Summary of Security Items from March 9 through March 15, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only Vendor & Software Name DescriptionCommon Name
CVSS ResourcesGraphics Server 2.1, Document Server 6.0
A vulnerability has been reported in Graphics Server and Document Server that could let remote malicious users execute arbitrary code.
Currently we are not aware of any exploits for these vulnerabilities.
Adobe Graphics Server and Document Server Arbitrary Code Execution
Not Available Adobe, Security Advisory 332989, March 14, 2006 Log4net 1.2.9
A vulnerability has been reported in Log4net that could let remote malicious users cause a Denial of Service vulnerability.
Currently we are not aware of any exploits for these vulnerabilities.
Apache Log4net Denial of Service Vulnerability
2.3 Secunia, Advisory: SA19241, March 14, 2006 mod_python 3.2.7
A directory traversal vulnerability has been reported in mod_python that could let local malicious users execute arbitrary code.
Apache Software Foundation mod_python 3.2.8
There is no exploit code required.
mod_python Arbitrary Code Execution
4.9 Security Tracker, Alert ID: 1015764, March 14, 2006 ASP Portal 3.0.0 and prior Multiple vulnerabilities have been reported in ASP Portal that could let remote malicious perform Cross-Site Scripting or SQL injection.
There is no exploit code required.
ASP Portal Cross-Site Scripting or SQL Injection Not Available Secunia, Advisory: SA19247, March 15, 2006 Easy File Sharing Web Server 3.2
An input validation vulnerability has been reported in Easy File Sharing Web Server that could let remote malicious users conduct Cross-Site Scripting or cause a Denial of Service.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
Easy File Sharing Web Server Cross-Site Scripting or Denial of Service
3.3
(CVE-2006-1159)2.3
(CVE-2006-1160)Secunia, Advisory: SA19178, March 10, 2006 Gemini 2.0
A vulnerability has been reported in Gemini that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
There is no exploit code required.
Gemini Cross-Site Scripting
Not Available Secunia, Advisory: SA19049, March 14, 2006 Hosting Controller 6.1 HotFix 2.9
A vulnerability has been reported in Hosting Controller that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required.
Hosting Controller SQL Injection
2.3 Secunia, Advisory: SA19191, March 10, 2006 IMail Server 2006, Secure Server 2006
Collaboration Suite Standard 2006, Premium 2006
A buffer overflow vulnerability has been reported in IMail Secure Server and Collaboration Suite, IMAP fetch command, that could let remote malicious users cause a Denial of Service or execute arbitrary code.
Ipswitch Server 2006.03
Ipswitch Secure Server 2006.03
Ipswitch Collaboration Suite Standard 2006.03
Ipswitch Collaboration Suite Premium 2006 .03Currently we are not aware of any exploits for these vulnerabilities.
Ipswitch IMail Server and Collaboration Suite Denial of Service or Arbitrary Code Execution
4.2 Secunia Advisory: SA19168, March 10, 2006 JiRos Banner Experience & Professional 1.0 & prior
A vulnerability has been reported in Banner Experience Pro, 'addadmin.asp,' that could let remote malicious users bypass security restrictions.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
Jiros Banner Experience Pro Security Restriction Bypassing
7 Security Focus, ID: 17060, March 9, 2006 MailServer prior to 6.1.3 P1
A vulnerability has been reported in Kerio Mailserver that could let remote malicious users cause a Denial of Service.
Currently we are not aware of any exploits for this vulnerability.
Kerio MailServer Denial of Service
3.3 Security Tracker, Alert ID: 1015748, March 10, 2006 SafeDisc
A vulnerability has been reported in SafeDisc that could let local malicious users obtain elevated privileges.
No workaround or patch available at time of publishing.
There is no exploit code required.
SafeDisc Privilege Elevation
7 Security Focus, ID: 17070, March 11, 2006 Microsoft Office 2000, 2003 Professional, 2003 Small Business, 2003 Standard, 2003 Student, 2003 Student and Teacher, 2004 for Mac, X for Mac, XP
Microsoft Works Suite 2001 to 2006
Microsoft Excel, Excel Viewer, Outlook, PowerPoint and Word various versions
Multiple vulnerabilities have been reported in Microsoft Office that could let remote malicious users execute arbitrary code.
Currently we are not aware of any exploits for these vulnerabilities.
Microsoft Office Multiple Arbitrary Code Execution
CVE-2005-4131
CVE-2006-0009
CVE-2006-0028
CVE-2006-0029
CVE-2006-0030
CVE-2006-00312.8
(CVE-2005-4131)5.6
(CVE-2006-0009)5.6
(CVE-2006-0028)5.6
(CVE-2006-0029)5.6
(CVE-2006-0030)5.6
(CVE-2006-0031)Microsoft, Security Bulletin MS06-012, March 14, 2006
Cyber Security Alert SA06-073A
Technical Cyber Security Alert TA06-073A
US-CERT VU#339878, VU#235774, VU#123222, VU#642428, VU#104302, VU#682820
Windows XP SP1, Server 2003, and Server 2003 for Itanium Systems
A vulnerability has been reported in Windows, default ACL settings, that could let remote malicious users obtain elevated privileges.
There is no exploit code required.
Microsoft Windows Privilege Elevation
2.9 Microsoft, Security Bulletin MS06-011, March 14, 2006 ZoneAlarm 6.1.744.000
A vulnerability has been reported in ZoneAlarm that could let local malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
There is no exploit code required.
ZoneAlarm Arbitrary Code Execution
5.6 Security Tracker, Alert ID: 1015743, March 9, 2006
UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
Mac OS X Server 10.4-10.4.5, 10.3-10.3.9, 10.2-10.2.8, 10.1-10.1.5, 10.0-10.0.4, Mac OS 0.4-10.4.5, 10.3-10.3.9, 10.2-10.2.8, 10.1-10.1.5, 10.0-10.0.4 | A heap overflow vulnerability has been reported in the 'mach_msg_send()' function of the kernel, which could let a malicious user cause a Denial of Service and possibly compromise a system. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Apple Mac OS X Kernel MACH_MSG | Security Focus, Bugtraq ID: 17056, March 9, 2006 | |
Mac OS X Server 10.4-10.4.5, Mac OS X 10.4-10.4.5
| Multiple vulnerabilities have been reported: a vulnerability was reported in JavaScript because in certain circumstances because it is possible to bypass the same-origin policy; a buffer overflow vulnerability was reported in Mail due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in Safari/LaunchServices due to an error which could lead to the execution of a malicious file. Currently we are not aware of any exploits for these vulnerabilities. | Mac OS X Security Update CVE-2006-0396 | Apple Security Update, APPLE-SA-2006-03-13, March 13, 2006 | |
hcidump 1.29 | A remote Denial of Service vulnerability has been reported in '12cap.c' due to an error when handling L2CAP (Logical Link Control and Adaptation Layer Protocol) layer. A Proof of Concept exploit script, hcidump-crash.c, has been published. | hcidump Bluetooth L2CAP Remote Denial of Service | Secunia Advisory: SA18741, February 8, 2006 Ubuntu Security Notice, USN-256-1, February 21, 2006 Debian Security Advisory, DSA 990-1, March 10, 2006 | |
bzip2 1.0.2 | A remote Denial of Service vulnerability has been reported when processing malformed archives. Currently we are not aware of any exploits for this vulnerability. | Ubuntu Security Notice, Mandriva Linux Security Update Advisory, Turbolinux SUSE Security Summary OpenPKG RedHat Security Advisory, FreeBSD Conectiva Debian SGI Security Advisory, 20050605 Security Focus, Bugtraq ID: 13657, August 26, 2005 Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005 SGI Security Advisory, 20060301-01-U, March 8, 2006 | ||
bzip2 1.0.2 & prior | A vulnerability has been reported when an archive is extracted into a world or group writeable directory, which could let a malicious user modify file permissions of target files. There is no exploit code required. | Security Ubuntu Security Notice, Mandriva Linux Security Debian Security Advisory, Turbolinux OpenPKG RedHat FreeBSD Security Advisory, Conectiva Linux Announcement, CLSA-2005:972, SGI Security Advisory, 20050605- Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005 Mandriva Security Advisory, MDKSA-2006:026, January 30, 2006 SGI Security Advisory, 20060301-01-U, March 8, 2006 | ||
CGI::Session 4.03 | Several vulnerabilities have been reported: a vulnerability was reported due to the insecure default read permissions on files created by 'Driver::file,' 'Driver::db_file,' and 'Driver::sqlite,' which could let a remote malicious user obtain sensitive information; and a vulnerability was reported in the 'cgisess.db' session file that is created by the 'Driver::db_file' in the same directory as the CGI script, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through use of a web client. | CGI::Session Insecure File Permissions | Not Available | Secunia Advisory: SA19211, March 13, 2006 |
Crossfire 1.9 , 1.8 | A buffer overflow vulnerability has been reported in 'request.c' due to an error in the 'SetUp()' function when handling the 'setup' command, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit script, crossfire_bof_exp.c, has been published. | CrossFire Remote Buffer Overflow | 7 | Secunia Advisory: SA19237, March 14, 2006 |
DokuWiki 2005.9.22, 2004-10-19, 2004-09-30, 2004-09-25, 2004-09-12, 2004-08-22, 2004-08-15a, 2004-08-15, 2004-08-08, 2004-07-25, 2004-07-21 | A Cross-Site Scripting vulnerability has been reported in Mediamanager due to an unspecified input validation error when handling EXIF data, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerability can be exploited through use of a web client. | DokuWiki Cross-Site Scripting | Security Focus, Bugtraq ID: 17065, March 10, 2006 | |
Firebird 1.5-1.5.2 | A buffer overflow vulnerability has been reported in 'Inet_server' due to a failure due to insufficient bounds checking prior to copying to an insufficiently-sized memory buffer, which could let a malicious user execute arbitrary code. A Proof of Concept exploit has been published. | Firebird Buffer Overflow | Not Available | Security Focus Bugtraq ID: 17077, March 13, 2006 |
Freeciv 2.0.7 | A remote Denial of Service vulnerability has been reported in 'common/packets.c' due to an error when handling the packet length. A Proof of Concept exploit script , freecivdos.zip, has been published. | Freeciv Remote Denial of Service | Secunia Advisory: SA19120, March 6, 2006 Mandriva Linux Security Advisory MDKSA-2006:053, March 7, 2006 Debian Security Advisory, Gentoo Linux Security Advisory, GLSA 200603-11, March 16, 2006 | |
Mailman 2.1-2.1.5, 2.0-2.0.14 | A remote Denial of Service vulnerability has been reported in 'Scrubber.py' due to a failure to handle exception conditions when Python fails to process an email file attachment that contains utf8 characters in its filename. There is no exploit code required. | GNU Mailman Attachment Scrubber UTF8 Filename Remote Denial of Service | Secunia Advisory: SA17511, November 14, 2005 Mandriva Linux Security Advisory, MDKSA-2005:222, December 2, 2005 SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006 Ubuntu Security Notice, USN-242-1 January 16, 2006 Debian Security Advisory, DSA-955-1, January 25, 2006 RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006 Trustix Secure Linux Security Advisory #2006-0012, March 10, 2006 | |
tar 1.15.90, 1.15.1, 1.14.90, 1.15, 1.14 | A buffer overflow vulnerability has been reported when handling PAX extended headers due to a boundary error, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | 3.9 | Secunia Advisory: SA18973, February 22, 2006 Mandriva Security Advisory, MDKSA-2006:046, February 21, 2006 Ubuntu Security Notice, USN-257-1, February 23, 2006 Trustix Secure Linux Security Advisory, #2006-0010, February 24, 2006 RedHat Security Advisory, RHSA-2006:0232-3, March 1, 2006 SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006 Debian Security Advisory, Gentoo Linux Security Advisory, GLSA 200603-06, March 10, 2006 | |
GNU Privacy Guard prior to 1.4.2.2. | A vulnerability has been reported caused due to an error in the detection of unsigned data, which could let a remote malicious user inject arbitrary data and bypass verification. There is no exploit code required. | GnuPG Unsigned Data Injection Detection | GNU Security Advisory, March 9, 2006 Debian Security Advisory, DSA 993-1, March 10, 2006 Gentoo Linux Security Advisory, GLSA 200603-08, March 10, 2006 SUSE Security Announcement, SUSE-SA:2006:014, March 10, 2006 Slackware Security Advisory, SSA:2006-072-02, March 13, 2006 RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006 | |
GnuPG / gpg prior to 1.4.2.1 | A vulnerability has been reported because 'gpgv' exits with a return code of 0 even if the detached signature file did not carry any signature (if 'gpgv" or "gpg --verify' is used), which could let a remote malicious user bypass security restrictions.
There is no exploit code required; however, a Proof of Concept exploit has been published. | GnuPG Detached Signature Verification Bypass | 4.9 | GnuPG Advisory, February 15, 2006 Fedora Update Notification, Debian Security Advisory, Mandriva Security Advisory, MDKSA-2006:043, February 17, 2006 Ubuntu Security Notice, USN-252-1, February 17, 2006 Gentoo Linux Security Advisory, GLSA 200602-10, February 18, 2006 SuSE Security Announcement, SUSE-SA:2006:009, February 20, 2006 SUSE Security Announcement, SUSE-SA:2006:013, March 1, 2006 SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006 Slackware Security Advisory, SSA:2006-072-02, March 13, 2006 RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006 |
zgrep 1.2.4 | A vulnerability has been reported in 'zgrep.in' due to insufficient validation of user-supplied arguments, which could let a remote malicious user execute arbitrary commands. There is no exploit code required. | Security Tracker Alert, 1013928, Mandriva Linux Security Update Advisory, Turbolinux RedHat Security Advisory, RedHat Security Advisory, SGI Security Advisory, 20050603 Fedora Update Notification, SGI Security Advisory, 20050605 Secunia Advisory: SA16159, July 21, 2005 Ubuntu Security Notice, Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005 Avaya Security Advisory, ASA-2005-172, August 29, 2005 Fedora Legacy Update Advisory, FLSA:158801, November 14, 2005 SCO Security Advisories, SCOSA-2005.58 & SCOSA-2005.59, December 16, 2005 Mandriva Security Advisories, MDKSA-2006:026 & MDKSA-2006:027, January 30, 2006 SGI Security Advisory, 20060301-01-U, March 8, 2006 | ||
PHP SimpleNEWS 1.x, SimpleNEWS MySQL 1.x | A vulnerability has been reported in 'admin.php' due to an insecure authentication process, which could let a remote malicious user bypass security restrictions. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | PHP SimpleNEWS Authentication Bypass
| Not Available | Secunia Advisory: SA19195, March 10, 2006 |
Horde Application Framework 3.0.9 & prior | A vulnerability has been reported in 'services/go.php' due to insufficient verification of the 'url' parameter before using in a 'readfile()' call, which could let a remote malicious user obtain sensitive information. Currently we are not aware of any exploits for this vulnerability. | Horde Information Disclosure | Not Available | Secunia Advisory: SA19246, March 15, 2006 |
ImageMagick 6.2.4.5 | A vulnerability has been reported in the delegate code that is used by various ImageMagick utilities when handling an image filename due to an error, which could let a remote malicious user execute arbitrary commands; and a format string vulnerability has been reported when handling filenames received via command line arguments, which could let a remote malicious user execute arbitrary code. There is no exploit code required. | ImageMagick Utilities Image Filename Remote Command Execution | Secunia Advisory: SA18261, December 30, 2005 Ubuntu Security Notice, USN-246-1, January 24, 2006 Debian Security Advisory, Mandriva Security Advisory, MDKSA-2006:024, January 26, 2006 Gentoo Linux Security Advisory, GLSA 200602-06, February 13, 2006 RedHat Security Advisory, RHSA-2006:0178-4, February 14, 2006 Gentoo Linux Security Advisory, GLSA 200602-13, February 26, 2006 SGI Security Advisory, 20060301-01-U, March 8, 2006 | |
CAPI4HylaFAX 1.3 | A vulnerability has been reported due to the insecure creation of temporary files, which could let a malicious user overwrite sensitive data or configuration files. No workaround or patch available at time of publishing. There is no exploit code required. | CAPI4HylaFAX Insecure Temporary File Creation | Security Focus, Bugtraq ID: 17034, March 8, 2006 | |
GuppY 4.5.11 & prior | A vulnerability has been reported in 'dwnld.php' due to insufficient sanitization of the 'pg' parameter, which could let a remote malicious user overwrite arbitrary files. Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit script, GuppY-rmt-DoS-expl.php, has been published. | GuppY Remote Directory Traversal | KAPDA::#33 Advisory , March 10, 2006 | |
Crypt::CBC 2.16 & prior | A vulnerability has been reported due to a flaw in its creation of IVs (Initialization Vectors) for ciphers with a blocksize larger than 8 when the RandonIV-style header is used, which could let a remote malicious user bypass security restrictions. Currently we are not aware of any exploits for this vulnerability. | Lincoln D. Stein Crypt::CBC Perl Module Weak Ciphertext Security Bypass | 1.3 | Secunia Advisory: SA18755, February 27, 2006 Debian Security Advisory, |
Metamail 2.7 | A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. Note: According to Security Tracker this is a Linux/Unix vulnerability. Previously classified as multiple operating systems. A Proof of Concept exploit has been published. | Metamail Remote Buffer Overflow | 7 | Security Focus, Bugtraq ID: 16611, February 13, 2006 RedHat Security Advisory, RHSA-2006:0217-4, February 21, 2006 Mandriva Security Advisory, MDKSA-2006:047, February 22, 2006 SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006 Debian Security Advisory, |
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2; | Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read Currently we are not aware of any exploits for these vulnerabilities. | Xpdf Buffer Overflows | iDefense Security Advisory, December 5, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005 KDE Security Advisory, advisory-20051207-1, December 7, 2005 SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005 Ubuntu Security Notice, USN-227-1, December 12, 2005 Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005 RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005 Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006 Debian Security Advisory, Debian Security Advisory, DSA-937-1, January 12, 2006 Debian Security Advisory, DSA 938-1, January 12, 2006 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006 RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006 SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006 SGI Security Advisory, 20051201-01-U, January 20, 2006 Debian Security Advisory, DSA-950-1, January 23, 2006 Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006 Debian Security Advisories, Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006 Gentoo Linux Security Advisory, GLSA 200603-02, March 4, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 | |
Linux kernel 2.6- 2.6.14 | A Denial of Service vulnerability has been reported in 'net/ipv6/udp.c' due to an infinite loop error in the 'udp_v6_get_port()' function. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IPV6 Denial of Service | Secunia Advisory: SA17261, October 21, 2005 Fedora Update Notifications, Security Focus, Bugtraq ID: 15156, October 31, 2005 Ubuntu Security Notice, USN-219-1, November 22, 2005 SUSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 SmoothWall Advisory, March 15, 2006 | |
Fast Lexical Analyzer Generator (Flex) prior to 2.5.33 | A buffer overflow vulnerability has been reported in 'flex.skl' due to a boundary error, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Flex Buffer Overflow | Not Available | Secunia Advisory: SA19071, March 8, 2006 Ubuntu Security Notice, USN-260-1, March 06, 2006 Gentoo Linux Security Advisory, GLSA 200603-07, March 7, 2006 |
KDE kword 1.4.2, kpdf 3.4.3, 3.2, KOffice 1.4-1.4.2, kdegraphics 3.4.3, 3.2; | Multiple buffer and integer overflows have been reported, which could let a remote malicious user execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability. | KPdf & KWord Multiple Unspecified Buffer & Integer Overflow CVE-2005-3624
| Not Available | Gentoo Linux Security Advisory GLSA 200601-02, January 5, 2006 Ubuntu Security Notice, USN-236-1, January 05, 2006 Fedora Update Notifications, Mandriva Linux Security Advisories MDKSA-2006:003-003-006 & 008, January 6 & 7, 2006 Ubuntu Security Notice, USN-236-2, January 09, 2006 Debian Security Advisory DSA 931-1, January 9, 2006 Debian Security Advisory, SUSE Security Announcement, SUSE-SA:2006:001, January 11, 2006 RedHat Security Advisories, RHSA-2006:0163-2 & RHSA-2006:0177-5, January 11, 2006 Fedora Update Notifications, Debian Security Advisories, DSA 937-1, 938-1, & 940-1, January 12 & 13, 2006 Trustix Secure Linux Security Advisory, 2006-0002, January 13, 2006 Mandriva Linux Security Advisory, MDKSA-2006:012, January 13, 2006 RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006 SGI Security Advisory, 20051201-01-U, January 20, 2006 Debian Security Advisory, DSA-950-1, January 23, 2006 Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006 Gentoo Linux Security Advisory, GLSA 200601-17, January 30, 2006 Debian Security Advisories, Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 |
Linux Kernel | A race condition vulnerability has been reported in ia32 emulation, that could let local malicious users obtain root privileges or create a buffer overflow. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Race Condition and Buffer Overflow | 5.6 | Security Focus, 14205, July 11, 2005 Trustix Secure Linux Security Advisory, SUSE Security Announce- RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Debian Security Advisory, DSA 921-1, December 14, 2005 SmoothWall Advisory, March 15, 2006 |
Linux kernel 2.2.x, 2.4.x, 2.6.x | A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges. An exploit script has been published. | Secunia Advisory, SA15341, May 12, 2005 Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005 Ubuntu Security Notice, USN-131-1, May 23, 2005 RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005 Avaya Security Advisory, ASA-2005-120, June 3, 2005 Trustix Secure Linux Bugfix Advisory, TSLSA-2005-0029, June 24, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:110 & 111, June 30 & July 1, 3005 Conectiva Linux Announcement, CLSA-2005:999, August 17, 2005 SmoothWall Advisory, March 15, 2006 | ||
Linux kernel 2.6-2.6.12, 2.4-2.4.31
| A remote Denial of Service vulnerability has been reported due to a design error in the kernel. The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Remote Denial of Service | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 SmoothWall Advisory, March 15, 2006 | |
Linux kernel 2.6-2.6.14, 2.5.0- 2.5.69, 2.4-2.4.32, 2.3, 2.3.x, 2.3.99, pre1-pre7, 2.2-2.2.27, 2.1, 2.1 .x, 2.1.89, 2.0.28-2.0.39 | A vulnerability has been reported due to the way console keyboard mapping is handled, which could let a malicious user modify the console keymap to include scripted macro commands. There is no exploit code required; however, a Proof of Concept exploit has been published. | Linux Kernel Console Keymap Arbitrary Command Injection | Security Focus, Bugtraq ID: 15122, October 17, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 Fedora Update Notification, Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 SmoothWall Advisory, March 15, 2006 | |
Linux kernel 2.6-2.6.15 .4
| Multiple vulnerabilities have been reported: a Denial of Service vulnerability has been reported in the 'nfs_get_user_pages()' function due to insufficient checks on the return value; a Denial of Service vulnerability has been reported due to missing checks for bad elf entry addresses; and a Denial of Service vulnerability has been reported in the 'sys_mbind()' function due to insufficient sanity checks. There is no exploit code required. | Linux Kernel Local Denials of Service | Secunia Advisory: SA19083, March 2, 2006 Ubuntu Security Notice, USN-263-1 March 13, 2006 | |
Linux kernel 2.6-2.6.16 -rc1, 2.4.27 | A vulnerability has been reported due to an implementation flaw of a zero IP ID information disclosure countermeasure, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IP ID Information Disclosure | Not Available | Security Focus, Bugtraq ID: 17109, March 14, 2006 |
MandrakeSoft Multi Network Firewall 2.0, Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2, Corporate Server 3.0 x86_64, 3.0; | A buffer overflow vulnerability has been reported due to insufficient validation of user-supplied NTLM user name data, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor WGet/Curl NTLM Username Buffer Overflow | Security Tracker Alert ID: 1015056, October 13, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:182 & 183, October 13, 200 Ubuntu Security Notice, USN-205-1, October 14, 2005 Fedora Update Notifications Fedora Update Notification, Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Gentoo Linux Security Advisory. GLSA 200510-19, October 22, 2005 RedHat Security Advisories, RHSA-2005:807-6 & RHSA-2005:812-5, November 2, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Slackware Security Advisory, SSA:2005-310-01, November 7, 2005 Debian Security Advisor, DSA 919-1, December 12, 2005 SCO Security Advisory, SCOSA-2006.10, March 14, 2006 | |
RedHat Enterprise Linux WS 4, WS 3, 2.1, IA64, ES 4, ES 3, 2.1, IA64, AS 4, AS 3, AS 2.1, IA64, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1, IA64; OpenSSL Project OpenSSL 0.9.3-0.9.8, 0.9.2 b, 0.9.1 c; FreeBSD 6.0 -STABLE, -RELEASE, 5.4 -RELENG, -RELEASE, 5.3 -STABLE, -RELENG, -RELEASE, 5.3, 5.2.1 -RELEASE, -RELENG, 5.2 -RELEASE, 5.2, 5.1 -RELENG, -RELEASE/Alpha, 5.1 -RELEASE-p5, -RELEASE, 5.1, 5.0 -RELENG, 5.0, 4.11 -STABLE, -RELENG, 4.10 -RELENG, -RELEASE, 4.10 | A vulnerability has been reported due to the implementation of the 'SSL_OP_MSIE_ SSLV2_RSA_PADDING' option that maintains compatibility with third party software, which could let a remote malicious user bypass security. Currently we are not aware of any exploits for this vulnerability. | Multiple Vendors OpenSSL Insecure Protocol Negotiation | OpenSSL Security Advisory, October 11, 2005 FreeBSD Security Advisory, FreeBSD-SA-05:21, October 11, 2005 RedHat Security Advisory, RHSA-2005:800-8, October 11, 2005 Mandriva Security Advisory, MDKSA-2005:179, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-11, October 12, 2005 Slackware Security Advisory, SSA:2005-286-01, October 13, 2005 Fedora Update Notifications, Sun(sm) Alert Notification Ubuntu Security Notice, USN-204-1, October 14, 2005 OpenPKG Security Advisory, OpenPKG-SA-2005.022, October 17, 2005 SUSE Security Announcement, SUSE-SA:2005:061, October 19, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 SGI Security Advisory, 20051003-01-U, October 26, 2005 Debian Security Advisory DSA 875-1, October 27, 2005 NetBSD Security Update, November 1, 2005 BlueCoat Systems Advisory, November 3, 2005 Debian Security Advisory, DSA 888-1, November 7, 2005 Astaro Security Linux Announcement, November 9, 2005 SCO Security Advisory, SCOSA-2005.48, November 15, 2005 IBM Documents Doc Number=2306, 2307, & 2312, December 15, 2005 Fedora Legacy Update Advisory, FLSA:166939, December 17, 2005 Cisco Security Notice, Document ID: 68324, December 19, 2005 Avaya Security Advisory, ASA-2006-031, January 30, 2006 SmoothWall Advisory, March 15, 2006 | |
RedHat Fedora Core4; Linux Kernel 2.6.x | A Denial of Service vulnerability has been reported in the 'die_if_kernel()' function because it is erroneously marked with a 'noreturn' attribute. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'die_if_kernel()' Potential Denial of Service | Security Focus, Bugtraq ID: 16993, March 5, 2006 Ubuntu Security Notice, USN-263-1 March 13, 2006 | |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A race condition vulnerability has been reported in the security key functionality, which could let a malicious user cause a Denial of Service and possibly obtain sensitive information.
Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Security Key Functions | Security Focus, Bugtraq ID: 17084, March 13, 2006 Ubuntu Security Notice, USN-263-1 March 13, 2006 | |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in the email date parsing functionality due to an error in the handling of dates. There is no exploit code required. | GNU Mailman Remote Denial of Service | Security Focus, Bugtraq ID: 16248, January 16, 2006 Ubuntu Security Notice, USN-242-1 January 16, 2006 Debian Security Advisory, DSA-955-1, January 25, 2006 RedHat Security Advisory, RHSA-2006:0204-10, March 7, 2006 Trustix Secure Linux Security Advisory #2006-0012, March 10, 2006 | |
PCRE 6.1, 6.0, 5.0 | A vulnerability has been reported in 'pcre_compile.c' due to an integer overflow, which could let a remote/local malicious user potentially execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | PCRE Regular Expression Heap Overflow | Secunia Advisory: SA16502, August 22, 2005 Ubuntu Security Notice, USN-173-1, August 23, 2005 Ubuntu Security Notices, USN-173-1 & 173-2, August 24, 2005 Fedora Update Notifications, Gentoo Linux Security Advisory, GLSA 200508-17, August 25, 2005 Mandriva Linux Security Update Advisories, MDKSA-2005:151-155, August 25, 26, & 29, 2005 SUSE Security Announcements, SUSE-SA:2005:048 & 049, August 30, 2005 Slackware Security Advisories, SSA:2005-242-01 & 242-02, August 31, 2005 Ubuntu Security Notices, USN-173-3, 173-4 August 30 & 31, 2005 Debian Security Advisory, DSA 800-1, September 2, 2005 SUSE Security Announcement, SUSE-SA:2005:051, September 5, 2005 Slackware Security Advisory, SSA:2005-251-04, September 9, 2005 Gentoo Linux Security Advisory, GLSA 200509-08, September 12, 2005 Conectiva Linux Announce- Gentoo Linux Security Advisory, GLSA 200509-12, September 19, 2005 Debian Security Advisory, DSA 817-1 & DSA 819-1, September 22 & 23, 2005 Gentoo Linux Security Advisory, GLSA 200509-19, September 27, 2005 Debian Security Advisory, DSA 821-1, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1013, September 27, 2005 Turbolinux Security Advisory, TLSA-2005-92, October 3, 2005 Avaya Security Advisory, ASA-2005-216, October 18, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 HP Security Bulletin, HPSBUX02074, November 16, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0062, November 22, 2005 Security Focus, Bugtraq ID: 14620, November 25, 2005 SCO Security Advisory, SCOSA-2006.10, March 14, 2006 | |
Zoo 2.10 | A buffer overflow vulnerability has been reported in the 'fullpath()' in 'misc.c' due to insufficient bounds checking, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | zoo Buffer Overflow | 3.9 | Security Tracker Alert ID: 1015668, February 23, 2006 SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006 Gentoo Linux Security Advisory, GLSA 200603-05, March 6, 2006 Debian Security Advisory, DSA 991-1, March 10, 2006 |
RedHat initscripts 7.93.24, Enterprise Linux WS 4, ES 4, AS 4m Desktop 4.0 | A vulnerability has been reported when the 'sbin/service' command is run due to an error when handling certain variables, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. | Red Hat Initscripts Elevated Privileges | Not Available | RedHat Security Advisory, RHSA-2006:0016-18, March 7, 2006 |
sa-exim 4.0-4.2 | A vulnerability has been reported in 'greylistclean.cron' when deleting files containing spaces in their filenames in the greylist cache directory, which could let a remote malicious user bypass security restrictions. Currently we are not aware of any exploits for this vulnerability. | sa-exim Security Restriction Bypass | Not Available | Security Focus, Bugtraq ID: 17110, March 14, 2006 |
Ubuntu Linux 5.10 powerpc, i386, amd64 | A vulnerability has been reported because user credentials are written to world-readable installation log files during installation, which could let a malicious user obtain sensitive information There is no exploit code required. | Ubuntu Linux Installation Password Disclosure | Ubuntu Security Notice, USN-262-1 March 12, 2006 |
Multiple Operating Systems - Windows/UNIX/Linux/Other | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
Flash Player 8.0.22.0 and prior, Breeze Meeting Add-In 5.1 and prior, Shockwave Player 10.1.0.11 and prior, Flash Debug Player 7.0.14.0 and prior | A vulnerability has been reported in Flash Player that could let remote malicious users execute arbitrary code. Currently we are not aware of any exploits for these vulnerabilities. | Flash Player Arbitrary Code Execution | 7 | Adobe, Security Bulletin APSB06-03, March 14, 2006 |
Apache | A vulnerability has been reported in Apache which can be exploited by remote malicious users to smuggle http requests. IBM has released fixes for Hardware Management Console addressing this issue. Users should contact IBM for further information. Currently we are not aware of any exploits for this vulnerability. | Apache HTTP Request Smuggling Vulnerability CVE-2005-1268 | Secunia, Advisory: SA14530, July 26, 2005 Conectiva, CLSA-2005:982, July 25, 2005 Fedora Update Notification Mandriva Linux Security Update Advisory, MDKSA-2005:129, August 3, 2005 Ubuntu Security Notice, USN-160-1, August 04, 2005 Turbolinux Security Advisory, TLSA-2005-81, August 9, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 SUSE Security Announcement, SUSE-SA:2005:046, August 16, 2005 Debian Security Advisory DSA 803-1, September 8, 2005 Ubuntu Security Notice, USN-160-2, September 07, 2005 SGI Security Advisory, 20050901-01-U, September 7, 2005 Security Focus, Bugtraq ID: 14106, September 21, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0059, October 21, 2005 Slackware Security Advisory, SSA:2005-310-04, November 7, 2005 HP Security Bulletin, HPSBUX02074, November 16, 2005 SmoothWall Advisory, March 15, 2006 | |
libapreq2 2.0.6 | A remote Denial of Service vulnerability has been reported due to errors in the 'apreq_parse_headers()' and 'apreq_parse_urlencoded()' functions. Currently we are not aware of any exploits for this vulnerability. | Apache Libapreq2 Remote Denial of Service | 2.3 | Security Focus, Bugtraq ID: 16710, February 17, 2006 Debian Security Advisory, |
QuickTime Player 7.0.4, 7.0.3, iTunes 6.0.2, 6.0.1 | An integer overflow and heap-based buffer overflow vulnerability have been reported in Apple QuickTime and iTunes, which could let a remote malicious user execute arbitrary code.
No workaround or patch available at time of publishing. There is no exploit code required. | Apple QuickTime/iTunes Integer & Heap Overflow | Not Available | Security Focus, Bugtraq ID: 17074, March 11, 2006 |
vCard 2.9, 2.8 | Cross-Site Scripting vulnerabilities have been reported in 'create.php' due to insufficient sanitization of the 'card_id,' 'uploaded,' 'card_fontsize,' and 'card_color' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | vCard Cross-Site Scripting | 2.3 | Security Focus, Bugtraq ID: 17073, March 11, 2006 |
Enet Jun.2005, Jul.2005 | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the 'enet_protocol_handle_ No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, enet_exploit.c, has been published. | ENet Remote Denials of Service | Secunia Advisory: SA19208, March 13, 2006 | |
BomberClone prior to 0.11.6.2; Gentoo Linux | A buffer overflow vulnerability has been reported due to a boundary error when processing error messages, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | BomberClone Error Messages Buffer Overflow | 7 | Security Focus, Bugtraq ID: 16697, February 17, 2006 Gentoo Linux Security Advisory, GLSA 200602-09, February 16, 2006 Debian Security Advisory, |
CoreNews 2.0.1 | A vulnerability has been reported in 'index.php' which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited via a web client; however, a Proof of Concept exploit has been published. | Core News Remote Code Execution | 7 | Security Focus, Bugtraq ID: 17067, March 10, 2006 |
D2KBlog 1.0.3 & prior | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of the 'memName' cookie parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a script insertion vulnerability was reported due to insufficient sanitization of the 'msg' parameter when signing the guestbook before using, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited with a web client.; however, a Proof of Concept exploit script, d2kblog-sql-inj.pl, has been published. | D2KBlog Script Insertion & SQL Injection | 10 10 | KAPDA::#32 Advisory, March 1, 2006 |
DCP-Portal 6.1.1, 6.1, 6.0, 5.3-5.3.2, 5.2, 5.1, 5.0.2, 5.0.1, 4.5.1, 4.2, 4.1, 4.0, 3.7 | Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published. | DCP Portal Multiple Cross-Site Scripting | 1.9 | Technical University of Vienna Security Advisory TUVSA-0603-001, March 9, 2006 |
Drupal prior to 4.5.8 & 4.6.6 | Multiple vulnerabilities have been reported: a vulnerability was reported when using 'menu.module' to create a menu item, which could let a remote malicious user bypass security restrictions; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported when handling sessions during login due to an error, which could let a remote malicious user hijack another user's session; and a vulnerability was reported due to insufficient sanitization of unspecified input before using in mail headers, which could let a remote malicious user inject arbitrary headers in outgoing mails. Vulnerabilities can be exploited through a web client. | Drupal Multiple Vulnerabilities | Secunia Advisory: SA19245, March 14, 2006 | |
DSCounter 1.2 | An SQL injection vulnerability has been reported in the 'index.php' script due to insufficient validation of the 'X-Forwarded-For' HTTP header parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | DSCounter SQL Injection | 5.6 | Security Tracker Alert ID: 1015756, March 13, 2006 |
DSNewsletter 1.1 | An SQL injection vulnerability has been reported due to insufficient sanitization of the 'email' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | DSNewsletter SQL Injection | 7 | Security Tracker Alert ID: 1015757, March 13, 2006 |
DSPoll 1.1
| An SQL injection vulnerability has been reported in the 'pollid' parameter due to insufficient sanitization before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | DSPoll SQL Injection | Security Tracker Alert ID: 1015758, March 13, 2006 | |
DSDownload 1.0 | SQL injection vulnerabilities have been reported in 'downloads.php' due to insufficient sanitization of the 'category' parameter and in 'search.php' due to insufficient sanitization of the 'key' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | DSDownload Multiple SQL Injection | Security Tracker Alert ID: 1015755, March 13, 2006 | |
Ethereal 0.10-0.10.13, 0.9-0.9.16, 0.8.19, 0.8.18, 0.8.13-0.8.15, 0.8.5, 0.8, 0.7.7 | A buffer overflow vulnerability has been reported in the 'dissect_ospf_ v3_address_ Currently we are not aware of any exploits for this vulnerability. | iDefense Security Advisory, December 9, 2005 Debian Security Advisory DSA 920-1, December 13, 2005 Gentoo Linux Security Advisory, GLSA 200512-06, December 14, 2005 Mandriva Linux Security Advisory MDKSA-2005:227, December 15, 2005 Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006 Fedora Update Notification RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006 Avaya Security Advisory, ASA-2006-046, February 13, 2006 SUSE Security Summary Report, SUSE-SR:2006:004, February 24, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 | ||
Ethereal 0.9.1-0.10.13. | A remote Denial of Service vulnerability has been reported in the IRC and GTP dissectors when a malicious user submits a specially crafted packet. Currently we are not aware of any exploits for this vulnerability. | Ethereal IRC & GTP Dissectors Remote Denial of Service | Ethereal Security Advisory, enpa-sa-00022, December 27, 2005 Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006 RedHat Security Advisory, RHSA-2006:0156-6, January 11, 2006 Avaya Security Advisory, ASA-2006-046, February 13, 2006 SUSE Security Summary Report, SUSE-SR:2006:004, February 24, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 | |
FFmpeg 0.4.9 -pre1, 0.4.6-0.4.8, FFmpeg CVS | A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec due to a boundary error, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | FFmpeg Remote Buffer Overflow | Secunia Advisory: SA17892, December 6, 2005 Ubuntu Security Notice, USN-230-1, December 14, 2005 Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005 Ubuntu Security Notice, USN-230-2, December 16, 2005 Gentoo Linux Security Advisory, GLSA 200602-01, February 5, 2006 Gentoo Linux Security Advisory, GLSA 200603-03, March 4, 2006 Debian Security Advisory, | |
AntiVir Personal Edition Classic 7 | A vulnerability has been in 'notepad' because the application is run with SYSTEM privileges when clicking on the 'Report' button after an update is completed, which could let a malicious user obtain elevated privileges. No workaround or patch available at time of publishing. There is no exploit code required. | AntiVir Update Report Elevated Privileges | Not Available | Secunia Advisory: SA19217, March 13, 2006 |
Gallery 2.0.3 & prior | A file include vulnerability has been reported in 'upgrade/index.php' and 'install/index.php' due to insufficient verification of the 'stepOrder[]' parameter before using to include files, which could let a remote malicious user include arbitrary files and execute arbitrary PHP code. No workaround or patch available at time of publishing. A Proof of Concept exploit script, gallery_stepOrder_ | Gallery File Include | 2.3 | Secunia Advisory: SA19175 , March 9, 2006 |
GGZ Gaming Zone 0.0.12 & prior | A remote Denial of Service vulnerability has been reported due to an error in the client when handling malformed XML data. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, ggzcdos.c, has been published. | GGZ Gaming Remote Denial of Service | Not Available | Secunia Advisory: SA19212, March 13, 2006 |
Dwarf HTTP Server 1.3.2
| Several vulnerabilities have been reported: a vulnerability was reported due to a validation error in the filename extension supplied by the user in the URL, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to the URL before returning to the user in an error message, which could let a remote malicious user execute arbitrary HTML and script code. Currently we are not aware of any exploits for these vulnerabilities. | Dwarf HTTP Server Information Disclosure & Cross-Site Scripting | 3.3 2.3 | Secunia Advisory: SA18962, March 13, 2006 |
Tivoli Lightweight Client Framework 3.7.1 | A vulnerability has been reported in the HTTP interface of Tivoli LCF (Lightweight Client Framework), which could let a remote malicious user obtain sensitive information.
Currently we are not aware of any exploits for this vulnerability. | IBM Tivoli Lightweight Client Framework Information Disclosure | Not Available | Security Focus, Bugtraq ID: 17085, March 13, 2006 |
textfileBB 1.0 | A Cross-Site Scripting vulnerability has been reported in 'messanger.php' due to insufficient sanitization of the 'mess' and 'user' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Jcink TextfileBB Cross-Site Scripting | 2.3 | Security Tracker Alert ID: 1015744 , March 9, 2006 |
Jupiter CMS 1.1.5, 1.1.4 | An HTML injection vulnerability has been reported in the 'image' BBcode due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through use of a web client; however, exploit details, JupiterCMS.txt, have been published. | Jupiter CMS BBCode HTML Injection | 2.3 | Security Focus, Bugtraq ID: 17072, March 11, 2006 |
Light Weight Calendar 1.0 | A vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, lwc_rce_index.php.pl, has been published. | Light Weight Calendar Remote Command Execution | Not Available | Security Focus, Bugtraq ID: 17059, March 9, 2006 |
Listserv 14.4, 14.3 | Multiple unspecified vulnerabilities have been reported which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for these vulnerabilities. | L-Soft Listserv Multiple Unspecified Vulnerabilities | NGSSoftware Insight Security Research Advisory , March 4, 2006 | |
Lurker 2.0 & prior | Multiple vulnerabilities have been reported: an input validation vulnerability was reported in 'lurker.cgi,' which could let a remote malicious user obtain sensitive information; a vulnerability was reported due to an unspecified error which could let a remote malicious user create or overwrite arbitrary files in any directory called 'mbox;' and a vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
Vulnerabilities can be exploited through use of a web client. | Lurker Multiple Vulnerabilities | Secunia Advisory: SA19136, March 6, 2006 Debian Security Advisory, | |
manas tungare Site Membership Script 0 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'login.asp' and 'default.asp' due to insufficient sanitization of the 'Error' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'login.asp' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Vulnerabilities can be exploited through use of a web client. | manas tungare Site Membership Script Cross-Site Scripting & SQL Injection | 2.3 2.3 | Secunia Advisory: SA19156, March 9, 2006 |
WMNews 0 | Cross-Site Scripting vulnerabilities has been reported in 'vmview.php' due to insufficient sanitization of the 'ArtCat' parameter, in 'foot.php' due to insufficient sanitization the 'ctrrowcol' parameter and in 'wmcomments.php' due to insufficient sanitization of the 'ArtID' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | WMNews Multiple Cross-Site Scripting | 2.3 | Secunia Advisory: SA19204, March 13, 2006 |
Firefox 1.5, Netscape Browser 8.0.4; Netscape Browser 8.0.4 | A remote Denial of Service vulnerability has been reported when handling large history information. Note: The vendor disputes this claim. A Proof of Concept exploit script has been published. | Mozilla History File Remote Denial of Service | Secunia Advisory: SA17934, December 8, 2005 Security Focus, Bugtraq ID: 15773, January 27, 2006 Mozilla Foundation Security Advisory 2006-03, February 1, 2006 RedHat Security Advisories, RHSA-2006-0199 & RHSA-2006:0200-8, February 2, 2006 RedHat Fedora Security Advisories, FEDORA-2006-075 & FEDORA-2006-076, February 3, 2006 Mandriva Security Advisories, MDKSA-2006:036 & MDKSA-2006:037, February 7, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 | |
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0, 10.2 x86_64, 10.2; | A vulnerability has been reported in Ethereal IRC Protocol Dissector, that could let remote malicious users cause a Denial of Service. Currently we are not aware of any exploits for this vulnerability. | Ethereal Denial of Service | 3.3 | Mandriva Linux Security Advisory, MDKSA-2005:193-1, October 26, 2005 Gentoo Linux Security Advisor, GLSA 200510-25, October 30, 2005 SUSE Security Summary Report, SUSE-SR:2005:025, November 4, 2005 Conectiva Security Announcement, CLSA-2005:1043, November 8, 2005 Mandriva Linux Security Advisory MDKSA-2006:002, January 3, 2006 Avaya Security Advisory, ASA-2006-046, February 13, 2006 SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 |
Mozilla Browser 0.8-0.9.9, 0.9.35, 0.9.48, 1.0-1.7.12, Thunderbird 0.x, 1.x, Firefox 0.x, 1.x; SeaMonkey 1.0; RedHat Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1 | Multiple vulnerabilities have been reported: vulnerabilities were reported because temporary variables that are not properly protected are used in the JavaScript engine's garbage collection, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported because a remote malicious user can create HTML that will dynamically change the style of an element from position:relative to position:static; a vulnerability was reported because a remote malicious user can create HTML that invokes the QueryInterface() method of the built-in Location and Navigator objects; a vulnerability was reported in the 'XULDocument.persist()' function due to improper validation of the user-supplied attribute name, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability was reported in the 'E4X,' 'SVG,' and 'Canvas' features, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the XML parser because data can be read from locations beyond the end of the buffer, which could lead to a Denial of Service; and a vulnerability was reported because the 'E4X' implementation's internal 'AnyName' object is incorrectly available to web content, which could let a remote malicious user bypass same-origin restrictions.
There is no exploit code required for some of these vulnerabilities; however, an exploit, firefox_queryinterface.pm, has been published. | Multiple Mozilla Products Vulnerabilities CVE-2006-0292 | Mozilla Foundation Security Advisories 2006-01-2006-08, February 1, 2006 RedHat Security Advisories, RHSA-2006:0199-10 & RHSA-2006:0200-8, February 2, 2006 Fedora Security Advisories, FEDORA-2006-075 & FEDORA-2006-076, February 2, 2006 Mandriva Security Advisories, MDKSA-2006:036 & MDKSA-2006:037, February 7, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 | |
myBloggie 2.1.3 Beta, 2.1.3, 2.1.2 | Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published. | MyBloggie Multiple Cross-Site Scripting | 2.3 | Technical University of Vienna Security Advisory TUVSA-0603-002, March 9, 2006 |
Nodez 4.6.1.1 & prior
| Several vulnerabilities have been reported: a file include vulnerability was reported due to insufficient verification of the 'op' parameter, which could let a remote malicious user execute arbitrary PHP code; and a Cross-Site Scripting vulnerability was reported in the 'op' parameter due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published. | Nodez File Inclusion & Cross-Site Scripting | 5.6 7 | Security Tracker Alert ID: 1015747, March 10, 2006 |
Zeroboard 4.1 pl 7 released 2005-04-04 & prior | Multiple HTML injection vulnerabilities have been reported due to insufficient sanitization of the memo subject, user email address, and the user homepage field before saving, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerabilities can be exploited through use of a web client. | Zeroboard Multiple HTML Injection | Secunia Advisory: SA19214, March 13, 2006 | |
PeerCast prior to 0.1217 | A buffer overflow vulnerability has been reported when handling parameters received in an URL due to a boundary error, which could let a remote malicious user execute arbitrary code. A Proof of Concept exploit script, prdelka-vs-GNU-peercast.c, has been published. | Peercast.org PeerCast Remote Buffer Overflow | 7 | Security Focus, Bugtraq ID: 17040, March 9, 2006 |
PHP 5.1.1, 5.1 | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient of the session ID in the session extension before returning to the user, which could let a remote malicious user inject arbitrary HTTP headers; a format string vulnerability was reported in the 'mysqli' extension when processing error messages, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insufficient sanitization of unspecified input that is passed under certain error conditions, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. | Multiple PHP Vulnerabilities | 2.3
| Secunia Advisory: SA18431, January 13, 2006 Mandriva Security Advisory, MDKSA-2006:028, February 1, 2006 Ubuntu Security Notice, USN-261-1, March 10, 2006 |
QwikiWiki 1.5, 1.4 | Cross-Site Scripting vulnerabilities have been reported in 'index.php,' 'login.php,' 'pageindex.php,' and 'recentchanges.php' due to insufficient sanitization of user-supplied input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published. | QwikiWiki Multiple Cross-Site Scripting | 2.3 | Secunia Advisory: SA19182, March 10, 2006 |
RedBLoG 0.5 | An SQL injection vulnerability has been reported in 'rss.php' due to insufficient sanitization of the 'cat_id' parameter before using in SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, redblog-05-exploit.php, has been published. | Redblog SQL Injection | 7 | Security Focus, Bugtraq ID: 17041, March 9, 2006 |
Sauerbraten 2006_02_28, | Multiple vulnerabilities have been reported including a buffer overflow vulnerability and several Denials of Service, which could let a remote malicious user execute arbitrary machine code or crash both clients and servers. Exploit scripts, sauerburn.zip and evilcube.c, have been published. | Sauerbraten Multiple Remote Vulnerabilities | Security Focus, Bugtraq ID: 16986, March 6, 2006 Gentoo Linux Security Advisory, GLSA 200603-10, March 13, 2006 | |
sBlog 0.7.2 | Multiple vulnerabilities have been reported: a vulnerability was reported in 'search.php' due to insufficient sanitization of the 'keyword' parameter in an HTTP POST request, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported due to insufficient sanitization of the 'username' form field when posting a comment, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerabilities may be triggered through the use of a web browser application; however, Proof of Concept exploits have been published. | sBlog Multiple Vulnerabilities | 2.3 | Secunia Advisory: SA19151, March 8, 2006 |
Simple PHP Blog 0.4.7.1 & prior | A file include vulnerability has been reported in 'install05.php,' which could let a malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit script, simple_php_ | Simple PHP Blog File Include | Not Available | Security Focus, Bugtraq ID: 17102, March 14, 2006 |
SquirrelMail 1.4.5 & prior | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'webmail.php' due to insufficient sanitization of the 'right_main' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of input passed to comments in styles before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in the 'sqimap_mailbox_select mailbox' parameter due to insufficient sanitization before using in an IMAP query, which could let a remote malicious user inject arbitrary IMAP commands. The vulnerabilities have been fixed in the CVS repository and fixes will be included in the upcoming 1.4.6 version. There is no exploit code required. | SquirrelMail Multiple Cross-Site Scripting & IMAP Injection | 2.3 2.3 2.3
| Secunia Advisory: SA18985, February 22, 2006 Mandriva Linux Security Advisory, MDKSA-2006:049, February 27, 2006 Fedora Update Notification, SUSE Security Summary Report, SUSE-SR:2006:005, March 3, 2006 Debian Security Advisory Gentoo Linux Security Advisory, GLSA 200603-09, March 12, 2006 |
txtForum 1.0.4 -dev, 1.0.3 -dev | Multiple Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through use of a web client; however, Proof of Concept exploits have been published. | txtForum Multiple Cross-Site Scripting | 2.3 | Technical University of Vienna Security Advisory TUVSA-0603-003, March 9, 2006 |
txtForum 1.0.4 -dev & prior | A vulnerability has been reported in 'common.php' which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing. Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published. | txtForum Remote PHP Code Execution | 7 | Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 |
unalz 0.53 | A Directory Traversal vulnerability has been reported due to an input validation error when extracting an ALZ archive, which could let a remote malicious user obtain sensitive information. There is no exploit code required. | unalz Directory Traversal | Secunia Advisory: SA19063, March 13, 2006 | |
UnrealIRCd 3.2-3.2.3, 3.1.3, 3.1.1 | A remote Denial of Service vulnerability has been reported when handling the TKL command due to an error. A Proof of Concept exploit script, UnrealIRCd-TKL-expl.pl, has been published. | UnrealIRCd Remote Denial of Service | 2.3 | Secunia Advisory: SA19188, March 10, 2006 |
@1 File Store 2006.3.7 | Several vulnerabilities have been reported: an HTML injection vulnerability was reported in 'signup.php' due to insufficient sanitization of the 'real_name,' 'email,' and 'login' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'password.php' due to insufficient sanitization of the 'email' parameter and in various scripts due to insufficient sanitization of the 'id' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through use of a web client. | @1 File Store HTML Injection & SQL Injection | Not Available | Security Focus, Bugtraq ID: 17090, March 14, 2006 |
Vegas Forum 1.0 | An SQL injection vulnerability has been reported in 'forumlib.php' due to insufficient sanitization, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Vegas Forum SQL Injection | 7 | Security Focus, Bugtraq ID: 17079, March 13, 2006 |
ADP Forum 2.0.3 & prior | An HTML injection vulnerability has been reported due to insufficient sanitization of the subject field, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited with a web browser; however, a Proof of Concept exploit has been published. | ADP Forum HTML Injection | 2.3 | Security Focus, Bugtraq ID: 17047, March 9, 2006 |
Libwww 5.4 | Multiple unspecified vulnerabilities have been reported including a buffer overflow and vulnerabilities related to the handling of multipart/byteranges content. The impact was not specified.
Currently we are not aware of any exploits for these vulnerabilities. | W3C Libwww Multiple Unspecified Vulnerabilities | Fedora Update Notifications, Mandriva Linux Security Advisory, MDKSA-2005:210, November 10, 2005 Ubuntu Security Notice, USN-220-1, December 01, 2005 SCO Security Advisory, SCOSA-2006.10, March 14, 2006 | |
Web | Several vulnerabilities have been reported: SQL injection vulnerabilities were reported due to insufficient sanitization of 'export_handler.php,' 'activity_log.php,' 'admin_handler.php,' and 'edit_template.php' before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported in 'export_handler.php' due to insufficient verification of the 'id' and 'format' parameters before used to save data files, which could let a remote malicious user overwrite saved data files. There is no exploit code required. | WebCalendar SQL Injection & File Overwrite | Secunia Advisory: SA17784, November 29, 2005 Security Focus, Bugtraq ID: 15606, December 1, 2005 Debian Security Advisory, | |
WebCalendar 1.0.1 | An HTTP response splitting vulnerability has been reported in 'Layers_Toggle.php' due to insufficient sanitization, which could let a remote malicious user influence or misrepresent how Web content is served, cached or interpreted. There is no exploit code required; however, a Proof of Concept exploit has been published. | WebCalendar HTTP Response Splitting | Not Available | Security Focus, 15673, December 1, 2005 Debian Security Advisory, |
Xpdf 3.01 | A heap-based buffer overflow vulnerability has been reported when handling PDF splash images with overly large dimensions, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Xpdf PDF Splash Remote Buffer Overflow | Secunia Advisory: SA18677, February 1, 2006 Gentoo Linux Security Advisories, GLSA 200602-04 & GLSA 200602-05, February 12, 2006 Fedora Update Notifications, RedHat Security Advisories, RHSA-2006:0201-3 & RHSA-2006:0206-3, February 13, 2006 Ubuntu Security Notice, USN-249-1, February 13, 2006 Debian Security Advisories, Slackware Security Advisories, SSA:2006-045-04& SSA:2006-045-09, February 14, 2006 Gentoo Linux Security Advisory, GLSA 200602-12, February 21, 2006 Debian Security Advisory, | |
Zoph 0.x | SQL injection vulnerabilities have been reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. The vulnerabilities have been fixed in version 0.5pre1. There is no exploit code required. | Zoph SQL Injection | Secunia Advisory: SA18563, January 23, 2006 Debian Security Advisory, DSA 989-1, March 9, 2006 |
Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code
that has been identified during the current reporting period.
- hcidump Bluetooth L2CAP Remote Denial of Service: Debian has released an update for the Denial of Service vulnerability in the L2CAP (Logical Link Control and Adaptation Layer Protocol) layer.
- Metro Wi-Fi Networks To Grow 8,400% By 2010:According to a report from ABI Research, by 2010 municipal Wi-Fi networks will cover 126,000 square miles (over 325,000 square km) worldwide. This is an increase from about 1,500 square miles in 2005 (3885 square kilometers). ABI says the growth of municipal Wi-Fi is being driven by several trends, including use of the wireless networks for public safety and increased efficiency.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
- Virus names likely a lost cause: In early February, antivirus firms warned customers about a computer virus programmed to delete files on the third of each month, but almost every company called the program by a different name. While this episode highlighted the continuing issues for the average Internet user, the incident became the first success for an effort to create a single identifier among responders for common threats. While consumers may have wondered about which threat to be worried about, incident response teams and information-technology managers had a single name for the attack, CME-24. The designation comes from the Common Malware Enumeration (CME) Project, an initiative spearheaded by federal contractor MITRE Corp. The project does not intend to solve the naming problem for consumers, but to provide a neutral common identifier that incident responders can use.
- Americans Want Banks To Spy On Their Accounts: According to a survey conducted by RSA Security, nine out of ten Americans want their banks to monitor their online accounts for signs of suspicious behavior. The poll also found that although consumers aren't seeing a rise in the number of phishing e-mails, they are increasingly wary of all electronic communiqués from their banks. According to telephone survey, 79 percent said that they were less likely to respond to e-mail from their bank because of worry over phishing scams; that's up nine points from 2004.
- The Tracks We Leave Behind: Web searches are not very private. They leave behind footprints in server logs that record their activities. The logs show the IP address of a user's computer, the date and time a visitor clicked on a Web page, the user's PC operating system and browser, and the referring URL that brought them to a site. An IP address can, with a reasonable degree of accuracy, be used to identify a user's location, through a geolocation service or an Internet service provider. When compelled by law or sometimes merely at the request of legal authorities, ISPs will identify their subscribers.
- Clever Phishers Dodge Spoofed Site Shutdowns: A new technique is being used by fraudsters in order to keep their spoofed Web sites up and running. According to RSA Security's Naftali Bennett, the senior vice president of its Cyota anti-fraud division, some phishers have started using a tactic called "smart site redirection" to stay a step ahead of the law.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank Common Name Type of Code face="Arial, Helvetica, sans-serif">Trend Date face="Arial, Helvetica, sans-serif">Description1 Netsky-P Win32 Worm StableMarch 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. 2 Zafi-B Win32 Worm StableJune 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. 3 Lovgate.w Win32 Worm StableApril 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. 4 Mytob-GH Win32 Worm StableNovember 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. 5 Netsky-D Win32 Worm StableMarch 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. 6 Mytob-AS Win32 Worm StableJune 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. 7 Sober-Z Win32 Worm StableDecember 2005 This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security. 8 Mytob.C Win32 Worm StableMarch 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. 9 Zafi-D Win32 Worm StableDecember 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. 10 Mytob-BE Win32 Worm StableJune 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. Table updated March 13, 2006
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.