From: "Geo." 

Thought you might find this interesting as people are always asking me why
I don't use php. Here's the list for this securityfocus newletter I
received today:

(I don't know why they make it sound like these are MS issues, it's just
the MS platform)

II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Dogpatch Software CFWebstore SQL Injection Vulnerability BugTraq ID: 9854
Remote: Yes
Date Published: Mar 12 2004
Relevant URL: http://www.securityfocus.com/bid/9854 Summary:
It has been reported that CFWebstore is prone to a remote SQL injection
vulnerability. This issue is due to a failure of the application to
properly sanitize user input before including it in an SQL statement. As a
result of this a malicious user may influence database queries in order to
view or modify sensitive information, potentially compromising the software
or the database. It has been reported that an attacker may be able to
disclose the administrator password hash by exploiting this issue.

2. Dogpatch Software CFWebstore Cross-Site Scripting Vulnerabil... BugTraq ID: 9856
Remote: Yes
Date Published: Mar 12 2004
Relevant URL: http://www.securityfocus.com/bid/9856 Summary:
It has been reported that CFWebstore is prone to a remote cross-site
scripting vulnerability. This issue is due to a failure of the application
to properly sanitize user input. Attackers may exploit this vulnerability
to steal authentication credentials. Other attacks may also be possible.

3. Emumail EMU Webmail Multiple Vulnerabilities BugTraq ID: 9861
Remote: Yes
Date Published: Mar 12 2004
Relevant URL: http://www.securityfocus.com/bid/9861 Summary:
Multiple vulnerabilities have been identified in the application that may
allow an attacker to carry out cross-site scripting attacks and disclose
the path to the victim's home directory. The issues are reported to exist
in the login script, 'emumail.fcgi' script and the 'init.emu' sample
script.
EMU Webmail 5.2.7 has been reported to be affected by these issues.

4. PHPBB ViewTopic.PHP "postdays" Cross-Site Scripting
Vulnerab... BugTraq ID: 9865
Remote: Yes
Date Published: Mar 13 2004
Relevant URL: http://www.securityfocus.com/bid/9865 Summary:
It has been reported that one of the scripts included with phpBB is prone
to a cross-site scripting vulnerability. According to the author of the
report, the script "viewtopic.php" returns the value of the HTML
variable "postdays" to the client as its output without encoding
it or otherwise removing potentially hostile content. This can be exploited
by constructing malicious links with the malicious "postdays"
variable value embedded as a GET request style HTML variable. If the target
user visits such a link, the malicious, externally created content supplied
in the link will be rendered (or executed, in the case of script code) as
part of the viewtopic.php document and within the context of the vulnerable
website (including the phpBB forum).

5. PHPBB ViewForum.PHP "topicdays" Cross-Site Scripting
Vulnera... BugTraq ID: 9866
Remote: Yes
Date Published: Mar 13 2004
Relevant URL: http://www.securityfocus.com/bid/9866 Summary:
It has been reported that one of the scripts included with phpBB is prone
to a cross-site scripting vulnerability. According to the author of the
report, the script "viewforum.php" returns the value of the HTML
variable "topicdays" to the client as its output without encoding
it or otherwise removing potentially hostile content. This can be exploited
by constructing malicious links with the malicious "topicdays"
variable value embedded as a GET request style HTML variable. If the target
user visits such a link, the malicious, externally created content supplied
in the link will be rendered (or executed, in the case of script code) as
part of the viewtopic.php document and within the context of the vulnerable
website (including the phpBB forum).

6. Check Point Firewall-1 SmartDashboard Filter Buffer Overflow... BugTraq ID: 9870
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9870 Summary:
It has been reported that Check Point Firewall-1 SmartDashboard may be
prone to a buffer overflow vulnerability that may allow an attacker to
execute arbitrary code on a vulnerable system in order to gain unauthorized
access. The issue is reported to present itself when the SmartTracker
utility is used to add a firewall filter for Firewall-1. An attacker may be
able to cause a buffer overflow condition by supplying an excessive amount
of data via the filter line. It is likely that access to SmartDashboard
requires administrator credentials, in which case this issue would not be
considered a vulnerability. This has not been confirmed at the moment. Due
to a lack of information further details cannot be outlined at the moment.
This BID will be updated as more information becomes available. This
vulnerability is reported to affect SmartDashboard supplied with Check
Point Software NG-AI R54 and NG-AI R55, however, other versions could be
affected as well.

7. WS_FTP Pro Client Remote Buffer Overflow Vulnerability BugTraq ID: 9872
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9872 Summary:
It has been reported that WS_FTP Pro client may be prone to a remote buffer
overflow vulnerability that may allow an attacker to execute arbitrary code
on a vulnerable system. An attacker may be able to cause a buffer overflow
condition in the client by supplying a file or a directory with a large
name exceeding 260 bytes without a terminating CR/LF character to the
server. The buffer overflow condition would occur when the client attempts
to browse through the attacker-supplied directory. This issue is reported
to affect WS_FTP Pro 8.02 and 8.03, however, other versions may be affected
as well.

8. YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites BugTraq ID: 9873
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9873 Summary:
It has been reported that YaBB and YaBB SE are prone to multiple cross-site
scripting vulnerabilities. These issues are due to a failure of the
applications to properly validate URI supplied user input. Attackers may
exploit this vulnerability to steal authentication credentials. Other
attacks may also be possible.

9. Multiple Vendor SOAP Server Undisclosed Request Denial Of Se... BugTraq ID: 9877
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9877 Summary:
A problem has been identified in several different SOAP servers when
handling certain types of requests. Because of this, it is possible for an
attacker to force a denial of service on systems using a vulnerable
implementation.
This BID will be updated as further details regarding this vulnerability
are made public.

10. PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabi... BugTraq ID: 9879
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9879 Summary:
It has been reported that PHP-Nuke may be prone to multiple cross-site
scripting vulnerabilities. These vulnerabilities occur due to insufficient
sanitization of user-supplied data via the 'Your Name',
'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php'
script. Exploitation could allow for theft of cookie-based authentication
credentials. Other attacks are also possible. PHP-Nuke 7.1.0 has been
reported to be prone to these issues, however, it is possible that other
versions are affected as well. These issues are undergoing further
analysis. These issues will be separated into individual BIDs once analysis
is complete.

11. PHPBB Search.PHP Search_Results Parameter SQL Injection Vuln... BugTraq ID: 9883
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9883 Summary:
A vulnerability has been reported to exist in the software that may allow a
remote user to inject malicious SQL syntax into database queries. The
problem reportedly exists in one of the parameters of the search.php
script. This issue is caused by insufficient sanitization of user-supplied
data. A remote attacker may exploit this issue to influence SQL query logic
to disclose sensitive information that could be used to gain unauthorized
access.

12. SteelID thePhotoTool Login.ASP SQL Injection Vulnerability BugTraq ID: 9884
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9884 Summary:
SteelID thePhotoTool is prone to an SQL injection vulnerability. The issue
is reported to exist in the 'login.asp' script, which does not sufficiently
sanitize user-supplied input before including it in SQL queries. This could
permit remote attackers to pass malicious input to database queries,
resulting in modification of query logic or other attacks.

13. WS_FTP Pro Client Remote Stack Buffer Overflow Vulnerability BugTraq ID: 9886
Remote: Yes
Date Published: Mar 16 2004
Relevant URL: http://www.securityfocus.com/bid/9886 Summary:
It has been reported that WS_FTP Pro client may be prone to a remote buffer
overflow vulnerability that may allow an attacker to execute arbitrary code
on a vulnerable system in order to gain unauthorized access. The issue is
reported to present itself when the client views directory listings
containing files and directory names of excessive length without a
terminating CR/LF character. This vulnerability exists in WS_FTP Pro
version 8.0.3, which was released to fix the WS_FTP Pro Client Remote
Buffer Overflow Vulnerability described in BID 9872. It has been reported
that the fixed version limits user-supplied data to 0x0200 bytes; however,
the buffer is allocated to 0x0100 bytes. Although this issue is reported to
affect WS_FTP Pro 8.0.3, it is quite likely that it affects previous
versions as well.

14. Mambo Open Source Index.PHP Cross-Site Scripting Vulnerabili... BugTraq ID: 9890
Remote: Yes
Date Published: Mar 16 2004
Relevant URL: http://www.securityfocus.com/bid/9890 Summary:
It has been reported that the Mambo 'index.php' script is prone to a
cross-site scripting vulnerability. This issue is due to a failure of the
application to properly validate user supplied URI input. This issue could
permit a remote attacker to create a malicious link to the vulnerable
application that includes hostile HTML and script code. If this link were
followed, the hostile code may be rendered in the web browser of the victim
user.

15. Mambo Open Source Index.PHP SQL Injection Vulnerability BugTraq ID: 9891
Remote: Yes
Date Published: Mar 16 2004
Relevant URL: http://www.securityfocus.com/bid/9891 Summary:
It has been reported that the Mambo 'index.php' script is prone to an SQL
injection vulnerability. This issue is due to a failure of the application
to properly validate user supplied URI input. As a result of this a
malicious user may influence database queries in order to view or modify
sensitive information, potentially compromising the software or the
database. It may be possible for an attacker to disclose the administrator
password hash by exploiting this issue.

16. Microsoft Windows XP explorer.exe Remote Denial of Service V... BugTraq ID: 9892
Remote: Yes
Date Published: Mar 16 2004
Relevant URL: http://www.securityfocus.com/bid/9892 Summary:
It has been reported that Windows Explorer for Windows XP may be prone to a
denial of service vulnerability that may allow a remote attacker to cause
the system to hang by sending a malicious directory containing 'wmf' files
to a vulnerable user via e-mail or other means. Windows Explorer
automatically attempts to parse 'wmf' files in the directory, however, an
exceptional condition occurs if the directory contains records of zero
length.
Although unconfirmed, all versions of Windows XP are considered to be
affected by this vulnerability.

17. PhpBB admin_words.php Multiple Vulnerabilities BugTraq ID: 9896
Remote: Yes
Date Published: Mar 16 2004
Relevant URL: http://www.securityfocus.com/bid/9896 Summary:
It has been reported that PhpBB may be prone to multiple vulnerabilities
that may allow an attacker to carry out SQL injection and cross-site
scripting attacks. These issues are reported to affect the 'id' parameter
of 'admin_words.php' module. The SQL injection attack requires
administrator level access.
PhpBB version 2.0.6c has been reported to be affected by these issues,
however, it is possible that other versions are affected as well.

18. Techland Chrome Denial of Service Vulnerability BugTraq ID: 9898
Remote: Yes
Date Published: Mar 16 2004
Relevant URL: http://www.securityfocus.com/bid/9898 Summary:
Reportedly Chrome is prone to a remote denial of service vulnerability.
This issue is due to a failure to validate input of data received via
network communications.
This issue may allow a remote attacker to cause the affected server to
crash, denying service to legitimate users. It has been conjectured that
this issue may be leveraged to execute arbitrary code on the affected
system in the context of the vulnerable process, however this is
unconfirmed.

19. IBM Lotus Domino HTTP webadmin.nsf Directory Traversal Vulne... BugTraq ID: 9900
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9900 Summary:
It has been reported that Lotus Domino may be prone to a directory
traversal vulnerability that may allow a remote attacker to access
information outside the server root directory. The issue reportedly exists
in the server's administrative interface accessed via
'webadmin.nsf'. The vulnerability may be exploited by a remote attacker
by traversing outside the server root directory by using '../' directory
traversal character sequences. Successful exploitation of this
vulnerability may allow a remote attacker to gain access to sensitive
information and/or modify the underlying file system. IBM Lotus Domino
server 6.5.1 has been reported to be prone to this issue, however, it is
possible that other versions are affected as well.

20. IBM Lotus Domino HTTP webadmin.nsf Quick Console Cross-Site... BugTraq ID: 9901
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9901 Summary:
It has been reported that Lotus Domino server may be prone to a cross-site
scripting vulnerability that may allow a remote attacker to execute HTML or
script code in a user's browser. The issue presents itself due to
insufficient sanitization of user-supplied data via the 'Quick Console'
function of 'webadmin.nsf' administrative interface. IBM Lotus Domino
server 6.5.1 has been reported to be prone to this issue, however, it is
possible that other versions are affected as well.

21. GlobalSCAPE Secure FTP Server SITE Command Remote Buffer Ove... BugTraq ID: 9904
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9904 Summary:
It has been reported that Secure FTP Server may be prone to a remote buffer
overflow vulnerability that may allow attackers to execute arbitrary code
on a vulnerable system in order to gain unauthorized access. An attacker
may cause the buffer overflow condition to occur by sending about 252 bytes
of data via a parameter of the SITE Command. Immediate consequences of an
attack may result in a denial of service condition. The possibility of
remote code execution has not been confirmed at the moment.
Secure FTP Server version 2.0 Build 03.11.2004.2 has been reported to prone
to this issue.

22. DameWare Mini Remote Control Server Weak Encryption Implemen... BugTraq ID: 9909
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9909 Summary:
DameWare Mini Remote Control Server has been reported to be prone to a weak
encryption implementation.
It has been reported that analysis of encrypted traffic will reveal the
block cipher that is used by DameWare Mini Remote Control to encrypt the
plaintext data using ECB (Electronic Code Book) mode. This may ultimately
allow an attacker to determine the block cipher and thereby expose
plaintext credentials by reversing the process.

23. Belchior Foundry VCard Authentication Bypass Vulnerability BugTraq ID: 9910
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9910 Summary:
It has been reported that vCard is prone to a remote authentication bypass
vulnerability. This issue is due to a design error that would allow a
malicious user access to certain admin functionality without having to
first authenticate to the application. This issue may be leveraged to
manipulate the application database, potentially destroying data.

--- BBBS/NT v4.01 Flag-5