Summary of Security Items from March 2 through March 8, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
Comvigo
IM Lock Home 2006,
IM Lock Professional 2006
A vulnerability has been reported in 'SOFTWARE\Microsoft\
SvcHst\msnvs\prc' due to a failure to store passwords with secure permissions, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script, imlock2006.txt, has been published.
Comvigo IM Lock 2006 Insecure Password Storage
Not Available
Secunia Advisory: SA19140, March 7, 2006
Dantz Development Corporation, EMC
Retrospect Client 7, 6.5
A remote Denial of Service vulnerability has been reported due to an assertion error in the backup client
Anti-Virus AVG Free Edition 7.x, Antivirus 6.x, Antivirus Professional
A vulnerability has been reported in the File Update functionality because insecure permissions are assigned to files that have been updated, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing.
There is no exploit code required.
AVG Anti-Virus Insecure File Permissions
Not Available
Secunia Advisory: SA19118, March 6, 2006
J. Kneschke
lighttpd 1.4.10
A vulnerability has been reported due to a validation error of the filename extension supplied by the user in the URL, which could let a remote malicious user obtain sensitive information.
Internet Explorer 6.0, SP1 & SP2, 5.5, SP1 & SP2, 5.5 preview, 5.0.1, SP1-SP4, 50.1 for Windows NT 4.0, Windows 98, Windows 95, Windows 2000, 5.0 for Windows NT 4.0, Windows 98, Windows 95, Windows 2000, 5.0, 7.0 beta2
A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions. Note: This issue only presents itself when Sun's Java runtime environment is installed and configured to be the default handler for Java applets.
No workaround or patch available at time of publishing.
There is no exploit code required.
Microsoft Internet Explorer Java Applet Handling Remote Denial of Service
Not Available
Security Focus, Bugtraq ID: 16978, March 6, 2006
Microsoft
Visual InterDev, Visual Studio 6 Enterprise, Visual Studio 6 Professional
A buffer overflow vulnerability has been reported in the '.dbp' file due to an overly long string in the 'DataProject' field, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Network Communication Secure Client 8.11 Build 146
Multiple vulnerabilities have been reported: including Firewall rules designed to allow only specific applications to access the network may be bypassed; some applications are prone to local command-line argument buffer overflow vulnerabilities; the VPN client is susceptible to a remote Denial of Service vulnerability; and the VPN client is susceptible to a local privilege-escalation vulnerability.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
A Denial of Service vulnerability has been reported due to unspecified errors in the proxy when handling invalid content type or when handling media streaming over HTTP 1.1.
Currently we are not aware of any exploits for this vulnerability.
Novell BorderManager Proxy Denial of Service
Not Available
Novell Technical Information Document, TID2972993, March 3, 2006
Peter's Software
LetterMerger 1.2
A vulnerability has been reported due to the insecure storage of user-supplied information in Access database files, which could let a malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
A vulnerability has been reported due to a validation error of the filename extension supplied by the user in the URL, which could let a remote malicious user obtain sensitive information.
A buffer overflow vulnerability has been reported in the POP3 USER command due to a boundary error, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
An exploit script, revilloC_poc.pl, has been reported.
RevilloC MailServer Buffer Overflow
Not Available
Secunia Advisory: SA19119, March 8, 2006
Symantec
Ghost 8.2, 8.0
Multiple vulnerabilities have been reported: a vulnerability was reported due to a default administrator loginid and password, which could let a malicious user modify or delete stored administrative tasks; a vulnerability was reported in the Sybase SQLAnywhere database due to insecure permissions in the shared memory sections used by Symantec Ghost, which could let a malicious user obtain unauthorized access and modify database information; and a vulnerability was reported in the login dialog box of 'dbisqlc.exe' due to a boundary error, which could let a malicious user obtain unauthorized access.
Symantec Security Advisory, SYM06-003
March 07, 2006
VanDyke Software
SecureCRT 5.0.4 & prior, SecureFX 3.0.4 & prior.
A buffer overflow vulnerability has been reported due to a boundary error when converting a unicode string to a multi-byte string, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.
thttpd 2.0-2.24, 1.95, 1.90 a, 1.0.x, 1.0, 2.25 b, 2.1x
Multiple buffer overflow vulnerabilities have been reported in the 'htpasswd' utility included with thttpd due to insufficient bounds checking of user-supplied input prior to copying into insufficiently sized memory buffers, which could let a remote malicious user execute arbitrary commands.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
An SQL injection vulnerability has been reported in 'users.php' due to insufficient sanitization of the user name before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
Mac OS X Server 10.4-10.4.5, 10.3-10.3.9, Mac OS X 10.4-10.4.5, 10.3-10.3.9
Multiple vulnerabilities have been reported; several security issues were reported in the PHP Apache module and scripting environment; a remote Denial of Service vulnerability was reported in 'automount' which could also lead to the execution of arbitrary code; an input validation vulnerability was reported in the BOM framework when certain archives are unpacked, which could let a remote malicious user overwrite arbitrary files; a vulnerability was reported in the 'passwd' program when used with the '-i' parameter, which could let a remote malicious user create/
overwrite arbitrary files; a vulnerability was reported when a FIleVault image is created because user directories are insecurely mounted, which could let a remote malicious user obtain unauthorized access; a remote Denial of Service vulnerability was reported due an error in IPSec when handling certain error conditions; a vulnerability was reported in the 'vm_allocate()' syscall in the LibSystem component due to an integer overflow; which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code; a vulnerability was reported in 'Download Validation' in the Mail component due to a failure to warn of unsafe file types when double-clicking an email attachment; a vulnerability was reported because in certain cases a Perl program may fail to drop privileges; a buffer overflow vulnerability was reported in 'rsync' due to a boundary error when transferring extended attributes, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a buffer overflow vulnerability was reported due to the way WebKit handles certain HTML, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in Safari due to a boundary error when parsing JavaScript, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in Safari's security model when handling HTTP redirection, which could let a remote malicious user execute arbitrary JavaScript; a vulnerability was reported in 'Safari/LaunchServices' due to an error, which could let a remote malicious user execute arbitrary files; and a Cross-Site Scripting vulnerability was reported in the Syndication (Safari RSS) component due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
A remote Denial of Service vulnerability has been reported due to a design error in the
authorization pending connections code.
No workaround or patch available at time of publishing.
There is no exploit code required.
Dropbear Remote Denial of Service
Not Available
Security Focus, Bugtraq ID: 17024, March 7, 2006
eschew.net
phpBanner
Exchange 2.0 & prior
A Directory Traversal vulnerability has been reported in 'ResetPW.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
Eschew.Net PHPBanner
Exchange Directory Traversal
Not Available
Security Focus, Bugtraq ID: 16996, March 7, 2006
Freeciv
Freeciv 2.0.7
A remote Denial of Service vulnerability has been reported in 'common/packets.c' due to an error when handling the packet length.
A vulnerability has been reported in 'lib-sessions.php' due to insufficient verification of user-supplied data, which could let a remote malicious user bypass authentication.
A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.
Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005
SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006
Ubuntu Security Notice, USN-242-1 January 16, 2006
Debian Security Advisory, DSA-955-1, January 25, 2006
RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006
GNU
tar 1.15.90, 1.15.1, 1.14.90, 1.15, 1.14
A buffer overflow vulnerability has been reported when handling PAX extended headers due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Mandriva Security Advisory, MDKSA-2006:046, February 21, 2006
Ubuntu Security Notice, USN-257-1, February 23, 2006
Trustix Secure Linux Security Advisory, #2006-0010, February 24, 2006
RedHat Security Advisory, RHSA-2006:0232-3, March 1, 2006
SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006
Debian Security Advisory,
DSA-987-1, March 7, 2006
GnuPG
GnuPG / gpg prior to 1.4.2.1
A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.
Hewlett Packard Security Bulletin, HPSBTU02100, March 7, 2006
Inter7 Internet Technologies, Inc.
qmailadmin prior to 1.2.10
A buffer overflow vulnerability has been reported in 'PATH_INFO' when processing excessive data, which could let a remote malicious user execute arbitrary code.
A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. Note: According to Security Tracker this is a Linux/Unix vulnerability. Previously classified as multiple operating systems.
Integer overflow vulnerabilities have been reported in the 'new_demux_packet()' function in 'libmpdemux/
demuxer.h' and the 'demux_asf_read_packet()' function in 'libmpdemux/
demux_asf.c' when allocating memory, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36
Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.
Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005
RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005
KDE Security Advisory, advisory-20051207-1, December 7, 2005
SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005
Ubuntu Security Notice, USN-227-1, December 12, 2005
Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005
RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005
Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006
Debian Security Advisory,
DSA-936-1, January 11, 2006
Debian Security Advisory, DSA-937-1, January 12, 2006
Debian Security Advisory, DSA 938-1, January 12, 2006
Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006
SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006
RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006
SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006
SGI Security Advisory, 20051201-01-U, January 20, 2006
Debian Security Advisory, DSA-950-1, January 23, 2006
Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006
Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006
Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006
Gentoo Linux Security Advisory, GLSA 200603-02, March 4, 2006
Multiple Vendors
OpenSSH 3.x, 4.x; RedHat Fedora Core3 & Core4
A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges.
Ubuntu Security Notice, USN-192-1, September 30, 2005
Debian Security Advisory, DSA 828-1, September 30, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005
SCO Security Advisory, SCOSA-2005.44, November 1, 2005
SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005
SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005
RedHat Security Advisory, RHSA-2006:0052-7, March 7, 2006
Multiple Vendors
Linux kernel 2.6-2.6.15 .4
Multiple vulnerabilities have been reported: a Denial of Service vulnerability has been reported in the 'nfs_get_user_pages()' function due to insufficient checks on the return value; a Denial of Service vulnerability has been reported due to missing checks for bad elf entry addresses; and a Denial of Service vulnerability has been reported in the 'sys_mbind()' function due to insufficient sanity checks.
RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; GNU Libtasn1 prior to 1.2.10,
GnuTLS prior to 1.2.10
A remote Denial of Service vulnerability has been reported due to improper decoding of DER encoded data. This could possibly lead to the execution of arbitrary code.
Fedora Update Notification,
FEDORA-2005-1065, November 9, 2005
SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0064, November 22, 2005
Mandriva Linux Security Advisory, MDKSA-2005:221, December 2, 2005
RedHat Security Advisory, RHSA-2006:0129-8, March 7, 2006
Multiple Vendors
Tin News Reader 1.8 & prior ;
OpenPKG 2.5, 2.4, 2.3, OpenPKG Current
A off-by-one buffer overflow vulnerability has been reported due to insufficient boundary checks on user-supplied data before using it in a finite-sized buffer, which could let a remote malicious user execute arbitrary code.
Security Focus, Bugtraq ID: 16728, February 20, 2006
OpenPKG Security Advisory, OpenPKG-SA-2006.005, February 19, 2006
SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006
Multiple Vendors
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15
A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.
Security Focus, Bugtraq ID: 15177, October 24, 2005
Gentoo Linux Security Advisory, GLSA 200511-08, November 14, 2005
Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005
Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005
Ubuntu Security Notice, USN-232-1, December 23, 2005
Apple Security Update 2006-001, March 1, 2006
Rahul Dhesi
Zoo 2.10
A buffer overflow vulnerability has been reported in the 'fullpath()' in 'misc.c' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.
Security Tracker Alert ID: 1015668, February 23, 2006
SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006
Gentoo Linux Security Advisory, GLSA 200603-05, March 6, 2006
Sun Microsystems, Inc.
Solaris 10.0 _x86, 10.0, 9.0 _x86, 9.0, 8.0 _x86, 8.0
Several vulnerabilities have been reported in 'lpsched(1M)' which could let a malicious user modify system/user information or cause a Denial or Service.
Sun(sm) Alert Notification
Sun Alert ID: 102159, March 3, 2006
TEG
Tenes Empanadas Graciela 0.11.1
A remote Denial of Service vulnerability has been reported due to an off-by-one error within the handling of the nickname supplied by the user.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a client version of the application.
Tenes Empanadas Graciela Remote Denial of Service
Not Available
Security Focus, Bugtraq ID: 16982, March 6, 2006
up-imapproxy
up-imapproxy 1.2.4, 1.2.3
A format string vulnerability has been reported in the 'ParseBannerAnd
Capability()' function when processing the banner or capability line received from the IMAP server, which could let a remote malicious user execute arbitrary code.
Debian Security Advisory DSA 852-1, October 9, 2005
Security Focus, Bugtraq ID: 15048, November 3, 2005
Gentoo Linux Security Advisory, GLSA 200603-04, March 6, 2006
Yukihiro Matsumoto
Ruby 1.6 - 1.6.8, 1.8 - 1.8.2
A vulnerability has been reported in 'eval.c' due to a flaw in the logic that implements the SAFE level checks, which could let a remote malicious user bypass access restrictions to execute scripting code.
Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description
Common Name
CVSS
Resources
Alien Arena 2006 GE
Alien Arena 2006 GE 5.0 & prior
Multiple vulnerabilities have been reported including a format string vulnerability, a buffer overflow vulnerability, and a Denial of Service vulnerability due to insufficient sanitization of user-supplied input, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit script, aa2k6x.c, has been published.
Alien Arena 2006 GE Multiple Remote Vulnerabilities
Not Available
Security Focus, Bugtraq ID: 17028, March 7, 2006
Apache Software Foundation
Struts 1.2.7
A Cross-Site Scripting vulnerability has been reported in error response due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
Security Focus, Bugtraq ID: 15512, November 21, 2005
RedHat Security Advisory, RHSA-2006:0161-01, March 7, 2006
Apache Software Foundation
Tomcat 5.5-5.5.12
A remote Denial of Service vulnerability has been reported due to the inefficient generation of directory listing for web directories that have a large number of files.
Security Tracker Alert ID: 1015147, November 3, 2005
RedHat Security Advisory, RHSA-2006:0161-01, March 7, 2006
Aztek Forum
Aztek Forum 4.0
An HTML injection vulnerability has been reported in the message body due to insufficient sanitization when posting a new message before saving, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
An HTML injection vulnerability has been reported due to insufficient sanitization of the 'title' field when editing submitted articles and reportedly also when commenting on articles, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited with a web browser; however, a Proof of Concept exploit has been published.
Bitweaver Title Injection
Not Available
Secunia Advisory: SA19101, March 6, 2006
CutePHP
CuteNews 1.4.1
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
CutePHP CuteNews Cross-Site Scripting
Not Available
KAPDA Advisory #30, March 4, 2006
Cyboards
Cyboards PHP Lite 1.25, 1.21
An SQL injection vulnerability has been reported in 'process_post.php' due to insufficient sanitization of the 'parent' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited using a web client.
CyBoards PHP Lite SQL Injection
Not Available
Secunia Advisory: SA19135, March 6, 2006
D2-Shoutbox
D2-Shoutbox 4.2
An SQL-injection vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, an exploit script, D2-Shoutbox-exp.pl, has been published.
D2-Shoutbox SQL Injection
Not Available
Security Focus, Bugtraq ID: 16984, March 6, 2006
Daverave
HitHost 1.0
Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.
Daverave HitHost Multiple Cross-Site Scripting
Not Available
Security Focus, Bugtraq ID: 17025, March 7, 2006
Daverave
Link Bank 0
A Cross-Site Scripting vulnerability has been reported in 'Iframe.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.
Link Bank Cross-Site Scripting
Not Available
Security Focus, Bugtraq ID: 17001, March 7, 2006
Daverave
Link Bank 0
A script injection vulnerability has been reported which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
Link Bank Remote PHP Script Code Injection
Not Available
Security Focus, Bugtraq ID: 17004, March 7, 2006
Daverave
Simplog 1.0.2
A vulnerability has been reported in 'index.php' due to insufficient verification of the 'act' and 'blogid' parameters before using to include files, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept exploit has been published.
An SQL injection vulnerability has been reported in 'Poems.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited using a web client; however, a Proof of Concept exploit and exploit details, DawaweenSQL.txt, have been published.
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'action' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'informationID' and 'ParentCategory' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through use of a web client; however, a Proof of Concept exploit has been published.
Cross-Site Scripting vulnerabilities have been reported in 'dv_gbook.php' due to insufficient sanitization of the 'f' parameter and in 'index.php' due to insufficient sanitization of the 'page' parameter, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.
An HTML injection vulnerability was reported in the user image file due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.
An HTML injection vulnerability has been reported in Comment Post due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability may exploit this issue with a web browser.
A code execution vulnerability has been reported in 'archive.php,' which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
Fantastic News Remote Code Execution
Not Available
Security Focus, Bugtraq ID: 16985, March 6, 2006
FFmpeg
FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS
A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code.
Ubuntu Security Notice, USN-230-1, December 14, 2005
Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005
Ubuntu Security Notice, USN-230-2, December 16, 2005
Gentoo Linux Security Advisory, GLSA 200602-01, February 5, 2006
Gentoo Linux Security Advisory, GLSA 200603-03, March 4, 2006
Gallery Project
Gallery 2.0-2.0.2
Several vulnerabilities have been reported: a script insertion vulnerability was reported due to insufficient sanitization of 'getRemoteHostAddress()' via the X_FORWARDED_FOR HTTP header before saving, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in session id due to insufficient sanitization before using, which could let a remote malicious user delete arbitrary files.
Vulnerabilities can be exploited through use of a web client.
Gallery Script Insertion & File Handling
Not Available
Security Tracker Alert ID: 1015717, March 3, 2006
Game-Panel
Game-Panel 2.6.1, 2.6
A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'search.php' due to insufficient sanitization of the 'rss_query' parameter and in 'tags.php' due to insufficient sanitization of the 'tag' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'feed.php' due to insufficient sanitization of the 'folder' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
The vulnerabilities have reportedly been fixed in the CVS repositories.
Vulnerabilities could be exploited with a web client.
Multiple vulnerabilities have been reported: a vulnerability was reported in the authentication process due to an error, which could let a remote malicious user obtain unauthorized access and post comments; a vulnerability was reported in 'guestbox.php' when posting an entry due to insufficient sanitization of the 'url' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'gblog' file because IP addresses are stored insecurely, which could let a remote malicious user obtain sensitive information.
A vulnerability was reported when a remote malicious user submits malformed HTTP requests to the server, which could lead to the disclosure of JSP sourcecode.
An SQL injection vulnerability has been reported in 'showtopic' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.
A vulnerability has been reported in the 'Edit Email & Password' functionality due to insufficient sanitization of the 'Email Address' field before storing in the user's profile, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.
A file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, a Proof of Concept has been published.
Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'podcast.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Directory Traversal vulnerability was reported in 'index.php' due to insufficient sanitization of the 'template' parameter before using to view files, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in 'inc/backend_settings.php' due to insufficient verification of the 'language' parameter and in 'index.php' due to insufficient verification of the 'page' parameter, which could let a remote malicious user include arbitrary files.
No workaround or patch available at time of publishing.
Vulnerabilities could be exploited with a web client; however, Proof of Concept exploits have been published.
NGSSoftware Insight Security Research Advisory , March 4, 2006
Lurker
Lurker 2.0 & prior
Multiple vulnerabilities have been reported: an input validation vulnerability was reported in 'lurker.cgi,' which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to an unspecified error which could let a remote malicious user create or overwrite arbitrary files in any directory called 'mbox;' and a vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
A file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
