U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-068)

Summary of Security Items from March 2 through March 8, 2006

Original release date: March 09, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Comvigo

IM Lock Home 2006,
IM Lock Professional 2006

A vulnerability has been reported in 'SOFTWARE\Microsoft\
SvcHst\msnvs\prc' due to a failure to store passwords with secure permissions, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script, imlock2006.txt, has been published.

Comvigo IM Lock 2006 Insecure Password Storage
Not Available
Secunia Advisory: SA19140, March 7, 2006

Dantz Development Corporation, EMC

Retrospect Client 7, 6.5

A remote Denial of Service vulnerability has been reported due to an assertion error in the backup client

Updates available

Currently we are not aware of any exploits for this vulnerability.

EMC Dantz Retrospect Backup Client Remote Denial of Service

CVE-2006-0995

Security Tracker Alert ID: 1015714, March 2, 2006

Grisoft

Anti-Virus AVG Free Edition 7.x, Antivirus 6.x, Antivirus Professional

A vulnerability has been reported in the File Update functionality because insecure permissions are assigned to files that have been updated, which could let a malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

AVG Anti-Virus Insecure File Permissions
Not Available Secunia Advisory: SA19118, March 6, 2006

J. Kneschke

lighttpd 1.4.10

A vulnerability has been reported due to a validation error of the filename extension supplied by the user in the URL, which could let a remote malicious user obtain sensitive information.

Update available

Vulnerability can be exploited with a web browser.

Lighttpd Information Disclosure

CVE-2006-0814

Security Tracker Alert ID: 1015703, March 1, 2006

Microsoft

Internet Explorer 6.0, SP1 & SP2, 5.5, SP1 & SP2, 5.5 preview, 5.0.1, SP1-SP4, 50.1 for Windows NT 4.0, Windows 98, Windows 95, Windows 2000, 5.0 for Windows NT 4.0, Windows 98, Windows 95, Windows 2000, 5.0, 7.0 beta2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions. Note: This issue only presents itself when Sun's Java runtime environment is installed and configured to be the default handler for Java applets.

No workaround or patch available at time of publishing.

There is no exploit code required.

Microsoft Internet Explorer Java Applet Handling Remote Denial of Service
Not Available
Security Focus, Bugtraq ID: 16978, March 6, 2006

Microsoft

Visual InterDev, Visual Studio 6 Enterprise, Visual Studio 6 Professional

A buffer overflow vulnerability has been reported in the '.dbp' file due to an overly long string in the 'DataProject' field, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script, vs60bo.c, has been published.

Microsoft Visual Studio Buffer Overflow

CVE-2006-1043

Secunia Advisory: SA19081, March 7, 2006

NCP

Network Communication Secure Client 8.11 Build 146

Multiple vulnerabilities have been reported: including Firewall rules designed to allow only specific applications to access the network may be bypassed; some applications are prone to local command-line argument buffer overflow vulnerabilities; the VPN client is susceptible to a remote Denial of Service vulnerability; and the VPN client is susceptible to a local privilege-escalation vulnerability.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

NCP Secure Client Multiple Vulnerabilities

CVE-2006-0964
CVE-2006-0965
CVE-2006-0966
CVE-2006-0967
CVE-2006-0968

4.9
(CVE-2006-0964)

4.9
(CVE-2006-0965)

1.6
(CVE-2006-0966)

1.6
(CVE-2006-0967)

7
(CVE-2006-0968)

Security Focus, Bugtraq ID: 16906, March 6, 2006

Novell

Bordermanager 3.x

A Denial of Service vulnerability has been reported due to unspecified errors in the proxy when handling invalid content type or when handling media streaming over HTTP 1.1.

Patch available

Currently we are not aware of any exploits for this vulnerability.

Novell BorderManager Proxy Denial of Service
Not Available Novell Technical Information Document, TID2972993, March 3, 2006

Peter's Software

LetterMerger 1.2

A vulnerability has been reported due to the insecure storage of user-supplied information in Access database files, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

LetterMerger Information Disclosure

CVE-2006-1011

Security Focus, Bugtraq ID: 16917, March 2, 2006

Raiden
HTTPD

Raiden
HTTPD prior to 1.1.48

A vulnerability has been reported due to a validation error of the filename extension supplied by the user in the URL, which could let a remote malicious user obtain sensitive information.

Updates available

Vulnerability can be exploited with a web browser.

RaidenHTTPD Remote Information Disclosure

CVE-2006-0949

Security Focus, Bugtraq ID: 16934, March 8, 2006

RevilloC

MailServer 1.21

A buffer overflow vulnerability has been reported in the POP3 USER command due to a boundary error, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script, revilloC_poc.pl, has been reported.

RevilloC MailServer Buffer Overflow
Not Available Secunia Advisory: SA19119, March 8, 2006

Symantec

Ghost 8.2, 8.0

Multiple vulnerabilities have been reported: a vulnerability was reported due to a default administrator loginid and password, which could let a malicious user modify or delete stored administrative tasks; a vulnerability was reported in the Sybase SQLAnywhere database due to insecure permissions in the shared memory sections used by Symantec Ghost, which could let a malicious user obtain unauthorized access and modify database information; and a vulnerability was reported in the login dialog box of 'dbisqlc.exe' due to a boundary error, which could let a malicious user obtain unauthorized access.

Update information

There is no exploit code required.

Symantec Ghost Multiple Vulnerabilities
Not Available Symantec Security Advisory, SYM06-003
March 07, 2006

VanDyke Software

SecureCRT 5.0.4 & prior, SecureFX 3.0.4 & prior.

A buffer overflow vulnerability has been reported due to a boundary error when converting a unicode string to a multi-byte string, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

SecureCRT Updates

SecureFX updates

Currently we are not aware of any exploits for this vulnerability.

SecureCRT / SecureFX Buffer Overflow

CVE-2006-1038

Secunia Advisory: SA19040, March 8, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Acme Laboratories

thttpd 2.0-2.24, 1.95, 1.90 a, 1.0.x, 1.0, 2.25 b, 2.1x

Multiple buffer overflow vulnerabilities have been reported in the 'htpasswd' utility included with thttpd due to insufficient bounds checking of user-supplied input prior to copying into insufficiently sized memory buffers, which could let a remote malicious user execute arbitrary commands.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Acme Labs thttpd 'HTPasswd' Multiple Vulnerabilities

CVE-2006-1078
CVE-2006-1079

Not Available
Security Focus, Bugtraq ID: 16972, March 6, 2006

Akarru Social BookMarking Engine

Akarru Social BookMarking Engine before 0.4.3.4

An SQL injection vulnerability has been reported in 'users.php' due to insufficient sanitization of the user name before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Update available

Vulnerability can be exploited through a web client.

Akarru Social BookMarking Engine SQL Injection

CVE-2006-1051

Secunia Advisory: SA19112, March 6, 2006

Apple

Mac OS X Server 10.4-10.4.5, 10.3-10.3.9, Mac OS X 10.4-10.4.5, 10.3-10.3.9

Multiple vulnerabilities have been reported; several security issues were reported in the PHP Apache module and scripting environment; a remote Denial of Service vulnerability was reported in 'automount' which could also lead to the execution of arbitrary code; an input validation vulnerability was reported in the BOM framework when certain archives are unpacked, which could let a remote malicious user overwrite arbitrary files; a vulnerability was reported in the 'passwd' program when used with the '-i' parameter, which could let a remote malicious user create/
overwrite arbitrary files; a vulnerability was reported when a FIleVault image is created because user directories are insecurely mounted, which could let a remote malicious user obtain unauthorized access; a remote Denial of Service vulnerability was reported due an error in IPSec when handling certain error conditions; a vulnerability was reported in the 'vm_allocate()' syscall in the LibSystem component due to an integer overflow; which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code; a vulnerability was reported in 'Download Validation' in the Mail component due to a failure to warn of unsafe file types when double-clicking an email attachment; a vulnerability was reported because in certain cases a Perl program may fail to drop privileges; a buffer overflow vulnerability was reported in 'rsync' due to a boundary error when transferring extended attributes, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a buffer overflow vulnerability was reported due to the way WebKit handles certain HTML, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in Safari due to a boundary error when parsing JavaScript, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in Safari's security model when handling HTTP redirection, which could let a remote malicious user execute arbitrary JavaScript; a vulnerability was reported in 'Safari/LaunchServices' due to an error, which could let a remote malicious user execute arbitrary files; and a Cross-Site Scripting vulnerability was reported in the Syndication (Safari RSS) component due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Some of these vulnerabilities may be exploited through use of a web client. An exploit script, xosx-passwd.pl, has been published

4.2
(CVE-2005-2713)

4.2
(CVE-2005-2714)

2.3
(CVE-2005-3319)

2.3
(CVE-2005-3353)

7
(CVE-2005-3391)

7
(CVE-2005-3392)

4.7
(CVE-2005-3706)

4.2
(CVE-2005-3712)

7
(CVE-2005-4217)

3.3
(CVE-2005-4504)

2.3
(CVE-2006-0383)

7
(CVE-2006-0384)

1
(CVE-2006-0386)

4.7
(CVE-2006-0387)

3.7
(CVE-2006-0388)

1.9
(CVE-2006-0389)

1
(CVE-2006-0391)

 

 

Apple Security Update 2006-001, March 1, 2006

US-CERT VU#351217

US-CERT VU#176732

Debian

Debian amaya 9.2.1 -6

A vulnerability has been reported due to an insecure 'RPATH,' which could let a malicious user execute arbitrary code.

The vendor has released an updated package of Amaya to address this issue.

There is no exploit code required.

Debian-Specific Amaya Arbitrary Code Execution

CVE-2005-4728

Not Available
Security Focus, Bugtraq ID: 16945, March 3, 2006

Dropbear

SSH Server 0.28-0.47

A remote Denial of Service vulnerability has been reported due to a design error in the authorization pending connections code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Dropbear Remote Denial of Service
Not Available Security Focus, Bugtraq ID: 17024, March 7, 2006

eschew.net

phpBanner
Exchange 2.0 & prior

A Directory Traversal vulnerability has been reported in 'ResetPW.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

Eschew.Net PHPBanner
Exchange Directory Traversal
Not Available Security Focus, Bugtraq ID: 16996, March 7, 2006

Freeciv

Freeciv 2.0.7

A remote Denial of Service vulnerability has been reported in 'common/packets.c' due to an error when handling the packet length.

Update available

Mandriva

A Proof of Concept exploit script , freecivdos.zip, has been published.

Freeciv Remote Denial of Service

CVE-2006-0047

Secunia Advisory: SA19120, March 6, 2006

Mandriva Linux Security Advisory MDKSA-2006:053, March 7, 2006

Geeklog

Geeklog 1.4 sr1, 1.3.7-1.3.11 sr4, 1.3.5 sr1 & sr2, 1.3.5, 1.3

A vulnerability has been reported in 'lib-sessions.php' due to insufficient verification of user-supplied data, which could let a remote malicious user bypass authentication.

Updates available

There is no exploit code required.

Geeklog Authorization Bypass

CVE-2006-1069

Security Focus, Bugtraq ID: 17010, March 7, 2006

GNU

Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.

Mandriva

SuSE

Ubuntu

Debian

RedHat

There is no exploit code required.

GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service

CVE-2005-3573

Secunia Advisory: SA17511, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006

GNU

tar 1.15.90, 1.15.1, 1.14.90, 1.15, 1.14

A buffer overflow vulnerability has been reported when handling PAX extended headers due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

GNU

Mandriva

Ubuntu

Trustix

RedHat

SuSE

Debian

Currently we are not aware of any exploits for this vulnerability.

GNU Tar PAX Remote Buffer Overflow

CVE-2006-0300

3.9

Secunia Advisory: SA18973, February 22, 2006

Mandriva Security Advisory, MDKSA-2006:046, February 21, 2006

Ubuntu Security Notice, USN-257-1, February 23, 2006

Trustix Secure Linux Security Advisory, #2006-0010, February 24, 2006

RedHat Security Advisory, RHSA-2006:0232-3, March 1, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Debian Security Advisory,
DSA-987-1, March 7, 2006

GnuPG

GnuPG / gpg prior to 1.4.2.1

A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.

Patches available

Fedora

Debian

Mandriva

Ubuntu

Gentoo

SuSE

SuSE

SuSE

There is no exploit code required; however, a Proof of Concept exploit has been published.

GnuPG Detached Signature Verification Bypass

CVE-2006-0455

4.9

GnuPG Advisory, February 15, 2006

Fedora Update Notification,
FEDORA-2006-116, February 17, 2006

Debian Security Advisory,
DSA-978-1, February 17, 2006

Mandriva Security Advisory, MDKSA-2006:043, February 17, 2006

Ubuntu Security Notice, USN-252-1, February 17, 2006

Gentoo Linux Security Advisory, GLSA 200602-10, February 18, 2006

SuSE Security Announcement, SUSE-SA:2006:009, February 20, 2006

SUSE Security Announcement, SUSE-SA:2006:013, March 1, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Hewlett Packard Company

Tru64 UNIX 5.1B-3, 5.1B-2/PK4

A remote Denial of Service vulnerability has been reported due to improper processing of certain Internet Key Exchange (IKE) packets.

Patch information

Currently we are not aware of any exploits for this vulnerability.

HP Tru64 UNIX IPSec Remote Denial of Service

CVE-2005-3670

Not Available
Hewlett Packard Security Bulletin, HPSBTU02100, March 7, 2006

Inter7 Internet Technologies, Inc.

qmailadmin prior to 1.2.10

A buffer overflow vulnerability has been reported in 'PATH_INFO' when processing excessive data, which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Inter7 QmailAdmin Buffer Overflow
Not Available Security Focus, Bugtraq ID: 16994, February 20, 2006

Kaspersky Labs

Kaspersky Antivirus for Linux Servers 5.5, 5.0.5

A remote Denial of Service vulnerability has been reported due to a failure in the application to handle unspecified files.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Kaspersky Anti-Virus Remote Denial of Service

CVE-2006-1091

Not Available
Security Focus, Bugtraq ID: 16942, March 3, 2006

Metamail

Metamail 2.7

A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. Note: According to Security Tracker this is a Linux/Unix vulnerability. Previously classified as multiple operating systems.

RedHat

Mandriva

SuSE

A Proof of Concept exploit has been published.

Metamail Remote Buffer Overflow

CVE-2006-0709

7

Security Focus, Bugtraq ID: 16611, February 13, 2006

RedHat Security Advisory, RHSA-2006:0217-4, February 21, 2006

Mandriva Security Advisory, MDKSA-2006:047, February 22, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

monopd

monopd 0.9.3

A remote Denial of Service vulnerability has been reported due to an error when parsing an overly long input string.

Patch available

A Proof of Concept exploit script, monopdx.zip, has been published.

Monopd Remote Denial of Service

CVE-2006-1046

Secunia Advisory: SA19133, March 6, 2006

MPlayer

MPlayer 1.0pre7try2

Integer overflow vulnerabilities have been reported in the 'new_demux_packet()' function in 'libmpdemux/
demuxer.h' and the 'demux_asf_read_packet()' function in 'libmpdemux/
demux_asf.c' when allocating memory, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.

Gentoo

Currently we are not aware of any exploits for this vulnerability.

MPlayer Integer Overflows

CVE-2006-0579

Secunia Advisory: SA18718, February 7, 2006

Gentoo Linux Security Advisory, GLSA 200603-03, March 4, 2006

Multiple Vendors

irssi 0.8.9, 0.8.10rc5; Ubuntu Linux 5.10

A remote Denial of Service vulnerability has been reported in 'dcc-resume.c' when handling malicious DCC transfers.

Ubuntu

Currently we are not aware of any exploits for this vulnerability.

IRSSI DCC Remote Denial of Service

CVE-2006-0458

Ubuntu Security Notice, USN-259-1, March 1, 2006

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available

Fedora

RedHat

KDE

SUSE

Ubuntu

Gentoo

RedHat

RedHat

RedHat

Mandriva

Debian

Debian

Debian

Fedora

SuSE

RedHat

SGI

Debian

TurboLinux

Debian

Debian

Slackware

Slackware

Gentoo

Currently we are not aware of any exploits for these vulnerabilities.

3.9
(CVE-2005-3191)

7
(CVE-2005-3192)

3.9
(CVE-2005-3193)

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

Debian Security Advisory, DSA-937-1, January 12, 2006

Debian Security Advisory, DSA 938-1, January 12, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200603-02, March 4, 2006

Multiple Vendors

OpenSSH 3.x, 4.x; RedHat Fedora Core3 & Core4

A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges.

Fedora

Trustix

Patches available

OpenBSD

SuSE

Slackware

Gentoo

Ubuntu

RedHat

There is no exploit code required.

OpenSSH SCP Shell Command Execution

CVE-2006-0225

Security Focus, Bugtraq ID: 16369, January 24, 2006

Fedora Security Advisory, FEDORA-2006-056, January 24, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

Security Focus, Bugtraq ID: 16369, January 31, 2006

Secunia Advisory: SA18798, February 13, 2006

SUSE Security Announcement, SUSE-SA:2006:008, February 14, 2006

Slackware Security Advisory, SSA:2006-045-06, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200602-11, February 20, 2006

Ubuntu Security Notice, USN-255-1, February 21, 2006

RedHat Security Advisory, RHSA-2006:0044-14, March 7, 2006

Multiple Vendors

Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1

A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.

Upgrades available

Ubuntu

Debian

Mandriva

SCO

SUSE

RedHat

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM Authentication Remote Denial of Service

CVE-2005-2917

Secunia Advisory: SA16992, September 30, 2005

Ubuntu Security Notice, USN-192-1, September 30, 2005

Debian Security Advisory, DSA 828-1, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

RedHat Security Advisory, RHSA-2006:0052-7, March 7, 2006

Multiple Vendors

Linux kernel 2.6-2.6.15 .4

 

Multiple vulnerabilities have been reported: a Denial of Service vulnerability has been reported in the 'nfs_get_user_pages()' function due to insufficient checks on the return value; a Denial of Service vulnerability has been reported due to missing checks for bad elf entry addresses; and a Denial of Service vulnerability has been reported in the 'sys_mbind()' function due to insufficient sanity checks.

Updates available

Fedora

There is no exploit code required.

Linux Kernel Local Denials of Service

CVE-2006-0554
CVE-2006-0555
CVE-2006-0741

1
(CVE-2006-0554)

1.6
(CVE-2006-0555)

1.3
(CVE-2006-0741)

 

Secunia Advisory: SA19083, March 2, 2006

Multiple Vendors

RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; GNU Libtasn1 prior to 1.2.10,
GnuTLS prior to 1.2.10

A remote Denial of Service vulnerability has been reported due to improper decoding of DER encoded data. This could possibly lead to the execution of arbitrary code.

libtasn

gnutls

RedHat

Fedora

Mandriva

Gentoo

Ubuntu

Debian

Debian

A Proof of Concept exploit has been published.

GnuTLS libtasn1 DER Decoding Remote Denial of Service

CVE-2006-0645

Security Tracker Alert ID: 1015612, February 11, 2006

RedHat Security Advisory, RHSA-2006:0207-01, February 10, 2006

Fedora Update Notification,
FEDORA-2006-107, February 10, 2006

Mandriva Security Advisory, MDKSA-2006:039, February 13, 2006

Gentoo Linux Security Advisory, GLSA 200602-08, February 16, 2006

Ubuntu Security Notice, USN-251-1, February 16, 2006

Debian Security Advisories,
DSA-985-1 & DSA-986-1, March 6, 2006

Multiple Vendors

RedHat Fedora Core4; Linux Kernel 2.6.x

A Denial of Service vulnerability has been reported in the 'die_if_kernel()' function because it is erroneously marked with a 'noreturn' attribute.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 'die_if_kernel()' Potential Denial of Service

CVE-2006-0742

Not Available
Security Focus, Bugtraq ID: 16993, March 5, 2006

Multiple Vendors

SpamAssassin 3.0.4;
RedHat Fedora Core3

A vulnerability has been reported due to a failure to handle exceptional conditions, which could let a remote malicious user bypass spam detection.

SpamAssassin

Fedora

SUSE

Trustix

Mandriva

RedHat

There is no exploit code required.

SpamAssassin Spam Detection Bypass

CVE-2005-3351

Fedora Update Notification,
FEDORA-2005-1065, November 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0064, November 22, 2005

Mandriva Linux Security Advisory, MDKSA-2005:221, December 2, 2005

RedHat Security Advisory, RHSA-2006:0129-8, March 7, 2006

Multiple Vendors

Tin News Reader 1.8 & prior ;
OpenPKG 2.5, 2.4, 2.3, OpenPKG Current

A off-by-one buffer overflow vulnerability has been reported due to insufficient boundary checks on user-supplied data before using it in a finite-sized buffer, which could let a remote malicious user execute arbitrary code.

Tin News Reader

OpenPKG

SuSE

There is no exploit code required.

Tin News Reader Buffer Overflow

CVE-2006-0804

7

Security Focus, Bugtraq ID: 16728, February 20, 2006

OpenPKG Security Advisory, OpenPKG-SA-2006.005, February 19, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15

A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.

Updates available

Ubuntu

Trustix

Fedora

RedHat

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel DM-Crypt Local Information Disclosure

CVE-2006-0095

Security Focus, Bugtraq ID: 16301, January 18, 2006

Ubuntu Security Notice, USN-244-1 January 18, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

Secunia Advisory: SA18774, February 8, 2006

RedHat Security Advisory, RHSA-2006:0132-31, March 7, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, Corporate Server 3.0 x86_64, 3.0;
GNU Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in the email date parsing functionality due to an error in the handling of dates.

Mandriva

Ubuntu

Debian

RedHat

There is no exploit code required.

GNU Mailman Remote Denial of Service

CVE-2005-4153

Security Focus, Bugtraq ID: 16248, January 16, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006

PHP

PHP 5.0 .0-5.0.5, 4.4 .0, 4.3.1 -4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0 0-4.0.7

A Denial of Service vulnerability has been reported in the 'sapi_apache2.c' file.

PHP 5.1.0 final and 4.4.1 final are not affected by this issue. Please contact the vendor to obtain fixes.

Gentoo

Mandriva

Trustix

Ubuntu

Apple

There is no exploit code required.

PHP Apache 2 Denial of Service

CVE-2005-3319

Security Focus, Bugtraq ID: 15177, October 24, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

Ubuntu Security Notice, USN-232-1, December 23, 2005

Apple Security Update 2006-001, March 1, 2006

Rahul Dhesi

Zoo 2.10

A buffer overflow vulnerability has been reported in the 'fullpath()' in 'misc.c' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

SuSE

Gentoo

Currently we are not aware of any exploits for this vulnerability.

zoo Buffer Overflow

CVE-2006-0855

3.9

Security Tracker Alert ID: 1015668, February 23, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Gentoo Linux Security Advisory, GLSA 200603-05, March 6, 2006

Sun Microsystems, Inc.

Solaris 10.0 _x86, 10.0, 9.0 _x86, 9.0, 8.0 _x86, 8.0

Several vulnerabilities have been reported in 'lpsched(1M)' which could let a malicious user modify system/user information or cause a Denial or Service.

Sun

Avaya

Currently we are not aware of any exploits for these vulnerabilities.

Sun Solaris 'LPSCHED' Vulnerabilities

CVE-2006-0227

Sun(sm) Alert Notification
Sun Alert ID: 102033, January 13, 2006

Secunia Advisory: SA19087, March 4, 2006

Sun Microsystems, Inc.

Solaris 10.0 _x86, 10.0, 9.0 _x86, 9.0, 8.0 _x86, 8.0

A Denial of Service vulnerability has been reported in the 'pagedata' subsystem of the Process FIle System.

Update information

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris Proc Filesystem Pagedata Subsystem Denial of Service

CVE-2006-1092

Not Available
Sun(sm) Alert Notification
Sun Alert ID: 102159, March 3, 2006

TEG

Tenes Empanadas Graciela 0.11.1

A remote Denial of Service vulnerability has been reported due to an off-by-one error within the handling of the nickname supplied by the user.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a client version of the application.

Tenes Empanadas Graciela Remote Denial of Service
Not Available Security Focus, Bugtraq ID: 16982, March 6, 2006

up-imapproxy

up-imapproxy 1.2.4, 1.2.3

A format string vulnerability has been reported in the 'ParseBannerAnd
Capability()' function when processing the banner or capability line received from the IMAP server, which could let a remote malicious user execute arbitrary code.

Debian

Gentoo

A Proof of Concept exploit script has been published.

up-imapproxy Format String

CVE-2005-2661

Debian Security Advisory DSA 852-1, October 9, 2005

Security Focus, Bugtraq ID: 15048, November 3, 2005

Gentoo Linux Security Advisory, GLSA 200603-04, March 6, 2006

Yukihiro Matsumoto

Ruby 1.6 - 1.6.8, 1.8 - 1.8.2

A vulnerability has been reported in 'eval.c' due to a flaw in the logic that implements the SAFE level checks, which could let a remote malicious user bypass access restrictions to execute scripting code.

Patches available

Updates available

Gentoo

Ubuntu

Debian

RedHat

Debian

Conectiva

Mandriva

RedHat

SGI

SuSE

There is no exploit code required.

Ruby Safe Level Restrictions Bypass

CVE-2005-2337

Security Tracker Alert ID: 1014948, September 21, 2005

US-CERT VU#160012

Gentoo Linux Security Advisory, GLSA 200510-05, October 6, 2005

Ubuntu Security Notice, USN-195-1, October 10, 2005

Debian Security Advisories, DSA 860-1 & DSA 862-1, October 11, 2005

RedHat Security Advisory, RHSA-2005:799-3, October 11, 2005

Debian Security Advisory, DSA 864-1, October 13, 2005

Conectiva Linux Announcement, CLSA-2005:1030, October 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:191, October 21, 2005

RedHat Security Advisory, RHSA-2005:799-6, Updated October 25, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description

Common Name

CVSS
Resources

Alien Arena 2006 GE

Alien Arena 2006 GE 5.0 & prior

Multiple vulnerabilities have been reported including a format string vulnerability, a buffer overflow vulnerability, and a Denial of Service vulnerability due to insufficient sanitization of user-supplied input, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script, aa2k6x.c, has been published.

Alien Arena 2006 GE Multiple Remote Vulnerabilities
Not Available Security Focus, Bugtraq ID: 17028, March 7, 2006

Apache Software Foundation

Struts 1.2.7

A Cross-Site Scripting vulnerability has been reported in error response due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available

RedHat

There is no exploit code required; however, a Proof of Concept exploit has been published.

Apache Struts Cross-Site Scripting

CVE-2005-3745

Security Focus, Bugtraq ID: 15512, November 21, 2005

RedHat Security Advisory, RHSA-2006:0161-01, March 7, 2006

Apache Software Foundation

Tomcat 5.5-5.5.12

A remote Denial of Service vulnerability has been reported due to the inefficient generation of directory listing for web directories that have a large number of files.

RedHat

There is no exploit code required.

Apache Tomcat Remote Denial of Service

CVE-2005-3510

Security Tracker Alert ID: 1015147, November 3, 2005

RedHat Security Advisory, RHSA-2006:0161-01, March 7, 2006

Aztek Forum

Aztek Forum 4.0

An HTML injection vulnerability has been reported in the message body due to insufficient sanitization when posting a new message before saving, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

Aztek Forum HTML Injection

CVE-2006-1110

Not Available
Security Focus, Bugtraq ID: 16938, March 3, 20-06

Bitweaver

Bitweaver 1.2.1, 1.2, 1.1.1 beta

An HTML injection vulnerability has been reported due to insufficient sanitization of the 'title' field when editing submitted articles and reportedly also when commenting on articles, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited with a web browser; however, a Proof of Concept exploit has been published.

Bitweaver Title Injection
Not Available Secunia Advisory: SA19101, March 6, 2006

CutePHP

CuteNews 1.4.1

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

CutePHP CuteNews Cross-Site Scripting
Not Available KAPDA Advisory #30, March 4, 2006

Cyboards

Cyboards PHP Lite 1.25, 1.21

An SQL injection vulnerability has been reported in 'process_post.php' due to insufficient sanitization of the 'parent' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited using a web client.

CyBoards PHP Lite SQL Injection
Not Available Secunia Advisory: SA19135, March 6, 2006

D2-Shoutbox

D2-Shoutbox 4.2

An SQL-injection vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, an exploit script, D2-Shoutbox-exp.pl, has been published.

D2-Shoutbox SQL Injection
Not Available Security Focus, Bugtraq ID: 16984, March 6, 2006

Daverave

HitHost 1.0

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.

Daverave HitHost Multiple Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17025, March 7, 2006

Daverave

Link Bank 0

A Cross-Site Scripting vulnerability has been reported in 'Iframe.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

Link Bank Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17001, March 7, 2006
Daverave

Link Bank 0

A script injection vulnerability has been reported which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

Link Bank Remote PHP Script Code Injection
Not Available Security Focus, Bugtraq ID: 17004, March 7, 2006

Daverave

Simplog 1.0.2

A vulnerability has been reported in 'index.php' due to insufficient verification of the 'act' and 'blogid' parameters before using to include files, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Simplog Information Disclosure

CVE-2006-1073

Secunia Advisory: SA19115, March 6, 2006

DCI-Designs

Dawaween 1.03

An SQL injection vulnerability has been reported in 'Poems.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited using a web client; however, a Proof of Concept exploit and exploit details, DawaweenSQL.txt, have been published.

DCI-Designs Dawaween SQL Injection

CVE-2006-1018

Security Focus, Bugtraq ID: 16909, March 2, 2006

Digital Builder

NZ Ecommerce System 0

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'action' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'informationID' and 'ParentCategory' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

The vendor has disputed these vulnerabilities.

NZ Ecommerce Cross-Site Scripting & SQL Injection

CVE-2006-1096
CVE-2006-1098

Not Available
Security Focus, Bugtraq ID: 16931, March 2, 2006

DVGuest
book

DVGuestbook 1.2.2, 1.0

Cross-Site Scripting vulnerabilities have been reported in 'dv_gbook.php' due to insufficient sanitization of the 'f' parameter and in 'index.php' due to insufficient sanitization of the 'page' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.

DVGuestbook Multiple Cross-Site Scripting

CVE-2006-1070
CVE-2006-1071

2.3
(CVE-2006-1070)

2.3 (CVE-2006-1071)

 

Security Focus, Bugtraq ID: 16968, March 6, 2006

Easy Forum

Easy Forum 2.5

An HTML injection vulnerability was reported in the user image file due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

Update available

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

Easy Forum HTML Injection

CVE-2006-0877

Security Focus, Bugtraq ID: 16958, March 4, 2006

Evo-Dev

evoBlog 0

An HTML injection vulnerability has been reported in Comment Post due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability may exploit this issue with a web browser.

Evo-Dev evoBlog HTML Injection

CVE-2006-1077

Security Focus, Bugtraq ID: 16983, March 6, 2006

Fantastic Scripts

Fantastic News 2.1.2 & prior

A code execution vulnerability has been reported in 'archive.php,' which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

Fantastic News Remote Code Execution
Not Available Security Focus, Bugtraq ID: 16985, March 6, 2006

FFmpeg

FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS

A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code.

Patches available

Ubuntu

Mandriva

Ubuntu

Gentoo

Gentoo

Currently we are not aware of any exploits for this vulnerability.

FFmpeg Remote Buffer Overflow

CVE-2005-4048

Secunia Advisory: SA17892, December 6, 2005

Ubuntu Security Notice, USN-230-1, December 14, 2005

Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005

Ubuntu Security Notice, USN-230-2, December 16, 2005

Gentoo Linux Security Advisory, GLSA 200602-01, February 5, 2006

Gentoo Linux Security Advisory, GLSA 200603-03, March 4, 2006

Gallery Project

Gallery 2.0-2.0.2

Several vulnerabilities have been reported: a script insertion vulnerability was reported due to insufficient sanitization of 'getRemoteHostAddress()' via the X_FORWARDED_FOR HTTP header before saving, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in session id due to insufficient sanitization before using, which could let a remote malicious user delete arbitrary files.

Updates available

Vulnerabilities can be exploited through use of a web client.

Gallery Script Insertion & File Handling
Not Available Security Tracker Alert ID: 1015717, March 3, 2006

Game-Panel

Game-Panel 2.6.1, 2.6

A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

Game-Panel Cross-Site Scripting

CVE-2006-1080

Security Focus, Bugtraq ID: 16979, March 6, 2006

Gregarius

Gregarius 0.5.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'search.php' due to insufficient sanitization of the 'rss_query' parameter and in 'tags.php' due to insufficient sanitization of the 'tag' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'feed.php' due to insufficient sanitization of the 'folder' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

The vulnerabilities have reportedly been fixed in the CVS repositories.

Vulnerabilities could be exploited with a web client.

Gregarius Cross-Site Scripting & SQL injection

CVE-2006-1041
CVE-2006-1042

2.3
(CVE-2006-1041)

4.7
(CVE-2006-1042)

Secunia Advisory: SA19102, March 6, 2006

Gregory Trubetskoy

mod_python 3.2.7

A vulnerability has been reported in mod_python's 'FileSession' object, which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Apache mod_python Remote Code Execution

CVE-2006-1095

Not Available
Security Focus, Bugtraq ID: 16916, March 2, 2006

Guestbox

Guestbox 0.6

Multiple vulnerabilities have been reported: a vulnerability was reported in the authentication process due to an error, which could let a remote malicious user obtain unauthorized access and post comments; a vulnerability was reported in 'guestbox.php' when posting an entry due to insufficient sanitization of the 'url' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'gblog' file because IP addresses are stored insecurely, which could let a remote malicious user obtain sensitive information.

Update available

There is no exploit code required.

Guestbox Vulnerabilities

CVE-2006-0859
CVE-2006-0860
CVE-2006-0861

2.3
(CVE-2006-0859)

2.3
(CVE-2006-0860)

2.3
(CVE-2006-0861)

Secunia Advisory: SA18946, February 21, 2006

Security Focus, Bugtraq ID: 16751, March 6, 2006

IBM

Websphere Application Server 5.0.2.15 & prior 5.0 versions, 5.1.1.9 & prior 5.1 versions

A vulnerability was reported when a remote malicious user submits malformed HTTP requests to the server, which could lead to the disclosure of JSP sourcecode.

Fixes available

Currently we are not aware of any exploits for this vulnerability.

IBM WebSphere Application Server JSP Source Code Disclosure

CVE-2006-1093

Not Available
Security Tracker Alert ID: 1015716, March 2, 2006

Invision Power Services

Invision Board 2.1.5

An SQL injection vulnerability has been reported in 'showtopic' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

Invision Power Board SQL Injection

CVE-2006-1076

Security Focus, Bugtraq ID: 16971, March 6, 2006

Jelsoft Enterprises

VBulletin 3.0.12-3.5.3

A vulnerability has been reported in the 'Edit Email & Password' functionality due to insufficient sanitization of the 'Email Address' field before storing in the user's profile, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

vBulletin User Email Address Script Insertion

CVE-2006-1040

KAPDA Advisory #26, March 2, 2006

logIT

logIT 1.4, 1.3

A file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

LogIT Remote File Include

CVE-2006-1099

Not Available
Security Focus, Bugtraq ID: 16932, March 2, 2006

Loudblog

Loudblog 0.41

Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'podcast.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Directory Traversal vulnerability was reported in 'index.php' due to insufficient sanitization of the 'template' parameter before using to view files, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in 'inc/backend_settings.php' due to insufficient verification of the 'language' parameter and in 'index.php' due to insufficient verification of the 'page' parameter, which could let a remote malicious user include arbitrary files.

No workaround or patch available at time of publishing.

Vulnerabilities could be exploited with a web client; however, Proof of Concept exploits have been published.

Loudblog Multiple Input Validation

CVE-2006-1113
CVE-2006-1114

Not Available
Secunia Advisory: SA19172, March 8, 2006

L-Soft

Listserv 14.4, 14.3

Multiple unspecified vulnerabilities have been reported which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for these vulnerabilities.

L-Soft Listserv Multiple Unspecified Vulnerabilities

CVE-2006-1044

NGSSoftware Insight Security Research Advisory , March 4, 2006

Lurker

Lurker 2.0 & prior

Multiple vulnerabilities have been reported: an input validation vulnerability was reported in 'lurker.cgi,' which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to an unspecified error which could let a remote malicious user create or overwrite arbitrary files in any directory called 'mbox;' and a vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerabilities can be exploited through use of a web client.

Lurker Multiple Vulnerabilities

CVE-2006-1062
CVE-2006-1063
CVE-2006-1064

2.3
(CVE-2006-1062)

2.3
(CVE-2006-1063)

Secunia Advisory: SA19136, March 6, 2006

m-phorum

m-phorum 0.2

A file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

M-Phorum Remote File Include
Not Available Security Focus, Bugtraq ID: 16977, March 6, 2006

Multiple Vendors

MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2;
Gentoo Linux;
Ethereal Group Ethereal 0.10.1-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A vulnerability has been reported in Ethereal IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service.

Mandriva

Gentoo

SUSE

Conectiva

Mandriva

Avaya

SuSE

Currently we are not aware of any exploits for this vulnerability.

Ethereal Denial of Service

CVE-2005-3313

3.3

Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005

Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Conectiva Security Announcement, CLSA-2005:1043, November 8, 2005

Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006

Avaya Security Advisory, ASA-2006-046, February 13, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Multiple Vendors

NetGear WGT624 0, RT314/RT311 Gateway Router Firmware 3.25, RT314/RT311 Gateway Router Firmware 3.24, RT314/RT311 Gateway Router Firmware 3.22,
RT-338, ME102 1.4, ME102 1.3, FVS318v2 2.4, FVS318 2.4, FVS318 1.3, FVS318 1.2, FVS318 1.1, FVS318 1.0, FM114P, DG834G, DG834 ADSL Firewall Router;
Linksys WRT54GS 4.70.6 (Firmware), 4.50.6 (Firmware), WRT54G 4.0 4.20.6 (Firmware), 4.0.7 (Firmware), 3.0 3.3.6 (Firmware), 3.0 3.1.3 (Firmware), 2.0 2.4.4 (Firmware), 2.0 2.0 2.8 beta(Firmware), 2.0 2.0 0.8 (Firmware), 1.0 1.42.3 (Firmware), WAP55AG 1.0.7, WAP11 2.2 , 1.4 , 1.3, Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.42.7, 1.40.3, 1.37.9 b, 1.37.2 b, 1.37.2, EtherFast BEFVP41 Router 1.39.64, BEFVP41 Router, EtherFast BEFSRU31 Router 1.44, 1.43.3, 1.43, 1.42.7, 1.42.3, 1.41, 1.40.2, EtherFast BEFSR81 Router 2.44, 2.42.7, BEFSR81 Router, EtherFast BEFSR41 Router 1.45.7, 1.44, 1.43.3, 1.43, 1.42.7, 1.42.3, 1.41, 1.40.2,
1.35-1.39, 1.0 5.00, EtherFast BEFSR11 Router 1.44, 1.43.3, 1.43, 1.42.7, 1.42.3, 1.41, 1.40.2, EtherFast BEFN2PS4 Router, BEFW11S4 v4, BEFW11S4 v3, BEFW11S4 1.44, 1.43.3, 1.4.3,
1.4.2 .7, BEFVP41 1.42.7, 1.40 .4, 1.40 .3f, BEFSX41 1.45.3, 1.44.3 , 1.44, 1.43.4, 1.43.3, 1.43, 1.42.7, BEFSR81 v3, v2, BEFSR81, BEFSR41W, BEFSR41 v3, BEFSR41 v2 , BEFSR41 v1, BEFN2PS4 1.42.7, BEFCMU10

A remote IRC Denial of Service vulnerability has been reported in Linksys and Netgear routers due to a failure to properly handle unexpected network traffic.

No workaround or patch available at time of publishing.

Vulnerability can be exploited via a standard IRC client.

Multiple Router Vendor Remote IRC Denial of Service

CVE-2006-1067
CVE-2006-1068

2.3 (CVE-2006-1067)

2.3 (CVE-2006-1068)

Security Focus, Bugtraq ID: 16954, March 4, 2006

Multiple Vendors

WordPress 1.5.2;
Gentoo Linux

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'User-Agent' HTTP header when commenting on an article, which could let a remote malicious user execute arbitrary SQL code.

Update available

Gentoo

Currently we are not aware of any exploits for this vulnerability.

Wordpress SQL Injection

CVE-2006-1012

Secunia Advisory: SA19109, March 6, 2006

Gentoo Linux Security Advisory, GLSA 200603-01, March 4, 2006

nCipher

nCipher Software CD 0, MSCAPI CSP 5.54 ,MSCAPI CSP 5.50, CHIL

Multiple vulnerabilities have been reported: a vulnerability was reported in HSM when choosing random parameters for use in the generation of Diffie-Hellman (DH) keys, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the nCore API because CBC MACs are not properly calculated and verified which could lead to a failure to to detect certain modifications to messages; and a vulnerability was reported because certain functionality in the firmware that are meant for testing purposes may be exploited to generate keys with reduced security properties.

Update to V10 firmware version 2.22.6 or later.

Currently we are not aware of any exploits for these vulnerabilities.

nCipher Products Multiple Vulnerabilities

CVE-2006-1115
CVE-2006-1116
CVE-2006-1117

Not Available
Secunia Advisory: SA19137, March 7, 2006

Nidelven IT

Issue Dealer prior to 0.9.96

A vulnerability has been reported in the weblog publisher when validating received issue IDs, which could let a remote malicious user obtain sensitive information.

Updates available

There is no exploit code required.

Issue Dealer Information Disclosure

CVE-2006-0979

Secunia Advisory: SA19018, February 28, 2006

NMDeluxe

NMDeluxe 1.0

Multiple vulnerabilities have been reported: a script insertion vulnerability was reported in 'news.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'news.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Update available

Vulnerabilities can be exploited through use of a web client.

NMDeluxe Script Insertion & SQL Injection
Not Available Secunia Advisory: SA19117, March 7, 2006

Oracle

Diagnostics 2.0-2.2,
Oracle Applications 11i 11.5.10 CU1 & CU2,11i 11i 11.5.3-11.5.10

Multiple vulnerabilities have been reported including insecure permissions vulnerabilities, access vulnerabilities, and SQL injection vulnerabilities, which could let a remote malicious user obtain sensitive information or execute arbitrary SQL code.

Patch information

Vulnerabilities would likely be exploited from a web browser; however, a Proof of Concept exploit has been published.

Oracle Diagnostics Multiple Vulnerabilities

CVE-2006-1035
CVE-2006-1036
CVE-2006-1037

7
(CVE-2006-1035)

7
(CVE-2006-1036)

7
(CVE-2006-1037)

 

Security Focus, Bugtraq ID: 16844, February 27, 2006

US-CERT VU#298958

Oreka

Oreka 0.1-0.4

A remote Denial of Service vulnerability has been reported due to an error in Orkaudio when handling a certain sequence of RTP packets.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Oreka Remote Denial of Service

CVE-2006-0912

Secunia Advisory: SA19095, March 3, 2006

Owl

Owl Intranet Engine 0.82

A file include vulnerability has been reported in 'lib/OWL_API.php' due to insufficient verification of the 'xrms_file_root' parameter, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit script, owl_082_xpl.pl, has been published.

Owl Intranet Engine Remote File Include
Not Available Security Focus, Bugtraq ID: 17021, March 7, 2006

phpArcade
Script

phpArcade
Script 2.0

Cross-Site Scripting vulnerabilities has been reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited using a web client; however, Proof of Concept exploits have been published.

phpArcadeScript Cross-Site Scripting

CVE-2006-1082

Secunia Advisory: SA19124, March 6, 2006

PhpStats

PHP-Stats 0.1.9 .10.1.9.1 & prior

Multiple vulnerabilities have been reported: a file include vulnerability was reported in 'admin.php' due to insufficient verification of the 'option[language]' and 'option[template]' parameters, which could let a remote malicious user execute arbitrary code; an SQL injection vulnerability was reported in 'admin.php' due to insufficient sanitization of the 'option[prefix]' parameter and in 'click.php' due to insufficient sanitization of the 'PC_REMOTE_ADDR' HTTP header, which could let a remote malicious user execute arbitrary SQL code; an input validation vulnerability was reported in 'admin.php,' which could let a remote malicious user execute arbitrary PHP code; and a vulnerability was reported in 'checktables.php' because it is possible to disclose database table prefixes.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client.

Php-Stats File Include, SQL Injection, Input Validation & Information Disclosure

CVE-2006-1083
CVE-2006-1084
CVE-2006-1085
CVE-2006-1087
CVE-2006-1088

7 (CVE-2006-1083)

7 (CVE-2006-1084)

10 (CVE-2006-1085)

4.2 (CVE-2006-1087)

2.3 (CVE-2006-1088)

Secunia Advisory: SA19116, March 6, 2006

pixelpost

Pixelpost 1.4.3, 1.5 beta 1

Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client.

Pixelpost Multiple Input Validation

CVE-2006-1104
CVE-2006-1105
CVE-2006-1106

Not Available
Security Focus, Bugtraq ID: 16964, March 4, 2006

PluggedOut

Nexus 0.1

An SQL injection vulnerability has been reported in 'forgotten_password.php' due to insufficient sanitization of the 'email' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.

PluggedOut Nexus SQL Injection

CVE-2006-1081

Security Tracker Alert ID: 1015715, March 2, 2006

Ravenous

Ravenous 0.7

A vulnerability has been reported due to a failure to properly secure sensitive information, which could let a remote malicious user obtain unauthorized access.

Update available

Vulnerability can be exploited through use of a web client.

Ravenous Unauthorized Access
Not Available Security Focus, Bugtraq ID: 17013, March 7, 2006

RunCMS

RunCMS 1.2, 1.1 A, 1.1, 1.3.a5, 1.3.a2, 1.3.a

A Cross-Site Scripting vulnerability has been reported in 'bigshow.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

RunCMS Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 16970, March 6, 2006

SAP

SAP Web Application Server prior to 7.00r

A vulnerability has been reported due to insufficient validation of user-supplied input in URLs, which could let a remote malicious user execute arbitrary data.

The vendor has provided patches (reference SAP Note 908147 and 915084).

Currently we are not aware of any exploits for this vulnerability.

SAP Web Application Server URL Handling

CVE-2006-1039

Security Tracker Alert ID: 1015702, March 1, 2006

Sauerbraten

Sauerbraten 2006_02_28,
Sauerbraten Cube 2005_08_09

Multiple vulnerabilities have been reported including a buffer overflow vulnerability and several Denials of Service, which could let a remote malicious user execute arbitrary machine code or crash both clients and servers.

No workaround or patch available at time of publishing.

Exploit scripts, sauerburn.zip and evilcube.c, have been published.

Sauerbraten Multiple Remote Vulnerabilities

CVE-2006-1100
CVE-2006-1101
CVE-2006-1102
CVE-2006-1103

Not Available
Security Focus, Bugtraq ID: 16986, March 6, 2006

Send
card

Sendcard prior to 3.3.0

Several SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in SQL queries, which could let a remote malicious user execute arbitrary SQL code.

Updates available

Vulnerabilities can likely be exploited via a web browser.

Sendcard Unspecified SQL Injection

CVE-2006-1006

Security Focus, Bugtraq ID: 16900, March 1, 2006

Skate Board

Skate Board 0.9

Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of the 'usern,' 'passwd,' and 'sf_cookie' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code, bypass the authentication process, and execute arbitrary PHP code; and a script insertion vulnerability was reported due to insufficient sanitization of unspecified input in various fields when registering, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities could be exploited with a web client.

Skate Board Input Validation

CVE-2006-0809
CVE-2006-0810
CVE-2006-0811

7
(CVE-2006-0809)

4.2
(CVE-2006-0810)

2.3
(CVE-2006-0811)

 

 

Security Focus, Bugtraq ID: 16936, March 3, 2005

SMBlog

SMBlog 1.2

A vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP commands.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit, SMBlog.txt, has been published.

SMBlog Arbitrary PHP Command Execution

CVE-2006-1013

Security Focus, Bugtraq ID: 16905, March 1, 2006

SquirrelMail Development Team

SquirrelMail 1.4.5 & prior

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'webmail.php' due to insufficient sanitization of the 'right_main' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to comments in styles before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'sqimap_mailbox_select mailbox' parameter due to insufficient sanitization before using in an IMAP query, which could let a remote malicious user inject arbitrary IMAP commands.

The vulnerabilities have been fixed in the CVS repository and fixes will be included in the upcoming 1.4.6 version.

Mandriva

Fedora

SuSE

There is no exploit code required.

SquirrelMail Multiple Cross-Site Scripting & IMAP Injection

CVE-2006-0188
CVE-2006-0195
CVE-2006-0377

2.3
(CVE-2006-0188)

2.3
(CVE-2006-0195)

2.3
(CVE-2006-0377)

 

Secunia Advisory: SA18985, February 22, 2006

Mandriva Linux Security Advisory, MDKSA-2006:049, February 27, 2006

Fedora Update Notification,
FEDORA-2006-133, March 3, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

STLport

STLport prior to 5.0.2

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'src/c_locale_glibc/
c_locale_glibc2.c' due to the unsafe use of the 'strcpy()' function when copying locale category names, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'src/num_put_float.cpp' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for these vulnerabilities.

STLPort Library Buffer Overflows

CVE-2006-0963

Security Focus, Bugtraq ID: 16928, March 2, 2006

Total
ECommerce

Total
ECommerce 1.0

An SQL injection vulnerability has been reported in 'index.asp' due to insufficient sanitization of the 'if' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Total Ecommerce SQL Injection

CVE-2006-1109

Not Available
Secunia Advisory: SA19103, March 6, 2006

UKiWEB

UKiBoard 3.0.1

An HTML injection vulnerability has been reported in 'fce.php' BBCode due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability may be exploited with a web browser.

UKiWEB UKiBoard HTML Injection

CVE-2006-1019

Security Focus, Bugtraq ID: 16912, March 2, 2006

VBZoom

VBZoom 1.11

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

VBZooM Forum Multiple Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 16956, March 4, 2006

VBZoom

VBZoom 1.11

An SQL injection vulnerability has been reported in 'show.php' due to insufficient sanitization of 'MainID,' which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

VBZoom Forum SQL Injection
Not Available Security Focus, Bugtraq ID: 16955, March 4, 2006

VBZoom

VBZoom 1.11

A Cross-Site Scripting vulnerability has been reported in 'profile.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

VBZoom 'Profile.PHP' Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 16969, March 6, 2006

Vubb

Vubb 0.2

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'pass' cookie parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit script, vubb_sql_exploit.pl, has been published.

VUBB SQL Injection

CVE-2006-0962

Secunia Advisory: SA19084, March 2, 2006

Woltlab

Burning Board 2.0-2.7, 1.1.1

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, exploit details, woltlabBB2x.txt, have been published.

Woltlab Burning Board Multiple SQL Injection
Not Available Security Focus, Bugtraq ID: 16914, March 2, 2006

Woltlab

Burning Board 2.3.4

A Cross-Site Scripting vulnerability has been reported in 'misc.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.

Woltlab Burning Board Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 16959, March 4, 2006

Xerox

WorkCentre Pro 90, 75, 65, CopyCentre C90 0, C75 0, C65 0

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the PostScript file interpreter due to a boundary error, which could let a remote malicious user cause a Denial of Service; a remote Denial of Service vulnerability was reported due to two unspecified errors when handling PostScript files; a remote Denial of Service vulnerability was reported due to an unspecified error in the built-in web server; and a vulnerability was reported in the ESS / Network Controller because an image overwrite can fail in certain situations after a power loss.

Update information

Currently we are not aware of any exploits for these vulnerabilities.

Xerox WorkCentre / CopyCentre Multiple Vulnerabilities
Not Available XEROX Security Bulletin, XRX06-002, March 6, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.

  • aircrackng-0.1.tar.gz: A set of tools for auditing wireless networks that is an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.

  • Zombie PCs menace mankind: According to symantec's Internet Security Threat Report, cybercrooks are developing more sophisticated techniques to steal confidential data. Malicious hackers are increasingly using bot-networks, modular malicious code, and targeted attacks on web applications and web browsers to carry out cyber raids.
  • Risky sites account for 5 percent of traffic: According to SiteAdvisor, a company founded by graduate students from the Massachusetts Institute of Technology, a significant number of visits to Web pages could place consumer's computers at risk. They use a legion of automated virtual computers to scan the Internet for dangerous Web sites. They found that sites accounting for 5 percent of all Web traffic attempted to upload hostile programs to a visitor's computer, or acted in some other malicious way.
  • 0602-exploits.tgz: Packet Storm new exploits for February, 2006.
  • Hunt Intensifies for Botnet Command & Controls: A group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers. The idea is to open up a new reporting mechanism for ISPs and IT administrators to report botnet activity, especially the C&C (command-and-control) system that remotely sends instructions to botnets.
  • Malware Attacks Drop Off in February: Records were set in January for malware output; however, the malware volume dropped by 26 percent last month. Sophos analysts detected 2,312 new pieces of malware in January, setting a record for the highest volume of malware in one month. In February there were only 1,132 new pieces of malware -- which includes worms, viruses and Trojans -- pop up.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm
Stable
March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2 Zafi-B Win32 Worm
Increase
June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3 Lovgate.w Win32 Worm
Slight Decrease
April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4 Mytob-GH Win32 Worm
Slight Decrease
November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
5 Netsky-D Win32 Worm
Slight Decrease
March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
6 Mytob-AS Win32 Worm
Increase
June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7 Sober-Z Win32 Worm
Stable
December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
8 Mytob.C Win32 Worm
Decrease
March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
9 Zafi-D Win32 Worm
Slight Increase
December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
10 Mytob-BE Win32 Worm
Decrease
June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.

Table updated March 7, 2006

[back to top]

 

 

 

Last updated

The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.

Vulnerabilities
Wireless Trends & Vulnerabilities
General Trends
Viruses/Trojans


Vulnerabilities

The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.

Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.

The Risk levels are defined below:

High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.

Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.

Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.

Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.

Windows Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Comvigo

IM Lock Home 2006,
IM Lock Professional 2006

A vulnerability has been reported in 'SOFTWARE\Microsoft\
SvcHst\msnvs\prc' due to a failure to store passwords with secure permissions, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script, imlock2006.txt, has been published.

Comvigo IM Lock 2006 Insecure Password Storage
Not Available
Secunia Advisory: SA19140, March 7, 2006

Dantz Development Corporation, EMC

Retrospect Client 7, 6.5

A remote Denial of Service vulnerability has been reported due to an assertion error in the backup client

Updates available

Currently we are not aware of any exploits for this vulnerability.

EMC Dantz Retrospect Backup Client Remote Denial of Service

CVE-2006-0995

Security Tracker Alert ID: 1015714, March 2, 2006

Grisoft

Anti-Virus AVG Free Edition 7.x, Antivirus 6.x, Antivirus Professional

A vulnerability has been reported in the File Update functionality because insecure permissions are assigned to files that have been updated, which could let a malicious user obtain elevated privileges.

No workaround or patch available at time of publishing.

There is no exploit code required.

AVG Anti-Virus Insecure File Permissions
Not Available Secunia Advisory: SA19118, March 6, 2006

J. Kneschke

lighttpd 1.4.10

A vulnerability has been reported due to a validation error of the filename extension supplied by the user in the URL, which could let a remote malicious user obtain sensitive information.

Update available

Vulnerability can be exploited with a web browser.

Lighttpd Information Disclosure

CVE-2006-0814

Security Tracker Alert ID: 1015703, March 1, 2006

Microsoft

Internet Explorer 6.0, SP1 & SP2, 5.5, SP1 & SP2, 5.5 preview, 5.0.1, SP1-SP4, 50.1 for Windows NT 4.0, Windows 98, Windows 95, Windows 2000, 5.0 for Windows NT 4.0, Windows 98, Windows 95, Windows 2000, 5.0, 7.0 beta2

A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions. Note: This issue only presents itself when Sun's Java runtime environment is installed and configured to be the default handler for Java applets.

No workaround or patch available at time of publishing.

There is no exploit code required.

Microsoft Internet Explorer Java Applet Handling Remote Denial of Service
Not Available
Security Focus, Bugtraq ID: 16978, March 6, 2006

Microsoft

Visual InterDev, Visual Studio 6 Enterprise, Visual Studio 6 Professional

A buffer overflow vulnerability has been reported in the '.dbp' file due to an overly long string in the 'DataProject' field, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script, vs60bo.c, has been published.

Microsoft Visual Studio Buffer Overflow

CVE-2006-1043

Secunia Advisory: SA19081, March 7, 2006

NCP

Network Communication Secure Client 8.11 Build 146

Multiple vulnerabilities have been reported: including Firewall rules designed to allow only specific applications to access the network may be bypassed; some applications are prone to local command-line argument buffer overflow vulnerabilities; the VPN client is susceptible to a remote Denial of Service vulnerability; and the VPN client is susceptible to a local privilege-escalation vulnerability.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

NCP Secure Client Multiple Vulnerabilities

CVE-2006-0964
CVE-2006-0965
CVE-2006-0966
CVE-2006-0967
CVE-2006-0968

4.9
(CVE-2006-0964)

4.9
(CVE-2006-0965)

1.6
(CVE-2006-0966)

1.6
(CVE-2006-0967)

7
(CVE-2006-0968)

Security Focus, Bugtraq ID: 16906, March 6, 2006

Novell

Bordermanager 3.x

A Denial of Service vulnerability has been reported due to unspecified errors in the proxy when handling invalid content type or when handling media streaming over HTTP 1.1.

Patch available

Currently we are not aware of any exploits for this vulnerability.

Novell BorderManager Proxy Denial of Service
Not Available Novell Technical Information Document, TID2972993, March 3, 2006

Peter's Software

LetterMerger 1.2

A vulnerability has been reported due to the insecure storage of user-supplied information in Access database files, which could let a malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required.

LetterMerger Information Disclosure

CVE-2006-1011

Security Focus, Bugtraq ID: 16917, March 2, 2006

Raiden
HTTPD

Raiden
HTTPD prior to 1.1.48

A vulnerability has been reported due to a validation error of the filename extension supplied by the user in the URL, which could let a remote malicious user obtain sensitive information.

Updates available

Vulnerability can be exploited with a web browser.

RaidenHTTPD Remote Information Disclosure

CVE-2006-0949

Security Focus, Bugtraq ID: 16934, March 8, 2006

RevilloC

MailServer 1.21

A buffer overflow vulnerability has been reported in the POP3 USER command due to a boundary error, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit script, revilloC_poc.pl, has been reported.

RevilloC MailServer Buffer Overflow
Not Available Secunia Advisory: SA19119, March 8, 2006

Symantec

Ghost 8.2, 8.0

Multiple vulnerabilities have been reported: a vulnerability was reported due to a default administrator loginid and password, which could let a malicious user modify or delete stored administrative tasks; a vulnerability was reported in the Sybase SQLAnywhere database due to insecure permissions in the shared memory sections used by Symantec Ghost, which could let a malicious user obtain unauthorized access and modify database information; and a vulnerability was reported in the login dialog box of 'dbisqlc.exe' due to a boundary error, which could let a malicious user obtain unauthorized access.

Update information

There is no exploit code required.

Symantec Ghost Multiple Vulnerabilities
Not Available Symantec Security Advisory, SYM06-003
March 07, 2006

VanDyke Software

SecureCRT 5.0.4 & prior, SecureFX 3.0.4 & prior.

A buffer overflow vulnerability has been reported due to a boundary error when converting a unicode string to a multi-byte string, which could let a remote malicious user execute arbitrary code or cause a Denial of Service.

SecureCRT Updates

SecureFX updates

Currently we are not aware of any exploits for this vulnerability.

SecureCRT / SecureFX Buffer Overflow

CVE-2006-1038

Secunia Advisory: SA19040, March 8, 2006

UNIX / Linux Operating Systems Only
Vendor & Software Name
Description

Common Name

CVSS
Resources

Acme Laboratories

thttpd 2.0-2.24, 1.95, 1.90 a, 1.0.x, 1.0, 2.25 b, 2.1x

Multiple buffer overflow vulnerabilities have been reported in the 'htpasswd' utility included with thttpd due to insufficient bounds checking of user-supplied input prior to copying into insufficiently sized memory buffers, which could let a remote malicious user execute arbitrary commands.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these vulnerabilities.

Acme Labs thttpd 'HTPasswd' Multiple Vulnerabilities

CVE-2006-1078
CVE-2006-1079

Not Available
Security Focus, Bugtraq ID: 16972, March 6, 2006

Akarru Social BookMarking Engine

Akarru Social BookMarking Engine before 0.4.3.4

An SQL injection vulnerability has been reported in 'users.php' due to insufficient sanitization of the user name before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Update available

Vulnerability can be exploited through a web client.

Akarru Social BookMarking Engine SQL Injection

CVE-2006-1051

Secunia Advisory: SA19112, March 6, 2006

Apple

Mac OS X Server 10.4-10.4.5, 10.3-10.3.9, Mac OS X 10.4-10.4.5, 10.3-10.3.9

Multiple vulnerabilities have been reported; several security issues were reported in the PHP Apache module and scripting environment; a remote Denial of Service vulnerability was reported in 'automount' which could also lead to the execution of arbitrary code; an input validation vulnerability was reported in the BOM framework when certain archives are unpacked, which could let a remote malicious user overwrite arbitrary files; a vulnerability was reported in the 'passwd' program when used with the '-i' parameter, which could let a remote malicious user create/
overwrite arbitrary files; a vulnerability was reported when a FIleVault image is created because user directories are insecurely mounted, which could let a remote malicious user obtain unauthorized access; a remote Denial of Service vulnerability was reported due an error in IPSec when handling certain error conditions; a vulnerability was reported in the 'vm_allocate()' syscall in the LibSystem component due to an integer overflow; which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code; a vulnerability was reported in 'Download Validation' in the Mail component due to a failure to warn of unsafe file types when double-clicking an email attachment; a vulnerability was reported because in certain cases a Perl program may fail to drop privileges; a buffer overflow vulnerability was reported in 'rsync' due to a boundary error when transferring extended attributes, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a buffer overflow vulnerability was reported due to the way WebKit handles certain HTML, which could let a remote malicious user execute arbitrary code; a buffer overflow vulnerability was reported in Safari due to a boundary error when parsing JavaScript, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in Safari's security model when handling HTTP redirection, which could let a remote malicious user execute arbitrary JavaScript; a vulnerability was reported in 'Safari/LaunchServices' due to an error, which could let a remote malicious user execute arbitrary files; and a Cross-Site Scripting vulnerability was reported in the Syndication (Safari RSS) component due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Some of these vulnerabilities may be exploited through use of a web client. An exploit script, xosx-passwd.pl, has been published

4.2
(CVE-2005-2713)

4.2
(CVE-2005-2714)

2.3
(CVE-2005-3319)

2.3
(CVE-2005-3353)

7
(CVE-2005-3391)

7
(CVE-2005-3392)

4.7
(CVE-2005-3706)

4.2
(CVE-2005-3712)

7
(CVE-2005-4217)

3.3
(CVE-2005-4504)

2.3
(CVE-2006-0383)

7
(CVE-2006-0384)

1
(CVE-2006-0386)

4.7
(CVE-2006-0387)

3.7
(CVE-2006-0388)

1.9
(CVE-2006-0389)

1
(CVE-2006-0391)

 

 

Apple Security Update 2006-001, March 1, 2006

US-CERT VU#351217

US-CERT VU#176732

Debian

Debian amaya 9.2.1 -6

A vulnerability has been reported due to an insecure 'RPATH,' which could let a malicious user execute arbitrary code.

The vendor has released an updated package of Amaya to address this issue.

There is no exploit code required.

Debian-Specific Amaya Arbitrary Code Execution

CVE-2005-4728

Not Available
Security Focus, Bugtraq ID: 16945, March 3, 2006

Dropbear

SSH Server 0.28-0.47

A remote Denial of Service vulnerability has been reported due to a design error in the authorization pending connections code.

No workaround or patch available at time of publishing.

There is no exploit code required.

Dropbear Remote Denial of Service
Not Available Security Focus, Bugtraq ID: 17024, March 7, 2006

eschew.net

phpBanner
Exchange 2.0 & prior

A Directory Traversal vulnerability has been reported in 'ResetPW.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

Eschew.Net PHPBanner
Exchange Directory Traversal
Not Available Security Focus, Bugtraq ID: 16996, March 7, 2006

Freeciv

Freeciv 2.0.7

A remote Denial of Service vulnerability has been reported in 'common/packets.c' due to an error when handling the packet length.

Update available

Mandriva

A Proof of Concept exploit script , freecivdos.zip, has been published.

Freeciv Remote Denial of Service

CVE-2006-0047

Secunia Advisory: SA19120, March 6, 2006

Mandriva Linux Security Advisory MDKSA-2006:053, March 7, 2006

Geeklog

Geeklog 1.4 sr1, 1.3.7-1.3.11 sr4, 1.3.5 sr1 & sr2, 1.3.5, 1.3

A vulnerability has been reported in 'lib-sessions.php' due to insufficient verification of user-supplied data, which could let a remote malicious user bypass authentication.

Updates available

There is no exploit code required.

Geeklog Authorization Bypass

CVE-2006-1069

Security Focus, Bugtraq ID: 17010, March 7, 2006

GNU

Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename.

Mandriva

SuSE

Ubuntu

Debian

RedHat

There is no exploit code required.

GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service

CVE-2005-3573

Secunia Advisory: SA17511, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006

GNU

tar 1.15.90, 1.15.1, 1.14.90, 1.15, 1.14

A buffer overflow vulnerability has been reported when handling PAX extended headers due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.

GNU

Mandriva

Ubuntu

Trustix

RedHat

SuSE

Debian

Currently we are not aware of any exploits for this vulnerability.

GNU Tar PAX Remote Buffer Overflow

CVE-2006-0300

3.9

Secunia Advisory: SA18973, February 22, 2006

Mandriva Security Advisory, MDKSA-2006:046, February 21, 2006

Ubuntu Security Notice, USN-257-1, February 23, 2006

Trustix Secure Linux Security Advisory, #2006-0010, February 24, 2006

RedHat Security Advisory, RHSA-2006:0232-3, March 1, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Debian Security Advisory,
DSA-987-1, March 7, 2006

GnuPG

GnuPG / gpg prior to 1.4.2.1

A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.

Patches available

Fedora

Debian

Mandriva

Ubuntu

Gentoo

SuSE

SuSE

SuSE

There is no exploit code required; however, a Proof of Concept exploit has been published.

GnuPG Detached Signature Verification Bypass

CVE-2006-0455

4.9

GnuPG Advisory, February 15, 2006

Fedora Update Notification,
FEDORA-2006-116, February 17, 2006

Debian Security Advisory,
DSA-978-1, February 17, 2006

Mandriva Security Advisory, MDKSA-2006:043, February 17, 2006

Ubuntu Security Notice, USN-252-1, February 17, 2006

Gentoo Linux Security Advisory, GLSA 200602-10, February 18, 2006

SuSE Security Announcement, SUSE-SA:2006:009, February 20, 2006

SUSE Security Announcement, SUSE-SA:2006:013, March 1, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Hewlett Packard Company

Tru64 UNIX 5.1B-3, 5.1B-2/PK4

A remote Denial of Service vulnerability has been reported due to improper processing of certain Internet Key Exchange (IKE) packets.

Patch information

Currently we are not aware of any exploits for this vulnerability.

HP Tru64 UNIX IPSec Remote Denial of Service

CVE-2005-3670

Not Available
Hewlett Packard Security Bulletin, HPSBTU02100, March 7, 2006

Inter7 Internet Technologies, Inc.

qmailadmin prior to 1.2.10

A buffer overflow vulnerability has been reported in 'PATH_INFO' when processing excessive data, which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Inter7 QmailAdmin Buffer Overflow
Not Available Security Focus, Bugtraq ID: 16994, February 20, 2006

Kaspersky Labs

Kaspersky Antivirus for Linux Servers 5.5, 5.0.5

A remote Denial of Service vulnerability has been reported due to a failure in the application to handle unspecified files.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this vulnerability.

Kaspersky Anti-Virus Remote Denial of Service

CVE-2006-1091

Not Available
Security Focus, Bugtraq ID: 16942, March 3, 2006

Metamail

Metamail 2.7

A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. Note: According to Security Tracker this is a Linux/Unix vulnerability. Previously classified as multiple operating systems.

RedHat

Mandriva

SuSE

A Proof of Concept exploit has been published.

Metamail Remote Buffer Overflow

CVE-2006-0709

7

Security Focus, Bugtraq ID: 16611, February 13, 2006

RedHat Security Advisory, RHSA-2006:0217-4, February 21, 2006

Mandriva Security Advisory, MDKSA-2006:047, February 22, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

monopd

monopd 0.9.3

A remote Denial of Service vulnerability has been reported due to an error when parsing an overly long input string.

Patch available

A Proof of Concept exploit script, monopdx.zip, has been published.

Monopd Remote Denial of Service

CVE-2006-1046

Secunia Advisory: SA19133, March 6, 2006

MPlayer

MPlayer 1.0pre7try2

Integer overflow vulnerabilities have been reported in the 'new_demux_packet()' function in 'libmpdemux/
demuxer.h' and the 'demux_asf_read_packet()' function in 'libmpdemux/
demux_asf.c' when allocating memory, which could let a remote malicious user cause a Denial of Service and potentially compromise a system.

Gentoo

Currently we are not aware of any exploits for this vulnerability.

MPlayer Integer Overflows

CVE-2006-0579

Secunia Advisory: SA18718, February 7, 2006

Gentoo Linux Security Advisory, GLSA 200603-03, March 4, 2006

Multiple Vendors

irssi 0.8.9, 0.8.10rc5; Ubuntu Linux 5.10

A remote Denial of Service vulnerability has been reported in 'dcc-resume.c' when handling malicious DCC transfers.

Ubuntu

Currently we are not aware of any exploits for this vulnerability.

IRSSI DCC Remote Denial of Service

CVE-2006-0458

Ubuntu Security Notice, USN-259-1, March 1, 2006

Multiple Vendors

Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2;
KDE kpdf 0.5, KOffice 1.4.2 ; PDFTOHTML DFTOHTML 0.36


Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read
BaselineSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'DCTStream::read
ProgressiveSOF()' function in 'xpdf/Stream.cc' when copying data from a PDF file, which could let a remote malicious user potentially execute arbitrary code; a buffer overflow vulnerability was reported in the 'StreamPredictor::
StreamPredictor()' function in 'xpdf/Stream.cc' when using the 'numComps' value to calculate the memory size, which could let a remote malicious user potentially execute arbitrary code; and a vulnerability was reported in the 'JPXStream:
:readCodestream()' function in 'xpdf/JPXStream.cc' when using the 'nXTiles' and 'nYTiles' values from a PDF file to copy data from the file into allocated memory, which could let a remote malicious user potentially execute arbitrary code.

Patches available

Fedora

RedHat

KDE

SUSE

Ubuntu

Gentoo

RedHat

RedHat

RedHat

Mandriva

Debian

Debian

Debian

Fedora

SuSE

RedHat

SGI

Debian

TurboLinux

Debian

Debian

Slackware

Slackware

Gentoo

Currently we are not aware of any exploits for these vulnerabilities.

3.9
(CVE-2005-3191)

7
(CVE-2005-3192)

3.9
(CVE-2005-3193)

iDefense Security Advisory, December 5, 2005

Fedora Update Notifications,
FEDORA-2005-1121 & 1122, December 6, 2005

RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005

KDE Security Advisory, advisory-20051207-1, December 7, 2005

SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005

Ubuntu Security Notice, USN-227-1, December 12, 2005

Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005

RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005

Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006

Debian Security Advisory,
DSA-936-1, January 11, 2006

Debian Security Advisory, DSA-937-1, January 12, 2006

Debian Security Advisory, DSA 938-1, January 12, 2006

Fedora Update Notifications,
FEDORA-2005-028 & 029, January 12, 2006

SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006

RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006

SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006

SGI Security Advisory, 20051201-01-U, January 20, 2006

Debian Security Advisory, DSA-950-1, January 23, 2006

Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006

Debian Security Advisories,
DSA-961-1 & 962-1, February 1, 2006

Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200603-02, March 4, 2006

Multiple Vendors

OpenSSH 3.x, 4.x; RedHat Fedora Core3 & Core4

A vulnerability has been reported in 'scp' when performing copy operations that use filenames due to the insecure use of the 'system()' function, which could let a malicious user obtain elevated privileges.

Fedora

Trustix

Patches available

OpenBSD

SuSE

Slackware

Gentoo

Ubuntu

RedHat

There is no exploit code required.

OpenSSH SCP Shell Command Execution

CVE-2006-0225

Security Focus, Bugtraq ID: 16369, January 24, 2006

Fedora Security Advisory, FEDORA-2006-056, January 24, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

Security Focus, Bugtraq ID: 16369, January 31, 2006

Secunia Advisory: SA18798, February 13, 2006

SUSE Security Announcement, SUSE-SA:2006:008, February 14, 2006

Slackware Security Advisory, SSA:2006-045-06, February 14, 2006

Gentoo Linux Security Advisory, GLSA 200602-11, February 20, 2006

Ubuntu Security Notice, USN-255-1, February 21, 2006

RedHat Security Advisory, RHSA-2006:0044-14, March 7, 2006

Multiple Vendors

Squid Web Proxy Cache 2.5 .STABLE3-STABLE10, STABLE1

A remote Denial of Service vulnerability has been reported when handling certain client NTLM authentication request sequences.

Upgrades available

Ubuntu

Debian

Mandriva

SCO

SUSE

RedHat

Currently we are not aware of any exploits for this vulnerability.

Squid NTLM Authentication Remote Denial of Service

CVE-2005-2917

Secunia Advisory: SA16992, September 30, 2005

Ubuntu Security Notice, USN-192-1, September 30, 2005

Debian Security Advisory, DSA 828-1, September 30, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:181, October 11, 2005

SCO Security Advisory, SCOSA-2005.44, November 1, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

RedHat Security Advisory, RHSA-2006:0052-7, March 7, 2006

Multiple Vendors

Linux kernel 2.6-2.6.15 .4

 

Multiple vulnerabilities have been reported: a Denial of Service vulnerability has been reported in the 'nfs_get_user_pages()' function due to insufficient checks on the return value; a Denial of Service vulnerability has been reported due to missing checks for bad elf entry addresses; and a Denial of Service vulnerability has been reported in the 'sys_mbind()' function due to insufficient sanity checks.

Updates available

Fedora

There is no exploit code required.

Linux Kernel Local Denials of Service

CVE-2006-0554
CVE-2006-0555
CVE-2006-0741

1
(CVE-2006-0554)

1.6
(CVE-2006-0555)

1.3
(CVE-2006-0741)

 

Secunia Advisory: SA19083, March 2, 2006

Multiple Vendors

RedHat Enterprise Linux WS 4, ES 4, AS 4, Desktop 4.0; GNU Libtasn1 prior to 1.2.10,
GnuTLS prior to 1.2.10

A remote Denial of Service vulnerability has been reported due to improper decoding of DER encoded data. This could possibly lead to the execution of arbitrary code.

libtasn

gnutls

RedHat

Fedora

Mandriva

Gentoo

Ubuntu

Debian

Debian

A Proof of Concept exploit has been published.

GnuTLS libtasn1 DER Decoding Remote Denial of Service

CVE-2006-0645

Security Tracker Alert ID: 1015612, February 11, 2006

RedHat Security Advisory, RHSA-2006:0207-01, February 10, 2006

Fedora Update Notification,
FEDORA-2006-107, February 10, 2006

Mandriva Security Advisory, MDKSA-2006:039, February 13, 2006

Gentoo Linux Security Advisory, GLSA 200602-08, February 16, 2006

Ubuntu Security Notice, USN-251-1, February 16, 2006

Debian Security Advisories,
DSA-985-1 & DSA-986-1, March 6, 2006

Multiple Vendors

RedHat Fedora Core4; Linux Kernel 2.6.x

A Denial of Service vulnerability has been reported in the 'die_if_kernel()' function because it is erroneously marked with a 'noreturn' attribute.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel 'die_if_kernel()' Potential Denial of Service

CVE-2006-0742

Not Available
Security Focus, Bugtraq ID: 16993, March 5, 2006

Multiple Vendors

SpamAssassin 3.0.4;
RedHat Fedora Core3

A vulnerability has been reported due to a failure to handle exceptional conditions, which could let a remote malicious user bypass spam detection.

SpamAssassin

Fedora

SUSE

Trustix

Mandriva

RedHat

There is no exploit code required.

SpamAssassin Spam Detection Bypass

CVE-2005-3351

Fedora Update Notification,
FEDORA-2005-1065, November 9, 2005

SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0064, November 22, 2005

Mandriva Linux Security Advisory, MDKSA-2005:221, December 2, 2005

RedHat Security Advisory, RHSA-2006:0129-8, March 7, 2006

Multiple Vendors

Tin News Reader 1.8 & prior ;
OpenPKG 2.5, 2.4, 2.3, OpenPKG Current

A off-by-one buffer overflow vulnerability has been reported due to insufficient boundary checks on user-supplied data before using it in a finite-sized buffer, which could let a remote malicious user execute arbitrary code.

Tin News Reader

OpenPKG

SuSE

There is no exploit code required.

Tin News Reader Buffer Overflow

CVE-2006-0804

7

Security Focus, Bugtraq ID: 16728, February 20, 2006

OpenPKG Security Advisory, OpenPKG-SA-2006.005, February 19, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
Linux kernel 2.6-2.6.15

A vulnerability has been reported in the 'cm-crypt' driver due to a failure to clear memory, which could let a malicious user obtain sensitive information.

Updates available

Ubuntu

Trustix

Fedora

RedHat

Currently we are not aware of any exploits for this vulnerability.

Linux Kernel DM-Crypt Local Information Disclosure

CVE-2006-0095

Security Focus, Bugtraq ID: 16301, January 18, 2006

Ubuntu Security Notice, USN-244-1 January 18, 2006

Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006

Secunia Advisory: SA18774, February 8, 2006

RedHat Security Advisory, RHSA-2006:0132-31, March 7, 2006

Multiple Vendors

Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32;
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, 10.1 x86_64, 10.1, Corporate Server 3.0 x86_64, 3.0;
GNU Mailman 2.1-2.1.5, 2.0-2.0.14

A remote Denial of Service vulnerability has been reported in the email date parsing functionality due to an error in the handling of dates.

Mandriva

Ubuntu

Debian

RedHat

There is no exploit code required.

GNU Mailman Remote Denial of Service

CVE-2005-4153

Security Focus, Bugtraq ID: 16248, January 16, 2006

Ubuntu Security Notice, USN-242-1 January 16, 2006

Debian Security Advisory, DSA-955-1, January 25, 2006

RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006

PHP

PHP 5.0 .0-5.0.5, 4.4 .0, 4.3.1 -4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0 0-4.0.7

A Denial of Service vulnerability has been reported in the 'sapi_apache2.c' file.

PHP 5.1.0 final and 4.4.1 final are not affected by this issue. Please contact the vendor to obtain fixes.

Gentoo

Mandriva

Trustix

Ubuntu

Apple

There is no exploit code required.

PHP Apache 2 Denial of Service

CVE-2005-3319

Security Focus, Bugtraq ID: 15177, October 24, 2005

Gentoo Linux Security Advisory, GLSA 200511-08, November 14, 2005

Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005

Ubuntu Security Notice, USN-232-1, December 23, 2005

Apple Security Update 2006-001, March 1, 2006

Rahul Dhesi

Zoo 2.10

A buffer overflow vulnerability has been reported in the 'fullpath()' in 'misc.c' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

SuSE

Gentoo

Currently we are not aware of any exploits for this vulnerability.

zoo Buffer Overflow

CVE-2006-0855

3.9

Security Tracker Alert ID: 1015668, February 23, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Gentoo Linux Security Advisory, GLSA 200603-05, March 6, 2006

Sun Microsystems, Inc.

Solaris 10.0 _x86, 10.0, 9.0 _x86, 9.0, 8.0 _x86, 8.0

Several vulnerabilities have been reported in 'lpsched(1M)' which could let a malicious user modify system/user information or cause a Denial or Service.

Sun

Avaya

Currently we are not aware of any exploits for these vulnerabilities.

Sun Solaris 'LPSCHED' Vulnerabilities

CVE-2006-0227

Sun(sm) Alert Notification
Sun Alert ID: 102033, January 13, 2006

Secunia Advisory: SA19087, March 4, 2006

Sun Microsystems, Inc.

Solaris 10.0 _x86, 10.0, 9.0 _x86, 9.0, 8.0 _x86, 8.0

A Denial of Service vulnerability has been reported in the 'pagedata' subsystem of the Process FIle System.

Update information

Currently we are not aware of any exploits for this vulnerability.

Sun Solaris Proc Filesystem Pagedata Subsystem Denial of Service

CVE-2006-1092

Not Available
Sun(sm) Alert Notification
Sun Alert ID: 102159, March 3, 2006

TEG

Tenes Empanadas Graciela 0.11.1

A remote Denial of Service vulnerability has been reported due to an off-by-one error within the handling of the nickname supplied by the user.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a client version of the application.

Tenes Empanadas Graciela Remote Denial of Service
Not Available Security Focus, Bugtraq ID: 16982, March 6, 2006

up-imapproxy

up-imapproxy 1.2.4, 1.2.3

A format string vulnerability has been reported in the 'ParseBannerAnd
Capability()' function when processing the banner or capability line received from the IMAP server, which could let a remote malicious user execute arbitrary code.

Debian

Gentoo

A Proof of Concept exploit script has been published.

up-imapproxy Format String

CVE-2005-2661

Debian Security Advisory DSA 852-1, October 9, 2005

Security Focus, Bugtraq ID: 15048, November 3, 2005

Gentoo Linux Security Advisory, GLSA 200603-04, March 6, 2006

Yukihiro Matsumoto

Ruby 1.6 - 1.6.8, 1.8 - 1.8.2

A vulnerability has been reported in 'eval.c' due to a flaw in the logic that implements the SAFE level checks, which could let a remote malicious user bypass access restrictions to execute scripting code.

Patches available

Updates available

Gentoo

Ubuntu

Debian

RedHat

Debian

Conectiva

Mandriva

RedHat

SGI

SuSE

There is no exploit code required.

Ruby Safe Level Restrictions Bypass

CVE-2005-2337

Security Tracker Alert ID: 1014948, September 21, 2005

US-CERT VU#160012

Gentoo Linux Security Advisory, GLSA 200510-05, October 6, 2005

Ubuntu Security Notice, USN-195-1, October 10, 2005

Debian Security Advisories, DSA 860-1 & DSA 862-1, October 11, 2005

RedHat Security Advisory, RHSA-2005:799-3, October 11, 2005

Debian Security Advisory, DSA 864-1, October 13, 2005

Conectiva Linux Announcement, CLSA-2005:1030, October 13, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:191, October 21, 2005

RedHat Security Advisory, RHSA-2005:799-6, Updated October 25, 2005

SGI Security Advisory, 20051003-01-U, October 26, 2005

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description

Common Name

CVSS
Resources

Alien Arena 2006 GE

Alien Arena 2006 GE 5.0 & prior

Multiple vulnerabilities have been reported including a format string vulnerability, a buffer overflow vulnerability, and a Denial of Service vulnerability due to insufficient sanitization of user-supplied input, which could let a remote malicious user cause a Denial of Service or execute arbitrary code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit script, aa2k6x.c, has been published.

Alien Arena 2006 GE Multiple Remote Vulnerabilities
Not Available Security Focus, Bugtraq ID: 17028, March 7, 2006

Apache Software Foundation

Struts 1.2.7

A Cross-Site Scripting vulnerability has been reported in error response due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

Upgrade available

RedHat

There is no exploit code required; however, a Proof of Concept exploit has been published.

Apache Struts Cross-Site Scripting

CVE-2005-3745

Security Focus, Bugtraq ID: 15512, November 21, 2005

RedHat Security Advisory, RHSA-2006:0161-01, March 7, 2006

Apache Software Foundation

Tomcat 5.5-5.5.12

A remote Denial of Service vulnerability has been reported due to the inefficient generation of directory listing for web directories that have a large number of files.

RedHat

There is no exploit code required.

Apache Tomcat Remote Denial of Service

CVE-2005-3510

Security Tracker Alert ID: 1015147, November 3, 2005

RedHat Security Advisory, RHSA-2006:0161-01, March 7, 2006

Aztek Forum

Aztek Forum 4.0

An HTML injection vulnerability has been reported in the message body due to insufficient sanitization when posting a new message before saving, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

Aztek Forum HTML Injection

CVE-2006-1110

Not Available
Security Focus, Bugtraq ID: 16938, March 3, 20-06

Bitweaver

Bitweaver 1.2.1, 1.2, 1.1.1 beta

An HTML injection vulnerability has been reported due to insufficient sanitization of the 'title' field when editing submitted articles and reportedly also when commenting on articles, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited with a web browser; however, a Proof of Concept exploit has been published.

Bitweaver Title Injection
Not Available Secunia Advisory: SA19101, March 6, 2006

CutePHP

CuteNews 1.4.1

A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

CutePHP CuteNews Cross-Site Scripting
Not Available KAPDA Advisory #30, March 4, 2006

Cyboards

Cyboards PHP Lite 1.25, 1.21

An SQL injection vulnerability has been reported in 'process_post.php' due to insufficient sanitization of the 'parent' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited using a web client.

CyBoards PHP Lite SQL Injection
Not Available Secunia Advisory: SA19135, March 6, 2006

D2-Shoutbox

D2-Shoutbox 4.2

An SQL-injection vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, an exploit script, D2-Shoutbox-exp.pl, has been published.

D2-Shoutbox SQL Injection
Not Available Security Focus, Bugtraq ID: 16984, March 6, 2006

Daverave

HitHost 1.0

Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.

Daverave HitHost Multiple Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17025, March 7, 2006

Daverave

Link Bank 0

A Cross-Site Scripting vulnerability has been reported in 'Iframe.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

Link Bank Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 17001, March 7, 2006
Daverave

Link Bank 0

A script injection vulnerability has been reported which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

Link Bank Remote PHP Script Code Injection
Not Available Security Focus, Bugtraq ID: 17004, March 7, 2006

Daverave

Simplog 1.0.2

A vulnerability has been reported in 'index.php' due to insufficient verification of the 'act' and 'blogid' parameters before using to include files, which could let a remote malicious user obtain sensitive information.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Simplog Information Disclosure

CVE-2006-1073

Secunia Advisory: SA19115, March 6, 2006

DCI-Designs

Dawaween 1.03

An SQL injection vulnerability has been reported in 'Poems.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited using a web client; however, a Proof of Concept exploit and exploit details, DawaweenSQL.txt, have been published.

DCI-Designs Dawaween SQL Injection

CVE-2006-1018

Security Focus, Bugtraq ID: 16909, March 2, 2006

Digital Builder

NZ Ecommerce System 0

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'action' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'informationID' and 'ParentCategory' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

The vendor has disputed these vulnerabilities.

NZ Ecommerce Cross-Site Scripting & SQL Injection

CVE-2006-1096
CVE-2006-1098

Not Available
Security Focus, Bugtraq ID: 16931, March 2, 2006

DVGuest
book

DVGuestbook 1.2.2, 1.0

Cross-Site Scripting vulnerabilities have been reported in 'dv_gbook.php' due to insufficient sanitization of the 'f' parameter and in 'index.php' due to insufficient sanitization of the 'page' parameter, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published.

DVGuestbook Multiple Cross-Site Scripting

CVE-2006-1070
CVE-2006-1071

2.3
(CVE-2006-1070)

2.3 (CVE-2006-1071)

 

Security Focus, Bugtraq ID: 16968, March 6, 2006

Easy Forum

Easy Forum 2.5

An HTML injection vulnerability was reported in the user image file due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

Update available

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

Easy Forum HTML Injection

CVE-2006-0877

Security Focus, Bugtraq ID: 16958, March 4, 2006

Evo-Dev

evoBlog 0

An HTML injection vulnerability has been reported in Comment Post due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability may exploit this issue with a web browser.

Evo-Dev evoBlog HTML Injection

CVE-2006-1077

Security Focus, Bugtraq ID: 16983, March 6, 2006

Fantastic Scripts

Fantastic News 2.1.2 & prior

A code execution vulnerability has been reported in 'archive.php,' which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

Fantastic News Remote Code Execution
Not Available Security Focus, Bugtraq ID: 16985, March 6, 2006

FFmpeg

FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS

A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code.

Patches available

Ubuntu

Mandriva

Ubuntu

Gentoo

Gentoo

Currently we are not aware of any exploits for this vulnerability.

FFmpeg Remote Buffer Overflow

CVE-2005-4048

Secunia Advisory: SA17892, December 6, 2005

Ubuntu Security Notice, USN-230-1, December 14, 2005

Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005

Ubuntu Security Notice, USN-230-2, December 16, 2005

Gentoo Linux Security Advisory, GLSA 200602-01, February 5, 2006

Gentoo Linux Security Advisory, GLSA 200603-03, March 4, 2006

Gallery Project

Gallery 2.0-2.0.2

Several vulnerabilities have been reported: a script insertion vulnerability was reported due to insufficient sanitization of 'getRemoteHostAddress()' via the X_FORWARDED_FOR HTTP header before saving, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in session id due to insufficient sanitization before using, which could let a remote malicious user delete arbitrary files.

Updates available

Vulnerabilities can be exploited through use of a web client.

Gallery Script Insertion & File Handling
Not Available Security Tracker Alert ID: 1015717, March 3, 2006

Game-Panel

Game-Panel 2.6.1, 2.6

A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

Game-Panel Cross-Site Scripting

CVE-2006-1080

Security Focus, Bugtraq ID: 16979, March 6, 2006

Gregarius

Gregarius 0.5.2

Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'search.php' due to insufficient sanitization of the 'rss_query' parameter and in 'tags.php' due to insufficient sanitization of the 'tag' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'feed.php' due to insufficient sanitization of the 'folder' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

The vulnerabilities have reportedly been fixed in the CVS repositories.

Vulnerabilities could be exploited with a web client.

Gregarius Cross-Site Scripting & SQL injection

CVE-2006-1041
CVE-2006-1042

2.3
(CVE-2006-1041)

4.7
(CVE-2006-1042)

Secunia Advisory: SA19102, March 6, 2006

Gregory Trubetskoy

mod_python 3.2.7

A vulnerability has been reported in mod_python's 'FileSession' object, which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Apache mod_python Remote Code Execution

CVE-2006-1095

Not Available
Security Focus, Bugtraq ID: 16916, March 2, 2006

Guestbox

Guestbox 0.6

Multiple vulnerabilities have been reported: a vulnerability was reported in the authentication process due to an error, which could let a remote malicious user obtain unauthorized access and post comments; a vulnerability was reported in 'guestbox.php' when posting an entry due to insufficient sanitization of the 'url' parameter, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'gblog' file because IP addresses are stored insecurely, which could let a remote malicious user obtain sensitive information.

Update available

There is no exploit code required.

Guestbox Vulnerabilities

CVE-2006-0859
CVE-2006-0860
CVE-2006-0861

2.3
(CVE-2006-0859)

2.3
(CVE-2006-0860)

2.3
(CVE-2006-0861)

Secunia Advisory: SA18946, February 21, 2006

Security Focus, Bugtraq ID: 16751, March 6, 2006

IBM

Websphere Application Server 5.0.2.15 & prior 5.0 versions, 5.1.1.9 & prior 5.1 versions

A vulnerability was reported when a remote malicious user submits malformed HTTP requests to the server, which could lead to the disclosure of JSP sourcecode.

Fixes available

Currently we are not aware of any exploits for this vulnerability.

IBM WebSphere Application Server JSP Source Code Disclosure

CVE-2006-1093

Not Available
Security Tracker Alert ID: 1015716, March 2, 2006

Invision Power Services

Invision Board 2.1.5

An SQL injection vulnerability has been reported in 'showtopic' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published.

Invision Power Board SQL Injection

CVE-2006-1076

Security Focus, Bugtraq ID: 16971, March 6, 2006

Jelsoft Enterprises

VBulletin 3.0.12-3.5.3

A vulnerability has been reported in the 'Edit Email & Password' functionality due to insufficient sanitization of the 'Email Address' field before storing in the user's profile, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

vBulletin User Email Address Script Insertion

CVE-2006-1040

KAPDA Advisory #26, March 2, 2006

logIT

logIT 1.4, 1.3

A file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been published.

LogIT Remote File Include

CVE-2006-1099

Not Available
Security Focus, Bugtraq ID: 16932, March 2, 2006

Loudblog

Loudblog 0.41

Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'podcast.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Directory Traversal vulnerability was reported in 'index.php' due to insufficient sanitization of the 'template' parameter before using to view files, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in 'inc/backend_settings.php' due to insufficient verification of the 'language' parameter and in 'index.php' due to insufficient verification of the 'page' parameter, which could let a remote malicious user include arbitrary files.

No workaround or patch available at time of publishing.

Vulnerabilities could be exploited with a web client; however, Proof of Concept exploits have been published.

Loudblog Multiple Input Validation

CVE-2006-1113
CVE-2006-1114

Not Available
Secunia Advisory: SA19172, March 8, 2006

L-Soft

Listserv 14.4, 14.3

Multiple unspecified vulnerabilities have been reported which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for these vulnerabilities.

L-Soft Listserv Multiple Unspecified Vulnerabilities

CVE-2006-1044

NGSSoftware Insight Security Research Advisory , March 4, 2006

Lurker

Lurker 2.0 & prior

Multiple vulnerabilities have been reported: an input validation vulnerability was reported in 'lurker.cgi,' which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to an unspecified error which could let a remote malicious user create or overwrite arbitrary files in any directory called 'mbox;' and a vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

Updates available

Vulnerabilities can be exploited through use of a web client.

Lurker Multiple Vulnerabilities

CVE-2006-1062
CVE-2006-1063
CVE-2006-1064

2.3
(CVE-2006-1062)

2.3
(CVE-2006-1063)

Secunia Advisory: SA19136, March 6, 2006

m-phorum

m-phorum 0.2

A file include vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client.

M-Phorum Remote File Include
Not Available Security Focus, Bugtraq ID: 16977, March 6, 2006

Multiple Vendors

MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2;
Gentoo Linux;
Ethereal Group Ethereal 0.10.1-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7

A vulnerability has been reported in Ethereal IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service.

Mandriva

Gentoo

SUSE

Conectiva

Mandriva

Avaya

SuSE

Currently we are not aware of any exploits for this vulnerability.

Ethereal Denial of Service

CVE-2005-3313

3.3

Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005

Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005

SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005

Conectiva Security Announcement, CLSA-2005:1043, November 8, 2005

Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006

Avaya Security Advisory, ASA-2006-046, February 13, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

Multiple Vendors

NetGear WGT624 0, RT314/RT311 Gateway Router Firmware 3.25, RT314/RT311 Gateway Router Firmware 3.24, RT314/RT311 Gateway Router Firmware 3.22,
RT-338, ME102 1.4, ME102 1.3, FVS318v2 2.4, FVS318 2.4, FVS318 1.3, FVS318 1.2, FVS318 1.1, FVS318 1.0, FM114P, DG834G, DG834 ADSL Firewall Router;
Linksys WRT54GS 4.70.6 (Firmware), 4.50.6 (Firmware), WRT54G 4.0 4.20.6 (Firmware), 4.0.7 (Firmware), 3.0 3.3.6 (Firmware), 3.0 3.1.3 (Firmware), 2.0 2.4.4 (Firmware), 2.0 2.0 2.8 beta(Firmware), 2.0 2.0 0.8 (Firmware), 1.0 1.42.3 (Firmware), WAP55AG 1.0.7, WAP11 2.2 , 1.4 , 1.3, Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.42.7, 1.40.3, 1.37.9 b, 1.37.2 b, 1.37.2, EtherFast BEFVP41 Router 1.39.64, BEFVP41 Router, EtherFast BEFSRU31 Router 1.44, 1.43.3, 1.43, 1.42.7, 1.42.3, 1.41, 1.40.2, EtherFast BEFSR81 Router 2.44, 2.42.7, BEFSR81 Router, EtherFast BEFSR41 Router 1.45.7, 1.44, 1.43.3, 1.43, 1.42.7, 1.42.3, 1.41, 1.40.2,
1.35-1.39, 1.0 5.00, EtherFast BEFSR11 Router 1.44, 1.43.3, 1.43, 1.42.7, 1.42.3, 1.41, 1.40.2, EtherFast BEFN2PS4 Router, BEFW11S4 v4, BEFW11S4 v3, BEFW11S4 1.44, 1.43.3, 1.4.3,
1.4.2 .7, BEFVP41 1.42.7, 1.40 .4, 1.40 .3f, BEFSX41 1.45.3, 1.44.3 , 1.44, 1.43.4, 1.43.3, 1.43, 1.42.7, BEFSR81 v3, v2, BEFSR81, BEFSR41W, BEFSR41 v3, BEFSR41 v2 , BEFSR41 v1, BEFN2PS4 1.42.7, BEFCMU10

A remote IRC Denial of Service vulnerability has been reported in Linksys and Netgear routers due to a failure to properly handle unexpected network traffic.

No workaround or patch available at time of publishing.

Vulnerability can be exploited via a standard IRC client.

Multiple Router Vendor Remote IRC Denial of Service

CVE-2006-1067
CVE-2006-1068

2.3 (CVE-2006-1067)

2.3 (CVE-2006-1068)

Security Focus, Bugtraq ID: 16954, March 4, 2006

Multiple Vendors

WordPress 1.5.2;
Gentoo Linux

An SQL injection vulnerability has been reported due to insufficient sanitization of the 'User-Agent' HTTP header when commenting on an article, which could let a remote malicious user execute arbitrary SQL code.

Update available

Gentoo

Currently we are not aware of any exploits for this vulnerability.

Wordpress SQL Injection

CVE-2006-1012

Secunia Advisory: SA19109, March 6, 2006

Gentoo Linux Security Advisory, GLSA 200603-01, March 4, 2006

nCipher

nCipher Software CD 0, MSCAPI CSP 5.54 ,MSCAPI CSP 5.50, CHIL

Multiple vulnerabilities have been reported: a vulnerability was reported in HSM when choosing random parameters for use in the generation of Diffie-Hellman (DH) keys, which could let a remote malicious user obtain sensitive information; a vulnerability was reported in the nCore API because CBC MACs are not properly calculated and verified which could lead to a failure to to detect certain modifications to messages; and a vulnerability was reported because certain functionality in the firmware that are meant for testing purposes may be exploited to generate keys with reduced security properties.

Update to V10 firmware version 2.22.6 or later.

Currently we are not aware of any exploits for these vulnerabilities.

nCipher Products Multiple Vulnerabilities

CVE-2006-1115
CVE-2006-1116
CVE-2006-1117

Not Available
Secunia Advisory: SA19137, March 7, 2006

Nidelven IT

Issue Dealer prior to 0.9.96

A vulnerability has been reported in the weblog publisher when validating received issue IDs, which could let a remote malicious user obtain sensitive information.

Updates available

There is no exploit code required.

Issue Dealer Information Disclosure

CVE-2006-0979

Secunia Advisory: SA19018, February 28, 2006

NMDeluxe

NMDeluxe 1.0

Multiple vulnerabilities have been reported: a script insertion vulnerability was reported in 'news.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'news.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

Update available

Vulnerabilities can be exploited through use of a web client.

NMDeluxe Script Insertion & SQL Injection
Not Available Secunia Advisory: SA19117, March 7, 2006

Oracle

Diagnostics 2.0-2.2,
Oracle Applications 11i 11.5.10 CU1 & CU2,11i 11i 11.5.3-11.5.10

Multiple vulnerabilities have been reported including insecure permissions vulnerabilities, access vulnerabilities, and SQL injection vulnerabilities, which could let a remote malicious user obtain sensitive information or execute arbitrary SQL code.

Patch information

Vulnerabilities would likely be exploited from a web browser; however, a Proof of Concept exploit has been published.

Oracle Diagnostics Multiple Vulnerabilities

CVE-2006-1035
CVE-2006-1036
CVE-2006-1037

7
(CVE-2006-1035)

7
(CVE-2006-1036)

7
(CVE-2006-1037)

 

Security Focus, Bugtraq ID: 16844, February 27, 2006

US-CERT VU#298958

Oreka

Oreka 0.1-0.4

A remote Denial of Service vulnerability has been reported due to an error in Orkaudio when handling a certain sequence of RTP packets.

Updates available

Currently we are not aware of any exploits for this vulnerability.

Oreka Remote Denial of Service

CVE-2006-0912

Secunia Advisory: SA19095, March 3, 2006

Owl

Owl Intranet Engine 0.82

A file include vulnerability has been reported in 'lib/OWL_API.php' due to insufficient verification of the 'xrms_file_root' parameter, which could let a remote malicious user execute arbitrary PHP code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit script, owl_082_xpl.pl, has been published.

Owl Intranet Engine Remote File Include
Not Available Security Focus, Bugtraq ID: 17021, March 7, 2006

phpArcade
Script

phpArcade
Script 2.0

Cross-Site Scripting vulnerabilities has been reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited using a web client; however, Proof of Concept exploits have been published.

phpArcadeScript Cross-Site Scripting

CVE-2006-1082

Secunia Advisory: SA19124, March 6, 2006

PhpStats

PHP-Stats 0.1.9 .10.1.9.1 & prior

Multiple vulnerabilities have been reported: a file include vulnerability was reported in 'admin.php' due to insufficient verification of the 'option[language]' and 'option[template]' parameters, which could let a remote malicious user execute arbitrary code; an SQL injection vulnerability was reported in 'admin.php' due to insufficient sanitization of the 'option[prefix]' parameter and in 'click.php' due to insufficient sanitization of the 'PC_REMOTE_ADDR' HTTP header, which could let a remote malicious user execute arbitrary SQL code; an input validation vulnerability was reported in 'admin.php,' which could let a remote malicious user execute arbitrary PHP code; and a vulnerability was reported in 'checktables.php' because it is possible to disclose database table prefixes.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client.

Php-Stats File Include, SQL Injection, Input Validation & Information Disclosure

CVE-2006-1083
CVE-2006-1084
CVE-2006-1085
CVE-2006-1087
CVE-2006-1088

7 (CVE-2006-1083)

7 (CVE-2006-1084)

10 (CVE-2006-1085)

4.2 (CVE-2006-1087)

2.3 (CVE-2006-1088)

Secunia Advisory: SA19116, March 6, 2006

pixelpost

Pixelpost 1.4.3, 1.5 beta 1

Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited with a web client.

Pixelpost Multiple Input Validation

CVE-2006-1104
CVE-2006-1105
CVE-2006-1106

Not Available
Security Focus, Bugtraq ID: 16964, March 4, 2006

PluggedOut

Nexus 0.1

An SQL injection vulnerability has been reported in 'forgotten_password.php' due to insufficient sanitization of the 'email' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.

PluggedOut Nexus SQL Injection

CVE-2006-1081

Security Tracker Alert ID: 1015715, March 2, 2006

Ravenous

Ravenous 0.7

A vulnerability has been reported due to a failure to properly secure sensitive information, which could let a remote malicious user obtain unauthorized access.

Update available

Vulnerability can be exploited through use of a web client.

Ravenous Unauthorized Access
Not Available Security Focus, Bugtraq ID: 17013, March 7, 2006

RunCMS

RunCMS 1.2, 1.1 A, 1.1, 1.3.a5, 1.3.a2, 1.3.a

A Cross-Site Scripting vulnerability has been reported in 'bigshow.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

RunCMS Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 16970, March 6, 2006

SAP

SAP Web Application Server prior to 7.00r

A vulnerability has been reported due to insufficient validation of user-supplied input in URLs, which could let a remote malicious user execute arbitrary data.

The vendor has provided patches (reference SAP Note 908147 and 915084).

Currently we are not aware of any exploits for this vulnerability.

SAP Web Application Server URL Handling

CVE-2006-1039

Security Tracker Alert ID: 1015702, March 1, 2006

Sauerbraten

Sauerbraten 2006_02_28,
Sauerbraten Cube 2005_08_09

Multiple vulnerabilities have been reported including a buffer overflow vulnerability and several Denials of Service, which could let a remote malicious user execute arbitrary machine code or crash both clients and servers.

No workaround or patch available at time of publishing.

Exploit scripts, sauerburn.zip and evilcube.c, have been published.

Sauerbraten Multiple Remote Vulnerabilities

CVE-2006-1100
CVE-2006-1101
CVE-2006-1102
CVE-2006-1103

Not Available
Security Focus, Bugtraq ID: 16986, March 6, 2006

Send
card

Sendcard prior to 3.3.0

Several SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in SQL queries, which could let a remote malicious user execute arbitrary SQL code.

Updates available

Vulnerabilities can likely be exploited via a web browser.

Sendcard Unspecified SQL Injection

CVE-2006-1006

Security Focus, Bugtraq ID: 16900, March 1, 2006

Skate Board

Skate Board 0.9

Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of the 'usern,' 'passwd,' and 'sf_cookie' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code, bypass the authentication process, and execute arbitrary PHP code; and a script insertion vulnerability was reported due to insufficient sanitization of unspecified input in various fields when registering, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerabilities could be exploited with a web client.

Skate Board Input Validation

CVE-2006-0809
CVE-2006-0810
CVE-2006-0811

7
(CVE-2006-0809)

4.2
(CVE-2006-0810)

2.3
(CVE-2006-0811)

 

 

Security Focus, Bugtraq ID: 16936, March 3, 2005

SMBlog

SMBlog 1.2

A vulnerability has been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP commands.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit, SMBlog.txt, has been published.

SMBlog Arbitrary PHP Command Execution

CVE-2006-1013

Security Focus, Bugtraq ID: 16905, March 1, 2006

SquirrelMail Development Team

SquirrelMail 1.4.5 & prior

Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'webmail.php' due to insufficient sanitization of the 'right_main' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to comments in styles before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'sqimap_mailbox_select mailbox' parameter due to insufficient sanitization before using in an IMAP query, which could let a remote malicious user inject arbitrary IMAP commands.

The vulnerabilities have been fixed in the CVS repository and fixes will be included in the upcoming 1.4.6 version.

Mandriva

Fedora

SuSE

There is no exploit code required.

SquirrelMail Multiple Cross-Site Scripting & IMAP Injection

CVE-2006-0188
CVE-2006-0195
CVE-2006-0377

2.3
(CVE-2006-0188)

2.3
(CVE-2006-0195)

2.3
(CVE-2006-0377)

 

Secunia Advisory: SA18985, February 22, 2006

Mandriva Linux Security Advisory, MDKSA-2006:049, February 27, 2006

Fedora Update Notification,
FEDORA-2006-133, March 3, 2006

SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006

STLport

STLport prior to 5.0.2

Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in 'src/c_locale_glibc/
c_locale_glibc2.c' due to the unsafe use of the 'strcpy()' function when copying locale category names, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in 'src/num_put_float.cpp' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code.

Updates available

Currently we are not aware of any exploits for these vulnerabilities.

STLPort Library Buffer Overflows

CVE-2006-0963

Security Focus, Bugtraq ID: 16928, March 2, 2006

Total
ECommerce

Total
ECommerce 1.0

An SQL injection vulnerability has been reported in 'index.asp' due to insufficient sanitization of the 'if' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

Total Ecommerce SQL Injection

CVE-2006-1109

Not Available
Secunia Advisory: SA19103, March 6, 2006

UKiWEB

UKiBoard 3.0.1

An HTML injection vulnerability has been reported in 'fce.php' BBCode due to insufficient sanitization of user-supplied input before using in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability may be exploited with a web browser.

UKiWEB UKiBoard HTML Injection

CVE-2006-1019

Security Focus, Bugtraq ID: 16912, March 2, 2006

VBZoom

VBZoom 1.11

Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proof of Concept exploits have been published.

VBZooM Forum Multiple Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 16956, March 4, 2006

VBZoom

VBZoom 1.11

An SQL injection vulnerability has been reported in 'show.php' due to insufficient sanitization of 'MainID,' which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit has been published.

VBZoom Forum SQL Injection
Not Available Security Focus, Bugtraq ID: 16955, March 4, 2006

VBZoom

VBZoom 1.11

A Cross-Site Scripting vulnerability has been reported in 'profile.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.

VBZoom 'Profile.PHP' Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 16969, March 6, 2006

Vubb

Vubb 0.2

An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'pass' cookie parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

There is no exploit code required; however, an exploit script, vubb_sql_exploit.pl, has been published.

VUBB SQL Injection

CVE-2006-0962

Secunia Advisory: SA19084, March 2, 2006

Woltlab

Burning Board 2.0-2.7, 1.1.1

Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code.

No workaround or patch available at time of publishing.

Vulnerabilities can be exploited through use of a web client; however, exploit details, woltlabBB2x.txt, have been published.

Woltlab Burning Board Multiple SQL Injection
Not Available Security Focus, Bugtraq ID: 16914, March 2, 2006

Woltlab

Burning Board 2.3.4

A Cross-Site Scripting vulnerability has been reported in 'misc.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code.

No workaround or patch available at time of publishing.

Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.

Woltlab Burning Board Cross-Site Scripting
Not Available Security Focus, Bugtraq ID: 16959, March 4, 2006

Xerox

WorkCentre Pro 90, 75, 65, CopyCentre C90 0, C75 0, C65 0

Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the PostScript file interpreter due to a boundary error, which could let a remote malicious user cause a Denial of Service; a remote Denial of Service vulnerability was reported due to two unspecified errors when handling PostScript files; a remote Denial of Service vulnerability was reported due to an unspecified error in the built-in web server; and a vulnerability was reported in the ESS / Network Controller because an image overwrite can fail in certain situations after a power loss.

Update information

Currently we are not aware of any exploits for these vulnerabilities.

Xerox WorkCentre / CopyCentre Multiple Vulnerabilities
Not Available XEROX Security Bulletin, XRX06-002, March 6, 2006


Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code that has been identified during the current reporting period.

  • aircrackng-0.1.tar.gz: A set of tools for auditing wireless networks that is an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).


General Trends
This section contains brief summaries and links to articles which discuss or present information pertinent to the cyber security community.

  • Zombie PCs menace mankind: According to symantec's Internet Security Threat Report, cybercrooks are developing more sophisticated techniques to steal confidential data. Malicious hackers are increasingly using bot-networks, modular malicious code, and targeted attacks on web applications and web browsers to carry out cyber raids.
  • Risky sites account for 5 percent of traffic: According to SiteAdvisor, a company founded by graduate students from the Massachusetts Institute of Technology, a significant number of visits to Web pages could place consumer's computers at risk. They use a legion of automated virtual computers to scan the Internet for dangerous Web sites. They found that sites accounting for 5 percent of all Web traffic attempted to upload hostile programs to a visitor's computer, or acted in some other malicious way.
  • 0602-exploits.tgz: Packet Storm new exploits for February, 2006.
  • Hunt Intensifies for Botnet Command & Controls: A group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers. The idea is to open up a new reporting mechanism for ISPs and IT administrators to report botnet activity, especially the C&C (command-and-control) system that remotely sends instructions to botnets.
  • Malware Attacks Drop Off in February: Records were set in January for malware output; however, the malware volume dropped by 26 percent last month. Sophos analysts detected 2,312 new pieces of malware in January, setting a record for the highest volume of malware in one month. In February there were only 1,132 new pieces of malware -- which includes worms, viruses and Trojans -- pop up.


Viruses/Trojans

Top Ten Virus Threats

A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.

Rank
Common Name
Type of Code
Trend
Date
Description
1 Netsky-P Win32 Worm
Stable
March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2 Zafi-B Win32 Worm
Increase
June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3 Lovgate.w Win32 Worm
Slight Decrease
April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4 Mytob-GH Win32 Worm
Slight Decrease
November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
5 Netsky-D Win32 Worm
Slight Decrease
March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
6 Mytob-AS Win32 Worm
Increase
June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7 Sober-Z Win32 Worm
Stable
December 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
8 Mytob.C Win32 Worm
Decrease
March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
9 Zafi-D Win32 Worm
Slight Increase
December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
10 Mytob-BE Win32 Worm
Decrease
June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.

Table updated March 7, 2006

[back to top]

 

 

 

Last updated

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top