The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High – Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium – Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low – Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as “Approximated” within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of ‘partial’, IntegImpact of ‘partial’, AvailImpact of ‘partial’, and the impact biases.
Windows Operating Systems Only Vendor & Software Name DescriptionCommon Name
CVSS Resources@Mail Webmail 4.3 for Windows A directory traversal vulnerability has been reported in @Mail Webmail that could let remote malicious users to execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
@Mail Webmail Arbitrary Code Execution Not Available Secunia, Advisory: SA18646, February 2, 2006 Aquifer CMS A vulnerability has been reported in Aquifer CMS that could let remote malicious users conduct Cross-Site Scripting.
Vendor solution available, contact vendor for details.
There is no exploit code required.
Aquifer CMS Cross Site Scripting
2.3 Security Focus, ID: 16162, January 6, 2006
Security Focus, ID: 16162, February 7, 2006
Community Server
Multiple vulnerabilities have been reported in Community Server that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
There is no exploit code required.
Community Server Cross-Site Scripting
2.3 Security Focus, ID: 16478, February 2, 2006 Unicenter TNG 2.1, 2.2, 2.4, 2.4.2
A vulnerability has been reported in Unicenter TNG that could let remote malicious users cause a Denial of Service.
There is no exploit code required.
CA Unicenter TNG Denial of Service
2.3
(CVE-2006-0529)2.3
(CVE-2006-0530)Computer Associates, Security Notice, February 2, 2006 Hosting Controller 6.1 Hotfix 2.8 An input validation vulnerability has been reported in Hosting Controller that could let malicious users perform SQL injection.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Hosting Controller SQL Injection
4.2 Security Tracker, Alert ID: 1015584, February 6, 2006 eXchange POP3 prior to 5.0 b050203
A buffer overflow vulnerability has been reported in eXchange POP3 that could let remote malicious users execute arbitrary code.
eXchange POP3 Server 5.0 b060125
A Proof of Concept exploit has been published.
eXchange POP3 Arbitrary Code Execution
7 Security Tracker, Alert ID: 1015580, February 3, 2006 A vulnerability has been reported in Lexmark Printer Sharing Service that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Lexmark Printer Sharing Service Arbitrary Code Execution
7 Security Tracker, Alert ID: 1015593, February 7, 206 ASPSurvey
A vulnerability has been reported in ASPSurvey that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required.
Loftin Applications ASPSurvey Login.ASP SQL Injection Vulnerability
7 Security Focus, ID: 16496, February 4, 2006 MailEnable Enterprise 1.2 A vulnerability has been reported in MailEnable that could let remote malicious users cause a Denial of Service.
Currently we are not aware of any exploits for this vulnerability.
MailEnable Enterprise Edition Webmail Denial of Service
2.3 Secunia, Advisory: SA18716, February 7, 2006 HTML Help Workshop 4.74.8702.0
A buffer overflow vulnerability has been reported in HTML Help Workshop that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Microsoft HTML Help Workshop Arbitrary Code Execution
7 Secunia, Advisory: SA18740, February 6, 2006 Internet Explorer 70. beta 2
A vulnerability has been reported in Internet Explorer, URLMon.DLL, that could let remote malicious users cause a Denial of Service or possibly execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Microsoft Internet Explorer Denial Of Service
7 Security Focus, ID: 16463, February 1, 2006 Internet Explorer various versions
A vulnerability has been reported in Internet Explorer that could let remote malicious users to execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Internet Explorer Arbitrary Code Execution
7 Microsoft, Security Advisory 913333, February 7, 2006 Windows XP SP1, Server 2003
A vulnerability has been reported in Windows, third party service configurations, that could let local malicious users obtain elevated privileges.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Windows Privilege Elevation
2.9 Microsoft, Security Advisory 914457, February 7, 2006
Winamp 5.11 and prior
A vulnerability has been reported in Winamp that could let remote malicious users cause a Denial of Service.
Currently we are not aware of any exploits for this vulnerability.
Winamp Denial of Service
7 Security Tracker, Alert ID: 1015565, February 2, 2006 The Bat! 2.12.04
A vulnerability has been reported in The Bat! that could let remote malicious users conduct spoofing.
Currently we are not aware of any exploits for this vulnerability.
The Bat! Spoofing Not Available Secunia, Advisory: SA18713, February 8, 2006 Sygate Management Server 4.1 b1417 and prior
An input validation vulnerability has been reported in Sygate Management Server that could let remote malicious users perform SQL injection or obtain unauthorized access.
There is no exploit code required.
Symantec Sygate Management Server SQL Injection or Unauthorized Access
7 Symantec, SYM06-002, February 1, 2006 ServerProtect 5.5.8
A vulnerability has been reported in ServerProtect that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required.
Trend Micro ServerProtect Arbitrary Code Execution Not Available Security Focus, ID: 16483, February 3, 2006 E/POP Web Conferencing 4.1.0.755
A vulnerability has been reported in E/POP Web Conferencing that could let remote malicious users perform HTML injection.
No workaround or patch available at time of publishing.
There is no exploit code required.
WiredRed E/POP Web Conferencing HTML Injection Not Available Security Focus, ID: 16542, February 8, 2006
UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name
|
Description
|
Common Name |
CVSS
|
Resources
|
hcidump 1.29 |
A remote Denial of Service vulnerability has been reported in ’12cap.c’ due to an error when handling L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. No workaround or patch available at time of publishing. A Proof of Concept exploit script, hcidump-crash.c, has been published. |
hcidump Bluetooth L2CAP Remote Denial of Service
|
Not Available
|
Secunia Advisory: SA18741, February 8, 2006 |
Bogofilter Email Filter 0.96.2, 0.95.2, 0.94.14, 0.94.12, 0.93.5 |
Several buffer overflow vulnerabilities have been reported: a vulnerability was reported in bogofilter and bogolexer when character set conversion is performed on invalid input sequences, which could let a remote malicious user cause a Denial of Service; and a vulnerability was reported in bogofilter and bogolexer when processing input that contains overly long words, which could let a remote malicious user cause a Denial of Service. There is no exploit code required. |
Bogofilter Multiple Remote Buffer Overflows |
Bogofilter Security Advisories, bogofilter-SA-2005-01 & 02, January 2, 2006 Ubuntu Security Notice, USN-240-1, January 11, 2006 SuSE Security Summary Report, SUSE-SR:2006:003, February 3, 2006 |
|
cPanel 10 |
Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of unspecified user-supplied input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in ‘mime/handle.html’ due to insufficient sanitization of the ‘extension’ and ‘mime-type’ parameters, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. |
cPanel Cross-Site Scripting |
Secunia Advisory: SA18695, February 7, 2006 | |
LibAST prior to 0.7 |
A buffer overflow vulnerability has been reported in ‘conf.c’ due to a boundary error in the ‘conf_find_file()’ function, which could let a malicious user execute arbitrary code. An exploit script, eterm-exploit.c, has been published. |
LibAST Buffer Overflow |
Secunia Advisory: SA18586, January 25, 2006 Gentoo Linux Security Advisory, GLSA 200601-14, January 29, 2006 Mandriva Security Advisory, MDKSA-2006:029, February 2, 2006 |
|
FreeBSD 5.4 -RELENG, -RELEASE, -PRERELEASE, STABLE, 5.3 -STABLE, -RELENG, -RELEASE |
A remote Denial of Service vulnerability has been reported due to an error in SACK (Selective ACKnowledgement) handling. There is no exploit code required. |
FreeBSD TCP SACK Remote Denial of Service |
FreeBSD Security Advisory, FreeBSD-SA-06:08, February 1, 2006 | |
Tru64 5.1 B-3, B-2 PK4, 5.1 A PK6, 4.0 G PK4, 4.0 F PK8 |
A vulnerability has been reported due to an unspecified error in DNS BIND, which could let a remote malicious user obtain unauthorized access. Currently we are not aware of any exploits for this vulnerability. |
HP Tru64 DNS BIND Remote Unauthorized Access |
HP Security Bulletin, HPSBTU02095, January 31, 2006 | |
IPsec-Tools0.6-0.6.2, 0.5-0.5.2 |
A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in ‘AGGRESSIVE’ mode. Vulnerability can be reproduced with the PROTOS IPSec Test Suite. |
IPsec-Tools ISAKMP IKE Remote Denial of Service |
Security Focus, Bugtraq ID: 15523, November 22, 2005 Ubuntu Security Notice, USN-221-1, December 01, 2005 Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005 SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005 Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006 Mandriva Security Advisory, MDKSA-2006:020, January 25, 2006 Debian Security Advisory, |
|
mailback.pl 1.3. |
A vulnerability has been reported due to insufficient sanitization of the ‘subject’ parameter before used to construct an email message, which could let a remote malicious user bypass security restrictions. Currently we are not aware of any exploits for this vulnerability. |
Mailback Mail Header Injection
|
Not Available
|
Secunia Advisory: SA18748, February 7, 2006 |
MPlayer 1.0pre7try2 |
Integer overflow vulnerabilities have been reported in the ‘new_demux_packet()’ function in ‘libmpdemux/ No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. |
MPlayer Integer Overflows |
Secunia Advisory: SA18718, February 7, 2006 | |
Linux kernel 2.6-2.6.10, 2.4-2.4.28 |
A buffer overflow vulnerability has been reported in the ‘coda_pioctl’ function of the ‘pioctl.c’ file, which could let a malicious user cause a Denial of Service or execute arbitrary code with superuser privileges.
Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel Coda_Pioctl Local Buffer Overflow |
Security Focus, Bugtraq ID: 14967, September 28, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisory, RHSA-2006:0191-9, February 1, 2006 |
|
Linux kernel 2.4 .0-test1-test12, 2.4-2.4.29, 2.6, 2.6-test1-test11, 2.6.1-2.6.11 |
Multiple vulnerabilities have been reported in the ISO9660 handling routines, which could let a malicious user execute arbitrary code. Currently we are not aware of any exploits for these vulnerabilities. |
Security Focus, 12837, March 18, 2005 Fedora Security Update Notification, FEDORA-2005-262, March 28, 2005 Ubuntu Security Notice, USN-103-1, April 1, 2005 Fedora Update Notification FEDORA-2005-313, April 11, 2005 RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005 Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 |
||
Linux Kernel 2.4- 2.4.32 |
A Denial of Service vulnerability has been reported due to insufficient validation of the return code of a function call in the ‘search_binary_handler()’ function. A Proof of Concept exploit has been published. |
Linux Kernel ‘SEARCH_BINARY_ |
Security Focus, Bugtraq ID: 16320, January 19, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisory, RHSA-2006:0190-5, February 1, 2006 |
|
Linux kernel 2.6- 2.6.14 |
A Denial of Service vulnerability has been reported in ‘net/ipv6/udp.c’ due to an infinite loop error in the ‘udp_v6_get_port()’ function. Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel IPV6 Denial of Service |
Secunia Advisory: SA17261, October 21, 2005 Fedora Update Notifications, Security Focus, Bugtraq ID: 15156, October 31, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 |
|
Linux kernel 2.6.10, 2.6, -test1-test 11, 2.6.1- 2.6.11; RedHat Fedora Core2 |
A vulnerability has been reported in the EXT2 filesystem handling code, which could let malicious user obtain sensitive information.
Currently we are not aware of any exploits for this vulnerability. |
Security Focus, 12932, March 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0011, April 5, 2005 Fedora Update Notification FEDORA-2005-313, April 11, 2005 RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005 Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005 SUSE Security Announcement, SUSE-SA:2005:029, June 9, 2005 RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 |
||
Linux Kernel 2.6.x; RedHat Fedora Core4 |
A remote Denial of Service vulnerability has been reported in the ‘ip_options_ Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel ICMP Error Handling Remote Denial of Service |
Secunia Advisory: SA18766, February 8, 2006 | |
Linux kernel 2.6-2.6.12 .3, 2.4-2.4.32 |
A Denial of Service vulnerability has been reported in ‘IP_VS_CONN_FLUSH’ due to a NULL pointer dereference. Kernel versions 2.6.13 and 2.4.32-pre2 are not affected by this issue. Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel Denial of Service |
Security Focus, Bugtraq ID: 15528, November 22, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 Debian Security Advisory, DSA 922-1, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 RedHat Security Advisory, RHSA-2006:0190-5, February 1, 2006 |
|
Linux kernel 2.6-2.6.12, 2.4-2.4.31
|
A remote Denial of Service vulnerability has been reported due to a design error in the kernel. The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue. Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel Remote Denial of Service |
Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 |
|
Linux kernel 2.6-2.6.14 |
Several vulnerabilities have been reported: a Denial of Service vulnerability was reported due to a memory leak in ‘/security/keys/request_ There is no exploit code required. |
Linux Kernel Denial of Service & Information Disclosure |
2.3 (CVE-2005-3119) 3.3 (CVE-2005-3180) 2.3 (CVE-2005-3181)
|
Secunia Advisory: SA17114, October 12, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0057, October 14, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:808-14, October 27, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 |
Linux kernel 2.6-2.6.14 |
A Denial of Service vulnerability has been in ‘sysctl.c’ due to an error when handling the un-registration of interfaces in ‘/proc/sys/net/ipv4/conf/.’ There is no exploit code required. |
Linux Kernel ‘Sysctl’ Denial of Service |
Secunia Advisory: SA17504, November 9, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 |
|
SuSE Linux Professional 10.0 OSS, 10.0, Personal 10.0 OSS;
|
A Denial of Service vulnerability has been reported in FlowLable. Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel IPv6 FlowLable Denial of Service |
Security Focus, Bugtraq ID: 15729, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 |
|
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; |
A Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions. SUSE: Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel ZLib Invalid Memory Access Denial of Service |
3.3 |
SUSE Security Announcement, SUSE-SA:2005:050, September 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0043, September 2, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005 Mandriva Linux Security Advisories, MDKSA-2005:219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; |
A vulnerability has been reported in the ‘cm-crypt’ driver due to a failure to clear memory, which could let a malicious user obtain sensitive information. Currently we are not aware of any exploits for this vulnerability. |
Linux Kernel DM-Crypt Local Information Disclosure |
Security Focus, Bugtraq ID: 16301, January 18, 2006 Ubuntu Security Notice, USN-244-1 January 18, 2006 Trustix Secure Linux Security Advisory, TSLSA-2006-0004, January 27, 2006 Secunia Advisory: SA18774, February 8, 2006 |
|
MyDNS 1.0.0 |
A remote Denial of Service vulnerability has been reported due to an error when handling certain malformed DNS queries. Currently we are not aware of any exploits for this vulnerability. |
MyDNS Remote Denial of Service |
Security Tracker Alert ID: 1015521, January 20, 2006 Gentoo Linux Security Advisory, GLSA 200601-16, January 30, 2006 Debian Security Advisory, |
|
MyQuiz 1.01 |
A vulnerability has been reported in ‘myquiz.pl’ due to insufficient sanitization of the ‘ENV{‘PATH_INFO’}’ variable, which could let a remote malicious user execute arbitrary shell commands. No workaround or patch available at time of publishing. A Proof of Concept exploit script, myquiz101.pl.txt, has been published. |
MyQuiz Arbitrary Shell Command Execution
|
Not Available
|
Secunia Advisory: SA18737, February 6, 2006 |
NeoMail |
A Cross-Site Scripting vulnerability has been in the ‘neomail.pl’ script due to insufficient sanitization of the ‘date’ parameter before displaying the input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. |
NeoMail Cross-Site Scripting |
Security Tracker Alert ID: 1015581, February 3, 2006 | |
Openwall |
A vulnerability has been reported in ‘crypt_gensalt.c’ due to signedness errors, which could let a remote malicious user obtain sensitive information. Currently we are not aware of any exploits for this vulnerability. |
Openwall ‘crypt_blowfish’ Information Disclosure
|
Not Available
|
Secunia Advisory: SA18772, February 8, 2006 |
Powersave 0.11, 0.10.15 |
A vulnerability has been reported when handling a powersave action sent by a client, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. |
Powersave Elevated Privileges |
Not Available
|
Secunia Advisory: SA18651, February 2, 2006 |
Heimdal prior to 0.6.6 & 0.7.2 |
A vulnerability has been reported in the ‘rshd’ server when storing forwarded credentials due to an unspecified error, which could let a malicious user obtain elevated privileges. Update to version 0.7.2 or 0.6.6. Currently we are not aware of any exploits for this vulnerability. |
Heimdal RSHD Server Elevated Privileges |
Security Tracker Alert ID: 1015591, February 7, 2006 | |
Java System Access Manager 7.0 2005Q4 Solaris x, Solaris S, Linux |
A vulnerability has been reported due to a failure to require proper credentials, which could let a malicious user bypass authentication.
There is no exploit code required. |
Sun Java System Access Manager Authentication Bypass |
Sun Alert ID 102140, February 1, 2006 |
Multiple Operating Systems – Windows / UNIX / Linux / Other | ||||
Vendor & Software Name
|
Description
|
Common Name |
CVSS
|
Resources
|
Creative Suite 2, Adobe Photoshop CS2, Adobe Illustrator CS2 Creative Suite |
A vulnerability has been reported due to insecure default file permissions on installed files and folders, which could let a malicious user obtain elevated privileges Currently we are not aware of any exploits for this vulnerability. |
Adobe Creative Suite File/Folder Elevated Privileges |
Adobe Security Advisory, February 2, 2006 | |
ADOdb 4.70, 4.68, 4.66 |
An SQL injection vulnerability has been reported due to insufficient sanitization of certain parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required. |
ADOdb PostgreSQL SQL Injection |
Secunia Advisory: SA18575, January 24, 2006 Gentoo Linux Security Advisory, GLSA 200602-02, February 6, 2006 |
|
Apache prior to 1.3.35-dev, 2.0.56-dev |
A Cross-Site Scripting vulnerability has been reported in the ‘Referer’ directive in ‘mod_imap’ due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev. There is no exploit code required. |
Apache mod_imap Cross-Site Scripting |
Security Tracker Alert ID: 1015344, December 13, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.029, December 14, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005 Mandriva Linux Security Advisory, MDKSA-2006:007, January 6, 2006 Ubuntu Security Notice, USN-241-1, January 12, 2006 RedHat Security Advisory, RHSA-2006:0158-4, January 17, 2006 Fedora Security Advisory, FEDORA-2006-052, January 23, 2006 Turbolinux Security Advisory, TLSA-2006-1, January 25, 2006 Gentoo Linux Security Advisory, GLSA 200602-03, February 6, 2006 |
|
Blackboard Academic Suite 6.0, Blackboard 6.0, 5.5.1, 5.5, 5.0.2, 5.0 |
A vulnerability has been reported in the authentication mechanism, which could let a malicious user obtain unauthorized access. NOTE: the vendor has disputed this issue, saying that “This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.” No workaround or patch available at time of publishing. There is no exploit code required. |
Blackboard Learning System Unauthorized Access |
Security Focus, Bugtraq ID: 16438, January 31, 2006 Security Focus, Bugtraq ID: 16438, February 7, 2006 |
|
BCB6 ent_upd4 |
A integer overflow vulnerability has been reported because statements that use the ‘sizeof’ operator are not correctly compiled, which could let a malicious user execute arbitrary code.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. |
Borland Delphi-BCB/Compiler Integer Overflow
|
Not available
|
XFocus Security Team Advisory, xfocus-SD-060206, February 6, 2006 |
IronMail 5.0.1 |
A remote Denial of Service vulnerability has been reported if configured with ‘Denial of Service Protection’ enabled when dealing with SYN flood attacks. The vendor has released an update to address this issue. Contact the vendor for further information. There is no exploit code required. |
CipherTrust IronMail Remote Denial of Service |
Security Tracker Alert ID: 1015555, February 1, 2006 | |
Clever Copy 3.0 |
An SQL injection vulnerability has been reported in the ‘mailarticle.php’ script due to insufficient validation of the ‘ID’ parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Exploit details, Clever_Copy_V3_sql.txt, have been published. |
Clever Copy SQL Injection |
Security Tracker Alert ID: 1015590, February 7, 2006 | |
Ultimate E-commerce Script 0 |
Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. |
CyberShop Ultimate E-commerce Multiple Cross-Site Scripting |
Security Focus, Bugtraq ID: 16473, February 2, 2006 | |
eyeOS 0.8.9 & prior |
A vulnerability has been reported caused due to incorrectly initialized sessions, which could let a remote malicious user execute arbitrary PHP code. Currently we are not aware of any exploits for this vulnerability |
eyeOS PHP Code Execution
|
Not available
|
GulfTech Security Research Team Advisory, February 8, 2006 |
FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS |
A buffer overflow vulnerability has been reported in the ‘avcodec_default_get_buffer()’ function of ‘utils.c’ in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. |
FFmpeg Remote Buffer Overflow |
Secunia Advisory: SA17892, December 6, 2005 Ubuntu Security Notice, USN-230-1, December 14, 2005 Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005 Ubuntu Security Notice, USN-230-2, December 16, 2005 Gentoo Linux Security Advisory, GLSA 200602-01, February 5, 2006 |
|
Gallery 1.5.2. |
A vulnerability has been reported due to an unspecified error, which could let a remote malicious user manipulate stored album data. Currently we are not aware of any exploits for this vulnerability. |
Gallery Album Data Manipulation |
Secunia Advisory: SA18735, February 7, 2006 | |
phphg Guestbook 1.2 |
Multiple vulnerabilities have been reported: SQL injection vulnerabilities were reported in ‘check.php’ due to insufficient sanitization of the ‘username’ parameter during login and in the ‘id’ parameter in the administration section, which could let a remote malicious user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of various fields when signing the guestbook, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to an insecure authentication process, which could let a remote malicious user obtain unauthorized access. No workaround or patch available at time of publishing. There is no exploit code required. |
phphg Guestbook Multiple Vulnerabilities |
Not Available
|
Security Focus, Bugtraq ID: 16541, February 8, 2006 |
Tivoli Access Manager for e-business 5.1.0, 6.0 |
A Directory Traversal vulnerability has been reported in ‘pkmslogout’ due to insufficient sanitization of the ‘filename’ parameter before using to retrieve the page template, which could let a remote malicious user obtain sensitive information. Patches available (5.1.0) Patches available (6.0) There is no exploit code required; however, a Proof of Concept exploit has been published. |
IBM Tivoli Access Manager Directory Traversal |
Virtual Security Research, LLC. Advisory, February 3, 2006 | |
Lotus Domino 7.0 |
A Denial of Service vulnerability has been reported in the LDAP server when handling certain requests. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. |
IBM Lotus Domino LDAP Server Denial of Service |
Secunia Advisory: SA18738, February 7, 2006 | |
Loudblog 0.4 |
A file include vulnerability has been reported in ‘loudblog/inc/ No workaround or patch available at time of publishing. A Proof of Concept exploit script, loudblog_04_incl_xpl.php, has been published. |
Loudblog File Include |
Security Tracker Alert ID: 1015583, February 4, 2006 | |
Firefox 1.5, Netscape Browser 8.0.4; Netscape Browser 8.0.4 |
A remote Denial of Service vulnerability has been reported when handling large history information. Note: The vendor disputes this claim. A Proof of Concept exploit script has been published. |
Mozilla History File Remote Denial of Service |
Secunia Advisory: SA17934, December 8, 2005 Security Focus, Bugtraq ID: 15773, January 27, 2006 Mozilla Foundation Security Advisory 2006-03, February 1, 2006 RedHat Security Advisories, RHSA-2006-0199 & RHSA-2006:0200-8, February 2, 2006 RedHat Fedora Security Advisories, FEDORA-2006-075 & FEDORA-2006-076, February 3, 2006 Mandriva Security Advisories, MDKSA-2006:036 & MDKSA-2006:037, February 7, 2006 |
|
Mozilla Browser 0.8-0.9.9, 0.9.35, 0.9.48, 1.0-1.7.12, Thunderbird 0.x, 1.x, Firefox 0.x, 1.x; SeaMonkey 1.0; RedHat Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1 |
Multiple vulnerabilities have been reported: vulnerabilities were reported because temporary variables that are not properly protected are used in the JavaScript engine’s garbage collection, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported because a remote malicious user can create HTML that will dynamically change the style of an element from position:relative to position:static; a vulnerability was reported because a remote malicious user can create HTML that invokes the QueryInterface() method of the built-in Location and Navigator objects; a vulnerability was reported in the ‘XULDocument.persist()’ function due to improper validation of the user-supplied attribute name, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability was reported in the ‘E4X,’ ‘SVG,’ and ‘Canvas’ features, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the XML parser because data can be read from locations beyond the end of the buffer, which could lead to a Denial of Service; and a vulnerability was reported because the ‘E4X’ implementation’s internal ‘AnyName’ object is incorrectly available to web content, which could let a remote malicious user bypass same-origin restrictions.
There is no exploit code required for some of these vulnerabilities; however, an exploit, firefox_queryinterface.pm, has been published. |
Multiple Mozilla Products Vulnerabilities CVE-2006-0292 |
Mozilla Foundation Security Advisories 2006-01-2006-08, February 1, 2006 RedHat Security Advisories, RHSA-2006:0199-10 & RHSA-2006:0200-8, February 2, 2006 Fedora Security Advisories, FEDORA-2006-075 & FEDORA-2006-076, February 2, 2006 Mandriva Security Advisories, MDKSA-2006:036 & MDKSA-2006:037, February 7, 2006 |
|
PostNuke Development Team PostNuke 0.761; moodle 1.5.3; Mantis 1.0.0RC4, 0.19.4; Cacti 0.8.6 g; ADOdb 4.68, 4.66; AgileBill 1.4.92 & prior |
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the ‘server.php’ test script, which could let a remote malicious user execute arbitrary SQL code and PHP script code; and a vulnerability was reported in the ‘tests/tmssql.php’ text script, which could let a remote malicious user call an arbitrary PHP function. There is no exploit code required; however, a Proof of Concept exploit has been published. |
ADOdb Insecure Test Scripts |
Secunia Advisory: SA17418, January 9, 200 Security Focus, Bugtraq ID: 16187, February 7, 2006 |
|
MyBB (formerly MyBulletinBoard) 1.03 |
An SQL injection vulnerability has been reported in ‘moderation.php’ due to insufficient sanitization of the ‘posts’ parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. |
MyBB ‘posts’ SQL Injection
|
Not Available
|
Secunia Advisory: SA18754, February 8, 2006 |
GuestBookHost |
SQL injection vulnerabilities have been reported in ‘config.php’ due to insufficient sanitization of the ’email’ and ‘password’ fields before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. |
GuestBookHost SQL Injection |
Secunia Advisory: SA18761, February 8, 2006 | |
OpenSSH 4.1, 4.0, p1 |
Several vulnerabilities have been reported: a vulnerability was reported due to an error when handling dynamic port forwarding when no listen address is specified, which could let a remote malicious user cause “GatewayPorts” to be incorrectly activated; and a vulnerability was reported due to an error when handling GSSAPI credential delegation, which could let a remote malicious user be delegated with GSSAPI credentials. There is no exploit code required. |
OpenSSH DynamicForward Inadvertent GatewayPorts Activation & GSSAPI Credentials |
Secunia Advisory: SA16686, September 2, 2005 Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0047, September 9, 2005 Slackware Security Advisory, SSA:2005-251-03, September 9, 2005 Fedora Update Notification, RedHat Security Advisory, RHSA-2005:527-16, October 5, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:172, October 6, 2005 Ubuntu Security Notice, USN-209-1, October 17, 2005 Conectiva Linux Announcement, CLSA-2005:1039, October 19, 2005 Security Focus, Bugtraq ID: 14729, January 10, 2006 Avaya Security Advisory, ASA-2006-033, January 30, 2006 SuSE Security Summary Report, SUSE-SR:2006:003, February 3, 2006 |
|
Outblaze |
A Cross-Site Scripting vulnerability has been reported in ‘throw.main’ due to insufficient sanitization of the ‘file’ parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. |
Outblaze Cross-Site Scripting |
Secunia Advisory: SA18710, February 3, 2006 | |
PHP GEN 1.3 |
Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. |
PHP GEN SQL Injection & Cross-Site Scripting |
Secunia Advisory: SA18715, February 3, 2006 | |
PHP 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 5.0.x |
Multiple vulnerabilities have been reported: a vulnerability was reported due to insufficient protection of the ‘GLOBALS’ array, which could let a remote malicious user define global variables; a vulnerability was reported in the ‘parse_str()’ PHP function when handling an unexpected termination, which could let a remote malicious user enable the ‘register_ There is no exploit code required. |
PHP Multiple Vulnerabilities CVE-2005-3388 |
Secunia Advisory: SA17371, October 31, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Turbolinux Security Advisory TLSA-2005-97, November 5, 2005 Fedora Update Notifications, RedHat Security Advisories, RHSA-2005:838-3 & RHSA-2005:831-15, November 10, 2005 Gentoo Linux Security Advisory, GLSA 200511-08, November 13, 2005 Mandriva Linux Security Advisory, MDKSA-2005:213, November 16, 2005 SUSE Security Summary Report, SUSE-SR:2005:027, November 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005 SGI Security Advisory, 20051101-01-U, November 29, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.027, December 3, 2005 SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005 SUSE Security Announcement, SUSE-SA:2005:069, December 14, 2005 Ubuntu Security Notice, USN-232-1, December 23, 2005 Avaya Security Advisory, ASA-2006-037, January 31, 2006 Mandriva Security Advisory, MDKSA-2006:035, February 7, 2006 |
|
PHP 5.1.1, 5.1 |
Several vulnerabilities have been reported: a vulnerability was reported due to insufficient of the session ID in the session extension before returning to the user, which could let a remote malicious user inject arbitrary HTTP headers; a format string vulnerability was reported in the ‘mysqli’ extension when processing error messages, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insufficient sanitization of unspecified input that is passed under certain error conditions, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. |
Multiple PHP |
2.3
|
Secunia Advisory: SA18431, January 13, 2006 Mandriva Security Advisory, MDKSA-2006:028, February 1, 2006 |
phpBB 2.0.1-2.0.19 |
A vulnerability has been reported in the ‘Referer’ HTTP header when certain requests are sent for external avatar images and certain BBcode that references external web sites, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. |
phpBB Information Disclosure |
Secunia Advisory: SA18693, February 6, 2006 | |
Phpclanwebsite 1.23.1 |
SQL injection vulnerabilities have been reported in ‘index.php’ due to insufficient sanitization of the ‘par’ and ‘poll_id’ parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required; however, a Proof of Concept exploit script, Phpclanwebsite. |
Phpclanwebsite SQL Injection |
Security Focus, Bugtraq ID: 16391, January 26, 2006 Security Focus, Bugtraq ID: 16391, January 30, 2006 |
|
PHP-Fusion 6.0.204, 6.0.110, 6.0.109, 6.0.107, 6.0.105, 6.0 0.3, 6.0 .206, 6.0.106, 5.0 1 Service Pack, 5.0, 4.0 1, 4.00 |
Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the ‘shout_name’ field in ‘shoutbox_panel.php’ and in the ‘comments’ field in ‘comments_include.php,’ which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. |
PHP-Fusion Cross-Site Scripting |
Security Focus, Bugtraq ID: 16548, February 8, 2006 | |
Pioneers 0.9.40 |
A remote Denial of Service vulnerability has been reported due to a boundary error when handling overly long chat messages. There is no exploit code required. |
Pioneers Remote Denial of Service |
Security Focus, Bugtraq ID: 16429, January 30, 2006 Debian Security Advisory, DSA-964-1, February 3, 2006 |
|
PluggedOut Blog 1.x |
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in ‘exec.php’ due to insufficient sanitization of the ‘entryid’ parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in ‘problem.php’ due to insufficient sanitization of the ‘data’ parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. |
PluggedOut Blog SQL Injection & Cross-Site Scripting |
Security Tracker Alert ID: 1015586, February 6, 2006 | |
QNX Neutrino RTOS 6.x |
Multiple vulnerabilities have been reported: a vulnerability was reported in the ‘crttrap’ utility because libraries are loaded insecurely, which could let a malicious user obtain elevated privileges; a format string vulnerability was reported in the ‘fontsleuth’ utility, which could let a malicious user execute arbitrary code; a vulnerability was reported in the ‘_ApFindTranslationFile()’ function when handling the ‘ABLPATH’ environment variable due to a boundary error, which could let a malicious user execute arbitrary code; a format string vulnerability was reported when handling the ‘ABLANG’ environment variable, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the ‘setitem()’ function when handling the ‘PHOTON_PATH’ environment variable due to a boundary error, which could let a malicious user execute arbitrary code; a vulnerability was reported in the ‘phfont’ utility due to a race condition, which could let a malicious user obtain root privileges; a buffer overflow vulnerability was reported in the ‘su’ utility due to a boundary error, which could let a malicious user execute arbitrary code; a Denial of Service vulnerability was reported when handling a certain command; a vulnerability was reported in the ‘/etc/rc.d/rc.local’ file due to insecure file permissions, which could let a malicious user obtain root privileges; and a buffer overflow vulnerability was reported in the ‘passwd’ utility due to a boundary error, which could let a malicious user execute arbitrary code. No workaround or patch available at time of publishing. An exploit script, DSR-QNX6.2.1-phfont.sh.txt, for the RTOS’s phfont command vulnerability has been published. |
QNX Neutrino RTOS Multiple Vulnerabilities CVE-2005-1528 |
Not Available
|
Secunia Advisory: SA18750, February 8, 2006 |
Softmaker Shop 0 |
Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. There is no exploit code required; however, Proof of Concept exploits have been published. |
SoftMaker Shop Multiple Cross-Site Scripting |
Security Focus, Bugtraq ID: 16471, February 2, 2006 | |
Sony Ericsson Mobile Communications AB Sony Ericsson K600i, T68i, V600i, W800i |
A remote Denial of Service vulnerability has been reported in the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. No workaround or patch available at time of publishing. A Proof of Concept exploit script, bluetooth6.c, has been published. |
Sony Ericsson Cell Phones Bluetooth L2CAP Denial of Service
|
Not available
|
Secunia Advisory: SA18747, February 8, 2006 |
SPIP 1.9.Alpha 1, 1.8.2-d |
Several vulnerabilities have been reported: an SQL injection vulnerability was reported in ‘forum.php3’ due to insufficient sanitization of the ‘id_article’ and ‘id_forum’ parameters being using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in ‘index.php3’ due to insufficient sanitization of the ‘lang’ parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required; however, an exploit script, spip_182g_shell |
SPIP SQL Injection & Cross-Site Scripting |
Secunia Advisory: SA18676 , February 1, 2006 Security Focus, Bugtraq ID: 16458, February 7, 2006 PacketStorm, February 9, 2006 |
|
Java Web Start 1.x, Java JDK 1.5.x, Java JRE 1.5.x / 5.x |
A vulnerability has been reported due to an unspecified error, which could let an untrusted application obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. |
Java Web Start Sandbox Security Bypass |
Not Available
|
Sun(sm) Alert Notification Sun Alert ID: 102170, February 7, 2006 |
Sun JDK & JRE 5.0 Update 5 & prior, SDK & JRE 1.4.2_09 & prior, SDK & JRE 1.3.1_16 & prior |
Seven vulnerabilities have been reported in Sun Java JRE (Java Runtime Environment) due to various unspecified errors in the ‘reflection’ APIs, which could let a remote malicious user compromise a user’s system.
Currently we are not aware of any exploits for these vulnerabilities. |
Sun Java JRE ‘reflection’ APIs Sandbox Security Bypass |
Not Available
|
Sun(sm) Alert Notification Sun Alert ID: 102171, February 7, 2006 |
Vanilla Guestbook 1.0. Beta |
Multiple input validation vulnerabilities have been reported which could let a remote malicious user execute arbitrary HTML, script code, and SQL code. No workaround or patch available at time of publishing. There is no exploit code required. |
Tachyondecay Vanilla Guestbook Multiple Input Validation |
Security Focus, Bugtraq ID: 16464, February 1, 2006 | |
Unknown Domain Shoutbox 2005.7.21 |
Several vulnerabilities have been reported: Cross-Site Scripting vulnerabilities were reported due to insufficient sanitization of the ‘Handle’ and ‘Message’ fields, which could let a remote malicious user execute arbitrary HTML and script code; and SQL injection vulnerabilities were reported due to insufficient sanitization of various unspecified parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required. |
Unknown Domain Shoutbox Cross-Site Scripting & SQL Injection |
Not Available
|
Security Focus, Bugtraq ID: 16543, February 8, 2006 |
vwdev |
An SQL injection vulnerability has been reported due to insufficient validation of the ‘UID’ parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. |
vwdev SQL Injection
|
Not Available
|
Security Tracker Alert ID: 1015594, February 7, 2006 |
Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code
that has been identified during the current reporting period.
- Sony Ericsson Cell Phones Bluetooth L2CAP Denial of Service: A remote Denial of Service vulnerability has been reported in the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer.
- hcidump Bluetooth L2CAP Remote Denial of Service: A remote Denial of Service vulnerability has been reported in the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer.
- bss-0.6.tar.gz: A L2CAP layer fuzzer designed to assess the security of Bluetooth enabled devices by sending malicious packets.
- Mobile email set to explode: According to a report from industry analysts, Datamonitor, mobile email is on the verge of mass adoption. There are roughly 650 million corporate email inboxes worldwide today and at least 35 per cent of which could be mobilized.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
- Cyber Storm Brewing For Homeland Security: The U.S. Department of Homeland Security is attempting to create a perfect storm in cyberspace. They are simulating a series of cyber attacks on critical infrastructure in the private sector and in international, federal and state governments in order to test response. The test is part of larger homeland defense plans and ordered by a presidential directive. It is designed to strengthen communications, coordination and partnerships. The threats are fictitious and take place in a contained, secure environment.
- Exploit for QueryInterface Vulnerability in Mozilla: US-CERT is aware of publicly available exploit code for a memory corruption vulnerability in the Mozilla Firefox web browser and Thunderbird mail client.
- XML Injection and Code Execution Vulnerabilities in Mozilla Suite: US-CERT is aware of several vulnerabilities in Mozilla. Successful exploitation may allow a remote, unauthenticated attacker to execute arbitrary JavaScript commands with elevated privileges or cause a denial of service condition on a vulnerable system.
- Spammed Trojan horse pretends to come from anti-virus company: According to experts at SophosLabs™, a Trojan horse has been spammed out to email addresses disguised as a message from a Finnish anti-virus company. The Troj/Stinx-U Trojan horse has been seen attached to email messages pretending to come from Helsinki-based F-Secure, and can have a subject line chosen from “Firefox Browsing Problem”, “Mozilla Browsing Problem”, or “Website Browsing Problem”.
- ID Theft And Internet Fraud Declining? According to a report by Javelin Strategy and Research, incidents of fraud from Internet-based means may be on the decline. In cases where the source of the identity theft was known, only 9 percent were reported to have come from hacking, viruses and phishing. In contrast, a lost or stolen wallet or credit/debit card was the cause of 30 percent of the incidents. The study also found that fraudulent activity is mostly (over 70 percent) conducted offline via phone or mail.
- Spyware Triples During 2005: According to anti-spyware developer Webroot, spyware tripled during 2005. At the start of the year Webroot identified only 40,000 traces and the year ended with 400,000 spyware-distributing sites and a global count of 120,000 different traces, or spyware components.
name=viruses id=”viruses”>Viruses/Trojans
Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face=”Arial, Helvetica, sans-serif”>Rank |
Common Name
|
Type of Code
|
face=”Arial, Helvetica, sans-serif”>Trend |
Date
|
face=”Arial, Helvetica, sans-serif”>Description |
1 | Netsky-P | Win32 Worm | Stable | March 2004 | A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. |
2 | Lovgate.w | Win32 Worm | Stable | April 2004 | A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. |
3 | Mytob-GH | Win32 Worm | Stable | November 2005 | A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. |
4 | Netsky-D | Win32 Worm | Stable | March 2004 | A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. |
5 | Mytob.C | Win32 Worm | Stable | March 2004 | A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. |
6 | Mytob-BE | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. |
7 | Sober-Z | Win32 Worm | Stable | December 2005 | This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security. |
8 | Zafi-B | Win32 Worm | Stable | June 2004 | A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. |
9 | Mytob-AS | Win32 Worm | Stable | June 2005 | A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. |
10 | Zafi-D | Win32 Worm | Stable | December 2004 | A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
Table updated February 7, 2006
Last updated