Summary of Security Items from March 16 through March 22, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
ASPPortal 3.1.1
A vulnerability has been reported in ASPPortal that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
Mercur Messaging Standard 5.0 SP3, Lite 5.0 SP3, Enterprise 5.0 SP3
A buffer overflow vulnerability has been reported in Mercur Messaging that could let remote malicious users cause a Denial of Service or arbitrary code execution.
No workaround or patch available at time of publishing.
Proof of Concept exploit scripts, mercur.cpp and Mercur-5.0.c, have been published.
Mercur Messaging Denial of Service or Arbitrary Code Execution
A vulnerability has been reported in avast! Antivirus, insecure default permissions, that could let local malicious users bypass security restrictions.
No workaround or patch available at time of publishing.
Security Tracker, Alert ID: 1015788, March 20, 2006
MailEnable Standard Edition 1.91 and 1.92, Professional Edition 1.72 and prior, Enterprise Edition 1.2
Multiple buffer overflow vulnerabilities have been reported in MailEnable, Webmail and POP3, that could let remote malicious user cause a Denial of Service or execute arbitrary code.
An unspecified vulnerability has been reported in Internet Explorer that could let remote malicious users execute arbitrary code, HTA applications.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
Microsoft Internet Explorer Arbitrary Code Execution
Not Available
Security Tracker, Alert ID: 1015800, March 21, 2006
Microsoft
Internet Explorer 6.0.2900.2180
A buffer overflow vulnerability has been reported in Internet Explorer that could let remote malicious users cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
Microsoft, Security Bulletin MS06-011, March 14, 2006
Microsoft, Security Bulletin MS06-011 V1.1, March 17, 2006
TrendMicro
PC-cillin Internet Security 14.00.1485, 14.10.0.1023
A vulnerability has been reported in PC-cillin Internet Security, insecure default directory permissions, that could let local malicious users obtain elevated privileges.
No workaround or patch available at time of publishing.
There is no exploit code required.
PC-cillin Internet Security Privilege Elevation
Not Available
Secunia, Advisory: SA19282, March 22, 2006
Veritas
Backup Exec for Windows Servers 9.1, 10.0, 10.1
A vulnerability has been reported in Backup Exec for Windows Servers that could let remote malicious users cause a Denial of Service or arbitrary code execution.
A directory traversal vulnerability has been reported in WinHKI, RAR, TAR, ZIP and TAR.GZ archive handling, that could let remote malicious users obtain unauthorized system access.
No workaround or patch available at time of publishing.
Multiple vulnerabilities have been reported: a vulnerability was reported in JavaScript because in certain circumstances because it is possible to bypass the same-origin policy; a buffer overflow vulnerability was reported in Mail due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in Safari/LaunchServices due to an error which could lead to the execution of a malicious file.
A vulnerability has been reported in the 'beagle-status' script because the 'beagle-info' script runs insecurely, which could let a malicious user execute arbitrary commands.
Fedora Update Notification,
FEDORA-2006-188, March 21, 2006
Crossfire
Crossfire 1.9 , 1.8
A buffer overflow vulnerability has been reported in 'request.c' due to an error in the 'SetUp()' function when handling the 'setup' command, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Debian Security Advisory,
DSA-1009-1, March 20, 2006
Daniel Stenberg
curl 7.12-7.15, 7.11.2
A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.
A vulnerability has been reported in 'log.c' due to the insecure creation of the log file, which could let a remote malicious user overwrite sensitive data or configuration files.
Debian Security Advisory
DSA-1013-1, March 22, 2006
Debian
libcgi-session-perl 4.03-1
Multiple vulnerabilities have been reported in the libcgi-session-perl package due to the insecure creation of temporary files, which could let a remote/local malicious user overwrite files or obtain sensitive information.
No workaround or patch available at time of publishing.
An information disclosure vulnerability has been reported because sensitive information is improperly stored in world-readable files, which could let a malicious user obtain sensitive information.
The vulnerability will reportedly be fixed in version 4.0.14-9 of the shadow package.
There is no exploit code required.
Debian GNU/Linux Information Disclosure
Not Available
Security Focus, Bugtraq ID: 17122, March 15, 2006
Free
RADIUS
FreeRADIUS 1.0-1.0.5
A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service.
A vulnerability has been reported in the IPsec implementation due to the improper handling of sequence numbers, which could let a remote malicious user replay IPsec traffic.
FreeBSD Security Advisory, FreeBSD-SA-06:12, March 22, 2006
GlFtpd
glFTPd prior to 2.01 RC5
A vulnerability has been reported in the IP address checking due to an error, which could let a remote malicious user bypass certain security restrictions.
A buffer overflow vulnerability has been reported which could lead to a Denial of Service when processing messages that contain inline XML file attachments with excessively long strings.
Security Focus, Bugtraq ID: 16408, January 30, 2006
Mandriva Linux Security Advisory, MDKSA-2006:057, March 20, 2006
GNU
GNU Privacy Guard prior to 1.4.2.2.
A vulnerability has been reported caused due to an error in the detection of unsigned data, which could let a remote malicious user inject arbitrary data and bypass verification.
Debian Security Advisory, DSA 993-1, March 10, 2006
Gentoo Linux Security Advisory, GLSA 200603-08, March 10, 2006
SUSE Security Announcement, SUSE-SA:2006:014, March 10, 2006
Slackware Security Advisory, SSA:2006-072-02, March 13, 2006
RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006
Ubuntu Security Notice, USN-264-1, March 13, 2006
Trustix Secure Linux Security Advisory #2006-0014, March 20, 2006
Hewlett Packard Company
HP-UX B.11.23, B.11.11, B.11.00
A vulnerability has been reported in the 'usermod' command when handling the '-u' and '-m' commandline options, which could let a malicious user obtain unauthorized access.
Cross-Site Scripting vulnerabilities have been reported when processing emails due to an input validation error, which could let a remote malicious user execute arbitrary HTML and script code.
A vulnerability has been reported due to a flaw in its creation of IVs (Initialization Vectors) for ciphers with a blocksize larger than 8 when the RandonIV-style header is used, which could let a remote malicious user bypass security restrictions.
Debian Security Advisory,
DSA-996-1, March 13, 2006
Gentoo Linux Security Advisory, GLSA 200603-15, March 17, 2006
Metamail
Metamail 2.7
A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. Note: According to Security Tracker this is a Linux/Unix vulnerability. Previously classified as multiple operating systems.
A vulnerability has been reported in 'uidgid.h' due to an integer type definition error, which could let a remote/local malicious user obtain elevated privileges.
Security Focus, Bugtraq ID: 14792, September 9, 2005
Ubuntu Security Notice, USN-178-1, September 09, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Mandriva Linux Security Advisory, MDKSA-2005:219, November 30, 2005
Debian Security Advisory, DSA 921-1, December 14, 2005
RedHat Security Advisory, RHSA-2006-0144, March 16, 2006
Multiple Vendors
Linux kernel 2.6-2.6.16
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'do_replace()' function in Netfilter, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in 'drivers/usb/gadget/mdis.c' when handling a NDIS response to 'OID_GEN_SUPPORTED
_LIST,' which could lead to the corruption of kernel memory.
A vulnerability has been reported due to the insecure creation of temporary files when logging is enabled, which could let a malicious user cause a Denial of Service or overwrite files.
Ubuntu Security Notice, USN-219-1, November 22, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
Debian Security Advisory, DSA 922-1, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
RedHat Security Advisory, RHSA-2006-0144, March 16, 2006
Multiple Vendors
X.org 1.0.0 & later, X11R6.9.0, X11R7.0 ; Sun Solaris 10.0 _x86;
SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core5;
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0
A vulnerability has been reported due to an error when checking a user's privileges because the address of the 'geteuid()' function is tested and not the result of the function, which could let a malicious user bypass security restrictions.
Sun(sm) Alert Notification
Sun Alert ID: 102252, March 20, 2006
Mandriva Linux Security Advisory, MDKSA-2006:056, March 20, 2006
SUSE Security Announcement, SUSE-SA:2006:016, March 21, 2006
Multiple Vendors
Zoo 2.10;
Gentoo Linux
A buffer overflow vulnerability has been reported in 'parse.c' due to a boundary error in the 'parse' function when creating an archive from a file with an overly long pathname, which could let a malicious user execute arbitrary code.
A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information.
Fedora Update Notification,
FEDORA-2005-320, April 15, 2005
Fedora Update Notifications,
FEDORA-2005-
550 & 551,
July 12, 2005
RedHat Security Advisory, RHSA-2005:361-19, October 5, 2005
RedHat Security Advisory, RHSA-2006:0117-7, March 15, 2006
PEAR
PEAR::Auth 1.2.4 & prior to 1.3.0r4
Multiple unspecified SQL injection vulnerabilities have been reported due to insufficient sanitization , which could let a remote malicious user execute arbitrary SQL code.
Security Focus, Bugtraq ID: 16758, February 21, 2006
Gentoo Linux Security Advisory, GLSA 200603-13, March 17, 2006
Royal Institute of Technology
Heimdal prior to 0.6.6 & 0.7.2
A vulnerability has been reported in the 'rshd' server when storing forwarded credentials due to an unspecified error, which could let a malicious user obtain elevated privileges.
Security Tracker Alert ID: 1015591, February 7, 2006
Ubuntu Security Notice, USN-247-1, February 09, 2006
Debian Security Advisory,
DSA-977-1, February 16, 2006
SUSE Security Announcement, SUSE-SA:2006:011, February 24, 2006
Gentoo Linux Security Advisory, GLSA 200603-14, March 17, 2006
Sendmail Consortium
Sendmail prior to 8.13.6
A vulnerability has been reported due to a race condition caused by the improper handling of
asynchronous signals, which could let a remote malicious user execute arbitrary code.
A vulnerability has been reported because the default policy is set to trust all unknown capabilities instead of considering them as insecure, which could potentially let a malicious user bypass security restrictions.
Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description
Common Name
CVSS
Resources
1Web
Calendar
1WebCalendar 4.0
SQL injection vulnerabilities have been reported in 'viewEvent.cfm' due to insufficient sanitization of the 'EventID' parameter, in 'news/newsView.cfm' due to insufficient sanitization of the 'NewsID' parameter, and in 'mainCal.cfm' due to insufficient sanitization of the 'ThisDate' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.
1WebCalendar SQL Injection
Not Available
Secunia Advisory: SA19329, March 22, 2006
Adobe
Flash Player 8.0.22.0 and prior, Breeze Meeting Add-In 5.1 and prior, Shockwave Player 10.1.0.11 and prior, Flash Debug Player 7.0.14.0 and prior
A vulnerability has been reported in Flash Player that could let remote malicious users execute arbitrary code.
RedHat Security Advisory, RHSA-2006:0268-5, March 15, 2006
SUSE Security Announcement, SUSE-SA:2006:015, March 21, 2006
Gentoo Linux Security Advisory, GLSA-200603-20, March 21, 2006
BEA Systems, Inc.
WebLogic Express 6.x, 7.x, 8.x, WebLogic Server 6.x, 7.x, 8.x
Several vulnerabilities have been reported: a vulnerability was reported due to an error in the restriction of an unspecified internal servlet, which could let a remote malicious user with HTTP access obtain sensitive information; and a remote Denial of Service vulnerability was reported due to an error in the XML parser.
BEA Systems Security Advisories, BEA06-120.00 & BEA06-123.00, March 20, 2006
BEA Systems, Inc.
WebLogic Portal 8.1 , SP1-SP5, 8.0
A vulnerability has been reported in the JSR-168 Portlets because they are incorrectly rendered from the cache, which could let a remote malicious user obtain sensitive information.
Security Tracker Alert ID: 1015787, March 17, 2006
Contrexx
Contrexx 1.0.8, 1.0.7, 1.0.5, 1.0.4
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.
A vulnerability has been reported due to insufficient sanitization of the 'archive' parameter in a POST request or in a cookie, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
A buffer overflow vulnerability has been reported when parsing a URL that contains the TPTP protocol prefix 'tfpt://' due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200603-19, March 21, 2006
Fedora Update Notification,
FEDORA-2006-189, March 21, 2006
Drupal
Drupal prior to 4.5.8 & 4.6.6
Multiple vulnerabilities have been reported: a vulnerability was reported when using 'menu.module' to create a menu item, which could let a remote malicious user bypass security restrictions; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported when handling sessions during login due to an error, which could let a remote malicious user hijack another user's session; and a vulnerability was reported due to insufficient sanitization of unspecified input before using in mail headers, which could let a remote malicious user inject arbitrary headers in outgoing mails.
Debian Security Advisory,
DSA-1007-1, March 17, 2006
Ext
Calendar
ExtCalendar 1.0
Cross-Site Scripting vulnerabilities have been reported in 'calendar.php' due to insufficient sanitization of the 'month,' 'year,' 'prev,' and 'next' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
This issue is reportedly addressed in ExtCalendar 2.0.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.
A Cross-Site Scripting vulnerability has been reported in 'my.support.php3' due to insufficient sanitization of the 's' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.
A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' due to a boundary error, which could let a remote malicious user execute arbitrary code.
Ubuntu Security Notice, USN-230-1, December 14, 2005
Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005
Ubuntu Security Notice, USN-230-2, December 16, 2005
Gentoo Linux Security Advisory, GLSA 200602-01, February 5, 2006
Gentoo Linux Security Advisory, GLSA 200603-03, March 4, 2006
Debian Security Advisory,
DSA-992-1, March 10, 2006
Debian Security Advisories, DSA-1004-1 & DSA-1005-1, March 16, 2006
Free Articles Directory
Free Articles Directory
A file include vulnerability has been reported in 'index.php' due to insufficient verification of the 'page' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
Free Articles Directory Page Parameter Directory Remote File Include
Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'inc/setLang.php' due to insufficient sanitization of the 'lang' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'inc/setLang.php' due to insufficient sanitization of the 'lang' parameter before using in an 'include_once()' call, which could let a remote malicious user obtain sensitive information; and an SQL injection vulnerability was reported in 'admin/loginfunction.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Proof of Concept exploits and an exploit script, gCards-multiple-vulnerabilities.php, have been published.
Two script insertion vulnerabilities have been reported in 'zones.php' due to insufficient sanitization of the 'Name' and 'Description' fields when editing zones, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Invision Power Board 2.1.5 (before 2006-03-08) & prior for the 2.1.x branch
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified input passed via the PM before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
Vulnerability can be exploited through a web client.
Invision Power Board PM Cross-Site Scripting
Not Available
Secunia Advisory: SA19299, March 22, 2006
Knowledge
basePublisher
Knowledge
basePublisher 1.2
A file include vulnerability has been reported in 'PageController.php' due to insufficient verification of the 'dir' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit script, KBPublisher-rfi-expl.pl, has been published.
SQL injection vulnerabilities have been reported in 'events.php' due to insufficient sanitization of the 'date' parameter and in 'menu.php' due to insufficient sanitization of the 'month' and 'year' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited using a web client.
SQL injection vulnerabilities have been reported in 'admin/index.php' due to insufficient sanitization of the 'email' and 'pass' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited using a web client.
SQL injection vulnerabilities have been reported in 'print.php' due to insufficient sanitization of the 'entry' parameter and in 'mail.php' due to insufficient sanitization of the 'email' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited using a web client.
Multiple input validation vulnerabilities have been reported: an SQL injection vulnerability was reported in 'auth.php' and 'logout.php' due to insufficient sanitization of the 'username' parameter and in 'chgpwd.php' due to insufficient sanitization of the 'USERNAME' and 'PASSWORD' cookie parameters, which could let a remote malicious user execute arbitrary SQL code; an SQL injection vulnerability was reported in 'admin/authuser.php' and 'admin/userstatistics.php' due to insufficient sanitization of the 'username,' 'password,' and 'filter' parameters, the 'teamname" parameter in 'admin/authgroup.php, and the 'date' and 'id' parameters in 'admin/traffic.php' before using in an SQL queries, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'admin/userstatistics.php' due to insufficient sanitization of the 'username' parameter and in 'authuser.php' due to insufficient sanitization of 'ipAddress' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through use of a web client; however, a Proof of Concept script, Milkeyway-0.1.1.txt, has been published.
Several vulnerabilities have been reported: an input validation vulnerability was reported due to insufficient sanitization of the remote Bluetooth device name before using in a security dialog, which could let a remote malicious user trick users into accepting certain security dialogs; and a remote Denial of Service vulnerability has been reported when an overly long OBEX 'setpath()' is submitted via the OBEX File Transfer service if the attacker's device has been paired.
Vulnerability has reportedly been fixed by the vendor.
A Proof of Concept exploit has been published for the dialog spoofing vulnerability.
Motorola Cellular Phones Security Dialog Spoofing & Remote Denial of Service
Not Available
Secunia Advisory: SA19319, March 22, 2006
MusicBox
MusicBox 2.3 Beta 2
Multiple input validation vulnerabilities have been reported including Cross-Site Scripting and SQL injection due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code and SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.
A Cross-Site Scripting vulnerability has been reported in 'member.php' due to insufficient sanitization of the 'url' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit.advisory-297.txt, has been published.
Novell Technical Information Document , TID2973435, March 16, 2006
Novell
Open Enterprise Server (OES) 0, Netware 6.5, SP1-SP4
Several vulnerabilities have been reported because 'NILE.NLM' allows clients to establish SSL connections that use no encryption or weak ciphers, which could let a malicious user bypass security restrictions.
Novell Technical Information Document, TID10100633, March 17, 2006
OSI Codes Inc.
PHP Live! 3.0
A Cross-Site Scripting vulnerability has been reported in 'Status_Image.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.
PHP Live! Cross-Site Scripting
Not Available
Security Focus, Bugtraq ID: 17184, March 22, 2006
OSWiki
OSWiki prior to 0.3.1
A vulnerability has been reported due to insufficient sanitization of the username before displaying, which could let a remote malicious user execute arbitrary HTML and script code.
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'oxynews_comment_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited with a web browser; however, a Proof of Concept exploit has been published.
A buffer overflow vulnerability has been reported when handling parameters received in an URL due to a boundary error, which could let a remote malicious user execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200603-17, March 21, 2005
PHP iCalendar
PHP iCalendar 2.2.1 & prior
Several vulnerabilities have been reported: a file include vulnerability was reported in the 'phpicalendar' cookie due to insufficient verification of the 'cookie_language' and 'cookie_style' parameters, which could let a remote malicious user include arbitrary files; and a file upload vulnerability was reported due to
