01 & 242-02, August 31, 2005 Ubuntu Security Notices, USN-173-3, 173-4 August 30 & 31, 2005 Debian Security Advisory, DSA 800-1, September 2, 2005 SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005 Slackware Security Advisory, SSA:2005-251-04, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-08, September 12, 2005 Conectiva Linux Announce- Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005 Debian Security Advisory, DSA 817-1 & DSA 819-1, September 22 & 23, 2005 Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005 Debian Security Advisory, DSA 821-1, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005 Turbolinux Security Advisory, TLSA-2005-92, October 3, 2005 Avaya Security Advisory, ASA-2005-216, October 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 HP Security Bulletin, HPSBUX02074, November 16, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005 Security Focus, Bugtraq ID: 14620, November 25, 2005 |
Survey Wizard | An SQL injection vulnerability has been reported in 'survey.php' due to insufficient sanitization of the 'sid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP Labs Survey Wizard SQL Injection | Medium | Secunia Advisory: SA17686, November 23, 2005 |
Top Auction | SQL injection vulnerabilities have been reported in 'viewcat.php' due to insufficient sanitization of the 'category' and 'type' parameters and insufficient sanitization of some parameters when performing a search, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP Labs Top Auction Multiple SQL Injection | Medium | Secunia Advisory: SA17687, November 23, 2005 |
Squid 2.x | A remote Denial of Service vulnerability has been reported when handling certain FTP server responses. Patches available at: Fedora: Mandriva: SCO: SUSE: IPCop: Conectiva: There is no exploit code required. | Squid FTP Server Response Handling Remote Denial of Service | Low | Secunia Advisory: SA17271, October 20, 2005 Fedora Update Notifications, Mandriva Linux Security Advisory, MDKSA-2005:195, October 26, 2005 SCO Security Advisory, SCOSA-2005.44, November 1, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Security Focus, Bugtraq ID: 15157, November 10, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Conectiva Linux Announcement, CLSA-2005:1047, November 21, 2005 |
Solaris 10.0 | Multiple buffer overflow vulnerabilities have been reported when handling excessive data supplied through command line arguments, which could let a malicious user execute arbitrary code.
Vendor solution available: An exploit script has been published. | Sun Solaris Traceroute Multiple Buffer Overflows | High | Security Focus, 14049, June 24, 2005 Sun, Alert ID: 102060, November 23, 2005 |
Sylpheed 2.0-2.0.3, 1.0.0-1.0.5 | A buffer overflow vulnerability has been reported in 'ldif.c' due to a boundary error in the 'ldif_ Upgrades available at: Fedora: Gentoo: Debian: Debian: Currently we are not aware of any exploits for this vulnerability. | Sylpheed LDIF Import Buffer Overflow | Medium | Bugtraq ID: 15363, November 9, 2005 Fedora Update Notification, Gentoo Linux Security Advisory, GLSA 200511-13, November 15, 2005 Debian Security Advisory, DSA 906-1, November 22, 2005 Debian Security Advisory, DSA 908-1, November 23, 2005 |
ADC2000 NG Pro 1.2 | An SQL injection vulnerability has been reported in 'adcbrowres.php' due to insufficient sanitization of the 'cat' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | ADC2000 NG Pro SQL Injection | Medium | Secunia Advisory: SA17744, November 28, 2005 |
Tunez 1.21 | Several vulnerabilities have been reported: an SQL injection vulnerability has been reported in 'songinfo.php' due to insufficient sanitization of the 'song_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'searchFor' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Tunez SQL Injection & Cross-Site Scripting | Medium | Secunia Advisory: SA17692, November 23, 2005 |
unalz 0.52, 0.51, 0.31, 0.23, 0.22, 0.2-0.5 | A buffer overflow vulnerability has been reported when handling the '.alz' archive due to a boundary error, which could let a remote malicious user execute arbitrary code. Upgrades available at: (zip file) http://www.kipple.pe.kr An exploit script has been published. | Unalz Archive Filename Buffer Overflow | High | Security Focus, Bugtraq ID: 15577, November 28, 2005 |
UW-imapd imap-2004c1 | A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code. Upgrade to version imap-2004g: Trustix: Debian: Gentoo: SUSE: Mandriva: Slackware: Conectiva: Currently we are not aware of any exploits for this vulnerability. | UW-imapd Denial of Service and Arbitrary Code Execution | High | Secunia, Advisory: SA17062, October 5, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Debian Security Advisory, DSA 861-1, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005 Slackware Security Advisory, SSA:2005-310-06, November 7, 2005 Conectiva Linux Announcement, CLSA-2005:1046, November 21, 2005 |
Virtual Hosting Control System Virtual Hosting Control System (VHCS) 2.4.6.2, 2.2 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'vhcs/gui/errordocs/index.php' error page due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the domain alias management due to an unspecified error, which could let a remote malicious user hijack other users' forwards. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | VHCS Error Page Cross-Site Scripting & Domain Forward Hijack | Medium | Secunia Advisory: SA17704, November 23, 2005 |
Zope 2.6-2.8.1 | A vulnerability has been reported in 'docutils' due to an unspecified error and affects all instances which exposes 'Restructured Text' functionality via the web. The impact was not specified. Hotfix available at: Gentoo: SUSE: Debian: Currently we are not aware of any exploits for this vulnerability. | Zope 'Restructured | Not Specified | Zope Security Alert, October 12, 2005 Gentoo Linux Security Advisory, GLSA 200510-20, October 25, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Debian Security Advisory, DSA 910-1, November 24, 2005 |
| Multiple Operating Systems - Windows / UNIX / Linux / Other | ||||
Vendor & Software Name | Vulnerability - Impact Patches - Workarounds Attack Scripts | Common Name / CVE Reference | Risk | Source |
AFFCommerce Shopping Cart 1.1.4 | SQL injection vulnerabilities have been reported in 'SubCategory.php' due to insufficient sanitization of the 'cl' parameter and in 'ItemInfo.php' and 'ItemReview.php' due to insufficient sanitization of the 'item_id' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | AFFCommerce Shopping Cart Multiple SQL Injection | Medium | Secunia Advisory: SA17690, November 23, 2005 |
AgileBill 1.4.92 | An SQL injection vulnerability has been reported in 'Product_Cat' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | AgileBill Pro SQL Injection | Medium | Security Tracker Alert ID: 1015272, November 25, 2005 |
Babe Logger V2 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'gal' parameter and in 'comments.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Babe Logger SQL Injection | Medium | Security Focus, Bugtraq ID: 15580, November 28, 2005 |
NetVault 7.1 | A vulnerability has been reported because 'vstatsmngr.exe' can be manipulated to obtain elevated privileges. The vendor has released upgrades to address this issue. Please contact the vendor to obtain fixes. An exploit script has been published. | Medium | Security Focus, 13408, April 27, 2005 Security Focus, Bugtraq ID:13408, November 25, 2005 | |
BASE Basic Analysis and Security Engine BASE Basic Analysis and Security Engine 1.2 | An SQL injection vulnerability has been reported in 'base_qry_main.php' due to insufficient sanitization of the 'sig[1] parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Debian: Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Basic Analysis and Security Engine SQL Injection | Medium | Secunia Advisory: SA17314, October 25, 2005 Debian Security Advisory DSA 893-1, November 14, 2005 Security Focus, Bugtraq ID: 15199, November 30, 2005 |
Bedeng PSP 1.1 | SQL injection vulnerabilities have been reported in 'index.php' and 'download.php' due to insufficient sanitization of the 'cwhere' parameter and in 'baca.php' due to insufficient sanitization of the 'ckode'; parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | Bedeng PSP SQL Injection | Medium | Security Focus, Bugtraq ID: 15583, November 28, 2005 |
SourceWell 1.1.3 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'cnt' " parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | BerliOS SourceWell SQL Injection | Medium | Security Focus, Bugtraq ID: 15586, November 28, 2005 |
| blogBuddies 0.3 | A vulnerability has been reported in blogBuddies that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | blogBuddies Cross-Site Scripting | Medium | Security Focus, ID: 15555, November 24, 2005 |
BosDates 4.0 | SQL injection vulnerabilities have been reported in 'calendar.php' due to insufficient sanitization of the 'year' and 'category' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | BosDates SQL Injection | Medium | Secunia Advisory: SA17752, November 30, 2005 |
Cisco PIX/ASA 7.0.1.4, 7.0, PIX OS, PIX Firewall 535, 525 6.3, 525, 520, 515E, 515, 506, 501, 6.3.3 (133), 6.3.2, 6.3.1, 6.3 (5), 6.3 (3.109), 6.3 (3.102), 6.3 (3), 6.3 (1), 6.3, 6.2.3 (110), 6.2.3, 6.2.2 .111, 6.2.2, 6.2., 6.2 (3.100), 6.2 (3), 6.2 (2), 6.2 (1), 6.2, 6.1.5 (104), 6.1.5, 6.1.4, 6.1.3, 6.1 (1-5), 6.1, 6.0.4, 6.0.3, 6.0 (4.101), 6.0 (4), 6.0 (2), 6.0 (1), 6.0, 5.3 (3), 5.3 (2), 5.3 (1.200), 5.3 (1), 5.3, 5.2 (9), 5.2 (7), 5.2 (6), 5.2 (5), 5.2 (3.210), 5.2 (2), 5.2 (1), 5.2, 5.1.4, 5.1 (4.206), 5.1, 5.0, 4.4 (8), 4.4 (7.202), 4.4 (4), 4.4, 4.3, 4.2.2, 4.2.1, 4.2 (5), 4.2, 4.1.6 b, 4.1.6, 4.0, 3.1, 3.0, 2.7 | A remote Denial of Service vulnerability has been reported when handling TCP SYN packets with invalid checksums. No workaround or patch available at time of publishing. There is no exploit code required; however, an exploit has been published. | Cisco PIX Invalid TCP Checksum Remote Denial of Service | Low | Arhont Ltd.- Information Security Advisory, November 22, 2005 |
Firewall Services Module (FWSM) 1.x, 2.x, IOS 12.x, IOS R12.x, PIX 4.x, 5.x, 6.x, 7.x, | A remote Denial of Service vulnerability has been reported due to errors in the processing of IKEv1 Phase 1 protocol exchange messages. Patch information available at: Rev 1.5: Updated Cisco IOS Products table. Vulnerability can be reproduced with the PROTOS IPSec Test Suite. | Cisco IPSec IKE Traffic Remote Denial of Service | Low | Cisco Security Advisory, Document ID: 68158, November 14, 2005 Cisco Security Advisory, Document ID: 68158, Rev 1.5, November 29, 2005 |
IOS 12.0 (2a) | An HTTP injection vulnerability has been reported in the '/level/14/exec/buffers/ assigned/ and /level/14/exec/ buffers/all' scripts, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Cisco IOS HTTP Service HTML Injection | Medium | Security Focus, Bugtraq ID: 15602, November 28, 2005 |
Clavister Firewall 8.30.01, Security Gateway 8.40.05, 8.50.02, 8.60.01 | A vulnerability has been reported in Clavister Firewall and Security Gateway that could let remote malicious users cause a Denial of Service. Vendor solution available: Currently we are not aware of any exploits for this vulnerability. | Clavister Firewall and Security Gateway Denial of Service | Low | Secunia, Advisory: SA17663, November 24, 2005 |
Vote Caster prior to 3.1 | A vulnerability has been reported in Vote Caster that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Comdev Vote Caster SQL Injection | Medium | Security Focus, ID: 15563, November 24, 2005 |
CommodityRentals 2.0 | An SQL injection vulnerability has been reported due to insufficient sanitization of the 'user_id' parameter in various scripts before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Commodity | Medium | Secunia Advisory: SA17665, November 23, 2005 |
SocketKB 1.1 .0 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'node' and 'art_id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in the '_f' parameter due to insufficient verification before used to include files, which could let a remote malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | SocketKB SQL Injection & File Include | Medium | Secunia Advisory: SA17807, November 30, 2005 |
DMANews 0.904, 0.91 | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'id,' 'sortorder,' and 'display_num' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | DMANews SQL Injection | Medium | Secunia Advisory: SA17759, November 29, 2005 |
Dotclear 1.2.1 | A vulnerability has been reported due to an unspecified error with trackbacks. Upgrade available at: http://www.dotclear.net/ Currently we are not aware of any exploits for this vulnerability. | DotClear Unspecified Trackback | Not Specified | Secunia Advisory: SA17769, November 9, 2005 |
1-2-3 Music Store 1.0 | An SQL injection vulnerability has been reported in 'process.php' due to insufficient sanitization of the 'AlbumID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | 1-2-3 Music Store SQL Injection | Medium | Security Focus, Bugtraq ID: 15544, November 23, 2005 |
edmoBBS 0.9 | An SQL injection vulnerability has been reported in the 'table' and 'messageID' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | edmoBBS SQL Injection | Medium | Security Focus, Bugtraq ID: 15589, November 28, 2005 |
efiction 2.0, 1.1, 1.0 | Multiple vulnerabilities have been reported: a vulnerability was reported in 'titles.php' due to insufficient sanitization of the 'let' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in the 'Manage Images' functionality due to an input validation error, which could let a remote malicious user upload valid images with an arbitrary file extension inside the web root; and a vulnerability was reported in 'phpinfo.php' because a remote malicious user can obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits and an exploit script have been published. | eFiction Input Validation | Medium | Secunia Advisory: SA17777, November 28, 2005 |
Entergal MX 2.0 | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'idcat' and 'action' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Entergal MX Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15631, November 29, 2005 |
Enterprise Connector 1.0.2 | An SQL injection vulnerability has been reported in 'messages.php' and 'send.php' due to insufficient sanitization of the 'meddageid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Enterprise Connector SQL Injection | Medium | Secunia Advisory: SA17743, November 28, 2005 |
Fantastic News 2.1.1 | An SQL injection vulnerability has been reported in 'news.php' due to insufficient sanitization of the 'category' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Fantastic Scripts Fantastic News SQL Injection | Medium | Secunia Advisory: SA17758, November 29, 2005 |
FAQ System 1.1 | SQL injection vulnerabilities have been reported in 'viewFAQ.php' due to insufficient sanitization of the 'FAQ_ID' parameter and in 'index.php' due to insufficient sanitization of the 'CATEGORY_ID' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | FAQ System SQL Injection | Medium | Secunia Advisory: SA17801, November 29, 2005 |
| freeForum 1.0, 1.0.1, 1.1 | A vulnerability has been reported in freeForum that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | freeForum SQL Injection | Medium | Security Focus, ID: 15559, November 24, 2005 |
FreeWebStat 1.0 rev37 | Cross-SIte Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | FreeWebStat Multiple Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15601, November 28, 2005 |
Amazon Shop 5.0 | A Cross-Site Scripting vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'query' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | GhostScripter Amazon Shop Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15634, November 29, 2005 |
GuppY 4.5.9, 4.5.4, 4.5.3 a, 4.5.3, 4.5 | Several vulnerabilities have been reported: a vulnerability was reported in 'error.php' due to insufficient sanitization of the '_SERVER[REMOTE_ADDR]' parameter before stored in a PHP script, which could let a remote malicious user execute arbitrary PHP code; and a vulnerability was reported in 'editorTypetool.php' due to insufficient verification of the 'meskin' parameter and in 'archbatch.php' and 'nwlmail.php' due to insufficient verification of the 'lng' parameter before used to include files, which could let a remote malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits and an exploit script have been published. | GuppY Remote File Include & Command Execution | High | Secunia Advisory: SA17790, November 29, 2005 |
Helpdesk Issue Manager 0.1-0.9 | SQL injection vulnerabilities have been reported in 'find.php' due to insufficient sanitization of the 'detail[],' 'orderdir,' and 'orderby' parameters and in 'issue.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Helpdesk Issue Manager SQL Injection | Medium | Security Focus, Bugtraq ID: 15604, November 28, 2005 |
Horde 2.2-2.2.8 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified parameters before returning to the user in error messages, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Gentoo: There is no exploit code required. | Horde Error Message Cross-Site Scripting | Medium | Secunia Advisory: SA17468, November 14, 2005 Gentoo Linux Security Advisory, GLSA 200511-20, November 22, 2005 |
Horde prior to 3.0.7 | Several vulnerabilities have been reported in the 'gzip/tar' and 'css' MIME viewers due to input validation errors, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: Debian: There is no exploit code required. | Horde MIME Viewers Script Insertion | Medium | Secunia Advisory: SA17703, November 23, 2005 Debian Security Advisory DSA 909-1, November 23, 2005 |
IPUpdate 1.0-1.0.3 | A buffer overflow vulnerability has been reported in the 'memmcat()' function due to a boundary error when appending input, which could let a remote malicious user execute arbitrary code. Upgrades available at: Currently we are not aware of any exploits for this vulnerability. | IPUpdate Remote Buffer Overflow | High | Secunia Advisory: SA17681, November 22, 2005 |
IsolSoft Support Center 2.2 | An SQL injection vulnerability has been reported in 'search.php' due to insufficient sanitization of the 'field' and 'lorder' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | IsolSoft Support Center SQL Injection | Medium | Security Tracker Alert ID: 1015270, November 24, 2005 |
Kadu 0.5 pre, 0.4.2 | A remote Denial of Service vulnerability has been reported when handling a specially crafted message from a Gadu-Gadu server. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Kadu Remote Denial of Service | Low | Security Focus, Bugtraq ID: 15620, November 29, 2005 |
kPlaylist 1.6 Build 411, Build 400 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'searchfor' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | kPlaylist Search Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15546, November 23, 2005 |
ltwCalendar 4.1.3 | An SQL injection vulnerability has been reported in 'calendar.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | ltwCalendar SQL Injection | Medium | Secunia Advisory: SA17799, November 29, 2005 |
Flash 7.0.19 .0, 7.0 r19, 6.0.79 .0, 6.0.65 .0, 6.0.47 .0, 6.0.40 .0, 6.0.29 .0, 6.0 | A vulnerability has been reported due to insufficient validation of the frame type identifier that is read from a SWF file, which could let a remote malicious user execute arbitrary code. Update information available at: Microsoft: SUSE: Gentoo: An exploit has been published. | Macromedia Flash Array Index Remote Arbitrary Code Execution | High | Macromedia Security Advisory, MPSB05-07, November 5, 2005 Microsoft Security Advisory (910550), November 10, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Gentoo Linux Security Advisory, GLSA 200511-21, November 25, 2005 |
Mambo Site Server 4.0.14, 4.0.12 RC1-RC3, BETA & BETA 2, 4.0.10-4.0.12, 4.0 | A remote file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary remote PHP code.
The vendor has released a patch addressing this issue. Users are advised to contact the vendor for more information on obtaining the appropriate patch. An exploit script has been published. | Mambo Open Source Remote File Include | High | Security Focus, Bugtraq ID: 15461, November 16, 2005 Security Focus, Bugtraq ID: 15461, November 21, 2005 Security Focus, Bugtraq ID: 15461, November 24, 2005 |
Ubuntu Linux 5.10 powerpc, i386, amd64; | A buffer overflow vulnerability has been reported in the SVG importer due to a boundary error, which could let a remote malicious user execute arbitrary code. Ubuntu: Gentoo: A Proof of Concept Denial of Service exploit has been published. | Inkscape SVG Image Buffer Overflow | High | Ubuntu Security Notice, USN-217-1, November 21, 2005 Gentoo Linux Security Advisory, GLSA 200511-22, November 28, 2005 |
University of Kansas Lynx 2.8.5 & prior | A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands. Upgrades available at: RedHat: Mandriva: Gentoo: Trustix: SGI: There is no exploit code required. | Lynx URI Handlers Arbitrary Command Execution | High | Security Tracker Alert ID: 1015195, November 11, 2005 RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005 Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005 Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 |
phpSysInfo 2.0-2.3 | Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user conduct Cross-Site Scripting attacks, phishing style attacks, and retrieve privileged or sensitive information.
Upgrades available at: Debian: Debian: http://security.debian. Mandriva: Gentoo: There is no exploit code required; however, Proof of Concept exploits have been published. | phpSysInfo Multiple Vulnerabilities | Medium | Hardened PHP Project Security Advisory, November 13, 2005 Debian Security Advisory, DSA 897-1, November 15, 2005 Debian Securities, Advisory DSA 898-1 & 899-1, November 17, 2005 Mandriva Linux Security Advisory, MDKSA-2005:212, November 16, 2005 Gentoo Linux Security Advisory, GLSA 200511-18, November 22, 2005 |
PHPXMLRPC 1.1.1; | A vulnerability has been reported in XML-RPC due to insufficient sanitization of certain XML tags that are nested in parsed documents being used in an 'eval()' call, which could let a remote malicious user execute arbitrary PHP code.
PHPXMLRPC : Pear: Drupal: eGroupWare: MailWatch: Nucleus: RedHat: Ubuntu: Mandriva: Gentoo: http://security.gentoo http://security.gentoo. Fedora: Debian: SUSE: Gentoo: http://security.gentoo. Slackware: Debian: SGI: Slackware: Gentoo: Debian: Debian: Conectiva: b2evolution: FedoraLegacy: There is no exploit code required. | PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution | High | Security Focus, Bugtraq ID 14560, August 15, 2995 Security Focus, Bugtraq ID 14560, August 18, 2995 RedHat Security Advisory, RHSA-2005:748-05, August 19, 2005 Ubuntu Security Notice, USN-171-1, August 20, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:146, August 22, 2005 Gentoo Linux Security Advisory, GLSA 200508-13 & 14, & 200508-18, Fedora Update Notifications, Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 Gentoo Linux Security Advisory, GLSA GLSA 200508-20& 200508-21, August 30 & 31, 2005 Slackware Security Advisory, SSA:2005-242-02, August 31, 2005 Debian Security Advisory, DSA 798-1, September 2, 2005 SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Slackware Security Advisories, SSA:2005-251-03 & 251-04, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005 Debian Security Advisory, DSA 840-1, October 4, 2005 Debian Security Advisory, DSA 842-1, October 4, 2005 Conectiva Linux Announcement, CLSA-2005:1024, October 7, 2005 Security Focus, Bugtraq ID: 14560, November 7, 2005 Fedora Legacy Update Advisory, FLSA:166943, November 28, 2005 |
RedHat Fedora Core4, Core3; PHP 5.0.4, 4.3.9 | A remote Denial of Service vulnerability has been reported when parsing EXIF image data contained in corrupt JPEG files. Fedora: RedHat: Mandriva: FedoraLegacy: SGI: Currently we are not aware of any exploits for this vulnerability. | PHP Group Exif Module Remote Denial of Service | Low | Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:831-15, November 10, 2005 Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005 Fedora Legacy Update Advisory, FLSA:166943, November 28, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 |
RedHat Fedora Core4, Core3; | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the ISAKMP, FC-FCS, RSVP, and ISIS LSP dissectors; a remote Denial of Service vulnerability was reported in the IrDA dissector; a buffer overflow vulnerability was reported in the SLIMP3, AgentX, and SRVLOC dissectors, which could let a remote malicious user execute arbitrary code; a remote Denial of Service vulnerability was reported in the BER dissector; a remote Denial of Service vulnerability was reported in the SigComp UDVM dissector; a remote Denial of service vulnerability was reported due to a null pointer dereference in the SCSI, sFlow, and RTnet dissectors; a vulnerability was reported because a remote malicious user can trigger a divide by zero error in the X11 dissector; a vulnerability was reported because a remote malicious user can cause an invalid pointer to be freed in the WSP dissector; a remote Denial of Service vulnerability was reported if the 'Dissect unknown RPC program numbers' option is enabled (not the default setting); and a remote Denial of Service vulnerability was reported if SMB transaction payload reassembly is enabled (not the default setting). Upgrades available at: Fedora: RedHat: Mandriva: Avaya: Gentoo: SUSE: SGI: An exploit script has been published. | Ethereal Multiple Protocol Dissector Vulnerabilities CVE-2005-3184 | High | Ethereal Security Advisory, enpa-sa-00021, October 19, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:809-6, October 25, 2005 Mandriva Linux Security Advisory, MDKSA-2005:193, October 25, 2005 Avaya Security Advisory, ASA-2005-227, October 28, 2005 Gentoo Linux Security Advisory, GLSA 200510-25, October 30, 2005 Mandriva Linux Security Advisory, MDKSA-2005:193-2, October 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 |
Xoops 2.0.10-2.0.12, 2.0.9 .3, 2.0.9.2, 2.0.5-2.0.5.2, 2.0- 2.0.3; | A vulnerability was reported due to insufficient sanitization of the 'eval()' call, which could let a remote malicious user execute arbitrary PHP code. Drupal: Mandriva: Pear: PhpMyFaq: S9Y Serendipity: Trustix:
href="http://http.trustix.org/pub/trustix/updates/"> WordPress: XML-RPC: Xoops: Gentoo: http://security.gentoo. http://security.gentoo. http://security.gentoo. Fedora: Ubuntu: Debian: http://security.debian. http://security.debian. SGI: SuSE: Trustix: Debian: SUSE: MAXdev MD-Pro Content Management: b2evolution: FreeMed Software: Exploit scripts have been published. | Multiple Vendors XML-RPC for PHP Remote Code Injection | High | Security Focus, 14088, June 29, 2005 Gentoo Linux Security Advisory, GLSA 200507-01, July 3, 2005 Fedora Update Notifications, Ubuntu Security Notice, USN-147-1 & USN-147-2, July 05 & 06, 2005 Gentoo Linux Security Advisory, GLSA 200507-06, July 6, 2005 Gentoo Linux Security Advisory, GLSA 200507-07, July 10, 2005 SuSE Security Announcement, SUSE-SA:2005:041, July 8, 2005 Debian Security Advisories, DSA 745-1, 747-1, & DSA 746-1, July 10 & 13, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0036, July 14, 2005 SGI Security Advisory, 20050703-01-U, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-15, July 15, 2005 Debian Security Advisory, DSA 789-1, August 29, 2005 SUSE Security Announcement, SUSE-SA:2005:049, August 30, 2005 Security Focus, Bugtraq ID: 14088, November 7, 2005 Security Focus, Bugtraq ID: 14088, November 23, 2005 |
N-13 News 1.2 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | N-13 News SQL Injection | Medium | Secunia Advisory: SA17785, November 30, 2005 |
Nephp Publisher 4.5.2 | An SQL injection vulnerability has been reported in 'index.html' due to insufficient sanitization of the 'id' and 'nnet_catid' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | Nelogic Nephp Publisher SQL Injection | Medium | Secunia Advisory: SA17772, November 29, 2005 |
iDesk 1.0 | An SQL injection vulnerability has been reported in 'faq.php' due to insufficient sanitization of the 'cat_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | Nicecoder iDesk SQL Injection | Medium | Security Focus, Bugtraq ID: 15597, November 28, 2005 |
ZENworks 6.5 Desktop Management, ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2 | A vulnerability has been reported in ZENworks that could let local malicious users bypass security restrictions. Vendor solution available: There is no exploit code required. | Novell ZENworks Security Bypassing | Medium | Novell, Technical Information Document TID2972567, November 23, 2005 |
PHP Website Administration 0.1 a | A vulnerability has been reported in 'athena.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary remote PHP code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Athena PHP Website Administration Remote File Include | High | Security Focus, Bugtraq ID: 15574, November 26, 2005 |
Opera Web Browser 8.50 | A remote Denial of Service vulnerability has been reported when handling a Java applet containing a JNI routine. No workaround or patch available at time of publishing. A Proof of Concept exploit script has been published. | Opera Web Browser JNI Routine Handling Remote Denia | Low | Security Focus, Bugtraq ID: 15648, November 30, 2005 |
SmartPPC Pro | A Cross-Site Scripting vulnerability has been reported in 'directory.php,' 'frames.php,' and 'search.php' due to insufficient sanitization of the 'username' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | SmartPPC Pro Cross-Site Scripting | Medium | Security Tracker Alert ID: 1015259, November 24, 2005 |
Orca Blog 1.3 b | An SQL injection vulnerability has been reported due to insufficient sanitization of the 'msg' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Patch available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Orca Blog SQL Injection | Medium | Security Focus, Bugtraq ID: 15638, November 29, 2005 |
| Orca Forum | A vulnerability has been reported in Orca Forum that could let remote malicious users perform SQL injection. Patch available at: There is no exploit code required; however, Proof of Concept exploits have been published. | Orca Forum SQL Injection | Medium | Security Focus, ID: 15565, November 24, 2005 |
Orca Knowledgebase2.1 b | An SQL injection vulnerability has been reported in 'knowledgebase.php' due to insufficient sanitization of the 'qid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Patch available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Orca Knowledgebase SQL Injection | Medium | Security Focus, Bugtraq ID: 15637, November 29, 2005 |
Orca Ringmaker 2.3 c | An SQL injection vulnerability has been reported in 'ringmaker.php' due to insufficient sanitization of the 'start' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Patch available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | Orca Ringmaker SQL Injection | Medium | Security Focus, Bugtraq ID: 15639, November 30, 2005 |
OTRS (Open Ticket Request System) 2.0.0-2.0.3, 1.3.2, 1.0 .0 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'login' function due to insufficient sanitization of the 'login' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; an SQL injection vulnerability was reported in the 'AgentTicketPlain' function due to insufficient sanitization of the 'TicketID' and 'ArticleID' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of HTML email attachments before displaying, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'index.pl' due to insufficient sanitization of the 'QueueID' and 'Action' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required; however, Proof of Concept exploits have been published. | OTRS SQL Injection & Cross-Site Scripting | Medium | OTRS Security Advisory, OSA-2005-01, November 22, 2005 |
OvBB 0.1a-0.8 a | SQL injection vulnerabilities have been reported in 'thread.php' due to insufficient sanitization of the 'threadid' parameter and in 'profile.php' due to insufficient sanitization of the 'userid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Note: Disputed by the vendor. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | OvBB Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15566, November 24, 2005 |
PBLang 4.65 | Multiple HTML injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PBLang Bulletin Board System Multiple HTML Injection | Medium | Security Focus, Bugtraq ID: 15573, November 26, 2005 |
Pdjk-support Suite 1.1 a (retail) | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'news_id,' 'faq_id,' and 'rowstart' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | PDJK-support Suite Multiple SQL Injection | Medium | Secunia Advisory: SA17722, November 25, 2005 |
PHP Doc System 1.5.1 | A vulnerability has been reported in 'index.php' due to insufficient verification of the 'show' parameter before used to include files, which could let a remote. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP Doc System Local File Include | Medium | Secunia Advisory: SA17745, November 28, 2005 |
PHP 5.0.5, 4.4.0 | A vulnerability has been reported in the 'open_basedir' directive due to the way PHP handles it, which could let a remote malicious user obtain sensitive information. Ubuntu: Trustix: Upgrades available at: Gentoo: Mandriva: Trustix: Upgrades available at: There is no exploit code required. | PHP 'Open_BaseDir' Information Disclosure | Medium | Security Focus, Bugtraq ID: 14957, September 27, 2005 Ubuntu Security Notice, USN-207-1, October 17, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Security Focus, Bugtraq ID: 14957, October 31, 2005 Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005 Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005 Security Focus, Bugtraq ID: 14957, November 25, 2005 |
PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the 'GLOBALS' array, which could let a remote malicious user define global variables; a vulnerability was reported in the 'parse_str()' PHP function when handling an unexpected termination, which could let a remote malicious user enable the 'register_ Upgrades available at: SUSE: TurboLinux: Fedora: RedHat: http://rhn.redhat. Gentoo: Mandriva: SUSE: Trustix: SGI: There is no exploit code required. | PHP Multiple Vulnerabilities CVE-2005-3388 | Medium | Secunia Advisory: SA17371, October 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Turbolinux Security Advisory TLSA-2005-97, November 5, 2005 Fedora Update Notifications, RedHat Security Advisories, RHSA-2005:838-3 & RHSA-2005:831-15, November 10, 2005 Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005 Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005
|
PHP Upload Center | A Directory Traversal vulnerability has been reported which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP Upload Center Directory Traversal | Medium | Security Focus, Bugtraq ID: 15626, November 29, 2005 |
phpalbum 0.2.3 | A file include vulnerability was reported which could let a remote malicious user execute arbitrary server-side script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPAlbum File Include | Medium | Security Focus, Bugtraq ID: 15651, November 30, 2005 |
phpGreetz 0.99 | A vulnerability has been reported in 'content.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHPGreetz Remote File Include | High | Security Focus, Bugtraq ID: 15575, November 26, 2005 |
PHP 5.0 .0- 5.0.5, 4.4.1, 4.4 .0, 4.3-4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0.6, 4.0.7, RC1-RC3 | A vulnerability has been reported in the 'mb_send_mail()' function due to an input validation error, which could let a remote malicious user inject arbitrary headers to generated email messages.
Upgrades available at: There is no exploit code required. | PHP MB_Send_Mail Arbitrary Header Injection | Medium | Security Focus, Bugtraq ID: 15571, November 25, 2005 |
PHPPost 1.0 | An HTML injection vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required. | PHPPost Subject HTML Injection | Medium | Security Focus, Bugtraq ID: 15532, November 22, 2005 |
PHPWebStatistik 1.4 | Multiple vulnerabilities have been reported: a vulnerability was reported in 'stat.php' due to insufficient sanitization of the 'lastnumber' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported due to the insecure storage of configuration and database files inside the web root, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in 'stat.php' due to insufficient verification of the 'lastnumber' parameter before using in an loop statement, which could let a remote malicious user cause a Denial of Service; and a vulnerability was reported due to insufficient sanitization of the 'referer' header, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | PHP Web Statistik Multiple Vulnerabilities | Medium | Secunia Advisory: SA17789, November 29, 2005 |
PmWiki 2.0.0-2.0.12 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'q' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code. Upgrades available at: There is no exploit code required; however, a Proof of Concept exploit has been published. | PmWiki Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15539, November 23, 2005 |
Q-News 2.0 | A vulnerability has been reported in 'q-news.php' due to insufficient verification of the 'id' parameter before used to include files, which could let a remote malicious user execute arbitrary remote PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Q-News Remote File Include | High | Security Focus, Bugtraq ID: 15576, November 27, 2005 |
RTOS 6.3 .0 | A buffer overflow vulnerability has been in 'Phgrafx' because the affected utility has setuid-superuser privileges, which could let a malicious user execute arbitrary code. No workaround or patch available at time of publishing. An exploit script has been published. | QNX Phgrafx Buffer Overflow | High | Security Focus, Bugtraq ID: 15619, November 29, 2005 |
Post Affiliate Pro 2.0.4 | Several vulnerabilities have been reported: an SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'sortorder' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a file include vulnerability was reported in 'merchants/index.php,' which could let a remote malicious user include arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Post Affiliate Pro SQL Injection & File Include | Medium | Secunia Advisory: SA17751, November 29, 2005 |
Randshop | SQL injection vulnerabilities have been reported in 'themes/kategorie/index.php' due to insufficient sanitization of the 'kategorieied' and 'katid' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Randshop SQL Injection | Medium | Security Focus, Bugtraq ID: 15599, November 28, 2005 |
UGroup 2.6.2 | SQL injection vulnerabilities have been reported in 'forum.php' due to insufficient sanitization of the 'FORUM_ID' parameter and in 'topic.php' due to insufficient sanitization of the 'TOPIC_ID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | UGroup SQL Injection | Medium | Secunia Advisory: SA17734, November 28, 2005 |
AllWeb Search 3.0 | An SQL injection vulnerability has been reported in the 'search' parameter before using in an SQL query. which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | AllWeb Search SQL Injection | Medium | Security Focus, Bugtraq ID: 15587, November 28, 2005 |
| sCssBoard 1.0, 1.1, 1.11, 1.12, 1.2 | A vulnerability has been reported in sCssBoard that could let remote malicious users conduct Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required. | sCssBoard Cross-Site Scripting | Medium | Secunia, Advisory: SA17716, November 24, 2005 |
SearchFeed Search Engine 1.3.2; RevenuePilot Search Engine 1.2.0; Google API Search Engine 1.3.1 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'REQ' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | SearchSolutions Cross-Site Scripting | Medium | Security Focus, Bugtraq ID: 15612, November 29, 2005 |
KBase Express 1.0.0 | SQL injection vulnerabilities have been reported in 'category.php' due to insufficient sanitization of the 'id' parameter and certain parameters when performing a search, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | KBase Express Multiple SQL Injection | Medium | Security Focus, Bugtraq ID: 15635, November 29, 2005 |
Top Music Module 3.0 PR3 | SQL injection vulnerabilities have been reported in 'idartist,' 'idsong,' and 'idalbum' parameters due to insufficient sanitization before using in a SQL, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proofs of Concept exploits have been published. | Top Music Module SQL Injection | Medium | Security Focus, Bugtraq ID: 15581, November 28, 2005 |
Simple Document Management System Simple Document Management System 2.0 -CVS | An SLQ injection vulnerability has been reported in 'message.php' due to insufficient sanitization of the 'mid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | Simple Document Management System SQL Injection | Medium | Security Focus, Bugtraq ID: 15596, November 28, 2005 |
SimpleBBS 1.1 | An SQL injection vulnerability has been reported in the search module parameters due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. | SimpleBBS SQL Injection | Medium | Security Focus, Bugtraq ID: 15594, November 28, 2005 |
B2B trading Marketplace Script 1.1 | An SQL injection vulnerability has been reported in 'selloffers.php,' 'buyoffers.php,' 'products.php,' and 'profiles.php' due to insufficient sanitization of the 'cid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Softbiz B2B Trading Marketplace Script SQL Injection | Medium | Secunia Advisory: SA17808, November 30, 2005 |
Softbiz FAQ Script 1.1 & prior | SQL injection vulnerabilities have been reported in 'faq_qanda.php,' 'refer_friend.php,' 'print_article.php,' and 'add_comment.php' due to insufficient sanitization of the 'id' parameter and in 'index.php' due to insufficient sanitization of the 'cid' parameter before being used before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Softbiz FAQ Script SQL Injection | Medium | Secunia Advisory: SA17809, November 30, 2005 |
Softbiz Web Host Directory Script 1.1 | A vulnerability has been reported in Softbiz Web Host Directory Script that could let remote malicious users perform SQL injection. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | Softbiz Web Host Directory Script SQL Injection | Medium | Secunia, Advisory: SA17724, November 24, 2005 |
ShockBoard 4.0, 3.0 | An SQL injection vulnerability has been reported in 'topic.php' due to insufficient sanitization of the 'offset' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | ShockBoard SQL Injection | Medium | Security Focus, Bugtraq ID: 15592, November 28, 2005 |
phpWordPress 3.0 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'poll,' 'category,' and 'ctg' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | phpWordPress SQL Injection | Medium | Secunia Advisory: SA17733, November 25, 2005 |
Java JDK 1.5.x, Java JRE 1.3.x, 1.4.x, 1.5.x / 5.x, Java SDK 1.3.x, 1.4.x | Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a malicious untrusted applet read/ write local files or execute local applications; three unspecified vulnerabilities were reported with the use of 'reflection' APIs error, which could let a malicious untrusted applet read/write local files or execute local applications; and a vulnerability was reported in the Java Management Extensions (JMX) implementation, which could let a malicious untrusted applet read/ write local files or execute local applications. Upgrade information available at: http://sunsolve.sun.com/ http://sunsolve.sun.com/ Currently we are not aware of any exploits for these vulnerabilities. | Sun Java Runtime Environment Security Bypass | Medium | Sun(sm) Alert Notifications Sun Alert ID: 102003, 102017, & 102050, November 28, 2005 |
SupportDesk 1.12 | A vulnerability has been reported in SupportPRO SupportDesk that could let remote malicious users perform Cross-Site Scripting. No workaround or patch available at time of publishing. There is no exploit code required. | SupportPRO SupportDesk Cross-Site Scripting | Medium | Secunia, Advisory: SA17701, November 24, 2005 |
Survey System 1.1 | An SQL injection vulnerability has been reported in 'survey.php' due to insufficient sanitization of the 'SURVEY_ID' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Survey System SQL Injection | Medium | Security Focus, Bugtraq ID: 15641, November 30, 2005 |
K-Search 1.0 | SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'id,' 'stat,' and 'source' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Proof of Concept exploits have been published. | K-Search SQL Injection | Medium | Secunia Advisory: SA17719, November 28, 2005 |
| vTiger CRM 4.2 & prior | Multiple vulnerabilities have been reported in vTiger CRM that could let remote malicious users bypass security restrictions, conduct Cross-Site Scripting, disclose information, or execute arbitrary code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. | vTiger CRM Multiple Vulnerabilities CVE-2005-3818 | High | Secunia, Advisory: SA17693, November 24, 2005 |
Netzbrett 1.5.1 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'p_entry' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Netzbrett SQL Injection | Medium | Security Focus, Bugtraq ID: 15593, November 28, 2005 |
WebCalendar 1.0.1 | Several vulnerabilities have been reported: SQL injection vulnerabilities were reported due to insufficient sanitization of 'export_handler.php,' 'activity_log.php,' 'admin_handler.php,' and 'edit_template.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'export_handler.php' due to insufficient verification of the 'id' and 'format' parameters before used to save data files, which could let a remote malicious user overwrite saved data files. No workaround or patch available at time of publishing. There is no exploit code required. | WebCalendar SQL Injection & File Overwrite | Medium | Secunia Advisory: SA17784, November 29, 2005 |
WSN Forum 1.21 | An SQL injection vulnerability has been reported in 'memberlist.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | WSN Forum SQL Injection | Medium | Security Focus, Bugtraq ID: 15549, November 23, 2005 |
Xaraya 1.0 RC1-RC4 | A Directory Traversal vulnerability has been reported in the 'index.php' script 'module' parameter, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Xaraya Directory Traversal | Medium | Security Focus, Bugtraq ID: 15623, November 29, 2005 |
Zainu 2.0 | SQL injection vulnerabilities have been reported in the 'term' and 'start' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | Zainu SQL Injection | Medium | Bugtraq ID: 15579, November 28, 2005 |
[back to top] Wireless
The section below contains wireless vulnerabilities, articles, and viruses/trojans identified during this reporting period.
- Mobile Java gets an upgrade: The Mobile Service Architecture initiative was set up by Vodafone and Nokia and includes major players in the mobile industry. They are grouping together to develop new standards for mobile Java.
New standards are being designed to simplify the development environment and make it easier for phones to interoperate. Source: http://www.itweek.co.uk/vnunet/news/2146546/mobile-java-gets-upgrade
Wireless Vulnerabilities
- Nothing significant to report.
Recent Exploit Scripts/Techniques
The table below contains a sample of exploit scripts and "how to" guides identified during this period. The "Workaround or Patch Available" column indicates if vendors, security vulnerability listservs, or Computer Emergency Response Teams (CERTs) have published workarounds or patches.
Note: At times, scripts/techniques may contain names or content that may be considered offensive.
Date of Script | Script name | Workaround or Patch Available | Script Description |
| November 30, 2005 | centericq_dos.c | Yes | Proof of Concept exploit for the CenterICQ Malformed Packet Handling Remote Denial of Service vulnerability. |
| November 30, 2005 | kapda-phpp.txt | No | Exploitation details for the PHPP Cross-Site Scripting vulnerability. |
| November 30, 2005 | NukeETSQL32.txt | Yes | Exploit details for the Tru-Zone Nuke ET SQL Injection vulnerability. |
| November 30, 2005 | OperaTest.java | No | Proof of Concept exploit for the Opera Web Browser JNI Routine Handling Remote Denial of Service vulnerability. |
| November 30, 2005 | poc.tgz | Yes | Proof of Concept html for the Microsoft Internet Explorer Unauthorized Access vulnerability. |
| November 30, 2005 | SmartPPCProXSS.txt | No | Exploit details for the SmartPPC Pro Cross-Site Scripting vulnerability. |
| November 30, 2005 | smuggler.c | N/A | Smuggler demonstrates HTTP Request Smuggling techniques. |
| November 29, 2005 | linux_lock_lease_dos.c | Yes | Script that exploits the Linux Kernel Time_Out_Leases PrintK Local Denial of Service vulnerability. |
| November 29, 2005 | qnx_phgrafx_bof.c | No | Script that exploits the QNX Phgrafx Buffer Overflow vulnerability. |
| November 28, 2005 | alzgen.pl | Yes | Perl script that exploits the Unalz Archive Filename Buffer Overflow vulnerability. |
| November 28, 2005 | guppy_inc.php | No | Script that exploits the GuppY Remote File Include & Command Execution vulnerabilities. |
| November 25, 2005 | efiction20_xpl.php efiction2_xpl.txt | No | Exploit for the eFiction Input Validation vulnerabilities. |
| November 24, 2005 | freeFTPd-dos.c | No | Proof of Concept exploit for the FreeFTPD Multiple Denial of Service vulnerability. |
[back to
top]
name=trends>Trends
- Phishing email poses as IRS tax refund: According to Sophos, lax government security around a US government website has allowed email fraudsters to run a scam designed to trick US taxpayers into handing over sensitive personal information.
A phishing email which pose as notification of a refund from the US's Internal Revenue Service (IRS) takes advantage of security configuration weaknesses on a secondary website run by the Department of Labor. The email redirect surfers to a bogus website with users fooled into thinking they remain on a legitimate US government site.
Source: http://www.theregister.com/2005/11/30/irs_phishing_scam/ - Cybercrime yields more cash than drugs: expert: According to a top expert, global cybercrime generated a higher turnover than drug trafficking in 2004 and is set to grow even further with the wider use of technology in developing countries. No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy. Source:
http://today.reuters.com/news/newsArticle.aspx?type=technologyNews&storyID=
2005-11-28T200056Z_01_KWA867007_RTRUKOC_0_US-CYBERCRIME.
xml&archived=False. - Mac OS X security under scrutiny: When the SANS Institute released its Top-20 vulnerabilities last week, they called out an entire operating system for its vulnerabilities. This year, the list flagged the collective vulnerabilities in Apple Computer's Mac OS X operating system as a major threat. While the move has raised questions about the value of such a general warning, highlighting recent vulnerabilities in Mac OS X was intended as a wake up call, Source: http://www.securityfocus.com/
news/11359 - Vulnerability in Cisco PIX: US-CERT is aware of a publicly reported vulnerability in the way Cisco PIX firewalls process legitimate TCP connection attempts. Source: http://www.us-cert.gov/current/.
- Can You Spot The Phishing Attack? According to the e-mail security firm, MailFrontier, only 4 percent of users can spot a phished e-mail 100 percent of the time. Knowing the difference between a legitimate e-mail and a scammed phishing e-mail is not always easy. This data comes from MailFrontier's Phishing IQ Test, which is comprised of 10 examples of e-mails and users must choose whether they think the mail is legitimate, a fraud or if they have no answer. Source:
http://www.esecurityplanet.com/best_practices/article.php/3566651
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank | Common Name | Type of Code |
face="Arial, Helvetica, sans-serif">Trend | Date |
face="Arial, Helvetica, sans-serif">Description |
1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
2 | Mytob-BE | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling anti virus, and modifying data. |
3 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
4 | Mytob-GH | Win32 Worm | Stable | November 2005 | A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. |
5 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
6 | Netsky-Z | Win32 Worm | Stable | April 2004 | A mass-mailing worm that is very close to previous variants. The worm spreads in e-mails, but does not spread to local network and P2P and does not uninstall Bagle worm. The worm has a backdoor that listens on port 665. |
7 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
8 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
9 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
10 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
Table updated November 25, 2005
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.