Summary of Security Items from April 20 through April 26, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only Common Name
ampleShop 2.1 Multiple vulnerabilities have been reported in ampleShop that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required.
ampleShop SQL Injection
Not Available Secunia, Advisory: SA19806, April 25, 2006 Bloggage Multiple vulnerabilities have been reported in Bloggage, 'check_login.asp', that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
There is no exploit code required.
Bloggage SQL Injection
7.0 Secunia, Advisory: SA19751, April 21, 2006 StorageWorks Secure Path for Windows 4.0C-SP2
A vulnerability has been reported in StorageWorks Secure Path for Windows that could let remote malicious users cause a Denial of Service.
Currently we are not aware of any exploits for this vulnerability.
HP StorageWorks Secure Path for Windows Denial Of Service Not Available Security Tracker, Alert ID: 1015969, April 20, 2006 iOpus Secure Email Attachments A vulnerability has been reported in iOpus Secure Email Attachments, insecure encryption, that could let remote malicious users disclose encrypted information.
No workaround or patch available at time of publishing.
There is no exploit code required.
iOpus Secure Email Attachments Information Disclosure
Not Available Security Tracker, Alert ID: 1015980, April 24, 2006 IZArc 3.5 beta 3
Multiple input validation vulnerabilities have been reported in IZArc that could let remote malicious users traverse directories.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
IZArc Directory Traversal
2.3 Secunia, Advisory: SA19791, April 24, 2006 Internet Explorer 6.0 SP2
A vulnerability has been reported in Internet Explorer, 'object' tag memory corruption, that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Microsoft Internet Explorer Arbitrary Code Execution
8.0 Secunia, Advisory: SA19762, April 22, 2006 Outlook Express
A vulnerability has been reported in Outlook Express that could let remote malicious users execute arbitrary code.
Microsoft
V1.2: Revised due to issues discovered with the security update.Currently we are not aware of any exploits for this vulnerability.
Microsoft Outlook Express Arbitrary Code Execution
5.6 Microsoft, Security Bulletin MS06-016, April 11, 2006
Microsoft, Security Bulletin MS06-016 V1.2, April 26, 2006
Windows Explorer
A vulnerability has been reported in Windows Explorer, COM Object handling, that could let remote malicious users execute arbitrary code.
Microsoft
V2.0: Revised to inform customers that revised versions of the security update are available.Currently we are not aware of any exploits for this vulnerability.
Microsoft Windows Explorer Arbitrary Code Execution
5.6 Microsoft, Security Bulletin MS06-015, April 11, 2006
Microsoft, Security Bulletin MS06-015 V2.0, April 25, 2006
Quick 'n Easy FTP Server 1.60 through 1.71, 3.0
A buffer overflow vulnerability has been reported in Quick 'n Easy FTP Server that could let remote malicious users execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Quick 'n Easy FTP Server Arbitrary Code Execution
Not Available Security Focus, ID: 17681, April 24, 2006 Skulltag 0.96f A vulnerability has been reported in Skulltag that could let remote malicious users cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit, skulltagfs.zip, has been published.
Skulltag Denial of Service or Arbitrary Code Execution
2.3 Secunia, Advisory: SA19767, April 24, 2006 TFTP Server 5.0.55, 5.0.60, 8.1
An input validation vulnerability has been reported in TFTP Server that could let remote malicious users traverse directories.
There is no exploit code required.
SolarWinds TFTP Server Directory Traversal Vulnerability
2.3 Security Focus, ID: 17648, April 21, 2006 Squeez 5.10 Build 4460, SpeedCommander 10.52 build 4450, SpeedCommander 11.01 build 4450
A buffer overflow vulnerability has been reported in SpeedProject products, ACE archive handling, that could let remote malicious users execute arbitrary code execution.
There is no exploit code required.
SpeedProject Multiple Arbitrary Code Execution Not Available Secunia, Advisory: SA19473, April 26, 2006 Pylon Anywhere 5.5.4, 6.2.1, 6.3.2, 6.4.2, 6.4.9
A vulnerability has been reported in Pylon Anywhere that could let remote malicious uses disclose information.
Currently we are not aware of any exploits for this vulnerability.
Sybase Pylon Anywhere Information Disclosure
1.6 Security Focus, ID: 17677, April 24, 2006 Winny 2.0 b5.7, 2.0 b7.1 A heap overflow vulnerability has been reported in Winny that could let remote malicious users to execute arbitrary code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Winny Arbitrary Code Execution
7.0 Security Focus, ID: 17666, April 24, 2006
| UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
Fenice 1.10 | Several vulnerabilities have been reported: a buffer overflow vulnerability was reported when parsing an RTSP URL received from a client due to a boundary error, which could let a remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported due to an input validation error when handling the Content-Length HTTP header received from a client. No workaround or patch available at time of publishing. Proof of Concept exploits and an exploit script, fenice.c, have been published. | Fenice Remote Buffer Overflow & Denial of Service | 7.0 2.3 | Security Focus, Bugtraq ID: 17678, April 24, 2006 |
4images 1.7 | A Cross-Site Scripting vulnerability has been reported in 'register.php' ' due to insufficient sanitization of the 'user_name' parameter before using, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | 4homepages 4images Cross-Site Scripting | Secunia Advisory: SA19745, April 21, 2006 | |
Safari 2.0-2.0.3, Mac OS X Server 10.4-10.4.6, 10.3-10.3.9, OS X 10.4-10.4.6, 10.3-10.3.9 | Multiple vulnerabilities have been reported which could let a remote malicious user cause a Denial of Service or execute arbitrary code: a vulnerability was reported in the 'BOMStackPop()' function in the 'BOMArchiveHelper' when decompressing malformed ZIP archives, a vulnerability was reported in the 'KWQListlteratorImpl(),' 'drawText(),' and 'objc_msgSend_rtp()' functions in Safari when processing malformed HTML tags; a vulnerability was reported in the 'ReadBM()' function when processing malformed BMP images; a vulnerability was reported in the 'CFAllocatorAllocate()' function when processing malformed GIF images; and a vulnerability was reported in the '_cg_TIFFSetField()' and 'PredictorVSetField()' functions when processing malformed TIFF images. No workaround or patch available at time of publishing. Proof of Concept exploits have been reported. | Mac OS X Multiple Potential Vulnerabilities CVE-2006-1982 | Secunia Advisory: SA19686, April 21, 2006 | |
Safari 2.0.3, 1.3.1 | A remote Denial of Service vulnerability has been reported in the 'rowspan' attribute when processing 'td' HTML tags that contain overly large values. No workaround or patch available at time of publishing. An exploit script, safari-dos.txt, has been published. | Apple Safari Web Browser Rowspan Denial of Service | Security Tracker Alert ID: 1015982, April 24, 2006 | |
CrossFire 1.8.0 & prior | A remote Denial of Service vulnerability has been reported in the 'oldsocketmode' option due to an error. There is no exploit code required. | CrossFire Remote Denial of Service CVE- target=_blank>2006-1010 | Secunia Advisory: SA19044, February 28, 2006 Gentoo Linux Security Advisory, GLSA 200604-11, April 22, 2006 | |
Cyrus SASL Library 2.x | A remote Denial of Service vulnerability has been reported due to an unspecified error during DIGEST-MD5 negotiation. Update to version 2.1.21. Currently we are not aware of any exploits for this vulnerability. | Cyrus SASL Remote Digest-MD5 Denial of Service | Secunia Advisory: SA19618, April 11, 2006 Gentoo Linux Security Advisory, GLSA 200604-09, April 21, 2006 Ubuntu Security Notice, USN-272-1, April 24, 2006 Debian Security Advisory, | |
Asterisk Recording Interface 0.7.15 | A buffer overflow vulnerability has been reported in 'audio.php' due to a signedness error in 'format_jpeg.c' when processing an overly large JPEG image, which could let a remote malicious user execute arbitrary code. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Asterisk JPEG Image Handling Buffer Overflow | Secunia Advisory: SA19800, April 24, 2006 | |
Dnsmasq 2.29 | A remote Denial of Service vulnerability has been reported when a 'broadcast reply' request is submitted to the server. There is no exploit code required. | DNSmasq Broadcast Reply Denial of Service | Security Focus, Bugtraq ID: 17662, April 24, 2006 | |
fbida 2.03, 2.01 | A vulnerability has been reported in the 'fbgs' script because temporary files are created insecurely when the 'TMPDIR' environment variable isn't defined, which could let a remote malicious user create/overwrite arbitrary files. There is no exploit code required. | Fbida FBGS Insecure Temporary File Creation | Secunia Advisory: SA19559, April 10, 2006 Gentoo Linux Security Advisory, GLSA 200604-13, April 23, 2006 | |
FreeRADIUS 1.0-1.0.5 | A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service. Currently we are not aware of any exploits for this vulnerability. | FreeRADIUS EAP-MSCHAPv2 Authentication Bypass | 8.0 | Security Focus, Bugtraq ID: 17171, March 21, 2006 SUSE Security Announcement, SUSE-SA:2006:019, March 28, 2006 RedHat Security Advisory, RHSA-2006:0271-11, April 4, 2006 Gentoo Linux Security Advisory, GLSA 200604-03, April 4, 2006 SGI Security Advisory, 20060404-01-U, April 24, 2006 |
IPsec-Tools0.6-0.6.2, 0.5-0.5.2 | A remote Denial of Service vulnerability has been reported due to a failure to handle exceptional conditions when in 'AGGRESSIVE' mode. Vulnerability can be reproduced with the PROTOS IPSec Test Suite. | IPsec-Tools ISAKMP IKE Remote Denial of Service | Security Focus, Bugtraq ID: 15523, November 22, 2005 Ubuntu Security Notice, USN-221-1, December 01, 2005 Gentoo Linux Security Advisory, GLSA 200512-04, December 12, 2005 SUSE Security Announcement, SUSE-SA:2005:070, December 20, 2005 Conectiva Linux Announcement, CLSA-2006:1058, January 2, 2006 Mandriva Security Advisory, MDKSA-2006:020, January 25, 2006 Debian Security Advisory, RedHat Security Advisory, RHSA-2006:0267-11, April 25, 2006 | |
BIND 4.x.x, 8.x.x, 9.2.x, 9.3.x | A remote Denial of Service vulnerability has been reported due to a failure to properly handle malformed TSIG (Secret Key Transaction Authentication for DNS) replies. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | ISC BIND TSIG Zone Transfer Remote Denial of Service | Not Available | Security Focus, Bugtraq ID: 17692, April 25, 2006 |
ContentBoxX 0 | A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of the 'action' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | ContentBoxx Cross-Site Scripting | Secunia Advisory: SA19733, April 20, 2006 | |
Xpdf 3.0 pl2 & pl3, 3.0 1, 3.00, 2.0-2.03, 1.0 0, 1.0 0a, 0.90-0.93; RedHat Fedora Core4, Core3, Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, 2.1, Enterprise Linux AS 4, AS 3, 2.1 IA64, 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1; teTeX 2.0.1, 2.0; Poppler poppler 0.4.2; | Multiple vulnerabilities have been reported: a heap-based buffer overflow vulnerability was reported in the 'DCTStream::read Currently we are not aware of any exploits for these vulnerabilities. | Xpdf Buffer Overflows | iDefense Security Advisory, December 5, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:840-5, December 6, 2005 KDE Security Advisory, advisory-20051207-1, December 7, 2005 SUSE Security Summary Report, SUSE-SR:2005:029, December 9, 2005 Ubuntu Security Notice, USN-227-1, December 12, 2005 Gentoo Linux Security Advisory, GLSA 200512-08, December 16, 2005 RedHat Security Advisories, RHSA-2005:868-4, RHSA-2005:867-5 & RHSA-2005:878-4, December 20, 2005 Mandriva Linux Security Advisories MDKSA-2006:003-003-006, January 6, 2006 Debian Security Advisory, Debian Security Advisory, DSA-937-1, January 12, 2006 Debian Security Advisory, DSA 938-1, January 12, 2006 Fedora Update Notifications, SUSE Security Summary Report, SUSE-SR:2006:001, January 13, 2006 RedHat Security Advisory, RHSA-2006:0160-14, January 19, 2006 SUSE Security Summary Report, SUSE-SR:2006:002, January 20, 2006 SGI Security Advisory, 20051201-01-U, January 20, 2006 Debian Security Advisory, DSA-950-1, January 23, 2006 Turbolinux Security Advisory, TLSA-2006-2, January 25, 2006 Debian Security Advisories, Slackware Security Advisories, SSA:2006-045-04 & SSA:2006-045-09, February 14, 2006 Gentoo Linux Security Advisory, GLSA 200603-02, March 4, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 SCO Security Advisory, SCOSA-2006.15, March 22, 2006 SCO Security Advisories, SCOSA-2006.20 & SCOSA-2006.21, April 18, 2006 | |
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha; 3.0, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; abc2ps 1.3.3 | Multiple buffer overflow vulnerabilities have been reported when processing ABC music files due to various boundary errors, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for these vulnerabilities. | abc2ps ABC Music File Buffer Overflows | Security Focus, Bugtraq ID: 17689, April 25, 2006 Debian Security Advisory, | |
Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha; Blender 2.36 | A vulnerability has been reported due to a failure to sanitize user-supplied input before using in a Python 'eval' statement, which could let a remote malicious user execute arbitrary python code. Proof of Concept exploits have been published. | Blender BVF File Import Python Code Execution | Debian Security Advisory, DSA-1039-1, April 24, 2006 | |
Linux Kernel 2.6.x | A Denial of Service vulnerability has been reported in the '_keyring_search_ Update to version 2.6.16.3 or later. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel | Secunia Advisory: SA19573, April 11, 2006 Fedora Update Notifications, FEDORA-2006-421, | |
Linux Kernel 2.6.x | A vulnerability has been reported because AMD K7/K8 CPUs only save/restore certain x87 registers in FXSAVE instructions when an exception is pending, which could let a remote malicious user obtain sensitive information. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel x87 Register Information Leak | 1.6 | Secunia Advisory: SA19724, April 19, 2006 FreeBSD Security Advisory, FreeBSD-SA-06:14, April 19, 2006 Fedora Update Notifications, FEDORA-2006-421, |
Linux kernel 2.6-2.6.16 | A Denial of Service vulnerability has been reported when program control is returned using SYSRET on Intel EM64T CPUs. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Intel EM64T SYSRET Denial of Service | Secunia Advisory: SA19639, April 17, 2006 Fedora Update Notifications, FEDORA-2006-421, | |
Linux kernel 2.6-2.6.16, 2.5-2.5.69, 2.4-2.4.33 | A vulnerability has been reported regarding shared memory access, which could let a malicious user bypass security restrictions. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Shared Memory Security Restriction Bypass | 3.3 | Security Focus, Bugtraq ID: 17587, April 18, 2006 Fedora Update Notifications, FEDORA-2006-421, & |
Linux Kernel prior to 2.6.16.8 | A Denial of Service vulnerability has been reported in the 'ip_route_input()' function when requesting a multi-cast IP address. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel IP_ROUTE_INPUT Denial of Service | 2.3 | Secunia Advisory: SA19709, April 19, 2006 Fedora Update Notifications, FEDORA-2006-421, & |
RedHat Fedora Core5, Core4; | A vulnerability has been reported in GDM gdm due to the way permissions on the '.ICEauthority' file are modified, which could let a remote malicious user obtain sensitive information. This issue has been addressed in the latest CVS repository. Vulnerability may be exploited with standard utilities and applications. | GNOME Foundation GDM .ICEauthority Improper File Permissions | Security Focus, Bugtraq ID: 17635, April 20, 2006 | |
RedHat Fedora Core5; Beagle prior to 0.2.5 | A vulnerability has been reported due to the insecure construction of command line arguments that are passed to external helper applications, which could let a remote malicious user execute arbitrary code. There is no exploit code required. | Beagle Helper Applications Arbitrary Code Execution | 7.0 | Secunia Advisory: SA19778, April 25, 2006 |
Trustix Secure Linux 3.0, 2.2; | A Denial of Service vulnerability has been reported in the 'fill_write_buffer()' function due to an out-of-bounds memory error. Update to version 2.6.16.2. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel SYSFS Denial of Service | Secunia Advisory: SA19495, April 10, 2006 Fedora Update Notifications, FEDORA-2006-421, | |
Trustix Secure Linux 3.0; | A vulnerability has been reported in the '__group_ A patch is available from the vendor. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel RCU signal 'handling __group_ | Security Focus, Bugtraq ID: 17640, April 21, 2006 | |
XFree86 X11R6 4.3 .0, | A buffer overflow vulnerability has been reported in the pixmap processing code, which could let a malicious user execute arbitrary code and possibly obtain superuser privileges. Sun 101926: Updated Contributing Factors, Relief/Workaround, and Resolution sections. Currently we are not aware of any exploits for this vulnerability. | XFree86 Pixmap Allocation Buffer Overflow | Gentoo Linux Security Advisory, GLSA 200509-07, September 12, 2005 RedHat Security Advisory, RHSA-2005:329-12 & RHSA-2005:396-9, September 12 & 13, 2005 Ubuntu Security Notice, USN-182-1, September 12, 2005 Mandriva Security Advisory, MDKSA-2005:164, September 13, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Debian Security Advisory DSA 816-1, September 19, 2005 Sun(sm) Alert Notification SUSE Security Announcement, SUSE-SA:2005:056, September 26, 2005 Slackware Security Advisory, SSA:2005-269-02, September 26, 2005 Sun(sm) Alert Notification SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Avaya Security Advisory, ASA-2005-218, October 19, 2005 Sun(sm) Alert Notification NetBSD Security Update, October 31, 2005 SGI Security Advisory, 20060403-01-U, April 11, 2006 SCO Security Advisory, SCOSA-2006.22, April 21, 2006 | |
xzgv Image Viewer 0.8 0.7, 0.6; | A buffer overflow vulnerability has been reported when processing JPEG files due to a boundary error, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | XZGV Image Viewer Remote Buffer Overflow | SUSE Security Summary Report Announcement, SUSE-SR:2006:008, April 7, 2006 Gentoo Linux Security Advisory, GLSA 200604-10, April 21, 2006 Debian Securities, Advisory,DSA-1037-1, | |
Yukihiro Matsumoto Ruby 1.8-1.8.2, 1.6 - 1.6.8; Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0.4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in the WEBrick HTTP server due to the use of blocking network operations. Vulnerability may be with standard network utilities; however, a Proof of Concept exploit has been published. | Yukihiro Matsumoto Ruby XMLRPC Server Remote Denial of Service | Security Focus, Bugtraq ID: 17645, April 21, 2006 Ubuntu Security Notice, USN-273-1, April 24, 2006 Mandriva Security Advisory, MDKSA-2006:079, April 25, 2006 | |
Net Clubs Pro 4.0 | Cross-Site Scripting vulnerabilities have been reported in '/vchat/scripts/ No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | Net Clubs Pro Multiple Cross-Site Scripting | Secunia Advisory: SA19651, April 20, 2006 | |
pdnsd prior to 1.2.4 | A remote Denial of Service vulnerability has been reported due to a failure to properly handle DNS queries. Currently we are not aware of any exploits for this vulnerability. | PDNSD DNS Query Remote Denial of Service | Not Available | Secunia Advisory: SA19835, April 26, 2006 |
Sendmail prior to 8.13.6: Sun Cobalt RaQ 4, RaQ 550, RaQ XTR | A vulnerability has been reported due to a race condition caused by the improper handling of asynchronous signals, which could let a remote malicious user execute arbitrary code. A Proof of Concept exploit script, sendtest.c, has been published. | Sendmail Asynchronous Signal Handling Remote Code Execution | 8.0 | Internet Security Systems Protection Advisory, March 22, 2006 Technical Cyber Security Alert TA06-081A RedHat Security Advisories, RHSA-2006:0264-8 & RHSA-2006:0265-9, March 22, 2006 Sun(sm) Alert Notification Gentoo Linux Security Advisory, GLSA 200603-21, March 22, 2006 SUSE Security Announcement, SUSE-SA:2006:017, March 22, 2006 FreeBSD Security Advisory, FreeBSD-SA-06:13, March 22, 2006 Slackware Security Advisory, SSA:2006-081-01, March 22, 2006 Avaya Security Advisory, ASA-2006-074, March 24, 2006 Debian Security Advisory, HP Security Bulletin, NetBSD Security Advisory, /NetBSD-SA2006-010, March 28, 2006 SGI Security Advisory, 20060302-01-P, March 22, 2006 F-Secure Security Bulletin, FSC-2006-2, March 28, 2006 SGI Security Advisory, 20060401-01-U, April 4, 2006 Sun(sm) Alert Notification |
Solaris 10_x86, 10 | A vulnerability has been reported in the 'getpwnam()' family of non-reentrant functions due to a failure of the PKCS#11 library to properly utilize non-reentrant functions, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. | Sun Solaris PKCS#11 Library Elevated Privileges | Not Available | Sun Alert ID: 102316, April 24, 2006 |
Tcpick 0.2.1 | A remote Denial of Service vulnerability has been reported in 'write.c' due to a failure to handle malformed input. No workaround or patch available at time of publishing. Vulnerability may be exploited with readily available network utilities. | Tcpick Remote Denial of Service | Not Available | Security Focus, Bugtraq ID: 17665, April 24, 2006 |
UW-imapd imap-2004c1 | A buffer overflow has been reported in UW-imapd that could let remote malicious users cause a Denial of Service or execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | UW-imapd Denial of Service and Arbitrary Code Execution | 7.0 | Secunia, Advisory: SA17062, October 5, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Debian Security Advisory, DSA 861-1, October 11, 2005 Gentoo Linux Security Advisory, GLSA 200510-10, October 11, 2005 SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:189 & 194, October 21 & 26, 2005 Slackware Security Advisory, SSA:2005-310-06, November 7, 2005 Conectiva Linux Announcement, CLSA-2005:1046, November 21, 2005 RedHat Security Advisory, RHSA-2005:848-6 & 850-5, December 6, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0074, December 23, 2005 SGI Security Advisory, 20051201-01-U, January 20, 2006 RedHat Security Advisory, RHSA-2006:0267-11, April 25, 2006 |
@1 Event Publisher | Several vulnerabilities have been reported: an HTML injection vulnerability was reported in 'event-publisher_ No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | @1 Event Publisher HTML Injection & Information Disclosure | Secunia Advisory: SA19727, April 21, 2006 | |
@1 Table Publisher 2006.3.23 | An HTML injection vulnerability has been reported due to insufficient sanitization of the 'Title of table' field when adding a new table, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | @1 Table Publisher HTML Injection | Secunia Advisory: SA19723, April 21, 2006 | |
| Multiple Operating Systems - Windows/UNIX/Linux/Other | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
Baseline Switch 2848-SFP Plus 1.0.2 | A remote Denial of Service vulnerability has been reported due to an error when handling DHCP packets. There is no exploit code required. | 3Com Baseline Switch 2848-SFP Plus Remote Denial of Service | Not Available | Secunia Advisory: SA19756, April 25, 2006 |
AspSitem 1.83 & prior | An SQL injection vulnerability has been reported in 'haberler.asp' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Vulnerability can be exploited through a web client; however, an exploit script, aspsitem.pl, has been published. | AspSitem SQL Injection | Secunia Advisory: SA19693, April 20, 2006 | |
built2go Movie Review 2B & prior | A file include vulnerability has been reported in 'Movie_CLS.PHP3' due to insufficient sanitization of the 'full_path' parameter, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, built2go.rfi.txt, has been published. | Built2go Movie Review Remote File Include | Secunia Advisory: SA19749, April 24, 2006 | |
Cartweaver 2.16.11 | Several vulnerabilities have been reported: SQL injection vulnerabilities were reported in 'Results.cfm' due to insufficient sanitization of the 'category' parameter and in 'Details.cfm' due to insufficient sanitization of the 'ProdID' parameter, which could let a remote malicious user execute arbitrary SQL code; and it is also possible to reveal installation path by passing invalid parameter values to 'Results.cfm,' 'Details.cfm,' and 'Results.cfm.' No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | Cartweaver SQL Injection & Path Disclosure | Not Available | Secunia Advisory: SA19812, April 26, 2006 |
Linksys RT31P2 VoIP Router 0 | Remote Denials of Service vulnerabilities have been reported when processing malformed SIP (Session Initiation Protocol) messages due to various errors. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | Linksys RT31P2 Remote Denials of Service | US-CERT VU#621566 | |
CoreNews 2.0.1 | Multiple input validation vulnerabilities have been reported including a remote file include vulnerability and an SQL injection vulnerability due to insufficient sanitization of user-supplied input, which could lead to the execution of arbitrary SQL and PHP code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploit scripts, 17655-exploit.pl and 17655.html, have been published. | CoreNews Multiple Input Validation | Not Available | Security Focus, Bugtraq ID: 17655, April 22, 2006 |
logMethods 0.9 | A Cross-Site Scripting vulnerability has been reported in 'A2Z.JSP' due to insufficient sanitization of the 'kwd' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | LogMethods Cross-Site Scripting | Security Focus, Bugtraq ID: 17675, April 24, 2006 | |
DCForum 3.0 | Multiple input validation vulnerabilities have been reported in 'DCBoard.cgi' include Cross-Site Scripting and SQL injection due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code, and SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, dcforumlite-3.0-sql-xss.txt, has been published. | DCForum Multiple Input Validation | Not Available | Security Focus, Bugtraq ID: 17697, April 25, 2006 |
DeleGate 8.11.5 & prior (stable), 9.0.5 & prior (development) | A remote Denial of Service vulnerability has been reported due to a failure to properly handle malformed DNS query packets. Currently we are not aware of any exploits for this vulnerability. | DeleGate DNS Query Handling Remote Denial of Service | Not Available | Secunia Advisory: SA19750, April 26, 2006 |
dForum 1.5 & prior | File include vulnerabilities have been reported due to insufficient verification of the 'DFORUM_PATH' parameter in various scripts, which could let a remote malicious user execute arbitrary PHP files. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | dForum Multiple Remote File Include | Security Focus, Bugtraq ID: 17650, April 22, 2006 | |
| DIA
DIA 0.87-0.94 | Multiple remote buffer overflow vulnerabilities have been reported due to a failure to properly bounds-check user-supplied input before copying it into insufficiently sized memory buffers, which could let a remote malicious user execute arbitrary code. The vendor has released version 0.95-pre6, along with a patch for 0.94 to address these issues. Currently we are not aware of any exploits for these vulnerabilities. | DIA XFIG File Import Multiple Remote Buffer Overflows | 5.6 | Security Focus, Bugtraq ID: 17310, March 29, 2006 Mandriva Security Advisory, MDKSA-2006:062, April 3, 2006 Debian Security Advisory, Gentoo Linux Security Advisory, GLSA 200604-14, April 23, 2006 |
DUportal Pro 3.4 | An SQL injection vulnerability has been reported in 'cat.asp' due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, DUportalPro-cat.asp-sql.txt, has been published. | DUWare DUPortal Pro SQL Injection | Not Available | Security Focus, Bugtraq ID: 17702, April 26, 2006 |
Help Center Live 2.0, 1.2- 1.2.8, 1.0 | Multiple SQL injection vulnerabilities have been reported in the 'osTicket' module due to insufficient sanitization of unspecified parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. Vulnerabilities can be exploited through a web client. | Help Center Live OSTicket Module Multiple SQL Injection | Not Available | Secunia Advisory: SA19776, April 24, 2006 |
Instant Photo Gallery 1.0 | A Cross-Site Scripting and SQL injection vulnerability has been reported in 'portfolio_photo_ No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, instantphotogallery-xss.txt, has been published. | Instant Photo Gallery Cross-Site Scripting & SQL Injection | Not Available | Secunia Advisory: SA19813, April 26, 2006 |
Invision Board 2.0-2.1.5 | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'search.php' due to insufficient sanitization of the 'lastdate' parameter before using in a 'preg_replace()' call, which could let a remote malicious user execute arbitrary PHP code; an SQL injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'ck' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported in 'admin.php' because it is possible for administrators to include arbitrary PHP scripts via the 'name' parameter, which could lead to the execution of arbitrary PHP code; and a vulnerability was reported because it is possible to upload a malicious JPEG image with a GIF header, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, invisionpowerboard- | Invision Power Board Multiple Vulnerabilities | Not Available | Secunia Advisory: SA19830, April 26, 2006 |
NA75 4.0.34 firmware | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of unspecified input passed to the web interface before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a vulnerability was reported due to input validation errors in the command line interface, which could let a remote malicious user inject arbitrary shell commands; a vulnerability was reported because the shadow password file has world-readable permissions, which could let a remote malicious user obtain sensitive information; and a vulnerability was reported because the database file is stored with world-readable and world-writable permissions. Currently we are not aware of any exploits for these vulnerabilities. | IP3 Networks NA75 Multiple Vulnerabilities | Not Available | Secunia Advisory: SA19818. April 26, 2006 |
I-RATER Platinum 0 | A file include vulnerability has been reported in 'common.php' due to insufficient verification of the 'include_path' parameter, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | I-RATER Platinum Remote File Include | Security Focus, Bugtraq ID: 17623, April 20, 2006 | |
JUNOSe 5.x, 6.x, 7.x | A remote Denial of Service vulnerability has been reported due to a failure to properly handle DNS datagrams. The vendor has released updated versions of the affected software to address this issue. Currently we are not aware of any exploits for this vulnerability. | Juniper JUNOSe DNS Client Remote Denial of Service | Not Available | Security Focus, Bugtraq ID: 17693, April 25, 2006 |
Portal Pack 6.0 | Cross-Site Scripting vulnerabilities have been reported in 'calendar/Visitor.cgi' and 'news/NsVisitor.cgi' due to insufficient sanitization of the 'sort_order' parameter, in 'search/search.cgi' due to insufficient sanitization of the 'q' parameter, and in 'classifieds/viewcat.cgi' due to insufficient sanitization of the 'cat_id' parameter, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploit scripts have been published. | Portal Pack Multiple Cross-Site Scripting | Secunia Advisory: SA19695, April 20, 2006 | |
MWGuest 2.1 | An HTML injection vulnerability has been reported in 'MWguest.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Manic Web MWGuest HTML Injection | Security Focus, Bugtraq ID: 17630, April 20, 2006 | |
RI Blog 1.1 | SQL injection vulnerabilities have been reported due to insufficient sanitization of the 'Username' and 'Password' fields during login, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | RI Blog Multiple SQL Injection | Security Focus, Bugtraq ID: 17654, April 22, 2006 | |
MiniNuke CMS 1.8.2 & prior | An SQL injection vulnerability has been reported in 'pages.asp' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Mini-NUKE SQL Injection | Security Focus, Bugtraq ID: 17636, April 20, 2006 | |
MKPortal 1.1 RC1 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'include/VB/vb_board_ No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | MKPortal Cross-Site Scripting & SQL Injection | Not Available | Security Tracker Alert ID: 1015977, April 22, 2006 |
Mozilla Browser prior to 1.7.13, Seamonkey prior to 1.0.1, Thunderbird prior to 1.0.8, 1.5 - 1.5.0.1, Firefox, 1.5 - 1.5.0.1 | A vulnerability has been reported in the 'crypto.generate Currently we are not aware of any exploits for this vulnerability. | Mozilla Browser Suite 'crypto.generate CRMFRequest' Arbitrary Code Execution | Security Tracker Alert IDs: 1015922, 1015923, 1015924, 015925, April 14, 2006 RedHat Security Advisories, RHSA-2006-0328 & 0329, April 14 & 18, 2006 Technical Cyber Security Alert TA06-107A Ubuntu Security Notice, USN-271-1 April 19, 2006 SuSE Security Announcement, SUSE-SA:2006:021, April 20, 2006 Gentoo Linux Security Advisory, GLSA 200604-12, April 23, 2006 Mandriva Security Advisory, MDKSA-2006:075, April 24, 2006 Slackware Security Advisory, SSA:2006-114-01, April 24, 2006 SGI Security Advisory, 20060404-01-U, April 24, 2006 RedHat Security Advisory, RHSA-2006:0330-15, April 25, 2006 Mandriva Security Advisory, MDKSA-2006:078, April 25, 2006 SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006 | |
Thunderbird prior to 1.0.8, 1.5 - 1.5.0.1; Seamonkey prior to 1.0.1; Mozilla browser prior to 1.7.13; Firefox prior to 1.0.8, 1.5 - 1.5.0.1 | A integer overflow vulnerability has been reported because a remote malicious user can create an HTML based email that contains a specially crafted CSS letter-spacing property value, which could lead to the execution of arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Mozilla Integer Overflow | Security Tracker Alert IDs: 1015915, 1015916, 1015917, 1015918, April 14, 2005 RedHat Security Advisories, RHSA-2006-0328 & 0329, April 14 & 18, 2006 Technical Cyber Security Alert TA06-107A Ubuntu Security Notice, USN-271-1 April 19, 2006 SuSE Security Announcement, SUSE-SA:2006:021, April 20, 2006 Gentoo Linux Security Advisory, GLSA 200604-12, April 23, 2006 Mandriva Security Advisory, MDKSA-2006:075, April 24, 2006 Slackware Security Advisory, SSA:2006-114-01, April 24, 2006 SGI Security Advisory, 20060404-01-U, April 24, 2006 RedHat Security Advisory, RHSA-2006:0330-15, April 25, 2006 Mandriva Security Advisory, MDKSA-2006:078, April 25, 2006 SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006 | |
Firefox 0.x, 1.x | Multiple vulnerabilities have been reported: a vulnerability was reported due to an error because untrusted events generated by web content are delivered to the browser user interface; a vulnerability was reported because scripts in XBL controls can be executed even when JavaScript has been disabled; a vulnerability was reported because remote malicious users can execute arbitrary code by tricking the user into using the 'Set As Wallpaper' context menu on an image URL that is really a javascript; a vulnerability was reported in the 'Install Trigger.install()' function due to an error in the callback function, which could let a remote malicious user execute arbitrary code; a vulnerability was reported due to an error when handling 'data:' URL that originates from the sidebar, which could let a remote malicious user execute arbitrary code; an input validation vulnerability was reported in the 'InstallVersion.compareTo()' function when handling unexpected JavaScript objects, which could let a remote malicious user execute arbitrary code; a vulnerability was reported because it is possible for a remote malicious user to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL; a vulnerability was reported due to an error when handling DOM node names with different namespaces, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insecure cloning of base objects, which could let a remote malicious user execute arbitrary code. Exploits have been published. | Firefox Multiple Vulnerabilities CVE-2005-2260 | Secunia Advisory: SA16043, July 13, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:120, July 13, 2005 Gentoo Linux Security Advisory, GLSA 200507-14, July 15, 2005 Gentoo Linux Security Advisory, GLSA 200507-17, July 18, 2005 Fedora Update Notifications, RedHat Security Advisory, RHSA-2005:586-11, July 21, 2005 Slackware Security Advisory, SSA:2005-203-01, July 22, 2005 Ubuntu Security Notices, USN-155-1 & 155-2 July 26 & 28, 2005 Ubuntu Security Notices, USN-157-1 & 157-2 August 1& 2, 2005 SUSE Security Announcement, SUSE-SA:2005:045, August 11, 2005 Debian Security Advisory, DSA 775-1, August 15, 2005 SGI Security Advisory, 20050802-01-U, August 15, 2005 Debian Security Advisory, DSA 777-1, August 17, 2005 Debian Security Advisory, DSA 779-1, August 20, 2005 Debian Security Advisory, DSA 781-1, August 23, 2005 Gentoo Linux Security Advisory, GLSA 200507-24, August 26, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:127-1, August 26, 2005 Slackware Security Advisory, SSA:2005-085-01, August 28, 2005 Debian Security Advisory, DSA 779-2, September 1, 2005 Debian Security Advisory, DSA 810-1, September 13, 2005 Fedora Legacy Update Advisory, FLSA:160202, September 14, 2005 HP Security Bulletin, HPSBOV01229, September 19, 2005 HP Security Bulletin, Ubuntu Security Notice, USN-155-3, October 04, 2005 Sun(sm) Alert Notification SUSE Security Summary Report, SUSE-SR:2005:028, December 2, 2005 Mandriva Linux Security Advisory, MDKSA-2005:226, December 12, 2005 SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006 | |
Firefox 1.5-1.5.2, 1.5.0.2 | A buffer overflow vulnerability has been reported in the 'iframe.contentWindow.focus()' function due to improper processing of certain JavaScript code, which could let a remote malicious user cause a Denial or Service or execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit script, ffdos.txt, has been published. | Mozilla Firefox 'iframe.content | Security Tracker Alert ID: 1015981, April 24, 2006 | |
Mozilla Firefox 1.0-1.0.6; Mozilla Browser 1.7-1.7.11; Netscape Browser 8.0.3.3 | Multiple vulnerabilities have been reported: a heap overflow vulnerability was reported when processing malformed XBM images, which could let a remote malicious user execute arbitrary code; a vulnerability was reported when unicode sequences contain 'zero-width non-joiner' characters, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported due to a flaw when making XMLHttp requests, which could let a remote malicious user spoof XMLHttpRequest headers; a vulnerability was reported because a remote malicious user can create specially crafted HTML that spoofs XML objects to create an XBL binding to execute arbitrary JavaScript with elevated (chrome) permissions; an integer overflow vulnerability was reported in the JavaScript engine, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a remote malicious user can load privileged 'chrome' pages from an unprivileged 'about:' page, which could lead to unauthorized access; and a window spoofing vulnerability was reported when a blank 'chrom' canvas is obtained by opening a window from a reference to a closed window, which could let a remote malicious user conduct phishing type attacks. Currently we are not aware of any exploits for these vulnerabilities. | Mozilla Browser / Firefox Multiple Vulnerabilities CVE-2005-2701 | Mozilla Foundation Security Advisory, 2005-58, September 22, 2005 RedHat Security Advisory, RHSA-2005:789-11, September 22, 2005 Ubuntu Security Notices, USN-186-1 & 186-2, September 23 & 25, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:169 & 170, September 26, 2005 Fedora Update Notifications, Slackware Security Advisory, SSA:2005-269-01, September 26, 2005 SGI Security Advisory, 20050903-02-U, September 28, 2005 Conectiva Linux Announcement, CLSA-2005:1017, September 28, 2005 Gentoo Linux Security Advisory [UPDATE], September 29, 2005 SUSE Security Announcement, SUSE-SA:2005:058, September 30, 2005 Fedora Update Notifications, Debian Security Advisory, DSA 838-1, October 2, 2005 Turbolinux Security Advisory, TLSA-2005-93, October 3, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:174, October 6, 2005 Ubuntu Security Notice, USN-200-1, October 11, 2005 Security Focus, Bugtraq ID: 14916, October 19, 2005 Debian Security Advisories, DSA 866-1 & 868-1, October 20, 2005 Fedora Legacy Update Advisory, FLSA:168375, January 9, 2006 SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006 | |
Mozilla Browser 0.8-0.9.9, 0.9.35, 0.9.48, 1.0-1.7.12, Thunderbird 0.x, 1.x, Firefox 0.x, 1.x; SeaMonkey 1.0; RedHat Enterprise Linux WS 4, WS 3, WS 2.1 IA64, WS 2.1, ES 4, ES 3, ES 2.1 IA64, ES 2.1, AS 4, AS 3, AS 2.1 IA64, AS 2.1, Desktop 4.0, 3.0, Advanced Workstation for the Itanium Processor 2.1 IA64, 2.1 | Multiple vulnerabilities have been reported: vulnerabilities were reported because temporary variables that are not properly protected are used in the JavaScript engine's garbage collection, which could let a remote malicious user cause a Denial of Service or execute arbitrary code; a vulnerability was reported because a remote malicious user can create HTML that will dynamically change the style of an element from position:relative to position:static; a vulnerability was reported because a remote malicious user can create HTML that invokes the QueryInterface() method of the built-in Location and Navigator objects; a vulnerability was reported in the 'XULDocument.persist()' function due to improper validation of the user-supplied attribute name, which could let a remote malicious user execute arbitrary code; an integer overflow vulnerability was reported in the 'E4X,' 'SVG,' and 'Canvas' features, which could let a remote malicious user execute arbitrary code; a vulnerability was reported in the XML parser because data can be read from locations beyond the end of the buffer, which could lead to a Denial of Service; and a vulnerability was reported because the 'E4X' implementation's internal 'AnyName' object is incorrectly available to web content, which could let a remote malicious user bypass same-origin restrictions.
There is no exploit code required for some of these vulnerabilities; however, an exploit, firefox_queryinterface.pm, has been published. | Multiple Mozilla Products Vulnerabilities CVE-2006-0292 | Mozilla Foundation Security Advisories 2006-01-2006-08, February 1, 2006 RedHat Security Advisories, RHSA-2006:0199-10 & RHSA-2006:0200-8, February 2, 2006 Fedora Security Advisories, FEDORA-2006-075 & FEDORA-2006-076, February 2, 2006 Mandriva Security Advisories, MDKSA-2006:036 & MDKSA-2006:037, February 7, 2006 SGI Security Advisory, 20060201-01-U, March 14, 2006 Ubuntu Security Notice, USN-271-1 April 19, 2006 Gentoo Linux Security Advisory, GLSA 200604-12, April 23, 2006 RedHat Security Advisory, RHSA-2006:0330-15, April 25, 2006 Mandriva Security Advisory, MDKSA-2006:078, April 25, 2006 SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006 | |
RedHat Fedora Core5; Ethereal Group Ethereal 0.10-0.10.14, 0.9-0.9.16, 0.8.5 | Multiple vulnerabilities have been reported vulnerabilities due to various types of errors including boundary errors, an off-by-one error, an infinite loop error, and several unspecified errors in a multitude of protocol dissectors, which could let a remote malicious user cause a Denial of Service or execute arbitrary code. Currently we are not aware of any exploits for these vulnerabilities. | Ethereal Multiple Protocol Dissector Vulnerabilities CVE-2006-1932 | Secunia Advisory: SA19769, April 25, 2006 Mandriva Security Advisory, MDKSA-2006:077, April 25, 2006 | |
Slackware Linux 10.2, -current; | Multiple vulnerabilities have been reported which could lead to the execution of arbitrary code, cause a Denial or Service, elevated privileges, execution of arbitrary JavaScript code, disclosure of sensitive information, bypass security restrictions, or spoofing of windows contents. New versions of the Mozilla Suite, Firefox, SeaMonkey, and Thunderbird are available to address these issues. Some of these vulnerabilities do not require exploit code. | Mozilla Suite, Firefox, SeaMonkey, & Thunderbird Multiple Remote Vulnerabilities CVE-2006-1729 | 2.3 1.9 7.0 7.0 1.9 1.9 2.3 7.0 7.0 7.0 1.9 7.0 2.3 7.0 1.9 2.3 2.3 7.0 | Security Focus, Bugtraq ID: 17516, April 18, 2006 RedHat Security Advisories, RHSA-2006-0328 & 0329, April 14 & 18, 2006 Technical Cyber Security Alert TA06-107A Ubuntu Security Notice, USN-271-1 April 19, 2006 SuSE Security Announcement, SUSE-SA:2006:021, April 20, 2006 Gentoo Linux Security Advisory, GLSA 200604-12, April 23, 2006 Mandriva Security Advisory, MDKSA-2006:075, April 24, 2006 Slackware Security Advisory, SSA:2006-114-01, April 24, 2006 SGI Security Advisory, 20060404-01-U, April 24, 2006 RedHat Security Advisory, RHSA-2006:0330-15, April 25, 2006 Mandriva Security Advisory, MDKSA-2006:078, April 25, 2006 SuSE Security Announcement, SUSE-SA:2006:022, April 25, 2006 |
My Gaming Ladder 7.0 | A file include vulnerability has been reported in 'stats.php' due to insufficient verification of the 'dir[base]' parameter, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, 17657-exploit.pl, has been published. | My Gaming Ladder Remote File Include | Secunia Advisory: SA19773, April 24, 2006 | |
DevBB 1.0 | A Cross-Site Scripting vulnerability has been reported in 'Member.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, DevBB-1.0.0-xss.txt, has been published. | DevBB Cross-Site Scripting | Not Available | Security Focus, Bugtraq ID: 17703, April 26, 2006 |
NextAge Shopping Cart 0 | Multiple HTML injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using it in dynamically generated content, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, nextage-html-inj.txt, has been published. | NextAge Shopping Cart Multiple HTML Injection | Not Available | Security Focus, Bugtraq ID: 17685, April 25, 2006 |
OpenTTD 0.4.7, 0.4 .0.1 | Several vulnerabilities have been reported: a remote Denial of Service vulnerability was reported in the 'PACKET_SERVER_ERROR' and 'PACKET_CLIENT_ERROR' command packets due to an error; and a vulnerability was reported due to an error when handling the packet size field in a received UDP. The vulnerability has reportedly been fixed in revision r4531 in the CVS repositories. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, openttdx.zip, has been published. | OpenTTD Remote Denials of Service | Security Focus, Bugtraq ID: 17661, April 24, 2006 | |
JD Edwards EnterpriseOne 8.x, OneWorld 8.x, | Oracle has released a Critical Patch Update advisory for April 2006 to address multiple vulnerabilities. Some have an unknown impact, and others can be exploited to conduct SQL injection attacks. Currently we are not aware of any exploits for these vulnerabilities. | Oracle Products Multiple Vulnerabilities | Not Available | Oracle Security Advisory, April 18, 2006 |
PCPIN Chat 5.0.4 & prior | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in 'main.php' due to insufficient sanitization of the 'login' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a file include vulnerability was reported in 'main.php' due to insufficient verification of the 'language' parameter, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, an exploit script, PCPIN_Chat-5.0.4_ | PCPIN Chat SQL Injection & File Include | Security Tracker Alert ID: 1015968, April 20, 2006 | |
Photokorn 1.542, 1.53 | Multiple SQL injection vulnerabilities have been reported due to insufficient sanitization of user-supplied input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, photokorn-1.53-sql.txt, has been published. | Not Available | Security Focus, Bugtraq ID: 17683, April 25, 2006 | |
PHP 4azdgvote .x, 4.2.x, 4.3.x, 4.4.x, 5.0.x, 5.1.x | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'phpinfo()' PHP function because only the first 4096 characters of an array request parameter are sanitized before returning to users, which could let a remote malicious user execute arbitrary HTML and script code; a Directory Traversal vulnerability was reported in the 'tempnam()' PHP function due to an error, which could let a remote malicious create arbitrary files; a vulnerability was reported in the 'copy()' PHP function due to an error, which could let a remote malicious create arbitrary files; and a vulnerability was reported in the 'copy()' PHP function because the safe mode mechanism can be bypassed by a remote malicious user. Vulnerabilities may be exploited with standard PHP code; however, Proof of Concept exploit scripts have been published. | PHP Multiple Vulnerabilities | Secunia Advisory: SA19599, April 10, 2006 Mandriva Security Advisory, MDKSA-2006:074, April 24, 2006 RedHat Security Advisory, RHSA-2006:0276-9, April 25, 2006 | |
PHP 4.3.x, 4.4.x, 5.0.x, 5.1.x | A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information. The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP Information Disclosure | 2.3 | Secunia Advisory: SA19383, March 29, 2006 Mandriva Security Advisory, MDKSA-2006:063, April 2, 2006 Trustix Secure Linux Security Advisory #2006-0020, April 7, 2006 RedHat Security Advisory, RHSA-2006:0276-9, April 25, 2006 |
PHP 4.4.2, 5.1.2 | A buffer overflow vulnerability has been reported in the 'wordwrap()' function in 'string.c' when calculating an integer value based on user-supplied input, which could let a remote malicious user cause a Denial or Service or execute arbitrary code. No workaround or patch available at time of publishing. A Proof of Concept exploit has been published. | PHP 'wordwrap()' Buffer Overflow | 2.3 | Security Tracker Alert ID: 1015979, April 24, 2006 |
PHP 5.1.1, 5.1 | Several vulnerabilities have been reported: a vulnerability was reported due to insufficient of the session ID in the session extension before returning to the user, which could let a remote malicious user inject arbitrary HTTP headers; a format string vulnerability was reported in the 'mysqli' extension when processing error messages, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported due to insufficient sanitization of unspecified input that is passed under certain error conditions, which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. | Multiple PHP Vulnerabilities | 2.3
| Secunia Advisory: SA18431, January 13, 2006 Mandriva Security Advisory, MDKSA-2006:028, February 1, 2006 Ubuntu Security Notice, USN-261-1, March 10, 2006 Gentoo Linux Security Advisory, GLSA 200603-22, March 22, 2006 RedHat Security Advisory, RHSA-2006-0276, April 25, 2006 |
PHPSurveyor 0.995 | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'save.php' script due to insufficient sanitization of the 'surveyid' cookie parameter, which could let a remote malicious user execute arbitrary SQL code; and a vulnerability was reported because a remote malicious user can cause the system to write arbitrary PHP code to a file
No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, phpsurveror.php, has been published. | PHPSurveyor Input Validation | Not Available | Security Tracker Alert ID: 1015970, April 20, 2006 |
phpldapadmin 0.9.8 | Several vulnerabilities have been reported: an HTML injection vulnerability was reported due to insufficient sanitization of 'compare_form.php,' ' copy_form.php,' 'rename_form.php,' 'template_engine.php,' 'delete_form.php,' and 'search.php,' which could let a remote malicious user execute arbitrary HTML and script code: and a Cross-Site Scripting vulnerability was reported in 'template_engine.php' due to insufficient sanitization of the 'Container DN,' 'Machine Name, ' and 'UID Number' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, 17643.html, has been published. | PHPLDAPAdmin Multiple Input Validation | Secunia Advisory: SA19747, April 21, 2006 | |
phpMyAgenda 3.0 Final & prior | A file include vulnerability has been reported in 'agenda.php3' due to insufficient sanitization of the 'rootagend' parameter, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, phpMyAgenda_fi.txt, has been published. | Security Tracker Alert ID: 1015984, April 24, 2006 | ||
PHP 5.0 .0- 5.0.5, 4.4.1, 4.4 .0, 4.3-4.3.11, 4.2-4.2.3, 4.1.0-4.1.2, 4.0.6, 4.0.7, RC1-RC3 | A vulnerability has been reported in the 'mb_send_mail()' function due to an input validation error, which could let a remote malicious user inject arbitrary headers to generated email messages.
There is no exploit code required. | PHP MB_Send_Mail Arbitrary Header Injection | Security Focus, Bugtraq ID: 15571, November 25, 2005 SUSE Security Announcement, SUSE-SA:2005:069, December 14, 2005 Ubuntu Security Notice, USN-232-1, December 23, 2005 Mandriva Linux Security Advisory, MDKSA-2005:238, December 27, 2005 RedHat Security Advisory, RHSA-2006-0276, April 25, 2006 | |
PhpWeb | A vulnerability has been reported in 'picture.php' because it is possible to disclose arbitrary pictures by not defining a value for the 'cat' parameter, which could let a remote malicious user obtain sensitive information. The vulnerability has been fixed in version 1.6.0RC1. Currently we are not aware of any exploits for this vulnerability. | PhpWebGallery Arbitrary Picture Disclosure | Not Available | Secunia Advisory: SA19801, April 25, 2006 |
phpWebFTP 2.3 | Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input using the HTTP 'POST' method when submitting a malicious URI, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, phpwebftp-2.3-xss.txt, has been published. | PHPWebFTP Multiple Cross-Site Scripting | Not Available | Security Focus, Bugtraq ID: 17688, April 25, 2006 |
PlexCart X5 & prior | SQL injection vulnerabilities have been reported in 'plexum.php' due to insufficient sanitization of the 'pagesize,' 'maxrec,' 'startpos' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploit scripts have been published. | Plexum Multiple SQL Injection | Security Focus, Bugtraq ID: 17617, April 20, 2006 | |
Scry Gallery 0 | Several vulnerabilities have been reported: a Directory Traversal vulnerability was reported in the 'index.php' script due to insufficient validation of the 'p' field, which could let a remote malicious user obtain sensitive information; and a path disclosure vulnerability was reported in the 'p' field due to an input validation error when processing a non-existing directory, which could let a remote malicious user obtain sensitive information. The vendor has released an update to address this issue. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit script, 17649-directory-traversal.exploit, has been published. | Scry Gallery Directory Traversal & Path Disclosure | Moroccan Security Team Advisory , April 21, 2006 | |
Scry Gallery 1.1 | A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, scry_xss.txt, has been published. | Scry Gallery Cross-Site Scripting | Security Focus, Bugtraq ID: 17668, April 21, 2006 | |
SL_site 1.0 | Multiple vulnerabilities have been reported: an SQL injection vulnerability was reported in 'page.php' due to insufficient sanitization of the 'id_page' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; a Directory Traversal vulnerability was reported in 'gallerie.php' due to insufficient sanitization of the 'rep' parameter before using to list images, which could let a remote malicious user obtain sensitive information; and a Cross-Site Scripting vulnerability was reported in 'recherche.php' due to insufficient sanitization of the 'recherche' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | SL_site Multiple Vulnerabilities | Secunia Advisory: SA19792, April 24, 2006 | |
Simplog 0.9.1-0.9.3 | Several vulnerabilities have been reported: SQL injection vulnerabilities were reported in 'archive.php' due to insufficient sanitization of the 'cid,' 'pid,' and 'eid' parameters, in 'preview.php' due to insufficient sanitization of the 'tid' parameter, and in 'comments.php' due to insufficient sanitization of the 'pid' parameter, which could let a remote malicious user execute arbitrary SQL code; and Cross-Site Scripting vulnerabilities were reported in 'imagelist.php' due to insufficient sanitization of the 'imagedir' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploit scripts, 17652.html, and 17652-exploit.pl, have been published. | Simplog SQL Injection & Cross-Site Scripting | Not Available | Secunia Advisory: SA19764 , April 24, 2006 |
AntiVirus Scan Engine 5.0.0.24 | Multiple vulnerabilities have been reported: a vulnerability was reported in the authentication mechanism due a design error, which could let a remote malicious user obtain unauthorized access; a vulnerability was reported because a static private DSA key is used for SSL communications, which could let a remote malicious user conduct man-in-the-middle attacks; and a vulnerability was reported due to insufficient access restriction to files in the installation directory, which could let a remote malicious user obtain sensitive information. An exploit script, change_scan_engine_pw.pl, has been published for the authentication bypass vulnerability. | Symantec Scan Engine Multiple Vulnerabilities | Symantec Security Advisory, SYM06-008 , April 21, 2006 | |
Thwboard 3.0 Beta 2.84 | A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | ThWboard Cross-Site Scripting | Not Available | Security Focus, Bugtraq ID: 17627, April 20, 2006 |
Online Banking 0 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'sid' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | W2B Online Banking Cross-Site Scripting | Security Focus, Bugtraq ID: 17626, April 20, 2006 | |
EasyGallery 1.17 | A Cross-Site Scripting vulnerability has been reported in 'EasyGallery.PHP' due to insufficient sanitization of the 'ordner' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | EasyGallery Cross-Site Scripting | Security Focus, Bugtraq ID: 17624, April 20, 2006 | |
WWWThreads RC3 | SQL injection vulnerabilities have been reported in 'message_list.php' due to insufficient sanitization of the 'messages' parameter and in 'register.php' due to insufficient sanitization of the 'referral_id' parameter, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | WWWThread Multiple SQL Injection | Security Focus, Bugtraq ID: 17615, April 20, 2006 | |
Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code
that has been identified during the current reporting period.
- Bringing More Security to Wi-Fi Networks: According to the research director for Gartner, protecting enterprise Wi-Fi networks from intrusions is a big challenge, but IT has a growing arsenal of products available to help, including those based on the 2004 Wi-Fi security standard (the IEEE's 802.11i) and the Wi-Fi Alliance's closely related implementation protocol, WPA2 (the Wi-Fi Protected Access 2). Advanced encryption and authentication mechanisms make these specs "actually more secure than most wired networks."
- Bluetooth virus leaves mobile users out of pocket:Security experts warned at Infosec Europe 2006, that a newly detected mobile phone virus is charging mobile phone users $5 to send a premium rate SMS message. According to F-Secure, a Proof of Concept attack has been reengineered to make money illegally from mobile phone users. "The virus gets your phone to send an SMS to a premium rate number and then sends an authority that they can charge you without you knowing about it," said Richard Hales, country manager for UK and Ireland at F-Secure.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
- Asia Now Top Spam-Relaying Region:According to a report released by Sophos, Asia has overtaken North America to become the top spam-relaying region in the world. Nearly one-half the spam Sophos captured on its global spam-monitoring network originated in Asia, with North America coming in a distant second as the source of just over 25 percent of spam.
As recently as two years ago, the U.S. was responsible for the majority of spam sent around the world, said Graham Cluley, senior technology consultant for Sophos. - Hacker's Toolkit Attacks Unpatched Computers: According to an online alert from Websense, a dirt-cheap, do-it-yourself hacking kit sold by a Russian Web site is being used by more than 1,000 malicious Web sites. Those sites have confiscated hundreds of thousands of computers using the "smartbomb" kit, which sniffs for seven unpatched vulnerabilities in Internet Explorer and Firefox, then attacks the easiest-to-exploit weakness.
- Weak passwords leave firms open to hackers: According to a survey published at Infosec Europe 2006, poor password policy management is leaving firms open to hacking attacks. Nearly two thirds of the 500 IT administrators who responded to the poll considered the passwords of their users to be inadequate, either using common dictionary words, names or other weak passwords.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
1 Netsky-P Win32 Worm March 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. 2 Zafi-B Win32 Worm June 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. 3 Lovgate.w Win32 Worm April 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. 4 Mytob.C Win32 Worm March 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. 5 Mytob-GH Win32 Worm November 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. 6 Nyxum-D Win32 Worm March 2006 A mass-mailing worm that turns off anti-virus, deletes files, downloads code from the internet, and installs in the registry. This version also harvests emails addresses from the infected machine and uses its own emailing engine to forge the senders address. 7 Netsky-D Win32 Worm March 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. 8 Mytob-BE Win32 Worm June 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. 9 Mytob-AS Win32 Worm June 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. 10 Zafi-D Win32 Worm December 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. Table updated April 25, 2006
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.