A vulnerability has been reported in Acidcat CMS that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Acidcat CMS SQL Injection Vulnerability

CVE-2005-4370
CVE-2005-4371

A vulnerability has been reported in Allinta that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Allinta Cross-Site Scripting

CVE-2005-4374

Citrix Systems

Citrix Program Neighborhood Client 9.1 and prior

A vulnerability has been reported in Citrix Program Neighborhood Client that could let local malicious users disclose information.

A vendor solution is available:
http://support.citrix.com/
article/CTX108108
http://support.citrix.com/
article/CTX108354

Currently we are not aware of any exploits for this vulnerability.

Citrix Program Neighborhood Client Information Disclosure

CVE-2005-3652
CVE-2005-4412

A vulnerability has been reported in iCMS that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

iCMS Cross-Site Scripting or SQL Injection

CVE-2005-4396
CVE-2005-4397

A buffer overflow vulnerability has been reported in MailEnable that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.mailenable.com/
hotfix/

A Proof of Concept exploit has been published.

MailEnable Arbitrary Code Execution

CVE-2005-4402

Multiple buffer overflow vulnerabilities have been reported in Mercury Mail that could let remote malicious users execute arbitrary code.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Mercury Mail Arbitrary Code Execution

CVE-2005-4411

Media2

Media2 CMS Shop

A vulnerability has been reported in Media2 CMS Shop that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Media2 CMS Shop SQL Injection

CVE-2005-4404

Microsoft

Internet Explorer

A vulnerability has been reported in Internet Explorer, by mismatched DOM objects, that could let remote malicious users to obtain unauthorized access.

Vendor solutions available:
http://www.microsoft.com/
technet/security/advisory
/911302.mspx

http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

An exploit has been published.

Microsoft Internet Explorer Unauthorized Access

CVE-2005-1790

Microsoft, Security Advisory 911302, November 21, 2005

USCERT, VU#887861, November 21, 2005

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer, by dialog manipulation, that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2005-2829

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer, COM object Instantiation, that could let remote malicious users execute arbitrary code.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Internet Explorer Arbitrary Code Execution

CVE-2005-2831

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Explorer 6.0 SP1 and prior

A vulnerability has been reported in Internet Explorer that could let remote malicious users disclose information.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-054.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

There is no exploit code required.

Microsoft Internet Explorer Information Disclosure

CVE-2005-2830

Microsoft, Security Bulletin MS05-054, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Microsoft

Internet Information Server 5.1

A vulnerability has been reported in IIS that could let remote malicious users cause a Denial of Service.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft IIS Denial of Service

CVE-2005-4360

Microsoft

Windows 2000 Server SP4 and prior, Professional SP4 and prior, Datacenter Server SP4 and prior, Advanced Server SP4 and prior

A vulnerability has been reported in Windows, Asynchronous Procedure Calls, that could let local malicious users obtain elevated privileges.

A vendor solution is available:
http://www.microsoft.com/
technet/security/
Bulletin/MS05-055.mspx

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-234.pdf

Currently we are not aware of any exploits for this vulnerability.

Microsoft Windows Privilege Elevation

CVE-2005-2827

Microsoft, Security Bulletin MS05-055, December 13, 2005

Avaya, ASA-2005-234, December 14, 2005

Multiple vulnerabilities have been reported in Pegasus Mail that could let remote malicious uses execute arbitrary code.

Upgrade to newest version:
http://www.pmail.com/
downloads_de_t.htm

Currently we are not aware of any exploits for this vulnerability.

Pegasus Mail Arbitrary Code Execution

CVE-2005-4445

Soft4e

ECW-Cart 2.03 and prior

A vulnerability has been reported in ECW-Cart that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ECW-Cart Cross-Site Scripting

CVE-2005-4290

SuperFreaker Studios

UStore

A vulnerability has been reported in UStore that could let remote malicious users conduct Cross-Site Scripting or perform SQL injection.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

UStore Cross-Site Scripting or SQL Injection

CVE-2005-4355
CVE-2005-4356

The Collective

Acuity CMS 2.6.2

A vulnerability has been reported in Acuity CMS that could let remote malicious users conduct Cross-Site Scripting.

No workaround or patch available at time of publishing.

There is no exploit code required.

Acuity CMS Cross-Site Scripting

CVE-2005-4369

Trend Micro

PC-cillin Internet Security 2005 version 12.00 build 1244

A vulnerability has been reported in PC-cillin that could let local malicious users obtain elevated privileges.

Upgrade to version 12.4.

A Proof of Concept exploit script has been published.

Trend Micro PC-cillin Privilege Elevation

CVE-2005-3360

Watchfire

AppScan QA 5.0.609, 5.0.134, Subscription 7

A buffer overflow vulnerability has been reported in AppScan that could let remote malicious users execute arbitrary code.

A vendor update is available via the applications update functionality.

A Proof of Concept exploit script has been published.

Watchfire AppScan Arbitrary Code Execution

CVE-2005-4270

Xigla Software

Absolute Image Gallery XE

An input validation vulnerability has been reported in Absolute Image Gallery XE that could let remote malicious users perform Cross-Site Scripting.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Absolute Image Gallery XE Cross-Site Scripting

CVE-2005-4295

An input validation vulnerability has been reported in ZixForum that could let remote malicious users perform SQL injection.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

ZixForum SQL Injection

CVE-2005-4334

Almond
Soft.Com

Almond Classifieds

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

AlmondSoft Almond Classifieds SQL Injection

CVE-2005-4312
CVE-2005-4313

Appfluent Technology

Database IDS 2.0

A buffer overflow vulnerability has been reported in the 'APPFLUENT_HOME' environment variable when handling a malformed value, which could let a malicious user execute arbitrary code.

The vulnerability has reportedly been fixed in version 2.1.0.103.

An exploit script has been published.

Security Focus, Bugtraq ID: 15755, December 7, 2005

Security Focus, Bugtraq ID: 15755, December 16, 2005

AtlantPro
.Com

Atlant Pro 8.0.9

A Cross-Site Scripting vulnerability has been reported in 'atl.cgi' due to insufficient sanitization of the 'before' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Atlant Pro Cross-Site Scripting

CVE-2005-4299

AtlantPro.
Com

AtlantForum Pro 4.0.2, AtlantForum Lite 4.0.2, AtlantForum 4.0.2

Cross-Site Scripting vulnerabilities have been reported in 'atl.cgi' due to insufficient sanitization of the 'sch_allsubct,' 'before,' and 'ct' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

AltantForum Multiple Cross-Site Scripting

CVE-2005-4298

binary-concepts

binary board system 0.2.5

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'inreplyto,' 'article,' 'branch,' 'board,' 'user,' and search module parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Centericq

Centericq 4.20

A remote Denial of Service vulnerability has been reported when handling malformed packets on the listening port for ICQ messages.

Debian:
http://security.debian.
org/pool/updates/
main/c/centericq/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml

A Proof of Concept exploit script has been published.

Debian Security Advisory. DSA 912-1, November 30, 2005

Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005

Daniel Stenberg

curl 7.12-7.15, 7.11.2

A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.

Upgrades available at:
http://curl.haxx.se/
download/curl-
7.15.1.tar.gz

Mandriva:
http://www.mandriva.
com/security/
advisories

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Debian:
http://security.debian.
org/pool/updates/
main/c/curl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

OpenPKG:
http://www.openpkg.
org/security.html

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-09.xml

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-875.html

Currently we are not aware of any exploits for this vulnerability.

Security Focus, Bugtraq ID: 15756, December 7, 2005

Mandriva Linux Security Advisory, MDKSA-2005:224, December 8, 2005

Fedora Update Notifications,
FEDORA-2005-1129 & 1130, December 8, 2005

Debian Security Advisory, DSA 919-1, December 12, 2005

Fedora Update Notifications
FEDORA-2005-1136 & 1137, December 12, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.028, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-09, December 16, 2005

RedHat Security Advisory, RHSA-2005:875-4, December 20, 2005

Dick Copits

PDEstore 1.8

A Cross-Site Scripting vulnerability has been reported in 'pdestore.cgi' due to insufficient sanitization of the 'product' and 'cart_id' parameters before returning the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Dick Copits PDEstore Cross-Site Scripting

CVE-2005-4285

Dropbear SSH Server

Dropbear SSH Server prior to 0.47

A buffer overflow vulnerability has been reported in 'svr_chansession.c' due to a buffer allocation error, which could let a remote malicious user execute arbitrary code.

Updates available at:
http://matt.ucc.asn.
au/dropbear/

Debian:
http://www.debian.org/
security/2005/
dsa-923

Currently we are not aware of any exploits for this vulnerability.

Secunia Advisory: SA18108, December 19, 2005

Debian Security Advisory, DSA-923-1, December 19, 2005

Gentoo Linux

Gentoo Linux

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-14.xml

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-02.xml

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-07.xml

There is no exploit code required.

Gentoo Linux Security Advisory, GLSA 200510-14, October 17, 2005

Gentoo Linux Security Advisory, GLSA 200511-02, November 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-07, December 15, 2005

GNU

Enscript 1.4, 1.5, 1.6, 1.6.1, 1.6.3, 1.6.4

Multiple vulnerabilities exist in 'src/util.c' and 'src/psgen.c': a vulnerability exists in EPSF pipe support due to insufficient input validation, which could let a malicious user execute arbitrary code; a vulnerability exists due to the way filenames are processed due to insufficient input validation, which could let a malicious user execute arbitrary code; and a Denial of Service vulnerability exists due to several buffer overflows.

Debian:
http://security.debian.
org/pool/updates/
main/e/enscript/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool
/universe/e/enscript/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200502-03.xml

Mandrake:
http://www.mandrakesecure.
net/en/ftp.php

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-039.html

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
http://www.sgi.com
/support/security/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for these vulnerabilities.

Security Tracker Alert ID: 1012965, January 21, 2005

RedHat Security Advisory, RHSA-2005:039-06, February 1, 2005

Gentoo Linux Security Advisory, GLSA 200502-03, February 2, 2005

SUSE Security Summary Report, SUSE-SR:2005:004, February 11, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:033, February 11, 2005

SUSE Security Summary Report, SUSE-SR:2005:005, February 18, 2005

Fedora Legacy Update Advisory, FLSA:152892, December 17, 2005

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input validation error when using 'gunzip' to extract a file with the '-N' flag, which could let a remote malicious user obtain sensitive information.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml

IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=index
&req=viewdownload
&cid=3&orderby=
dateD

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch

OpenPKG:
http://www.openpkg.
org/security/
OpenPKG-
SA-2005.009-
openpkg.html

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-
357.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/

Conectiva:
ftp://atualizacoes.
conectiva.com.br/

Debian:
http://security.debian.
org/pool/updates/
main/g/gzip

Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101816-1

Avaya:
http://support.avaya.
com/elmodocs2/
security/
ASA-2005-172.pdf

Sun: Updated Relief/Workaround section.

Sun: Updated Contributing Factors, Relief/Workaround, and Resolution sections.

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

A Proof of Concept exploit has been published.

GNU GZip
Directory Traversal

CVE-2005-1228

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD
Security Advisory, FreeBSD-SA-05:11, June 9, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.009, June 10, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005

Debian Security Advisory DSA 752-1, July 11, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions.

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-05.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/
SA-05:11/gzip.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download
/3/updates/

Conectiva:
ftp://atualizacoes.conectiva.
com.br/

Debian:
http://security.debian.
org/pool/updates/
main/g/gzip/gzip

Sun:
http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-101816-1

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-172.pdf

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

Sun: Updated Relief/Workaround section.

There is no exploit code required.

GNU GZip File Permission Modification

CVE-2005-0988

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice,
USN-116-1,
May 4, 2005

Trustix Secure Linux Security Advisory,
TSLSA-2005-0018,
May 6, 2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092,
May 19, 2005

Turbolinux Security Advisory, TLSA-2005-59, June 1, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:11, June 9, 2005

RedHat Security Advisory,
RHSA-2005:357-19, June 13, 2005

SGI Security Advisory, 20050603-01-U, June 23, 2005

Conectiva Linux Announce-ment, CLSA-2005:974, July 6, 2005

Debian Security Advisory DSA 752-1, July 11, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, July 20, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated September 27, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101816, Updated October 13, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
http://bugs.gentoo.
org/show_bug.
cgi?id=90626

Mandriva:
http://www.mandriva.
com/security/
advisories

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-357.html

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-474.html

SGI:
ftp://oss.sgi.com/
projects/sgi_
propack/download/
3/updates/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

SGI:
http://www.sgi.com/
support/security/

F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4532.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gzip/

Trustix:
ftp://ftp.trustix.org0
/pub/trustix/updates/

Avaya:
http://support.avaya.
com/elmodocs2/
security/ASA-
2005-172.pdf

FedoraLegacy:
http://download.
fedoralegacy.org/

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.58

ftp://ftp.sco.com/
pub/updates/
OpenServer/
SCOSA-2005.59

There is no exploit code required.

Security Tracker Alert, 1013928,
May 10, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:
092, May 19,
2005

Turbolinux
Security Advisory, TLSA-2005-59, June 1, 2005

RedHat Security Advisory,
RHSA-2005:
357-19,
June 13, 2005

RedHat Security Advisory,
RHSA-2005:
474-15,
June 16, 2005

SGI Security Advisory, 20050603
-01-U, June 23, 2005

Fedora Update Notification,
FEDORA-
2005-471,
June 27, 2005

SGI Security Advisory, 20050605
-01-U, July 12, 2005

Secunia Advisory: SA16159, July 21, 2005

Ubuntu Security Notice,
USN-158-1, August 01, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005

Avaya Security Advisory, ASA-2005-172, August 29, 2005

Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005

SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005

Hewlett Packard Company

HP-UX B.11.00, B.11.11, B.11.23

A remote Denial of Service vulnerability has been reported due to an unspecified error in the WBEM Services.

Update information available at:
www2.itrc.hp.com
/service/cki/doc
Display.do?docId=
c00582373

Currently we are not aware of any exploits for this vulnerability.

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2

A vulnerability has been reported in the '/usr/lpp/diagnostics/
bin/diagela.sh' script due to the use of absolute path. The impact was not specified.

Updates available at:
http://www-1.ibm.com/
servers/eserver/support/
pseries/aixfixes.html

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/diagela_
ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM Security Advisory, November 11, 2005

IBM Security Advisory, December 15, 2005

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1

A buffer overflow vulnerability has been reported in 'slocal' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
slocal_ifix.tar.Z

Currently we are not aware of any exploits for this vulnerability.

IBM

AIX 5.3 L, 5.3

A buffer overflow vulnerability has been reported in the malloc debugging tools due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
dbgmalloc_ifix.tar.Z

Exploits for this vulnerability may be publicly available.

IBM

AIX 5.3 L, 5.3

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/security/
getshell_ifix.tar.Z

There is no exploit code required.

IBM

AIX 5.3 L, 5.3, 5.2.2, 5.2 L, 5.2, 5.1 L, 5.1

A buffer overflow vulnerability has been reported in 'muxatmd' due to insufficient boundary checks prior to copying user-supplied data into insufficiently-sized memory buffers, which could let a malicious user execute arbitrary code and obtain superuser privileges.

Interim fix available at:
ftp://aix.software.ibm.
com/aix/efixes/
security/libisode_ifix.tar.

Currently we are not aware of any exploits for this vulnerability.

Internet Express Products

CommerceSQL 1.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'keywords' parameter in the Quick Find feature before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CommerceSQL Cross-Site Scripting

CVE-2005-4292

IPsec-Tools

IPsec-Tools0.6-0.6.2, 0.5-0.5.2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode.

Upgrades available at:
http://prdownloads.
sourceforge.net/
ipsec-tools/ipsec-tools-
0.6.3.tar.bz2?download

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/i/ipsec-tools/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-04.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Security Focus, Bugtraq ID: 15523, November 22, 2005

Ubuntu Security Notice, USN-221-1, December 01, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

LBL

tcpdump 3.4 a6, 3.4, 3.5, alpha, 3.5.2, 3.6.2, 3.6.3, 3.7-3.7.2, 3.8.1 -3.8.3; IPCop 1.4.1, 1.4.2, 1.4.4, 1.4.5

Remote Denials of Service vulnerabilities have been reported due to the way tcpdump decodes Border Gateway Protocol (BGP) packets, Label Distribution Protocol (LDP) datagrams, Resource ReSerVation Protocol (RSVP) packets, and Intermediate System to Intermediate System (ISIS) packets.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/t/tcpdump/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200505-06.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

IPCop:
http://ipcop.org/
modules.php?op=
modload&name=
Downloads&file=
index&req=viewdownload
&cid=3&orderby=dateD

FreeBSD:
ftp://ftp.FreeBSD.org
/pub/FreeBSD/
CERT/patches/
SA-05:10/
tcpdump.patch

Avaya:
http://support.avaya.com/
elmodocs2/security/
ASA-2005-137_
RHSA-2005-417_
RHSA-2005-421.pdf

TurboLinux:
ftp://ftp.turbolinux.co.jp
/pub/TurboLinux/
TurboLinux/ia32/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

F5:
http://tech.f5.com/
home/bigip/solutions/
advisories/
sol4809.html

Debian:
http://security.debian.
org/pool/updates/
main/t/tcpdump/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.60

ftp://ftp.sco.com/pub/
updates/OpenServer/
SCOSA-2005.61

Exploit scripts have been published.

Bugtraq,
396932,
April 26, 2005

Fedora Update Notification,
FEDORA-2005-351, May 3,
2005

Trustix Secure
Linux Security Advisory, TSLSA-2005-0018,
May 6, 2005

Ubuntu Security Notice,
USN-119-1 May 06, 2005

Gentoo Linux Security Advisory, GLSA 200505-06, May 9, 2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:087, May 12, 2005

Security Focus, 13392, May 12, 2005

FreeBSD Security Advisory,
FreeBSD-SA-05:10,
June 9, 2005

Avaya Security Advisory,
ASA-2005-137, June 13, 2005

Turbolinux
Security Advisory,
TLSA-2005-63, June 15, 2005

SUSE Security Summary
Report, SUSE-SR:2005:017,
July 13, 2005

Security Focus, 13392, July 21, 2005

Debian Security Advisory, DSA 850-1, October 9, 2005

SCO Security Advisories, SCOSA-2005.60 & SCOSA-2005.61, December 16, 2005

libpng

pnmtopng 2.38, 2.37.3-2.37.6

A buffer overflow vulnerability has been reported in 'Alphas_Of
_Color' due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng-
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html

Currently we are not aware of any exploits for this vulnerability.

Security Focus, Bugtraq ID: 15427, November 15, 2005

Debian Security Advisory, DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1, November 21, 2005

Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005

Michael Arndt

WebCal 3.0 4

Multiple HTML injection and Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36

Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available at:
ftp://ftp.foolabs.com/
pub/xpdf/xpdf-
3.01pl1.patch

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-840.html

KDE:
ftp://ftp.kde.org/pub/
kde/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/main/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-08.xml

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-878.html

http://rhn.redhat.
com/errata/RHSA-
2005-868.html

http://rhn.redhat.
com/errata/RHSA-
2005-867.html

Currently we are not aware of any exploits for these vulnerabilities.

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Multiple Vendors

FreeBSD 5.4 & prior

Patches and updates available at:
ftp://ftp.freebsd.org/
pub/FreeBSD/
CERT/advisories/
FreeBSD-SA-
05:09.htt.asc

SCO:
ftp://ftp.sco.com/
pub/updates/UnixWare/
SCOSA-2005.24

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-476.html

Sun:
http://sunsolve.sun.
com/search/document.
do?assetkey=
1-26-101739-1

Mandriva:
http://www.mandriva.
com/security/
advisories

Trustix:
ftp://ftp.trustix.org/
pub/trustix/updates/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/
3/updates/

IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT VU#911878

RedHat Security Advisory, RHSA-2005:476-08, June 1, 2005

Sun(sm) Alert Notification, 101739, June 1, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:096, June 7, 2005

Trustix Secure Linux Security Advisory, TLSA-2005-0028, June 13, 2005

SGI Security Advisory, 20050602-01-U, June 23, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Multiple Vendors

ktools 0.3;
Centericq 4.21, 4.20

A buffer overflow vulnerability has been reported in the 'VGETSTRING()' marco when generating the output string using the "vsprintf()" function, which could let a remote malicious user execute arbitrary code.

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-11.xml

Currently we are not aware of any exploits for this vulnerability.

Zone-H Research Center Security Advisory 200503, November 27, 2005

Gentoo Linux Security Advisory, GLSA 200512-11, December 20, 2005

Multiple Vendors

GNOME GdkPixbuf 0.22
GTK GTK+ 2.4.14
RedHat Fedora Core3
RedHat Fedora Core2

A remote Denial of Service vulnerability has been reported due to a double free error in the BMP loader.

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/2/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-344.html

http://rhn.redhat.com/
errata/RHSA-
2005-343.html

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/g/gdk-pixbuf/

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

SGI:
ftp://patches.sgi.com
/support/free/security/
advisories/

TurboLinux:
ftp://ftp.turbolinux.
co.jp/pub/TurboLinux/
TurboLinux/ia32/

Conectiva:
http://distro.conectiva.
com.br/atualizacoes/
index.php?id=
a&anuncio=000958

Mandriva:
http://www.mandriva.
com/security/
advisories

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this vulnerability.

Fedora Update Notifications,
FEDORA-2005-
265, 266, 267 & 268, March 30, 2005

RedHat Security Advisories,
RHSA-2005:344-03 & RHSA-2005:343-03, April 1 & 4, 2005

Ubuntu Security Notice, USN-108-1 April 05, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:068 & 069, April 8, 2005

SGI Security Advisory, 20050403-01-U, April 15, 2005

Turbolinux Security Advisory, TLSA-2005-57, May 16, 2005

Conectiva Security Advisory, CLSA-2005:958, June 1, 2005

Mandriva Linux Security Advisory, MDKSA-2005:214, November 18, 2005

Fedora Legacy Update Advisory, FLSA:155510, December 17, 2005

Multiple Vendors

phpMyAdmin 2.7.0-pl1

A Cross-Site Request Forgery vulnerability has been reported because a remote malicious user can perform unauthorized actions as a logged-in
user via a link or IMG tag to 'server_privileges.php.'

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors

RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10

OpenSSL:
http://www.openssl.
org/source/openssl-
0.9.7h.tar.gz

FreeBSD:
ftp://ftp.FreeBSD.org/
pub/FreeBSD/CERT/
patches/SA-05:21/
openssl.patch

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-800.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200510-11.xml

Slackware:
ftp://ftp.slackware.
com/pub/
slackware/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=1-26-
101974-1

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/o/openssl/

OpenPKG:
ftp://ftp.openpkg.org/
release/

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Debian:
http://security.debian.
org/pool/updates/
main/o/openssl094/

NetBSD:
http://arkiv.netbsd.
se/?ml=netbsd-
announce&a=2005-
10&m=1435804

BlueCoat Systems:
http://www.bluecoat.
com/support/
knowledge/advisory
_openssl_
\2005-2969.html

Debian:
http://security.debian.
org/pool/updates
/main/o/openssl/

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Number=63500&page
=0&view=collapsed&
sb=5&o=&fpart=
1#63500

SCO:
ftp://ftp.sco.com/
pub/updates/
UnixWare/
SCOSA-2005.48

IBM:
http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_754

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_474

http://www-1.ibm.com/
support/docview.wss
?uid=isg1SSRVHMCHMC
_C081516_604

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

Cisco:
http://www.cisco.com/
warp/public/707/
cisco-response-
20051202-
openssl.shtml

Currently we are not aware of any exploits for this vulnerability.

Multiple Vendors OpenSSL Insecure Protocol Negotiation

CVE-2005-2969

OpenSSL Security Advisory, October 11, 2005

FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005

RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005

Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005

Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005

Slackware Security Advisory, SSA:2005-286-01, October 13, 2005

Fedora Update Notifications,
FEDORA-2005-985 & 986, October 13, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101974, October 14, 2005

Ubuntu Security Notice, USN-204-1, October 14, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005

SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Debian Security Advisory DSA 875-1, October 27, 2005

NetBSD Security Update, November 1, 2005

BlueCoat Systems Advisory, November 3, 2005

Debian Security Advisory, DSA 888-1, November 7, 2005

Astaro Security Linux Announce-ment, November 9, 2005

SCO Security Advisory, SCOSA-2005.48, November 15, 2005

IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005

Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005

Cisco Security Notice, Document ID: 68324, December 19, 2005

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; Netpbm 10.0, 9.20 -9.25; libpng pnmtopng 2.38, 2.37.3-2.37.6;
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha, 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha

A buffer overflow vulnerability has been reported due to insufficient bounds checking of user-supplied data prior to copying it to an insufficiently sized memory buffer, which could let a remote malicious user execute arbitrary code.

libpng:
http://prdownloads.
sourceforge.net/
png-mng/pnmtopng
2.39.tar.gz?download

Debian:
http://security.debian.
org/pool/updates/
main/n/netpbm-free/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/n/netpbm-free/

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-843.html

Currently we are not aware of any exploits for this vulnerability.

Debian Security Advisory DSA 904-1, November 21, 2005

Ubuntu Security Notice, USN-218-1 November 21, 2005

Mandriva Linux Security Advisory, MDKSA-2005:217, November 30, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

RedHat Security Advisory, RHSA-2005:843-8, December 20, 2005

Multiple Vendors

util-linux 2.8-2.13;
Andries Brouwer util-linux 2.11 d, f, h, i, k, l, n, u, 2.10 s

A vulnerability has been reported because mounted filesystem options are improperly cleared due to a design flaw, which could let a remote malicious user obtain elevated privileges.

Updates available at:
http://www.kernel.
org/pub/linux/utils/
util-linux/testing
/util-linux-2.
12r-pre1.tar.gz

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/u/util-linux/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200509-15.xml

Mandriva:
http://www.mandriva
.com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/u/util-linux/

SUSE:
ftp://ftp.SUSE.com
/pub/SUSE

Conectiva:
ftp://atualizacoes.
conectiva.com.br/
10/

Sun:
http://sunsolve.sun.
com/search/
document.do?
assetkey=
1-26-101960-1

SGI:
http://www.sgi.com/
support/security/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

There is no exploit code required.

Security Focus, Bugtraq ID: 14816, September 12, 2005

Slackware Security Advisory, SSA:2005-255-02, September 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005

Ubuntu Security Notice, USN-184-1, September 19, 2005

Gentoo Linux Security Advisory, GLSA 200509-15, September 20, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:167, September 20, 2005

Debian Security Advisory, DSA 823-1, September 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:021, September 30, 2005

Conectiva Linux Announcement, CLSA-2005:1022, October 6, 2005

Sun(sm) Alert Notification
Sun Alert ID: 101960, October 10, 2005

SGI Security Advisor, 20051003-01-U, October 26, 2005

Fedora Legacy Update Advisory, FLSA:168326, December 17, 2005

Multiple Vendors

Webmin 0.88 -1.230, 0.85, 0.76-0.80, 0.51, 0.42, 0.41, 0.31, 0.22, 0.21, 0.8.5 Red Hat, 0.8.4, 0.8.3, 0.1-0.7; Usermin 1.160, 1.150, 1.140, 1.130, 1.120, 1.110, 1.0, 0.9-0.99, 0.4-0.8; Larry Wall Perl 5.8.3-5.8.7, 5.8.1, 5.8 .0-88.3, 5.8, 5.6.1, 5.6, 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04_04, 5.0 04, 5.0 03

A format string vulnerability has been reported in 'Perl_sv_
vcatpvfnl' due to a failure to properly handle format specifiers in formatted printing functions, which could let a remote malicious user cause a Denial of Service.

Webmin:
http://prdownloads.
sourceforge.net/
webadmin

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates

OpenPKG:
http://www.openpkg.
org/security.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-01.xml

http://security.gentoo.
org/glsa/glsa-
200512-02.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.suse.com
/pub/suse/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/p/perl/

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.
com/errata/RHSA-
2005-880.html

An exploit has been published.

Security Focus, Bugtraq ID: 15629, November 29, 2005

Fedora Update Notifications,
FEDORA-2005-1113, 1116, & 1117, December 1 & 2, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.025, December 3, 2005

Mandriva Linux Security Advisory, MDKSA-2005:223, December 2, 2005

Ubuntu Security Notice, USN-222-1 December 02, 2005, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-01 & 200512-02, December 7, 2005

US-CERT VU#948385

Mandriva Linux Security Advisory, MDKSA-2005:225, December 8, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005

Ubuntu Security Notice, USN-222-2, December 12, 2005

Fedora Update Notifications,
FEDORA-2005-1144 & 1145, December 14, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005

RedHat Security Advisory, RHSA-2005:880-8, December 20, 2005

Multiple Vendors

X.org X11R6 6.7.0, 6.8, 6.8.1;
XFree86 X11R6 3.3, 3.3.2-3.3.6, 4.0, 4.0.1, 4.0.2 -11, 4.0.3, 4.1.0, 4.1 -12, 4.1 -11, 4.2 .0, 4.2.1 Errata, 4.2.1, 4.3.0.2, 4.3.0.1, 4.3.0

An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code.

Patch available at:
https://bugs.freedesktop.
org/attachment.cgi
?id=1909

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-08.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lesstif1-1/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200503-15.xml

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/x/xfree86/

ALTLinux:
http://lists.altlinux.ru/
pipermail/security-
announce/2005-
March/000287.html

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-331.html

SGI:
ftp://oss.sgi.com/
projects/sgi_propack/
download/3/updates/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-044.html

Mandrake:
http://www.mandrake
secure.net/en/ftp.php

Mandriva:
http://www.mandriva.
com/security/
advisories

Debian:
http://security.debian.
org/pool/updates/
main/x/xfree86/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-412.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-473.html

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-198.html

Apple:
http://docs.info.apple.
com/article.html?
artnum=302163

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.57

Currently we are not aware of any exploits for this vulnerability.

Security Focus,
12714,
March 2, 2005

Gentoo Linux
Security Advisory,
GLSA 200503-08, March 4, 2005

Ubuntu Security
Notice, USN-92-1 March 07, 2005

Gentoo Linux
Security Advisory, GLSA 200503-15,
March 12, 2005

Ubuntu Security
Notice, USN-97-1
March 16, 2005

ALTLinux Security Advisory, March 29, 2005

Fedora Update Notifications,
FEDORA-2005
-272 & 273,
March 29, 2005

RedHat Security Advisory,
RHSA-2005:
331-06,
March 30, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005

Debian Security Advisory, DSA 723-1, May 9, 2005

RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005

RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005

RedHat Security Advisory, RHSA-2005:198-35, June 8, 2005

Fedora Update Notifications,
FEDORA-2005-808 & 815, August 25 & 26, 2005

SCO Security Advisory, SCOSA-2005.57, December 14, 2005

Openswan

Openswan 2.2-2.4, 2.1.4-2.1.6, 2.1.2, 2.1.1

Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported when handling IKE packets that have an invalid 3DES key length; and a remote Denial of Service vulnerability was reported when handling certain specially crafted IKE packets.

Upgrades available at:
http://www.openswan.
org/download/opens
wan-2.4.2.tar.gz

Astaro Security Linux:
http://www.astaro.org/
showflat.php?Cat=&
Board=UBB1&Number
=63678&Forum=All_
Forums&Words=
4.028&Searchpage=
0&Limit=25&Main=
63678&Search=true
&where=bodysub&Name=
&daterange=1&newerval=
1&newertype=m&olderval=
&oldertype=&bodyprev=
#Post63678

Fedora:
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-04.xml

SUSE:
ftp://ftp.suse.com
/pub/suse/

Vulnerabilities can be reproduced using the PROTOS ISAKMP Test Suite.

CERT-FI & NISCC Joint Vulnerability Advisory, November 15, 2005

Astaro Security Linux Update, November 16, 2005

Fedora Update Notifications,
FEDORA-2005-1092 & 1093, November 21, 2005

Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005

SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005

Opera Software

Opera Web Browser 8.5, 8.0-8.0 2

A vulnerability has been reported due to insufficient sanitization of user-supplied data passed through a URI, which could let a remote malicious user execute arbitrary code.

Upgrades available at:
http://www.opera.com/
download/

SUSE:
ftp://ftp.suse.com
/pub/suse/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-10.xml

There is no exploit code required.

Secunia Advisory: SA16907, November 22, 2005

SUSE Security Summary Report Announcement, SUSE-SR:2005:028, December 2, 2005

Gentoo Linux Security Advisory, GLSA 200512-10, December 18, 2005

PHP Arena

paFileDB Extreme Edition RC1- RC5

An SQL injection vulnerability has been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

PlaySmS

PlaySmS

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'err' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Static Store

StaticStore 1.189 A

A Cross-Site Scripting vulnerability has been reported in 'search.cgi' due to insufficient sanitization of the 'keywords' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

StaticStore Cross-Site Scripting

CVE-2005-4284

Stefan Ritt

ELOG 2.6.0

A remote Denial of Service vulnerability has been reported in 'elogd' due to an error when handling an overly long value sent to the 'cmd' and 'mode' parameters.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Todd Miller

Sudo prior to 1.6.8p12

A vulnerability has been reported due to an error when handling the 'PERLLIB,' 'PERL5LIB,' and 'PERL5OPT' environment variables when tainting is ignored, which could let a malicious user bypass security restrictions and include arbitrary library files.

Upgrades available at:
http://www.sudo.ws/
sudo/download.html

Mandriva:
http://www.mandriva.
com/security/
advisories

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Security Focus, Bugtraq ID: 15394, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:234, December 20, 2005

Web
Glimpse.org

WebGlimpse 2.14.1, 2.0-2.2.2

A Cross-Site Scripting vulnerability has been reported in 'webglimpse.cgi' due to insufficient sanitization of the 'ID' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

xloadimage

xloadimage 4.1

A buffer overflow vulnerability has been reported when handling the title of a NIFF image when performing zoom, reduce, or rotate functions, which could let a remote malicious user execute arbitrary code.

Debian:
http://security.debian.
org/pool/updates/
main/x/xloadimage/

http://security.debian.
org/pool/updates/
main/x/xli/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-802.html

Mandriva:
http://www.mandriva.
com/security/
advisories

SUSE:
ftp://ftp.SUSE.com/
pub/SUSE

SGI:
http://www.sgi.com/
support/security/

Gentoo:
http://security.gentoo.
org

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.56

Currently we are not aware of any exploits for this vulnerability.

Xloadimage NIFF Image Buffer Overflow

CVE-2005-3178

Debian Security Advisories, DSA 858-1 & 859-1, October 10, 2005

RedHat Security Advisory, RHSA-2005:802-4, October 18, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:191, October 21, 2005

SUSE Security Summary Report, SUSE-SR:2005:024, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Gentoo Linux Security Advisory, GLSA 200510-26, October 31, 2005

SCO Security Advisory, SCOSA-2005.56, December 14, 2005

AbleDesign

D-Man 3.x

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'title' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

bbBoard

bbBoard v2 2.56

A Cross-Site Scripting vulnerability has been reported to due to insufficient sanitization of the 'keys' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Box UK

Amaxus CMS 3.x

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'change' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Caravel CMS

Caravel CMS 3.0 Beta 1

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'folderviewer_attrs' and 'fileDN' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Caravel CMS Multiple Cross-Site Scripting

CVE-2005-4381

Cisco Systems

Cisco Catalyst Switches

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Cisco Systems

Cisco Clean Access (CCA) 3.5-3.5.5, 3.4-3.4.5, 3.3-3.3.9

A vulnerability has been reported due to insufficient authentication of several scripts on the Secure Smart Manager, which could let a remote malicious cause a Denial of Service.

No workaround or patch available at time of publishing.

There is no exploit code required.

Cisco Systems

Firewall Services Module (FWSM) 1.x, 2.x, IOS 12.x, IOS R12.x, PIX 4.x, 5.x, 6.x, 7.x,
Cisco SAN-OS 1.x (MDS 9000 Switches), 2.x (MDS 9000 Switches), VPN 3000 Concentrator

A remote Denial of Service vulnerability has been reported due to errors in the processing of IKEv1 Phase 1 protocol exchange messages.

Patch information available at:
http://www.cisco.com/
warp/public/707/
cisco-sa-20051114-
ipsec.shtml

Rev 1.5: Updated Cisco IOS Products table.

Rev 1.6: Updated Additional Details for Cisco IOS section. Updated Cisco IOS section.

Rev 1.7: Updated Cisco IOS Products table and changed the availability date of 12.3(11)T9 to 27-Dec-05.

Vulnerability can be reproduced with the PROTOS IPSec Test Suite.

Cisco Security Advisory, Document ID: 68158, November 14, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.5, November 29, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.6, December 6, 2005

Cisco Security Advisory, Document ID: 68158, Rev 1.7, December 15, 2005

Colony

Colony Gov CMS, Enterprise CMS, E-Commerce CMS, Colony 2.75

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Colony Cross-Site Scripting

CVE-2005-4386

contenite

contenite 0.11

A Cross-Site Scripting vulnerability has been reported in 'home.php' due to insufficient sanitization of the 'id' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Contenite Cross-Site Scripting

CVE-2005-4387

CONTENS Software

CONTENS 3.0

A Cross-Site Scripting vulnerability has been reported in 'search.cfm' due to insufficient sanitization of the 'near' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

CONTENS Cross-Site Scripting

CVE-2005-4388

contentServ

contentServ 3.1

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

ContentServ SQL Injection

CVE-2005-4390

DC Scripts

DCForum 6.25, 6.22, 6.21, 6.0, 5.0, 4.0, 3.0, 2.0, 1.0

A Cross-Site Scripting vulnerability has been reported in 'dcboard.php' due to insufficient sanitization of the 'page' parameter and in the 'keyword' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

ECTOOLS

Onlineshop 1.0

A Cross-Site Scripting vulnerability has been reported in 'cart.cgi' due to insufficient sanitization of the 'product,' 'category,' and 'uid' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

eDatCat

eDatCat 3.0

A Cross-Site Scripting vulnerability has been reported in 'EDCstore.pl' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

EPiX

EPiX 3.1.2

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

EPiX Cross-Site Scripting

CVE-2005-4394

Esselbach Storyteller CMS System

Esselbach Storyteller CMS System 1.8 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Ethereal Group

Ethereal 0.10-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_
prefix()' function in the OSPF protocol dissector due to a boundary error when converting received binary data to a human readable string, which could let a remote malicious user execute arbitrary code.

Patch available at:
http://anonsvn.ethereal.
com/viewcvs/viewcvs.py/
trunk/epan/dissectors/
packet-ospf.c?rev=
16507&view=markup

Debian:
http://security.debian.
org/pool/updates/
main/e/ethereal/

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200512-06.xml

Mandriva:
http://www.mandriva.
com/security/
advisories

Currently we are not aware of any exploits for this vulnerability.

iDefense Security Advisory, December 9, 2005

Debian Security Advisory DSA 920-1, December 13, 2005

Gentoo Linux Security Advisory, GLSA 200512-06, December 14, 2005

Mandriva Linux Security Advisory MDKSA-2005:227, December 15, 2005

ezUpload

ezUpload 2.2

No workaround or patch available at time of publishing.

There is no exploit code required.

FarCry

FarCry 3.0

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

FarCry Cross-Site Scripting

CVE-2005-4395

FFmpeg

FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS

A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code.

Patches available at:
http://www1.mplayerhq.hu/
cgi-bin/cvsweb.cgi/
ffmpeg/libavcodec/
utils.c.diff?cvsroot=
FFMpeg&r2=1.162&
r1=1.161&f=u

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/f/ffmpeg/

Mandriva:
http://www.mandriva.
com/security/
advisories

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/x/xine-lib/

Currently we are not aware of any exploits for this vulnerability.

Secunia Advisory: SA17892, December 6, 2005

Ubuntu Security Notice, USN-230-1, December 14, 2005

Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005

Ubuntu Security Notice, USN-230-2, December 16, 2005

FLIP

FLIP 0.9.0.1029 & prior

A Cross-Site Scripting vulnerability has been reported in 'text.php' due to insufficient sanitization of the 'name' parameter and in 'forum.php' due to insufficient sanitization of the 'frame' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Focal
Media.net

Sitenet BBS 2.0

A Cross-Site Scripting vulnerability has been reported in 'search.cgi' due to insufficient sanitization o f the 'cid' parameter and in'netboard.cgi' due to insufficient sanitization of the 'pg,' 'tid,' 'cid,' and 'fid' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Hot Banana

Web Content Management Suite 5.3 & prior

A Cross-Site Scripting vulnerability has been reported in 'index.cfm' due to insufficient sanitization of the 'keywords' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

IBM

Websphere Application Server 6.0

Multiple HTML injection vulnerabilities have been reported in WebSphere Application Server sample scripts due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

IBM WebSphere Application Server Sample Scripts Multiple HTML Injection

CVE-2005-4413

iHTML Merchant

iHTML Merchant 2.0

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'id,' pid,' and 'step' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

iHTML Merchant

iHTML Merchant Mall

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'id,' 'store,' and 'step' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

IndexCOR

ezDatabase 2.1.2

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Komodo CMS

Komodo CMS 2.1 & prior

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'page.php' due to insufficient sanitization of the 'page' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of certain parameters when performing a search, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Kryptronic

ClickCartPro 5.1

A Cross-Site Scripting vulnerability has been reported in 'cp-app.cgi' due to insufficient sanitization of the 'affl' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Libertas Solutions

Libertas ECMS 3.0 & prior

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'page_search' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Libremail

Libremail 1.1.0 & prior

A format string vulnerability has been reported in 'pop.c' when processing specially crafted data from a POP server, which could let a remote malicious user execute arbitrary code.

Update available at:
http://libremail.tuxfamily.org/
en/dersources.htm

Currently we are not aware of any exploits for this vulnerability.

Liferay

Liferay Portal Enterprise 3.6.1 & prior

A Cross-Site Scripting vulnerability has been reported in 'portal_ent' due to insufficient sanitization of the '_77_struts_action,' 'p_p_mode,' and 'p_p_state' parameters and due to insufficient sanitization of certain parameters when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Limbo CMS

Limbo CMS 1.0.4 .2

Multiple input validation vulnerabilities have been reported due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code, SQL code, and include local arbitrary files.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Lutece

Lutece 1.2.3 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Macromedia

ColdFusion Server MX 7.0, 6.1, 6.0, ColdFusion MX J2EE 6.1, ColdFusion MX Enterprise with JRun 6.1, ColdFusion MX 7.0, 6.1, 6.0

Multiple vulnerabilities have been reported: a vulnerability was reported in the Sandbox Security functionality due to a failure to throw an exception when ColdFusion is running on a JRun 4 cluster member with the Java SecurityManager disabled, which could let a remote malicious user bypass security controls; an input validation vulnerability was reported in the CFMAIL tag when handling the 'Subject' field, which could let a remote malicious user attach arbitrary files; a vulnerability was reported in the Sandbox Security functionality when enforcing the 'CFOBJECT/CreateObject(Java)' setting due to an error, which could let a remote malicious user call restricted methods through an object of a specially crafted class written to the ColdFusion library directory; and a vulnerability was reported because the password hash used to authenticate the ColdFusion Administrator can be obtained by developers.

Update and fix information available at:
http://www.macromedia.com/
devnet/security/security_zone/
mpsb05-12.html

http://www.macromedia.com/
devnet/security/security_zone/
mpsb05-14.html

Currently we are not aware of any exploits for this vulnerability.

Macromedia

Flash Media Server Professional Edition 2.0,
Flash Media Server Origin Edition 2.0, Flash Media Server Edge Edition 2.0, Flash Media Server Developer Edition 2.0

A Denial of Service vulnerability has been reported due to an error in the Administration Service (FMSAdmin.exe) when handling received data.

Solution available at:
http://www.macromedia.
com/devnet/security/
security_zone/mpsb05-11.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

Security Focus, Bugtraq ID: 15822, December 13, 2005

Macromedia Security Bulletin, MPSB05-11, December 15, 2005

Magnolia

Magnolia 2.1 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'query' parameter in the search feature, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mantis

Mantis 1.x

A Cross-Site Scripting vulnerability has been reported in 'view_filters_page.php' due to insufficient sanitization of the 'target_field' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
http://prdownloads.
sourceforge.net/
mantisbt/mantis-
0.19.4.tar.gz

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Secunia Advisory: SA18018, December 14, 2005

Security Focus, Bugtraq ID: 15842, December 15, 2005

Marmara
Web

E-commerce

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code; and a remote file include vulnerability was reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploit scripts have been published.

Marwel

Marwel 2.7 & prior

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'show' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Mindroute Software AB

damoon

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'q' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Mindroute Software AB

lemoon 2.0 & prior

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'q' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Miraserver

Miraserver 1.0 RC4 & prior

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'page' parameter, in 'newsitem.php' due to insufficient sanitization of the 'id' parameter, and in 'article.php' due to insufficient sanitization of the 'cat' parameter, before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

MMBase

MMBase 1.7.4

A Cross-Site Scripting vulnerability has been reported in the search module due to insufficient sanitization of user-supplied input before returning to the user.

No workaround or patch available at time of publishing.

There is no exploit code required.

MMBase Cross-Site Scripting

CVE-2005-4409

Multiple Vendors

University of Kansas Lynx 2.8.5 & prior

A vulnerability has been reported in the 'lynxcgi:' URI handler, which could let a remote malicious user execute arbitrary commands.

Upgrades available at:
http://lynx.isc.org/
current/lynx2.8.6
dev.15.tar.gz

RedHat:
http://rhn.redhat.
com/errata/
RHSA-2005-839.html

Mandriva:
http://www.mandriva.
com/security/
advisories

Gentoo:
http://security.gentoo.
org/glsa/glsa-
200511-09.xml

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
ftp://patches.sgi.com/
support/free/security/
advisories/

OpenPKG:
http://www.openpkg.
org/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.55

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

There is no exploit code required.

Security Tracker Alert ID: 1015195, November 11, 2005

RedHat Security Advisory, RHSA-2005:839-3, November 11, 2005

Mandriva Linux Security Advisory, MDKSA-2005:211, November 12, 2005

Gentoo Linux Security Advisory, GLSA 200511-09, November 13, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0066, November 22, 2005

SGI Security Advisory, 20051101-01-U, November 29, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

SCO Security Advisory, SCOSA-2005.55, December 14, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

Multiple Vendors

University of Kansas Lynx 2.8.6 dev.1-dev.13, 2.8.5 dev.8, 2.8.5 dev.2-dev.5, 2.8.5, 2.8.4 rel.1, 2.8.4, 2.8.3 rel.1, 2.8.3 pre.5, 2.8.3 dev2x, 2.8.3 dev.22, 2.8.3, 2.8.2 rel.1, 2.8.1, 2.8, 2.7;
RedHat Enterprise Linux WS 4, WS 3, 2.1, ES 4, ES 3, ES 2.1, AS 4, AS 3, AS 2.1,
RedHat Desktop 4.0, 3.0,
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64

A buffer overflow vulnerability has been reported in the 'HTrjis()' function when handling NNTP article headers, which could let a remote malicious user execute arbitrary code.

University of Kansas Lynx:
http://lynx.isc.org/current/
lynx2.8.6dev.14.tar.gz

Gentoo:
http://security.gentoo.org/
glsa/glsa-200510-15.xml

Ubuntu:
http://security.ubuntu.com/
ubuntu/pool/main/l/lynx/

RedHat:
http://rhn.redhat.com/
errata/RHSA-
2005-803.html

Fedora:
http://download.fedora.
redhat.com/pub/
fedora/linux/core/
updates/

Mandriva:
http://www.mandriva.
com/security/
advisories

Conectiva:
ftp://atualizacoes.conectiva.
com.br/10/

Trustix:
http://http.trustix.org/
pub/trustix/updates/

SGI:
http://www.sgi.com/
support/security/

Mandriva:
http://www.mandriva.com/
security/advisories

Debian:
http://security.debian.
org/pool/updates/
main/l/lynx/

http://security.debian.
org/pool/updates/
main/l/lynx-ssl/

Ubuntu:
http://security.ubuntu.
com/ubuntu/pool/
main/l/lynx/
(Note: Ubuntu advisory USN-206-1 was previously released to address this vulnerability, however, the fixes contained an error that caused lynx to crash.)

SUSE:
ftp://ftp.suse.com
/pub/suse/

Slackware:
ftp://ftp.slackware.
com/pub/slackware/

SCO:
ftp://ftp.sco.com/pub/
updates/UnixWare/
SCOSA-2005.47

OpenPKG:
http://www.openpkg.
org/

FedoraLegacy:
http://download.
fedoralegacy.org/
redhat/

A Proof of Concept Denial of Service exploit script has been published.

Lynx 'HTrjis()' NNTP Remote Buffer Overflow

CVE-2005-3120

Gentoo Linux Security Advisory, GLSA 200510-15, October 17, 2005

Ubuntu Security Notice, USN-206-1, October 17, 2005

RedHat Security Advisory, RHSA-2005:803-4, October 17, 2005

Fedora Update Notifications,
FEDORA-2005-993 & 994, October 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:186, October 18, 2005

Conectiva Linux Announcement, CLSA-2005:1037, October 19, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

Mandriva Linux Security Advisory, MDKSA-2005:186-1, October 26, 2005

Debian Security Advisories, DSA 874-1 & 876-1, October 27, 2005

Ubuntu Security Notice, USN-206-2, October 29, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Slackware Security Advisory, SSA:2005-310-03, November 7, 2005

SCO Security Advisory, SCOSA-2005.47, November 8, 2005

OpenPKG Security Advisory, OpenPKG-SA-2005.026, December 3, 2005

Fedora Legacy Update Advisory, FLSA:152832, December 17, 2005

myEZshop Shopping Cart

myEZshop Shopping Cart

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'Keyword' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'admin.php' due to insufficient sanitization of the 'Groupsld' and 'Itemsld' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

NetQuest

NQcontent 3.0

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'text' parameter when performing a search, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

NightMedia

The CITY Shop 1.3

A Cross-Site Scripting vulnerability has been reported in 'store.cgi' due to insufficient sanitization of the 'SKey' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

ODFaq

ODFaq 2.1.0

SQL injection vulnerabilities have been reported in 'index.php' due to insufficient sanitization of the 'cat' and 'srcText' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

OpenCMS Project

Alkacon OpenCMS 6.0.2

A Cross-Site Scripting vulnerability has been reported in the login page due to insufficient sanitization of the user name field before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Update available at:
http://www.opencms.org/
opencms/en/download/
opencms.html

There is no exploit code required; however, a Proof of Concept exploit has been published.

OTRS

OTRS (Open Ticket Request System) 2.0.0-2.0.3, 1.3.2, 1.0 .0

Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'login' function due to insufficient sanitization of the 'login' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; an SQL injection vulnerability was reported in the 'AgentTicketPlain' function due to insufficient sanitization of the 'TicketID' and 'ArticleID' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of HTML email attachments before displaying, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'index.pl' due to insufficient sanitization of the 'QueueID' and 'Action' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrades available at:
ftp://ftp.otrs.org/pub/
otrs/otrs-1.3.3-01.tar.gz

SUSE:
ftp://ftp.suse.com
/pub/suse/

There is no exploit code required; however, Proof of Concept exploits have been published.

OTRS Security Advisory, OSA-2005-01, November 22, 2005

SUSE Security Summary Report, SUSE-SR:2005:030, December 16, 2005

PHP Fusebox

PHP Fusebox 3.0

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

phpXplorer

phpXplorer 0.9.12

A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'address bar' field before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Plexum

PlexCart X3 3.0

An SQL injection vulnerability has been reported in 'plexcart.pl' due to insufficient sanitization of some parameters (e.g. 's_itemname,' 's_orderby') before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required.

PPCal Shopping Cart

PPCal Shopping Cart 3.3

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

QuickPay
Pro

QuickPayPro 3.1

Several vulnerabilities have been reported: SQL injection vulnerabilities were reported in the 'popupid,' 'so,' 'sb,' 'nr,' subtrackingid,' 'delete,' 'trackingid,' and customerid' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and Cross-Site Scripting vulnerabilities were reported in 'subscribers.tracking.add.php,' 'tickets.add.php,' and 'categories.php' due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Random
Mouse

Red Queen 1.02 & prior

A vulnerability has been reported because the full path to the installation is shown when malformed input is used to access certain scripts, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Round Cube Project

Round Cube Webmail 0.1 -20051021

A vulnerability has been reported when an invalid_task parameter is submitted, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Round Cube Webmail Path Disclosure

CVE-2005-4368

ScareCrow

ScareCrow 2.13

Cross-Site Scripting vulnerabilities have been reported in 'forum.cgi' and ' post.cgi' due to insufficient sanitization of the 'forum' parameter and in in 'profile.cgi' due to insufficient sanitization of the 'user' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Scientific Atlanta

Scientific Atlanta DPX2100

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

SSH Communications

Security Tectia Server 5.0 .0

A vulnerability has been reported when handling host-based authentication due to an error, which could let a remote malicious user bypass security restrictions.

Upgrade available at:
http://www.ssh.com/support/
downloads/tectia-server/
updates-and-packages-5-0.html

Currently we are not aware of any exploits for this vulnerability.

Sun Microsystems, Inc.

Java JDK 1.5.x, Java JRE 1.3.x, 1.4.x, 1.5.x / 5.x, Java SDK 1.3.x, 1.4.x

Several vulnerabilities have been reported: a vulnerability was reported due to an unspecified error, which could let a malicious untrusted applet read/ write local files or execute local applications; three unspecified vulnerabilities were reported with the use of 'reflection' APIs error, which could let a malicious untrusted applet read/write local files or execute local applications; and a vulnerability was reported in the Java Management Extensions (JMX) implementation, which could let a malicious untrusted applet read/ write local files or execute local applications.

Upgrade information available at:
http://sunsolve.sun.com
/searchproxy/document.
do?assetkey=1-26-
102003-1

http://sunsolve.sun.com/
searchproxy/document.
do?assetkey=1-
26-102017-1

http://sunsolve.sun.com/
searchproxy/document.
do?assetkey=1-
26-102050-1

IBM:
http://www-1.ibm.com/
support/docview.wss?
uid=swg21225628

Currently we are not aware of any exploits for these vulnerabilities.

Sun(sm) Alert Notifications
Sun Alert ID: 102003, 102017, & 102050, November 28, 2005

US-CERT VU#974188, VU#355284, VU#931684

IBM Technote, December 16, 2005

TML

TML 0.5

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script has been published.

Westell

Versalink 327W

A remote Denial of Service vulnerability has been reported when handling TCP 'LanD' packets.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

WHM
Complete
Solution

WHMComplete
Solution 2.1

A Cross-Site Scripting vulnerability has been reported in 'knowledgebase.php' due to insufficient sanitization of the 'search' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

WHMCompleteSolution 2.2 is not affected by this issue. Please contact the vendor to obtain a fix.

There is no exploit code required.

Security Focus, Bugtraq ID: 15856, December 14, 2005

Security Focus, Bugtraq ID: 15856, December 20, 2005

Zaygo

HostingCart 2.0, DomainCart 2.0

A Cross-Site Scripting vulnerability has been reported in 'zaygo.cgi' due to insufficient sanitization of the 'root' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required