Summary of Security Items from November 24 through November 30, 2005

Vulnerabilities:

Windows Operating Systems

  1. ASP-Rider SQL Injection
  2. Freeftpd Denial of Service
  3. MailEnable Denial of Service
  4. Microsoft Internet Explorer Unauthorized Access (Updated)
  5. Microsoft Windows MSDTC and COM+ Privilege Elevation, Arbitrary Code Execution, or Denial of Service (Updated)
  6. NetObjects Fusion Information Disclosure
  7. OASYS Lite Cross-Site Scripting
  8. OKBSYS Lite Cross-Site Scripting
  9. Panda Software Antivirus Library ZOO Archive Heap Overflow
  10. SpeedProject Arbitrary Code Execution

UNIX / Linux Operating Systems

  1. Apple Mac OS X Security Update
  2. Centericq Empty Packet Remote Denial of Service
  3. Easy Software Products CUPS HTTP GET Denial of Service (Updated)
  4. Ezyhelpdesk SQL Injection
  5. FAD Solutions drzes HMS SQL Injection & Cross-Site Scripting
  6. GNU shtool Insecure Temporary File Creation (Updated)
  7. HP-UX XTerm Unauthorized Access (Updated)
  8. Info-ZIP UnZip File Permission Modification (Updated)
  9. Jed Wing CHM Lib Remote Buffer Overflow (Updated)
  10. Multiple Vendors KTools Remote Buffer Overflow
  11. Multiple Vendors Linux Kernel Network Bridge Information Disclosure
  12. GTK+ GdkPixbuf XPM Image Rendering Library (Updated)
  13. Multiple Vendors EIX Insecure Temporary File Creation
  14. Multiple Vendors GDB Multiple Vulnerabilities (Updated)
  15. Multiple Vendors KAME Racoon Malformed ISAKMP Packet Headers Remote Denial of Service (Updated)
  16. Multiple Vendors Linux Kernel Remote Denial of Service
  17. Multiple Vendors Linux Kernel PTrace 'CLONE_THREAD' Denial of Service
  18. Multiple Vendors Linux Kernel PrintK Local Denial of Service
  19. Multiple Vendors Linux Kernel PTraced Denial of Service
  20. Multiple Vendor WGet/Curl NTLM Username Buffer Overflow (Updated)
  21. Multiple Vendors FUSE Mount Options Corruption (Updated)
  22. Multiple Vendors libungif GIF File Handling (Updated)
  23. Multiple Vendors Linux Kernel Resource Leak Denial of Service
  24. Multiple Vendors Perl 'miniserv.pl' script Format String
  25. Net-SNMP Protocol Denial Of Service (Updated)
  26. NuFW Malformed Packet Remote Denial of Service
  27. Omnistar Live SQL Injection
  28. PCRE Regular Expression Heap Overflow (Updated)
  29. PHP Labs Survey Wizard SQL Injection
  30. PHP Labs Top Auction Multiple SQL Injection
  31. Squid FTP Server Response Handling Remote Denial of Service (Updated)
  32. Sun Solaris Traceroute Multiple Buffer Overflows (Updated)
  33. Sylpheed LDIF Import Buffer Overflow (Updated)
  34. T & D Systems ADC2000 NG Pro SQL Injection
  35. Tunez SQL Injection & Cross-Site Scripting
  36. Unalz Archive Filename Buffer Overflow
  37. UW-imapd Denial of Service and Arbitrary Code Execution (Updated)
  38. VHCS Error Page Cross-Site Scripting & Domain Forward Hijack
  39. Zope 'RestructuredText' Unspecified Security Vulnerability (Updated)

Multiple Operating Systems

  1. AFFCommerce Shopping Cart Multiple SQL Injection
  2. AgileBill Pro SQL Injection
  3. Babe Logger SQL Injection
  4. BakBone NetVault 'NVStatsMngr.EXE' Elevated Privileges (Updated)
  5. Basic Analysis and Security Engine SQL Injection (Updated)
  6. Bedeng PSP SQL Injection
  7. BerliOS SourceWell SQL Injection
  8. blogBuddies Cross-Site Scripting
  9. BosDates SQL Injection
  10. Cisco PIX Invalid TCP Checksum Remote Denial of Service (Updated)
  11. Cisco IPSec IKE Traffic Remote Denial of Service (Updated)
  12. Cisco IOS HTTP Service HTML Injection
  13. Clavister Firewall and Security Gateway Denial of Service
  14. Comdev Vote Caster SQL Injection
  15. CommodityRentals SQL Injection
  16. Creative Digital Resources SocketKB SQL Injection & File Include
  17. DMANews SQL Injection
  18. DotClear Unspecified Trackback
  19. 1-2-3 Music Store SQL Injection
  20. edmoBBS SQL Injection
  21. eFiction Input Validation
  22. Entergal MX Multiple SQL Injection
  23. Enterprise Connector SQL Injection
  24. Fantastic Scripts Fantastic News SQL Injection
  25. FAQ System SQL Injection
  26. freeForum SQL Injection
  27. FreeWebStat Multiple Cross-Site Scripting
  28. GhostScripter Amazon Shop Cross-Site Scripting
  29. GuppY Remote File Include & Command Execution
  30. Helpdesk Issue Manager SQL Injection
  31. Horde Error Message Cross-Site Scripting (Updated)
  32. Horde MIME Viewers Script Insertion
  33. IPUpdate Remote Buffer Overflow
  34. IsolSoft Support Center SQL Injection
  35. Kadu Remote Denial of Service
  36. kPlaylist Search Cross-Site Scripting
  37. ltwCalendar SQL Injection
  38. Macromedia Flash Array Index Remote Arbitrary Code Execution (Updated)
  39. Mambo Open Source Remote File Include (Updated)
  40. Multiple Vendors Inkscape SVG Image Buffer Overflow (Updated)
  41. Multiple Vendors Lynx URI Handlers Arbitrary Command Execution (Updated)
  42. phpSysInfo Multiple Vulnerabilities (Updated)
  43. Multiple Vendors PHPXMLRPC and PEAR XML_RPC Remote Arbitrary Code Execution (Updated)
  44. Multiple Vendors PHP Group Exif Module Remote Denial of Service (Updated)
  45. Multiple Vendors Ethereal Multiple Protocol Dissector Vulnerabilities (Updated)
  46. Multiple Vendors XML-RPC for PHP Remote Code Injection (Updated)
  47. N-13 News SQL Injection
  48. Nelogic Nephp Publisher SQL Injection
  49. Nicecoder iDesk SQL Injection
  50. Novell ZENworks Security Bypassing
  51. Athena PHP Website Administration Remote File Include
  52. Opera Web Browser JNI Routine Handling Remote Denial of Service
  53. Orbit Scripts SmartPPC Pro Cross-Site Scripting
  54. Orca Blog SQL Injection
  55. Orca Forum SQL Injection
  56. Orca Knowledgebase SQL Injection
  57. Orca Ringmaker SQL Injection
  58. OTRS SQL Injection & Cross-Site Scripting
  59. OvBB Multiple SQL Injection
  60. PBLang Bulletin Board System Multiple HTML Injection
  61. PDJK-support Suite Multiple SQL Injection
  62. PHP Doc System Local File Include
  63. PHP 'Open_BaseDir' Information Disclosure (Updated)
  64. PHP Multiple Vulnerabilities (Updated)
  65. PHP Upload Center Directory Traversal
  66. PHPAlbum File Include
  67. PHPGreetz Remote File Include
  68. PHP MB_Send_Mail Arbitrary Header Injection
  69. PHPPost Subject HTML Injection
  70. PHP Web Statistik Multiple Vulnerabilities
  71. PmWiki Cross-Site Scripting
  72. Q-News Remote File Include
  73. QNX Phgrafx Buffer Overflow
  74. Quality Unit Post Affiliate Pro SQL Injection & File Include
  75. Randshop SQL Injection
  76. Real Soft Studio UGroup SQL Injection
  77. AllWeb Search SQL Injection
  78. sCssBoard Cross-Site Scripting
  79. SearchSolutions Cross-Site Scripting
  80. Sensation Designs KBase Express Multiple SQL Injection
  81. Top Music Module SQL Injection
  82. Simple Document Management System SQL Injection
  83. SimpleBBS SQL Injection
  84. Softbiz B2B Trading Marketplace Script SQL Injection
  85. Softbiz FAQ Script SQL Injection
  86. Softbiz Web Host Directory Script SQL Injection
  87. ShockBoard QL Injection
  88. phpWordPress SQL Injection
  89. Sun Java Runtime Environment Security Bypass
  90. SupportPRO SupportDesk Cross-Site Scripting
  91. Survey System SQL Injection
  92. K-Search SQL Injection
  93. vTiger CRM Multiple Vulnerabilities
  94. Netzbrett SQL Injection
  95. WebCalendar SQL Injection & File Overwrite
  96. WSN Forum SQL Injection
  97. Xaraya Directory Traversal
  98. Zainu SQL Injection

Details in http://www.us-cert.gov/cas/bulletins/SB05-334.html

Published Sun, Dec 4 2005 0:05 by donna
Filed under: ,