Check Server

i-mode access now available (2005-01-31)

Do you have an iMode mobile handset? Use our new i-mode page on watchmouse.com/imode.
Here you can check the status of your servers, run live test, view recent errors and change rule settings, anywhere, anytime.
Use the account and PIN information listed on the Mobile access page.
If you don't have an i-mode device, try this emulator for a preview.
WAP phones are already supported.

Improvements and new features in the WatchMouse checkpoints (2005-06-01)

Version 1.17 of the monitoring software was uploaded to our checkpoints, and the site was adapted accordingly.

New features include:

• Ability to POST form fields to a webserver (both in http and https rules).
• Matching on a word or regular expression in the http or https page.
• Limit the number of bytes read. Relevant for checking the first part of very large pages or streams.

New Service: Monitoring the epicenter (DNS) of your online brands (2008-01-24)

Your domain name directs customers to a website where you represent your brand and all that it stands for but are you managing and regularly monitoring the domain name service (DNS) which translates your domain name and brings your customers to you? DNS consistency monitoring can help ensure your business does not lose customers to a slow or faulty DNS.

It is useless to have paid for an expensive and fully redundant web site server (park), if the DNS servers fail to respond, respond incorrectly, or inconsistently. Your DNS must be consistent and correct. Monitoring for DNS consistency is particularly important if you have online services relying on one or more domain names (and that is almost always the case). It doesn't matter if your DNS servers are maintained in-house or outsourced, you need to know if they are doing what they are supposed to do. WatchMouse's DNS consistency monitoring (now available in closed beta) checks your DNS systems and provides rapid notification of any unexpected DNS behaviour.

The WatchMouse's 'domain' type rule allows you to monitor the consistency of the behaviour of your DNS servers. It queries for a specified domain, performs a number of checks to test the health of your DNS servers and monitors for any difference in behaviour of your name servers. (If you also need to check that a domain name resolves to the correct IP address(es), you can use the 'dns' type rule which will be offered as part of the WatchMouse DNS consistency monitoring).

This new service will be available to all WatchMouse customers with a performance monitoring subscription (Webmaster and higher) and can be configured on the Monitoring Settings page. To set-up DNS consistency monitoring, simply enter the domain name (advanced settings are available).

Fancy participating in our closed beta test?

• Contact us to request participation in the beta.
• Collect all the domain names that are important to your business.
• Go to the Monitoring Settings page.
• Add a 'new rule' and select 'domain' from the type menu, for each of the domains you wish to monitor.
• Specify the other settings you would like for other rule types, hit 'save', and you're done!
• The results of the domain name monitoring appear in your logs, reports, and graphs instantly.

New release: many new features and improvements (2008-08-25)

The most recent release of our site and software brings not only many improvements, but also a number of interesting new features:

• You can now restrict the monitoring of your site to a selection of our monitoring stations.
  As we are adding ever more of these stations, this has become a recurring feature request.
  How: In the [expert mode] of your rule settings, select 'Checkpoint selection'. This allows you to choose the checkpoints that will execute this rule. In case of a 'Master' sequence rule, additional checkpoints will only be used for second opinion checks. Make sure you select at least three stations for redundancy purposes.
• New IMAP and POP3 checkers now support SSL and can send 'round trip' test messages.
  These test messages are checked in the next monitoring cycle thus implementing a full round-trip email verification functionality
  How: In your rule settings for IMAP and POP3 rules select "SSL encryption". Make sure you are in [expert mode], where there will be an email address field. When an email address is found in this field, we send a test email to it in each cycle, and check for its correct delivery in the next cycle.
• New DNS checkers with many more features.
  Test for A, CNAME, MX, NS, PTR, and AAAA records and test these on our local resolvers, on your listed name servers, or on specific DNS servers. The existing dnsa and dnsns type rule will be replaced soon by this new dns type rule. How: In the [expert mode] of your rule settings type the name or IP address to be tested, select the record type, and click look-up. Now select the DNS servers that should be queried, set the other options and click save.
• In many cases, the log viewer will now also show the DNS resolve times for each check. As we move forward, we will add this for all check types.
• The web site now offers a more flexible subscription model, allowing customers to mix and match a wider range of different rule types and intervals.
• The reseller console has undergone major improvements making it easier for resellers to manage their customers' accounts.

In addition, many improvements have been made and several smaller issues have been resolved, please refer to the change log for details.

All new features are available for current and new subscribers at no extra charge. And, as always: if you are missing a feature, please let us know! We will most likely add it in a future release.

WatchMouse and Domeny.pl join forces in the Polish market (2005-11-24)

Polish websites verified from the visitors' perspective

Kraków, Poland, 2005-11-08 -- WatchMouse and Domeny signed a reseller and marketing agreement today, joining forces in bringing site monitoring services to the Polish market.

Using the WatchMouse services, companies will instantly be aware of upcoming and/or acute incidents related to its web sites of their clients, and can, as a result, resolve problems in a short time frame.

The websites and their functionality are checked for availability, speed, and conformance from different locations around the world, now including Poland. Because the websites are checked in the same way that visitors are experiencing them, incidents will be detected at an early stage. Also, using WatchMouse's objective periodical reports, it is possible for companies to see if the performance is in accordance with the agreed service levels (SLAs).

WatchMouse extends its network of monitoring stations with a checkpoint in Kraków, hosted by Domeny.pl. The total number of checkpoints is now 17. Domeny.pl also provides the Polish language version of the WatchMouse site and local customer care.

Stan P. van de Burgt, CEO of WatchMouse: "I'm very happy with this deal. The Polish e-service industry is obviously booming, and this results in higher awareness of the issues involved with running web applications that should be available around the clock."

Arkadiusz Szczurowski, CEO of Domeny.pl "We know that WatchMouse products are one of the best in the World. So we decided to co-operate with the company, and we take pride in it. We expect this co-operation to bring both WatchMouse and our business a lot of advantages and satisfaction. Domeny.pl wants to lead WatchMouse monitoring service on Polish market and offer it for business leaders. This will be a great innovation in Poland and also success. In our view, site monitoring is important, because stability, performance, and high availability of the web sites is one of the basic value in all branches of business, both e-business and other business."

"There are about 4 million companies in Poland. We want to direct the offer to the most important on Polish market. We think that the WatchMouse service is a must-have for about 5-10 percent of all business owners."

About Domeny.pl

Domeny.pl was founded in 1997 and is now providing Internet services to about 10.000 business customers with products ranging from Internet domains and hosting services (virtual and dedicated servers), SSL certificates and other products dealing with internet security. The company's slogan is: We're Trusted by the Best. Among its clients are the biggest and the best known Polish and international companies.

About WatchMouse

Companies can easily monitor their own Internet sites using WatchMouse's monitoring service. WatchMouse has been monitoring Internet sites and e-commerce applications for companies throughout the world since 2002. WatchMouse has thousands of customers in more than 70 countries. The services supplied by WatchMouse are available in nine languages, and analyses are performed from various locations and over numerous networks, using a world-wide monitoring network.

In October 2005, WatchMouse was voted a Deloitte Rising Star in the Netherlands, as part of the Fast 50 awards the list of the 50 fastest growing technology companies.

What do you want to check with a service such as Watchmouse? (2005-01-31)

As I explained in my previous column, you can use a monitoring service in a number of roles. Common to all these roles is the fact that you are keeping alive some services for the benefit of your customers, suppliers, employees or partners. These users are, in the end, all that counts.

What are the objects that you should be checking? Obviously, the least you want to do is check the service that is most visible to these users. This could be the webserver, or a POP or FTP server for example. You would start by setting up a rule to check the server and a URL. The frequency with which you can monitor (that is: the elapsed time between checks) is typically limited by the type of subscription that you have. Only in specific cases would you not check as often as your subscription allows.

Note that there is a difference between a CONNECT on port 80 rule and a HTTP rule. The first just connects to the port that the webserver is supposed to use. The HTTP rule also checks whether the webserver can produce a valid HTTP response, and whether the document can be found. You probably want the latter check.
Similar reasoning applies to POP and FTP checks. If you set up two different rules on the same host, this allows you to distinguish for example between a broken webserver and a host that is down. If you want even more content oriented checks, have a look at the so-called PLUG-IN rules. Additionally, you can set up checks to make sure that your users are actually using the services that you intend them to. The whole Internet depends heavily on the domain name system(DNS) functioning correctly. If it does not work properly your users may be directed to another site than you intended. This could be a configuration error, but it could also be a defamation hack. In either case, you want to know.
First of all you want to check whether the root servers of the Internet accurately find the DNS that is serving you. This can be checked with a DNSNS rule. What you are checking with this rule is whether the registrar's databases are correct. Second, you want to check if that DNS server (and its slaves) are serving up the proper IP address for the server. For this you can use the DNSA rule, and it will warn you if the DNS server is not working or serves up the wrong address. (Note that the hosting party can change that address at its discretion, as part of a renumbering operation for example.)

Who should you notify of rule failures? Again, different roles have different information requirements. You want to notify the person who can fix things as soon as possible. Mail or SMS/text them directly, you do not want to be in the loop. You might set up an escalation chain, which fires off after a certain amount of errors. Note: make sure that you send the message on a channel that is not affected by the outage: if your e-mail system does not work, delivering a message to that effect should not depend on that e-mail system.
The people in charge of overseeing somebody else's service levels should only get escalation messages, if at all. Rather, they should get the weekly or monthly service reports.

Peter van Eijk is a management consultant specialized in management of network infrastructures. He can be reached via his contact page.

Independant, external testing (2005-10-15)

I started to work at Q-go in 2000. Q-go provides companies with self service pages on the Internet. Their customers ask a question in their own language and wording, and immediately get a very relevant answer. The power of the Q-go solution is its natural language technology, which enables it to understand the questions. The Q-go solution is offered as a hosted (ASP) solution, which of course has to work 24 x 7, a new area for me at that time.

At my previous jobs, at universities and research institutes, this was different. We worked from eight to six. If a demo application didn't work, the users just called, and we fixed the problem. And at six, we stopped and went home. All customers and other relations went home too. A nightly malfunction in the server was no problem, as there was no customer there to notice the problem.

At Q-go, this is completely different. A service should be available all the time. Day and night. Initially there were no tools to test whether our service was available or not. The only way to test it was to use the application itself. And so I did. During the day, but also at night, I checked whether the application was up. Our customers use the Q-go application continuously, and notice immediately when the application fails. Customers would call me in those cases, and it's not very pleasant to hear from your customers about an issue with your service.

So we developed some solutions ourselves to hear before our customers when something was wrong. And to be able to react to problems quickly. But customers kept calling!

How was that possible? Closer investigations revealed that the test system used the same resources (computers, networks, name servers) as the system under test... The test were not performed properly in case of problems. The text-alerts (SMS) did not reach us either. The cause was identical: we used the same hardware, the same network, and the same power (!) as the systems we tested.

My lessons learned:

• Keep the systems that test completely separated from the systems you test.
• Test your services (web servers, mail servers, ...) from the point-of-view of its users: the customer on the Internet.
• Don't forget regular maintenance of your test systems (software and hardware) after the installation!

For me, I'm outsourcing external testing!

Bart Bos, Director, Q-go.com

Website performance is the key to customer satisfaction (2007-06-27)

How often have you typed in the Google URL and received a page that will not load? I am willing to bet that this is a rare occurrence. Despite its busy traffic, Google is a textbook example of a web site that has almost perfect performance and therefore serves a great number of satisfied customers. The market share of the search engine is a resounding confirmation of this. You are assisted quickly, so you come back sooner. Research conducted by JupiterResearch has revealed that visitors to a site only have 4 seconds of patience. If the site has not been loaded by that time, they leave. Error messages also prompt potential customers to go to the competition.

Why do organisations still devote so little attention to the effective availability of their site? Performance is the key to satisfied customers. For many companies, their web site is the face of the organisation. Consumers and also business users of the Internet use the wealth of information on the web to compare purchasing options. It is of immeasurable importance that they are also actually able to find what they are looking for. If this is not possible at one company, competitors are straining at the leash to offer their services through a correctly functioning site.

Coming back to the praise that we had for Google, we see that the search engine has made significant investments in the availability of its web site. The page is run by several machines at various sites. If one crashes there are enough back-up servers that can take over the traffic flows to guarantee optimum performance. In addition, the search machine invests a great deal of time and money in the right hardware and people. Although the site has a difficult task – searching through an index of billions of documents – it is almost always available and loads fast.

The actual site is unspectacular in construction. This applies to the majority of sites with a high level of availability. Simple sites such as the news site NU.nl are almost always easy to access. Nevertheless, it is not only the layout of the site that determines how the web page performs. Too many photos, long symbols and frills make web sites slower to respond. The fact that the ‘back end’ of the site is not efficiently programmed also contributes to longer loading times. Frequent consultation of background databases is also detrimental to the speed of the page.

Where it often goes wrong is when different people are working on a site, thereby disturbing the links between the various elements. The different parts of the site will work correctly, but the site as a whole will fail to perform. This means long waiting times for people who want to use the services of a company.

Service providers at the upper end of the market are becoming increasingly aware of this. The contracts that they use frequently include a service level agreement (SLA) for the part for which they are responsible. Nevertheless, they regularly make mistakes due to the fact that the promised performance is not subsequently verified (by an independent party). Although it is now essentially part of the contract, there is insufficient actual verification. Ideally, web site performance should become a permanent component of a contract. In addition, clear internal agreements must be made on who has final responsibility for the efficient loading and availability of a site.

Regular testing is also essential for the facilitation of good availability. This will prevent a great deal of errors, keeping the site up and running at crucial times. The storm that blew over the Netherlands at the end of January was a good opportunity to see which sites were prepared for extreme loads and which were not. The site of the Dutch weather institute, KNMI, was almost unreachable, while some logical thought could have protected them from this eventuality. If you know that a major storm is heading towards the country you can be sure that people will search for information on the weather and roads on the Internet. Sites such as those of KLM and Schiphol were also unreachable, while the specially created site Crisis.nl, which had been kept as simple as possible, was able to serve a large number of people.

Including ‘stress tests’ in a SLA or conducting them regularly in-house is therefore to be recommended. Companies can easily take control by ensuring that their service provider executes this type of test or by putting their own site under pressure. This is the best method of checking whether your web site can handle a sudden increase in visitor numbers. It is also good to know whether the servers on which your site is running actually ensure that your page is always available and loads correctly. For companies, it is crucial to see when they are off air. This can save them a large amount of money every year and will also reduce the number of irritated visitors to the site. This is how you keep customers satisfied and keep the company running.

Mark Pors
Chief Technology Officer at WatchMouse

WatchMouse provides site performance monitoring and stress test services

Flu Jab Your Website Against The Pandemic: 6,000 Infected Webpages Per Day! (2008-02-18)

The respected IT news website, The Register reports that every 14 seconds a web page is infected, which amounts to 6,000 infected web pages per day. Four out of five of these infections come from innocent companies and individuals who are oblivious to their site being hacked and subsequently used for hosting the malware of virus writers. The Register further reports that in the past viruses were spread using infected e-mail. Nowadays, however, the favoured virus distribution methods are downloads from compromised sites. As a result of these booby-trapped sites malware is present on at least one in every ten web pages.

WatchMouse's Periodic Vulnerability Scanning offers your website the flu jab against this virus pandemic. WatchMouse's Periodic Vulnerability Scanning is an affordable way to routinely check you company's security exposure and eliminate the risks of manual audits. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse identifies any security risks and provides you with peace of mind that your software applications are being scanned from the perspective of a hacker, external to your organization.
To ensure your website and servers are checked for the latest issues WatchMouse's Periodic Vulnerability Scanning performs over 20,000 checks for known vulnerability and security exposures; using a database which is updated daily by multiple accredited organizations including CVE (funded by the US government) and Bugtraq. Following the detection of any severe issues, automated, real-time email, SMS and pager alerts give your business the chance to react quickly. Scans can be scheduled during low usage or maintenance hours and set at an intensity and frequency suited to your business needs and budget.

To obtain a free Periodic Vulnerability Scanning trial visit: www.watchmouse.com/vulnerability_scan_trial.php

The Register's article was published on 23.01.08 can be viewed at: www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

Crob FTP Server Remote Heap Buffer Overflow Vulnerability (2006-12-14)

Crob FTP Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input data prior to copying it to an insufficiently sized memory buffer.

This vulnerability allows remote attackers to overwrite critical memory control structures, possibly altering the affected application's normal flow of execution. Attackers may exploit this to execute arbitrary machine code in the context of the affected server process.

This issue is present in version 3.6.1; previous versions may also be affected.

Computer Associates BrightStor ARCserve Backup Tape Engine Remote Buffer Overflow Vulnerability (2006-12-27)

Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application.

A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions.

BrightStore ARCserver Backup 11.5 is vulnerable to this issue; other versions may also be affected.

QK SMTP Remote Buffer Overflow Vulnerability (2007-01-01)

QK SMTP is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate a remote-compromise of affected computers. Failed exploit attempts will likely crash the server, effectively denying service to legitimate users.

QK SMTP 3.01 and prior versions are vulnerable to this issue.

MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities (2007-01-05)

MySQL is susceptible to multiple remote vulnerabilities:

- A buffer-overflow vulnerability due to insufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. This issue allows remote attackers to execute arbitrary machine code in the context of affected database servers. Failed exploit attempts will likely crash the server, denying further service to legitimate users.

- Two information-disclosure vulnerabilities due to insufficient input-sanitization and bounds-checking of user-supplied data. These issues allow remote users to gain access to potentially sensitive information that may aid them in further attacks.

NaviCOPA Web Server Remote Buffer Overflow Vulnerability (2007-01-08)

NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This vulnerability may lead to the execution of arbitrary code or to denial-of-service conditions. This may facilitate the remote compromise of affected computers.

NaviCOPA Web Server version 2.01 is vulnerable to this issue; other versions may also be affected.

Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability (2007-01-11)

Asterisk is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Exploiting this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the server, denying further service to legitimate users.

PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities (2007-01-15)

PHP is prone to multiple buffer-overflow vulnerabilities because it fails to effectively bounds-check user-supplied input before copying it to an insufficiently sized buffer.

An attacker could exploit these issues to have arbitrary code execute in the context of an affected webserver. This may lead to the compromise of the webserver. Failed exploit attempts could cause denial-of-service conditions, denying access to legitimate users.

Only limited information is available regarding these issues. This BID will be updated as more information becomes available.

PHP 5 is vulnerable to these issues.

NOTE: The affected functions are employed by a large number of popular PHP libraries. As a result, there are many PHP applications affected by this issue.

OpenMPT Multiple Remote Code Execution Vulnerabilities (2007-01-26)

OpenMPT is prone to multiple remote code-execution vulnerabilities because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

These issues allow remote attackers to execute arbitrary machine code in the context of affected servers. This facilitates the remote compromise of affected computers.

These versions are affected:

- 1.17.02.43 and earlier
- SVN versions 157 and earlier.

MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability (2007-01-29)

Due to a flaw in the handling of CGI filename program requests, it is possible for a remote user to execute arbitrary commands on an IIS host.

When IIS receives a CGI filename request, it automatically performs two actions before completing the request. First IIS decodes the filename to determine the filetype and the legitimacy of the file. IIS then carries out a security check. Once the security check is completed, IIS continues with the second action which involves the decoding of CGI parameters. A flaw in IIS involves a third undocumented action: typically IIS decodes only the CGI parameter at this point, yet the previously decoded CGI filename is mistakenly decoded twice. If a malformed filename is submitted and circumvents the initial security check, the undocumented procedure will decode the malformed request, possibly allowing the execution of arbitrary commands.

It should be noted that arbitrary commands will be run with the IUSR_machinename account privileges.

It has been reported that various encoding combinations under Windows 2000 Server and Professional may yield different outcomes.

It has also been reported that Personal Web Server 1.0 and 3.0 is vulnerable to this issue.

The worm Nimda(and variants) actively exploit this vulnerability.

IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities (2007-02-05)

IBM Tivoli Storage Manager is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of message fields before copying them into finite-sized internal memory buffers.

An attacker can exploit these issues to execute arbitrary code within the context of the Tivoli application. This may facilitate the compromise of affected servers. Authentication is not required to leverage these issues.

Tivoli Storage Manager versions prior to and including 5.2.9 and 5.3.4 are confirmed affected by these issues.

Axis Network Camera And Video Server Multiple Vulnerabilities (2007-02-06)

Multiple vulnerabilities are reported to exist in multiple Axis network video and camera servers.

The first reported issue is a shell metacharacter command execution vulnerability. This is reported to allow an anonymous user download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks.

The first vulnerability is reported to affect:
- Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.34 thru 2.40
- Axis 2130 network cameras
- Axis 2401, and 2401 video servers

The second vulnerability is a directory traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This allows remote adminitration of the devices by anonymous users, bypassing authentication checks.

The second vulnerability is reported to affect:
- Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.12 thru 2.40
- Axis 2130 network cameras
- Axis 2401, and 2401 video servers

The third vulnerability is reported to be a hard-coded backdoor administrative user. This allows remote attackers to administer affected devices, and it likely cannot be disabled.

The third vulnerability is reported to affect:
- Axis StorePoint CD E100 CD-ROM Server with firmware version 5.30

Other products and versions of firmware are likely affected by one or more of these vulnerabilities.

XFree86 Multiple Unspecified Integer Overflow Vulnerabilities (2007-02-14)

Multiple integer overflow vulnerabilities have been discovered in the XFree86 font libraries. The problem occurs due to insufficient sanity checks on integers passed to clients from an X font server. As a result, an unexpected buffer overrun may occur within the stack or heap space of process memory. This could potentially be exploited by an attacker to execute arbitrary code within a target X client.

Precise technical details regarding these vulnerabilities are currently unavailable, however as further information is released this BID will be updated accordingly.

PHP EXT/Filter Function Remote Buffer Overflow Vulnerability (2007-03-12)

PHP is prone to a remote buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.0 is reported to be vulnerable; other versions may also be affected.

This issue was originally reported as an unspecified vulnerability in BID 22496 (PHP Version 5.2.0 and Prior Multiple Vulnerabilities). Due to the availability of more details, this issue is being assigned a new BID.

PHP Interbase Extension Multiple Remote Buffer Overflow Vulnerabilities (2007-03-15)

The PHP Interbase extension is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 4.4.6 and prior versions on Microsoft Windows are vulnerable; other versions may also be affected.

Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability (2007-03-21)

Mercur IMAP is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Currently, few technical details are available. This BID will be updated as more information becomes available.

This issue may be related to BID 7842 (Atrium Software Mercur Mailserver IMAP Remote Buffer Overflow Vulnerability).

An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

Mercury Mail Multiple Remote IMAP Stack Buffer Overflow Vulnerabilities (2007-03-26)

Mercury Mail is reported susceptible to multiple stack-based buffer-overflow vulnerabilities in its IMAP server implementation. These issues are due to the application's failure to properly bounds-check user-supplied input before copying it to a finite-sized memory buffer.

These vulnerabilities allow authenticated, remote attackers to execute arbitrary machine code in the context of the affected server process.

Versions prior to 4.01a of Mercury Mail are reportedly affected by these vulnerabilities. Other versions may also be affected.

Note: BID 11788 has been consolidated with this BID; they actually represent the same issues.

WFTPD Server APPE Command Buffer Overflow Vulnerability (2007-03-26)

WFTPD is prone to a buffer-overflow vulnerability because the application fails to do proper bounds checking on user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected server application.

Version 3.23 is reportedly affected by this issue; other versions may also be affected.

PHP 5 PHP_Stream_Filter_Create() Function Buffer Overflow Vulnerability (2007-04-02)

PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue remotely by supplying a 'php://filter' URL to one of the file functions.

The attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

Successful exploits for this issue will depend on the application's heap-memory implementation. PHP version 5.2.0 introduced a new memory manager that makes all little-endian platforms exploitable.

This issue affects PHP versions prior to 5.2.1.

PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability (2007-04-02)

PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

This issue affects PHP versions prior to 4.4.5 and 5.2.1.

PHP Imap_Mail_Compose() Function Buffer Overflow Vulnerability (2007-04-02)

PHP is prone to a buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

This issue affects PHP versions prior to 4.4.5 and 5.2.1.

Kerberos 5 KAdminD Server Stack Buffer Overflow Vulnerability (2007-04-04)

Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

kamind servers run on the master Kerberos server, since the master server holds the KDC principal and policy database, this will not only compromise the affected computer but it could compromise multiple hosts that uses the server for authentication.

Versions 1.6 and prior are vulnerable.

XAMPP Mssql_Connect Remote Buffer Overflow Vulnerability (2007-04-16)

XAMPP is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

XAMPP versions prior to 1.6.0a are vulnerable to this issue.

Fenice Remote Buffer Overflow and Denial Of Service Vulnerabilities (2007-04-30)

Fenice is susceptible to multiple remote vulnerabilities:

- A buffer-overflow vulnerability. The application fails to perform sufficient bounds checking of user-supplied data before copying it to an insufficiently sized memory buffer. This issue potentially allows remote attackers to execute arbitrary machine code in the context of the affected server process. Failed exploit attempts will likely crash the application, denying service to legitimate users.

- A denial-of-service vulnerability due to an integer-overflow flaw. This issue allows remote attackers to crash the affected application, denying service to legitimate users.

Version 1.10 of Fenice is vulnerable to these issues; other versions may also be affected.

Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities (2007-05-01)

It is reported that Trillian is susceptible to multiple buffer overflows and in information leak in its IRC module. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it into fixed-sized memory buffers, and a failure of the application to respond properly to exceptional conditions.

Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients or to surreptitiously obtain the contents of client-server communications.

These vulnerabilities are reported to affect version 3.1 of Trillian.

LiveData Protocol Server WSDL Files Remote Heap Overflow Vulnerability (2007-05-03)

LiveData Protocol Server is prone to a remote heap-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to crash a vulnerable server and possibly to execute arbitrary code in certain cases.

This issue affects LiveData Protocol Server 5.00.045; other versions may also be vulnerable.

PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities (2007-05-08)

PHP is prone to three remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

All three issues affect PHP 5.2.1 and prior versions; PHP 4.4.6 and prior versions are affected only by one of the issues.

Few details are available at the moment. These issues may have been previously described in other BIDs. This record may be updated or retired if further analysis shows that these issues have been reported in the past.

Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities (2007-05-28)

Sun Java System Web Proxy Server is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with superuser privileges, leading to the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

These issues affect Web Proxy Server 4.0.3; prior versions may also be affected.

Eudora Mail Imap Flags Remote Buffer Overflow Vulnerability (2007-06-01)

Eudora Mail is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user supplied input before copying it into an insufficiently sized memory buffer.

Attackers can exploit this issue by enticing victims into connecting to a maliciously crafted IMAP email server using the vulnerable application.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Eudora 7.1.

NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities (2007-06-04)

BusinessMail is affected by multiple remote buffer overflow vulnerabilities. These issues arise due to a lack of boundary checks performed by the application and may allow remote attackers to execute machine code in the context of the server process.

BusinessMail 4.60 is reportedly vulnerable. Other versions may be affected as well.

Microsoft Windows CE ASP Parser Buffer Overflow Vulnerability (2007-06-12)

Microsoft Windows CE is prone to a buffer-overflow vulnreability. This issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected webserver. Failed exploit attempts will result in a denial-of-service condition.

Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities (2007-06-26)

Trend Micro OfficeScan Server is prone to multiple security vulnerabilities. Some CGI modules fail to check the size of data in unspecified arguments or fields before copying it into finite-sized internal memory buffers, and additionally fail in an unspecified manner that allows for an authentication bypass.

An attacker can exploit these issues to execute arbitrary code with administrative privileges within the context of the OfficeScan Server application. They may also bypass user authentication. This may facilitate the compromise of affected servers.

Trend Micro OfficeScan versions prior to edition 8.0 patch build 1042 are confirmed affected by these issues.

MIT Kerberos 5 KAdminD Server RPC Type Conversion Stack Buffer Overflow Vulnerability (2007-06-27)

Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

This issue also affects third-party applications using the affected RPC library.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6.1and prior versions are vulnerable.

MIT Kerberos 5 KAdminD Server Rename_Principal_2_SVC() Function Stack Buffer Overflow Vulnerability (2007-06-27)

Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with administrative privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All kadmind servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 kadmind 1.6.1, kadmind 1.5.3 and prior versions are vulnerable.

IBM Tivoli Monitoring Express Universal Agent Multiple Heap Buffer Overflow Vulnerabilities (2007-07-06)

IBM Tivoli Monitoring Express Universal Agent is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. This may facilitate the compromise of affected servers. To leverage these issues, the attacker does not need to authenticate.

IBM Tivoli Monitoring Express 6.1 is affected.

Cisco Unified Communications Manager Multiple Heap Buffer Overflow Vulnerabilities (2007-07-12)

Cisco Unified Communications Manager is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. Successful exploits may result in a complete compromise of affected servers. Failed exploit attempts will likely result in denial-of-service conditions.

Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities (2007-07-18)

Computer Associates Alert Notification Server is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into insufficiently sized buffers.

An attacker can exploit these issues to execute arbitrary code with SYSTEM privileges. Failed exploit attempts likely result in a denial-of-service condition.

This issue affects CA products that rely on the Alert Server; the list of known affected products is as follows:

CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Protection Suites r3
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Client agent for Windows

Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities (2007-07-19)

Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.

Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash.

Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected.

PHP SNMPGet Function Local Buffer Overflow Vulnerability (2007-07-20)

PHP is prone to a local buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP for Microsoft Windows versions 4.4.6 is vulnerable; other versions may also be affected.

xserver HTTP Post Request Buffer Overflow Vulnerability (2007-07-26)

xserver is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application failed exploit attempts will result in a denial-of-service.

This issue affects xserver version 0.1 alpha; other versions may also be affected.

PHP GD Extension ImagePSLoadFont Function Local Buffer Overflow Vulnerability (2007-07-27)

PHP's GD extension is prone to a local buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.3 is vulnerable to this issue; other versions may also be affected.

Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities (2007-08-24)

Trend Micro ServerProtect is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

There are nine buffer-overflow vulnerabilities that affect the 'SpntSvc.exe' and agent services that listen on TCP ports 5168 and 3628. These vulnerabilities may be exploited over RPC interfaces that are exposed by the vulnerable application.

Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.

These issues were reported to affect ServerProtect 5.58 Build 1176 (Security Patch 3). Earlier versions may also be affected.

ESRI ArcSDE Server SPrintf Function Stack Buffer Overflow Vulnerability (2007-08-30)

ESRI ArcSDE Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue on an affected computer to execute code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

ArcSDE Server 9.2 is vulnerable; prior versions may also be affected.

MIT Kerberos 5 KAdminD Server SVCAuth_GSS_Validate Stack Buffer Overflow Vulnerability (2007-09-06)

Kerberos 5 'kadmind' (Kerberos Administration Daemon) server is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. A successful attack can result in the complete compromise of the application. Failed attempts will likely result in denial-of-service conditions.

All 'kadmind' servers run on the master Kerberos server. Since the master server holds the KDC principal and policy database, an attack may not only compromise the affected computer, but could also compromise multiple hosts that use the server for authentication.

Kerberos 5 'kadmind' 1.4 through 1.6.2 are vulnerable; third party applications using the affected RPC library are also affected.

Red Hat Advanced Intrusion Detection Environment Checksum Database Weakness (2007-09-06)

Red Hat Advanced Intrusion Detection Environment (AIDE) is prone to a design weakness because its database does not contain checksums for files.

An attacker may exploit this issue to evade AIDE file-modification checks, which may lead to other attacks.

This issue is due to an RPM packaging error on Red Hat systems. Other implementations of AIDE may also be affected, but Symantec has not confirmed this.

Versions prior to AIDE 0.13.1 on Red Hat Enterprise Linux 5 server and client are vulnerable.

Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability (2007-09-22)

Ipswitch IMail Server is prone to a buffer-overflow vulnerability because the applications fail to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Ipswitch IMail Server versions between 8.01 through 8.11 are vulnerable to this issue; other versions may also be affected.

This issue may be related to previously-disclosed vulnerabilities in IMail, but due to a lack of information it cannot be correlated to them. This BID may be retired or updated if more information clarifies its status.

OpenBSD DHCPD Server Remote Stack Corruption Vulnerability (2007-10-10)

OpenBSD's 'dhcpd' is prone to a remote stack-corruption vulnerability because the software fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows attackers in the same LAN segment of the vulnerable DHCP server to corrupt the application's stack. This may allow attackers to run arbitrary machine code and to compromise affected computers.

Valve Software Half-Life Server Multiplayer Request Buffer Overflow Vulnerability (2007-10-17)

Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the software fails to sufficiently bounds-check client-supplied data during requests to join multiplayer games. This could allow attackers to execute code in the context of the vulnerable server.

This vulnerability affects the server bundled with Half-Life and the free Dedicated Server for both Windows and Linux operating systems.

MultiXTpm Application Server DebugPrint() Remote Buffer Overflow Vulnerability (2007-10-25)

MultiXTpm Application Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

A remote attacker may be able to exploit this issue to execute arbitrary code and gain unauthorized access.

Versions prior to MultiXTpm Application Server 4.0.2d are vulnerable.

Microsoft Windows WINS Name Value Handling Remote Buffer Overflow Vulnerability (2007-11-01)

The WINS server contains a buffer-overflow vulnerability that can allow attackers to corrupt WINS process memory. The issue occurs because the software fails to perform sufficient boundary checks on computer 'name' data that is handled during a WINS transaction.

Ultimately, a WINS client may exploit this issue remotely to execute arbitrary code with SYSTEM-level privileges on a target WINS server. The service may be exposed via TCP/UDP port 42 by default, but the vendor has stated that other attack vectors may exist (though none are known at this time).

ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability (2007-11-05)

A remotely exploitable buffer overrun was reported in ProFTPD. This issue is due to insufficient bounds checking of user-supplied data in the '_xlate_ascii_write()' function, permitting an attacker to overwrite two bytes of memory adjacent to the affected buffer. The attacker may be able to exploit this to execute arbitrary code in the context of the server. The attacker may trigger this issue by submitting a RETR command to the server.

OpenSER OSP Module Validateospheader Function Buffer Overflow Vulnerability (2007-11-07)

OpenSER OSP Module is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected server application. Failed exploit attempts will likely crash the application, resulting in denial-of-service conditions.

Versions 1.1.0 and prior are reported vulnerable.

Symantec Backup Exec Job Engine Multiple Integer Overflow Vulnerabilities (2007-11-28)

Symantec Backup Exec is prone to two remote integer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to cause an infinite loop that will exhaust memory or consume excessive CPU resources. Successful attacks will cause denial-of-service conditions.

Symantec Backup Exec for Windows Server 11.0.6235 and 11.0.7170 are vulnerable.

WatchMouse: Recently added scanners (2007-12-01)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2007-11-30 - Symantec Backup Exec for Windows Servers Denial of Service Vulnerabilities (High)
• 2007-11-29 - Ruby on Rails Session Fixation Vulnerability (Medium)
• 2007-11-29 - htsearch sort Parameter Cross-Site Scripting Vulnerability (Medium)
• 2007-11-28 - Firefox < 2.0.0.10 (High)
• 2007-11-28 - Cygwin < 1.5.24 Buffer Overflow Vulnerability (High)
• 2007-11-28 - BitDefender Online Scanner 8 ActiveX Control Double Decode Heap Overflow Vulnerability (High)
• 2007-11-27 - GWextranet template Parameter Directory Traversal Vulnerability (Medium)

WatchMouse: Recently added scanners (2007-12-02)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2007-11-30 - Symantec Backup Exec for Windows Servers Denial of Service Vulnerabilities (High)
• 2007-11-29 - Ruby on Rails Session Fixation Vulnerability (Medium)
• 2007-11-29 - htsearch sort Parameter Cross-Site Scripting Vulnerability (Medium)
• 2007-11-28 - Firefox < 2.0.0.10 (High)
• 2007-11-28 - Cygwin < 1.5.24 Buffer Overflow Vulnerability (High)
• 2007-11-28 - BitDefender Online Scanner 8 ActiveX Control Double Decode Heap Overflow Vulnerability (High)

WatchMouse: Recently added scanners (2007-12-03)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2007-11-30 - Symantec Backup Exec for Windows Servers Denial of Service Vulnerabilities (High)
• 2007-11-29 - Ruby on Rails Session Fixation Vulnerability (Medium)
• 2007-11-29 - htsearch sort Parameter Cross-Site Scripting Vulnerability (Medium)

WatchMouse: Recently added scans (2007-12-04)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2007-12-03 - Rendezvous < 8.0.0 Denial of Service Vulnerability (High)
• 2007-12-03 - Seditio pag_sub Parameter SQL Injection Vulnerability (Medium)
• 2007-12-03 - Plumtree Portal Default Credentials (High)
• 2007-12-03 - SeaMonkey < 1.1.7 (High)
• 2007-11-30 - Symantec Backup Exec for Windows Servers Denial of Service Vulnerabilities (High)

Microsoft Message Queuing Service Buffer Overflow Vulnerability (2007-12-11)

Microsoft Message Queuing (MSMQ) is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Attackers can exploit this issue remotely on computers running Windows 2000 Server. Attackers would need local interactive access to exploit this issue on Windows XP and Windows 2000 Professional.

WatchMouse: Recently added scans (2007-12-12)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2007-12-11 - MySQL 5.0 < 5.0.51 RENAME TABLE Symlink Attack Vulnerability (Low)
• 2007-12-11 - Firefly Media Server Partial Directory Traversal and Authentication Bypass Vulnerabilities (High)

WatchMouse: Recently added scans (2007-12-14)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2007-12-13 - Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) (Network check) (Critical)
• 2007-12-13 - MySQL Enterprise Server < 5.0.52 Multiple Vulnerabilities (Medium)
• 2007-12-13 - MySQL Community Server < 5.1.23 / 6.0.4 Multiple Vulnerabilities (Medium)

WatchMouse: Recently added scans (2007-12-20)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2007-12-19 - PeerCast handshakeHTTP Buffer Overflow Vulnerability (High)
• 2007-12-19 - HP Info Center ActiveX Control Buffer Overflow Vulnerabilities (High)
• 2007-12-19 - Trend Micro ServerProtect Multiple Remote Insecure Method Exposure Vulnerabilities (Critical)
• 2007-12-19 - Centreon fileOreonConf Parameter File Include Vulnerabilities (High)

Apple Mac OS X SMB Utilities Local Stack-Based Buffer Overflow Vulnerability (2007-12-20)

Mac OS X is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

This issue affects certain SMB (Server Message Block protocol) applications.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

Mac OS X and Mac OS X Server 10.4.11 and prior versions are vulnerable.

NOTE: This issue was originally covered in BID 26910 (Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities).

Foxit WAC Server Denial of Service Vulnerability (2008-01-07)

Foxit WAC Server is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Foxit WAC Server 2.1.0.910; other versions may also be affected.

IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability (2008-01-11)

IBM Tivoli Storage Manager Express is prone to a remote heap-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM privileges. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects IBM Tivoli Storage Manager Express 5.3 for Microsoft Windows 2003 server platforms; other versions may also be vulnerable.

WatchMouse: Recently added scans (2008-01-13)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-01-12 - SAP DB / MaxDB Cons Program Command Execution Vulnerability (Critical)
• 2008-01-12 - Sun Java System Identity Manager Cross-Site Scripting Vulnerabilities (Medium)
• 2008-01-12 - Camtasia Studio csPreloader Code Execution Vulnerability (Medium)
• 2008-01-12 - Novell Client nicm.sys Local Privilege Escalation Vulnerability (High)
• 2008-01-12 - McAfee E-Business Server Authentication Packet Overflow Vulnerability (Critical)
• 2008-01-12 - Lotus Domino < 7.0.2 FP3 Denial of Service Vulnerability (High)

TIBCO SmartSockets Request Heap Buffer Overflow Vulnerability (2008-01-16)

TIBCO SmartSockets is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the affected application, denying service to legitimate users.

The following components are affected:

TIBCO RTworks Server (rtserver)
TIBCO RTworks Data Archive Process (rtarchive)
TIBCO RTworks Data Playback Process (rtplayback)
TIBCO RTworks Data Acquisi- TIon Process (rtdaq)
TIBCO RTworks Human Computer Interface (rthci)
TIBCO RTworks Inference Engine (r- TIe)
TIBCO RTworks libraries (r- TIpc, rtu- TIl)

Citrix Presentation Server IMA Service Buffer Overflow Vulnerability (2008-01-17)

Citrix Presentation Server is prone to a buffer-overflow vulnerability because the IMA service fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of the IMA server process. Failed exploit attempts will likely result in denial-of-service conditions.

The issue affects the following versions:

Citrix MetaFrame and Presentation Server 4.5 (and earlier)
Citrix Access Essentials 2.0 (and earlier)
Citrix Desktop Server 1.0 (and earlier)

WatchMouse: Recently added scans (2008-01-23)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-01-22 - BitDefender Update Server Directory Traversal Vulnerability (Medium)

X.Org X Server PCF Font Parser Buffer Overflow Vulnerability (2008-01-23)

X.Org X Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges of the server. Failed attacks will cause denial-of-service conditions.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

IBM Tivoli Provisioning Manager for OS Deployment Remote Buffer Overflow Vulnerability (2008-01-24)

IBM Tivoli Provisioning Manager for OS Deployment is prone to a remote buffer-overflow vulnerability because it fails to perform adequate size-checks on user-supplied input.

A remote attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges or to crash the server process, which could lead to denial-of-service conditions.

Versions prior to IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.3 are vulnerable.

NOTE: This BID was previously titled 'IBM Tivoli Provisioning Manager for OS Deployment Denial of Service Vulnerability' but has been updated to reflect new information.

IBM Informix Storage Manager Multiple Buffer Overflow Vulnerabilities (2008-01-29)

IBM Informix Storage Manager is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data.

Successful exploits may allow attackers to execute arbitrary code and can lead to a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect IBM Informix Dynamic Server 10.00.xC8, 11.10.xC2, and prior versions on Microsoft Windows platforms.

WatchMouse: Recently added scans (2008-02-01)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-01-31 - Citadel SMTP Server RCPT TO Buffer Overflow Vulnerability (High)
• 2008-01-31 - WordPress AdServe id Parameter SQL Injection Vulnerability (High)
• 2008-01-31 - SQLiteManager spaw_root Parameter File Include Vulnerability (Medium)
• 2008-01-31 - Smart Publisher filedata Parameter Command Execution Vulnerability (High)
• 2008-01-31 - XnView RGBE Buffer Overflow Vulnerability (High)

IBM DB2 Universal Database DAS Buffer Overflow Vulnerability (2008-02-08)

IBM DB2 is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected service. Successfully exploiting this issue may facilitate in the remote compromise of affected computers. Failed exploit attempts will likely crash the affected application.

NOTE: This vulnerability was previously disclosed in BID 27596 (IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities). Due to more information, it has been assigned its own record.

WatchMouse: Recently added scans (2008-02-08)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-02-07 - WinComLPD LPD Monitoring Server Authentication Bypass Vulnerability (High)
• 2008-02-07 - Adobe Reader < 8.1.2 (High)
• 2008-02-07 - WinComLPD LPD Monitoring Server Default Credentials (High)
• 2008-02-07 - HP Virtual Rooms WebHPVCInstall.HPVirtualRooms14 ActiveX Control Buffer Overflow Vulnerabilities (High)

WatchMouse: Recently added scans (2008-02-10)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-02-09 - QuickTime < 7.4.1 (Windows) (High)
• 2008-02-09 - Ipswitch WS_FTP Server Manager Authentication Bypass Vulnerability (Medium)
• 2008-02-09 - SeaMonkey < 1.1.8 (High)
• 2008-02-09 - Firefox < 2.0.0.12 (High)
• 2008-02-09 - Yahoo! Music Jukebox ActiveX Controls Buffer Overflow Vulnerabilities (High)
• 2008-02-09 - Skype Web Content Zone Remote Code Execution Vulnerability (High)

Sony ImageStation 'AxRUploadServer.dll' ActiveX Control Remote Buffer Overflow Vulnerability (2008-02-12)

Sony ImageStation ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

This issue affects 'AxRUploadServer.dll' 1.0.0.38; other versions may also be vulnerable.

WatchMouse: Recently added scans (2008-02-13)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-02-12 - F5 BIG-IP web management XSS (Medium)
• 2008-02-12 - Terminal Services Encryption Level is not FIPS-140 compliant (Low)
• 2008-02-12 - MySpace Uploader ActiveX Control < 1.0.0.6 Buffer Overflow Vulnerability (High)
• 2008-02-12 - MikroTik RouterOS with Blank Password (Critical)
• 2008-02-12 - Altiris Notification Server Agent Local Privilege Escalation Vulnerability (High)

WatchMouse: Recently added scans (2008-02-22)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-02-21 - SHOUTcast Server Service Port Default Password (High)
• 2008-02-21 - IBM Tivoli Provisioning Manager for OS Deployment < 5.1.0.3 Interim Fix 3 Denial of Service Vulnerability (Critical)
• 2008-02-21 - osCommerce Customer Testimonials testimonial_id SQL Injection Vulnerability (High)
• 2008-02-21 - Flash Media Server < 2.0.5 Multiple Vulnerabilities (Critical)
• 2008-02-21 - Joomla mosConfig_absolute_path Parameter File Include Vulnerability (High)
• 2008-02-21 - IMesh ActiveX Control SetHandler Method Command Execution Vulnerability (High)
• 2008-02-21 - SAPlpd < 6.29 Multiple Vulnerabilities (local check) (High)

Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability (2008-02-26)

Fujitsu Interstage Application Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions.

This issue affects the following applications:

Interstage Application Server Enterprise Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A
Interstage Application Server Standard-J Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A
Interstage Apworks Enterprise Edition 8.0.0
Interstage Apworks Standard-J Edition 8.0.0
Interstage Studio Enterprise Edition 8.0.1 and 9.0.0
Interstage Studio Standard-J Edition 8.0.1 and 9.0.0

SurgeFTP 'Content-Length' Parameter NULL Pointer Denial Of Service Vulnerability (2008-02-26)

SurgeFTP is prone to a remote denial-of-service vulnerability because it fails to perform adequately boundary checks on user-supplied input.

Exploiting this issue will cause the server to copy data to a NULL pointer, which will crash the server, denying access to legitimate users.

SurgeFTP 2.3a2 is vulnerable; other versions may also be affected.

ADI Convergence Galaxy FTP Server Password Remote Denial of Service Vulnerability (2008-03-02)

ADI Convergence Galaxy FTP Server is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed.

ADI Convergence Galaxy FTP Server version 0.1 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2008-03-05)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-03-04 - Goollery Multiple XSS (Medium)
• 2008-03-04 - Vulnerability in Web Client Service Could Allow Remote Code Execution (911927) (Medium)
• 2008-03-04 - Alcatel ADSL modem with firewalling off (High)
• 2008-03-04 - myServer math_sum.mscgi multiple flaws (High)
• 2008-03-04 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523) (High)
• 2008-03-04 - vBulletin Misc.PHP PHP Script Code Execution Vulnerability (Medium)
• 2008-03-04 - PunBB language Paramater Local File Include Vulnerability (High)

WatchMouse: Recently added scans (2008-03-07)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-03-06 - EDraw Office Viewer Component FtpDownloadFile Method Buffer Overflow Vulnerability (High)
• 2008-03-06 - activePDF Server < 3.8.6 Packet Handling Buffer Overflow Vulnerability (local check) (Critical)
• 2008-03-06 - MediaWiki JSON Callback Information Disclosure Vulnerability (Medium)
• 2008-03-06 - Symantec Backup Exec Calendar ActiveX Control Multiple Vulnerabilities (SYM08-007) (High)
• 2008-03-06 - Netscape Browser No Longer Supported (High)
• 2008-03-06 - MiniWebsvr Directory Traversal Vulnerability (Medium)
• 2008-03-06 - netOffice Dwins Authentication Bypass Vulnerability (High)

WatchMouse: Recently added scans (2008-03-09)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-03-08 - Sun Java Runtime Environment Multiple Vulnerabilities (233321-233327) (High)
• 2008-03-08 - eScan FTP Server Directory Traversal Vulnerability (Medium)

WatchMouse: Recently added scans (2008-03-15)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-03-14 - Sun Java Web Console < 3.0.5 Information Disclosure Vulnerability (Medium)
• 2008-03-14 - PacketTrap pt360 TFTP Server < 1.0.3302.0 Multiple Vulnerabilities (High)

WatchMouse: Recently added scans (2008-03-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-03-15 - IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities (High)

WatchMouse: Recently added scans (2008-03-18)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-03-17 - Dovecot blocking passdb Authentication Bypass Vulnerability (Medium)
• 2008-03-17 - PacketTrap pt360 TFTP Server < 1.0.3302.0 Multiple Vulnerabilities (High)

SILC Client and Server Key Negotiation Protocol Remote Buffer Overflow Vulnerability (2008-03-26)

SILC Client and Server are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

This issue affects versions prior to SILC Client 1.1.4 and SILC Server 1.1.2.

WatchMouse: Recently added scans (2008-03-27)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-03-26 - DotNetNuke Default Machine Key Exposure Vulnerability (High)
• 2008-03-26 - mod_imap Referer Cross Site Scripting Vulnerability (Medium)
• 2008-03-26 - PHP < 5.2 Multiple Vulnerabilities (High)
• 2008-03-26 - Custom Pages cpage Parameter File Include Vulnerability (High)
• 2008-03-26 - Microsoft IIS Server Hit Hilight Authentication Bypass Vulnerability (Medium)

TFTP Server Packet Handling Remote Buffer Overflow Vulnerability (2008-03-27)

TFTP Server is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

TFTP Server 1.4 running on Windows is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2008-04-03)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-04-02 - Sympa Malformed Content-Type Header Denial of Service Vulnerability (Medium)
• 2008-04-02 - MobiLink Server < 10.0.1 build 3649 Buffer Overflow Vulnerability (Critical)
• 2008-04-02 - eggBlog Cookie Parameter SQL Injection Vulnerability (Medium)
• 2008-04-02 - Macrovision InstallShield InstallScript One-Click Install Untrusted Library Loading Vulnerability (High)

WinWebMail IMAP Login Data Handling Denial Of Service Vulnerability (2008-04-11)

WinWebMail is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Remote attackers can exploit this issue to crash the server and deny service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

WinWebMail 3.7.3.2 is vulnerable; other versions may also be affected.

BigAnt IM Server HTTP GET Request Remote Buffer Overflow Vulnerability (2008-04-16)

BigAnt IM Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the server. Failed exploit attempts will result in a denial-of-service condition.

BigAnt IM Server 2.2 is vulnerable; other versions may also be affected.

Firefly Media Server 'Content-Length' Buffer Overflow Vulnerability (2008-04-21)

Firefly Media Server (formerly known as mt-daapd) is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions.

Versions prior to Firefly Media Server 0.2.4.2 are affected.

MySQL User-Defined Function Buffer Overflow Vulnerability (2008-04-22)

MySQL is prone to a buffer-overflow vulnerability. The application fails to perform sufficient boundary checks on data supplied as an argument in a user-defined function.

A database user with sufficient access to create a user-defined function can exploit this issue. Attackers may also be able to exploit this issue through latent SQL-injection vulnerabilities in third-party applications that use the database as a backend.

Successful exploitation will result in the execution of arbitrary code in the context of the database server process.

WatchMouse: Recently added scans (2008-04-25)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-04-24 - Firefly Media Server 'Content-Length' Buffer Overflow Vulnerability (High)
• 2008-04-24 - Red Hat 'redhat-ds-admin' Shell Command Injection and Security Bypass Vulnerabilities (High)
• 2008-04-24 - XOOPS Article Module 'article.php' SQL Injection Vulnerability (High)

WatchMouse: Recently added scans (2008-05-07)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-05-06 - PHP < 5.2.6 Multiple Vulnerabilities (High)
• 2008-05-06 - ActualAnalyzer Lite style Parameter File Include Vulnerability (Medium)
• 2008-05-06 - Sun Java System Directory Proxy Server Unauthorized Access Vulnerability (Medium)
• 2008-05-06 - Cisco Security Agent Buffer Overflow Vulnerability (Critical)
• 2008-05-06 - Webhosting Component catid Parameter SQL Injection Vulnerability (High)

TFTP Server Error Packet Handling Remote Buffer Overflow Vulnerability (2008-05-09)

TFTP Server is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

TFTP Server SP 1.4 running on Windows is vulnerable; other versions may also be affected.

InspIRCd Prior to 1.1.18 'namesx' 'uhnames' Modules Multiple Denial Of Service Vulnerabilities (2008-05-09)

InspIRCd is prone to multiple denial-of-service vulnerabilities because the application fails to peform adequate boundary checks on user-supplied data. The issues affect the 'namesx' and 'uhnames' modules.

Attackers can leverage this issue to crash the server and deny access to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to InspIRCd 1.1.18 are vulnerable.

WatchMouse: Recently added scans (2008-05-12)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-05-11 - Sun Java System Web Server Search Module Cross-Site Scripting Vulnerability (Medium)
• 2008-05-11 - MySQL Enterprise Server 5.0 < 5.0.60 MyISAM Table Privilege Check Bypass Vulnerability (Low)
• 2008-05-11 - MySQL 4.1 < 4.1.24 MyISAM Table Privilege Check Bypass Vulnerability (Low)
• 2008-05-11 - Realtek HD Audio Codec Drivers Multiple Local Privilege Escalation Vulnerabilities (High)
• 2008-05-11 - SAP MaxDB Multiple Vulnerabilities (Critical)

WatchMouse: Recently added scans (2008-05-21)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-05-20 - ViewVC CVSROOT Information Disclosure Vulnerability (Medium)
• 2008-05-20 - Fake SMTP/FTP server (backdoor) (Critical)

Stunnel OCSP Certificate Validation Security Bypass Vulnerability (2008-05-22)

Stunnel is prone to a security-bypass vulnerability because the OCSP functionality fails to properly check revoked certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers and authenticating with a revoked certificate. This will aid in further attacks.

This issue affects versions prior to Stunnel 4.24.

Lenovo System Update SSL Certificate Validation Security Bypass Vulnerability (2008-05-27)

Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer.

This issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable.

WatchMouse: Recently added scans (2008-05-31)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-05-30 - Oracle Application Server Portal 10g Authentication Bypass (Medium)
• 2008-05-30 - Samba < 3.0.30 receive_smb_raw Buffer Overflow Vulnerability (High)
• 2008-05-30 - Backup Exec System Recovery Manager filename Parameter Directory Traversal Vulnerability (Medium)

WatchMouse: Recently added scans (2008-06-12)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-06-11 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) (High)
• 2008-06-11 - QuickTime < 7.5 (Windows) (High)
• 2008-06-11 - Cumulative Security Update for Internet Explorer (950759) (High)
• 2008-06-11 - OpenOffice < 2.4.1 rtl_allocateMemory Integer Overflow Vulnerability (High)
• 2008-06-11 - IBM WebSphere Application Server < 6.1.0.17 Unspecified Vulnerability (High)
• 2008-06-11 - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) (High)
• 2008-06-11 - DB2 < 9 Fix Pack 5 (Critical)

FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow Vulnerability (2008-06-18)

FreeType2 is prone to an integer-overflow vulnerability because it fails to perform adequate checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of applications using the FreeType2 library. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue can allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.

FreeType2 2.3.5 is vulnerable; other versions may also be affected.

FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability (2008-06-18)

FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on the affected computer.

FreeType 2.3.5 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2008-06-20)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-06-19 - ListManager words Parameter Cross-Site Scripting Vulnerability (Medium)
• 2008-06-19 - Adobe Flex History Management Cross-Site Scripting Vulnerability (Medium)
• 2008-06-19 - 3D-FTP Multiple Directory Traversal Vulnerabilities (High)
• 2008-06-19 - CitectSCADA ODBC Server Buffer Overflow Vulnerability (Critical)

WatchMouse: Recently added scans (2008-06-22)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-06-21 - Novell iPrint Client Unspecified Vulnerability (High)
• 2008-06-21 - Altiris Notification Server Agent GUI Local Privilege Escalation Vulnerability (KB 39159) (High)
• 2008-06-21 - Safari < 3.1.2 Multiple Vulnerabilities (High)

PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability (2008-06-23)

PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.6 and prior versions are vulnerable.

FreeType Printer Font Binary Heap Buffer Overflow Vulnerability (2008-06-24)

FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org Xserver to gain elevated privileges on the affected computer.

Successfully exploiting this issue will result in the complete compromise of affected computers.

FreeType 2.3.5 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2008-06-27)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-06-26 - Kismet Server Information Disclosure (Medium)
• 2008-06-26 - Adobe Reader < 8.1.2 Security Update 1 / 7.1.0 (High)

ServerView 'SnmpGetMibValues.exe' Multiple Unspecified Buffer Overflow Vulnerabilities (2008-07-07)

ServerView is prone to multiple unspecified buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data.

An attacker can exploit these issues to execute arbitrary machine code in the context of affected software. Failed exploit attempts will likely cause denial-of-service conditions.

ServerView 4.60.07 is vulnerable; other versions may also be affected.

Microsoft SQL Server On-Disk Data Structures Remote Memory Corruption Vulnerability (2008-07-09)

Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Authenticated attackers can exploit this issue to execute arbitrary code in the context of the server. Failed attacks will likely cause denial-of-service conditions.

WatchMouse: Recently added scans (2008-07-10)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-07-09 - Sun Java ASP Server Default Admin Password (High)
• 2008-07-09 - Sun Java System ASP < 4.0.3 Multiple Vulnerabilities (Critical)
• 2008-07-09 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) (Medium)
• 2008-07-09 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) (Medium)
• 2008-07-09 - Sun Java System ASP Server Command Injection Vulnerability (Critical)
• 2008-07-09 - Vulnerabilities in DNS Could Allow Spoofing (953230) (Medium)
• 2008-07-09 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) (High)

WatchMouse: Recently added scans (2008-07-14)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-07-13 - Novell Client nwfs.sys Privilege Escalation Vulnerability (High)
• 2008-07-13 - RoboHelp Server Help Errors Vulnerabilities (APSB08-16) (Medium)
• 2008-07-13 - Xerox XRX08-008 (Medium)
• 2008-07-13 - Deterministic Network Extender 'dne2000.sys' Local Privilege Escalation (High)
• 2008-07-13 - Apache < 2.2.9 Multiple Vulnerabilities (Medium)
• 2008-07-13 - Mambo < 4.6.5 mos_user_template Local File Include Vulnerability (Medium)

Mozilla Network Security Services Library Remote Heap Overflow Vulnerability (2008-07-14)

NSS is reported prone to a remote heap overflow vulnerability. This issue arises due to insufficient boundary checks performed by the application. Successful exploitation of this issue may result in arbitrary code execution leading to an attacker gaining unauthorized access to a vulnerable computer.

The NSS library is commonly used by Netscape Enterprise Server and Sun One/iPlanet servers. The SSLv2 protocol is not enabled by default on these servers. Other products may be affected as well.

WatchMouse: Recently added scans (2008-07-23)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-07-22 - HP System Management Homepage < 2.1.12 Cross-Site Scripting Vulnerabilities (Medium)
• 2008-07-22 - BlackBerry Enterprise Server PDF Processing Vulnerability (High)
• 2008-07-22 - F-PROT Antivirus Engine < 4.4.4 Multiple Vulnerabilities (Medium)

WatchMouse: Recently added scans (2008-07-25)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-07-24 - Retrospect Backup Client Multiple Vulnerabilities (ESA-08-009) (Medium)
• 2008-07-24 - Retrospect Backup Server Password Hash Vulnerability (ESA-08-009) (Medium)

WatchMouse: Recently added scans (2008-07-28)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-07-27 - BlackBerry Attachment Service PDF Processing Vulnerability (Remote Check) (High)
• 2008-07-27 - Openlink Virtuoso Server Default Credentials (High)

WatchMouse: Recently added scans (2008-08-20)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-08-19 - HP-UX ftpd Remote Privileged Access Vulnerability (High)
• 2008-08-19 - Web Server Redirects to Arbitrary Domains (Medium)
• 2008-08-19 - Veritas Storage Foundation NULL NTLMSSP Authentication Bypass Vulnerability (SYM08-015) (Critical)
• 2008-08-19 - MailScan WebAdministrator Authentication Bypass Vulnerability (High)
• 2008-08-19 - Computer Associates HIPS Kmxfw.sys Multiple Vulnerabilities (High)
• 2008-08-19 - MS Site Server < 3.0 Cross-Site Scripting Vulnerability (Medium)
• 2008-08-19 - hMailServer < 4.4.2 build 279 Remote Denial of Service Vulnerability (Medium)

WatchMouse: Recently added scans (2008-08-21)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-08-20 - Oracle WebLogic Server mod_wl POST Request Buffer Overflow Vulnerability (Critical)

WatchMouse: Recently added scans (2008-08-22)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-08-21 - Cisco Secure Access Control Server User-Changeable Password XSS (Medium)
• 2008-08-21 - Serv-U < 7.2.0.1 Denial of Service Vulnerability (Medium)
• 2008-08-21 - Opera < 9.52 Multiple Vulnerabilities (High)
• 2008-08-21 - Cisco Secure Access Control Server for Windows User-Changeable Password Buffer Overflow (Critical)
• 2008-08-21 - Cisco CiscoWorks Server XSS (Medium)
• 2008-08-21 - backdoor detection (Critical)
• 2008-08-21 - MS executable detection (Critical)

Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow Vulnerability (2008-08-29)

Red Hat Directory Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. NOTE: The Administration Server of Directory Server usually runs with superuser privileges.

Red Hat Directory Server 7.1 and adminutil prior to 1.1.7 are affected.

Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability (2008-09-03)

Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected.

Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability (2008-09-12)

Microsoft SQL Server 'sqlvdir.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This control is included with Microsoft SQL Server 2000; other versions may also be affected.

Trend Micro OfficeScan 'cgiRecvFile.exe' Buffer Overflow Vulnerability (2008-09-13)

Trend Micro OfficeScan is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code within the context of the affected application. This may facilitate a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects the following:

OfficeScan 7.3 with Patch 4 build 1362
OfficeScan 7.0
OfficeScan 8.0
Client Server Messaging Security versions 3.6, 3.5, 3.0, and 2.0

WatchMouse: Recently added scans (2008-09-14)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-09-13 - iTunes < 8.0 (Windows) (High)
• 2008-09-13 - MySQL Community Server 5.0 < 5.0.67 Multiple Vulnerabilities (High)
• 2008-09-13 - iTunes < 8.0 Integer Buffer Overflow Vulnerability (Network Check) (High)
• 2008-09-13 - MySQL 5.1 < 5.1.26 Denial of Service Vulnerability (Medium)
• 2008-09-13 - pluck < 4.5.3 Multiple Local File Include Vulnerabilities (Medium)
• 2008-09-13 - VMware Products Multiple Vulnerabilities (VMSA-2008-0014) (High)
• 2008-09-13 - MySQL Enterprise Server 5.0 < 5.0.66 Denial of Service Vulnerability (Medium)

LANDesk Intel QIP Service 'qipsrvr.exe' Buffer Overflow Vulnerability (2008-09-16)

LANDesk Intel QIP Service is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with SYSTEM-level privileges. This will result in a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects the following:

LANDesk Management Suite 8.8 and earlier
LANDesk Security Suite 8.8 and earlier
LANDesk Server Manager 8.8 and earlier

WatchMouse: Recently added scans (2008-09-20)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-09-19 - Trend Micro OfficeScan 'cgiRecvFile.exe' Buffer Overflow Vulnerability (High)
• 2008-09-19 - IBM WebSphere Application Server 6.1 < Fix Pack 19 Unspecified Vulnerability (High)
• 2008-09-19 - eDirectory < 8.8 SP3 Multiple Vulnerabilities (Critical)
• 2008-09-19 - Default password (0000) for WIP5000 IP Phone (High)
• 2008-09-19 - Default password (000000) for WIP5000 IP Phone (Critical)

WatchMouse: Recently added scans (2008-09-22)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-09-21 - Bonjour < 1.0.5 Multiple Vulnerabilities APPLE-SA-2009-09-09 (Windows) (Medium)
• 2008-09-21 - Xerox XRX08-009 (High)
• 2008-09-21 - LANDesk QIP Server Service heal Request Buffer Overflow Vulnerability (Critical)

WatchMouse: Recently added scans (2008-09-28)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-09-27 - Mozilla Thunderbird < 2.0.0.17 (High)
• 2008-09-27 - Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities (High)
• 2008-09-27 - MailWatch for MailScanner doc Parameter File Include Vulnerability (Medium)

WatchMouse: Recently added scans (2008-10-01)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-09-30 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) - Network check (High)

RETIRED: Xerox WorkCentre/WorkCentre Pro Network Controller Remote Code Execution Vulnerability (2008-10-06)

Xerox WorkCentre/WorkCentre Pro are prone to a remote code-execution vulnerability because their ESS/Network Controllers fail to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The issue occurs because of errors within the Samba code that handles printer-sharing services for SMB (Server Message Block) clients.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.

This BID is being retired as a duplicate. The vulnerability discussed is already documented in BID 29404 (Samba 'receive_smb_raw()' Buffer Overflow Vulnerability).

DATAC RealWin SCADA Server Remote Stack Buffer Overflow Vulnerability (2008-10-09)

DATAC RealWin SCADA server is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate the complete compromise of affected computers. Failed exploit attempts may result in a denial-of-service condition.

RealWin SCADA server 2.0 is affected; other versions may also be vulnerable.

Sun Java System Web Proxy Server FTP Subsytem Heap Based Buffer Overflow Vulnerability (2008-10-10)

Sun Java System Web Proxy Server is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects Sun Java System Web Proxy Server 4.0 up to and including 4.0.7.

WatchMouse: Recently added scans (2008-10-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-10-15 - Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) (Critical)
• 2008-10-15 - Cumulative Security Update for Internet Explorer (956390) (High)
• 2008-10-15 - Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) (Critical)
• 2008-10-15 - GForge offset parameter SQL Injection Vulnerability (High)
• 2008-10-15 - ASG-Sentry fcheck.exe File Overwrite Vulnerability (High)
• 2008-10-15 - Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155) (High)
• 2008-10-15 - Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) (High)

WatchMouse: Recently added scans (2008-10-18)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-10-17 - PhpWebGallery sort_by SQL Injection Vulnerability (High)
• 2008-10-17 - Titan FTP Server SITE WHO Command Denial of Service Vulnerability (Medium)
• 2008-10-17 - Vulnerability in Message Queuing Could Allow Remote Code Execution (951071) - Network check (Critical)
• 2008-10-17 - Ignite Gallery gallery Parameter SQL Injection Vulnerability (High)
• 2008-10-17 - Lenovo Rescue and Recovery 'tvtumon.sys' Heap Overflow Vulnerability (High)
• 2008-10-17 - Cumulative Security Update of ActiveX Kill Bits (956391) (High)
• 2008-10-17 - Default password (testpass123) for 'root' account (Critical)

WatchMouse: Recently added scans (2008-10-23)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-10-22 - Opera < 9.61 Multiple Vulnerabilities (Medium)
• 2008-10-22 - RealVNC VNC Viewer CMsgReader::readRect Command Execution Vulnerability (High)
• 2008-10-22 - Obsolete Web Server Detection (High)

GoodTech SSH Server SFTP Multiple Buffer Overflow Vulnerabilities (2008-10-23)

GoodTech SSH Server is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker may exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial of service.

These issues affect GoodTech SSH Server 6.4; other versions may also be affected.

WatchMouse: Recently added scans (2008-10-25)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-10-24 - Vulnerability in Server Service Could Allow Remote Code Execution (958644) (Critical)
• 2008-10-24 - Vulnerability in Server Service Could Allow Remote Code Execution (958644) - Network check (Critical)

WatchMouse: Recently added scans (2008-10-29)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-10-28 - IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities (Medium)

WatchMouse: Recently added scans (2008-11-11)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-11-10 - MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass (Medium)
• 2008-11-10 - PHPWebAdmin for hMailServer Multiple File Include Vulnerabilities (Medium)
• 2008-11-10 - Openfire AuthCheck Authentication Bypass (High)

WatchMouse: Recently added scans (2008-11-17)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-11-16 - Oracle WebLogic Server mod_wl Invalid Parameter Remote Overflow (1150354) (Critical)

No-IP Dynamic Update Client for Linux Remote Buffer Overflow Vulnerability (2008-11-21)

No-IP Dynamic Update Client (DUC) is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check input messages.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

DUC 2.1.7 for Linux is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2008-11-22)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-11-21 - Vulnerability in Server Service Could Allow Remote Code Execution (958644) - Network check/IPS (Critical)

WatchMouse: Recently added scans (2008-11-25)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-11-24 - MDaemon WorldClient < 10.0.2 Script Injection Vulnerability (Medium)
• 2008-11-24 - Web Server Uses Basic Authentication (Low)

WatchMouse: Recently added scans (2008-11-27)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-11-26 - Altiris Deployment Solution Server < 6.9.355 Password Disclosure (SYM08-020) (Low)
• 2008-11-26 - Altiris Deployment Solution Client Agent < 6.9.355 Local Privilege Escalation (SYM08-019) (High)

Mercury Mail Remote Mailbox Name Service Buffer Overflow Vulnerability (2008-12-12)

Mercury Mail is prone to a remote buffer-overflow vulnerability in its mailbox name service. This issue occurs because the application fails to properly bounds-check user-supplied input before copying it to a finite-sized memory buffer.

Exploiting this vulnerability allows remote attackers to execute arbitrary machine code with SYSTEM privileges in the context of the affected server process.

Mercury Mail 4.01b is affected; other versions may also be affected.

WatchMouse: Recently added scans (2008-12-12)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-12-11 - Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) (High)
• 2008-12-11 - Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) (Medium)
• 2008-12-11 - Microsoft Internet Explorer Multiple Vulnerabilities (958215) (High)
• 2008-12-11 - Microsoft Excel Multiple Method Remote Code Execution (959070) (High)
• 2008-12-11 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (957173) (High)
• 2008-12-11 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (956802) (High)
• 2008-12-11 - IBM WebSphere Application Server 7.0 < Fix Pack 1 (Medium)

ProSysInfo TFTPDWIN Remote Buffer Overflow Vulnerability (2008-12-13)

TFTPDWIN server is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary code in the context of the TFTP server process.

TFTPDWIN 0.4.2 is vulnerable; other versions may be affected as well.

Apple Mac OS X 'i386_set_ldt' and '1386_get_ldt' Multiple Integer Overflow Vulnerabilities (2008-12-18)

Apple Mac OS X is prone to multiple integer-overflow vulnerabilities because the software fails to perform adequate boundary checks on integer values.

Local attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting these issues will completely compromise an affected computer. Failed exploit attempts will likely crash the affected computer.

Apple Mac OS X 10.5 through 10.5.5 and Mac OS X Server 10.5 through 10.5.5 are vulnerable.

NOTE: This issue was previously covered in BID 32839 (Apple Mac OS X 2008-008 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

PHP 'mbstring' Extension Buffer Overflow Vulnerability (2008-12-22)

PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP versions 4.3.0 up to and including 5.2.6 are vulnerable.

WatchMouse: Recently added scans (2008-12-24)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-12-23 - Kerio MailServer < 6.6.2 (KSEC-2008-12-16-01) (Medium)
• 2008-12-23 - phplist cline Parameter Array Remote File Inclusion (High)

WatchMouse: Recently added scans (2009-01-01)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2008-12-31 - IceWarp Merak Mail Server < 9.4.0 (Medium)

PHP 'popen()' Function Buffer Overflow Vulnerability (2009-01-15)

PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 5.2.8 and prior versions are vulnerable.

WatchMouse: Recently added scans (2009-01-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-01-15 - PowerDNS CH HINFO Denial of Service (Medium)
• 2009-01-15 - DNS Dynamic Update (Medium)
• 2009-01-15 - Oracle Secure Backup Administration Server login.php Command Injection Vulnerability (Critical)
• 2009-01-15 - WordPress WP-Forum forum_feed.php thread Parameter SQL Injection (High)
• 2009-01-15 - Oracle WebLogic Server Plug-in Remote Overflow (1166189) (Critical)

WatchMouse: Recently added scans (2009-01-22)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-01-21 - BlackBerry Enterprise Server / Unite! PDF Distiller Component Vulnerabilities (KB17118 / KB17119) (High)

WatchMouse: Recently added scans (2009-01-31)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-01-30 - Horde Horde_Image::factory driver Argument Local File Inclusion (High)
• 2009-01-30 - RealNetworks Helix Server < 11.1.8/12.0.1 Multiple Vulnerabilities (Critical)

Free Download Manager Remote Control Server Stack Buffer Overflow Vulnerability (2009-02-02)

Free Download Manager is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input. The issue affects the Remote Control Server.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Successful exploits may compromise the application and the underlying computer. Failed attacks will cause denial-of-service conditions.

The issue affects the following versions:

Free Download Manager 2.5 Build 758
Free Download Manager 3.0 Build 844

Other versions may also be affected.

NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities (2009-02-06)

NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input.

Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks.

NaviCOPA Web Server 3.01 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2009-02-12)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-02-11 - Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) (High)
• 2009-02-11 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) (Critical)
• 2009-02-11 - Cumulative Security Update of ActiveX Kill Bits (960715) (High)
• 2009-02-11 - Cumulative Security Update for Internet Explorer (961260) (High)
• 2009-02-11 - Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) (High)

WatchMouse: Recently added scans (2009-02-13)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-02-12 - Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) - Network Check (High)

WatchMouse: Recently added scans (2009-02-14)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-02-13 - Trend Micro InterScan Web Security Suite Default Credentials (High)
• 2009-02-13 - TYPO3 jumpUrl Mechanism Information Disclosure (Medium)
• 2009-02-13 - Default password (password) for 'admin' account (Critical)
• 2009-02-13 - IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws (Medium)
• 2009-02-13 - HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610) (High)
• 2009-02-13 - HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610) (Medium)
• 2009-02-13 - SquirrelMail HTTPS Session Cookie Secure Flag Weakness (Medium)

WatchMouse: Recently added scans (2009-02-15)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-02-14 - Safari < 3.2.2 (High)
• 2009-02-14 - Sun Java System Directory Server 6.x < 6.3.1 LDAP JDBC Backend DoS (Medium)

GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability (2009-02-18)

GlobalSCAPE Secure FTP Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable server.

Apple Mac OS X Pixlet Video Handling Remote Code Execution Vulnerability (2009-02-19)

Apple Mac OS X is prone to a code-execution issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Mac OS X 10.4.11 and 10.5.6 (both client and server).

NOTE: This issue was previously covered in BID 33759 (Apple Mac OS X 2009-001 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

SHOUTcast Server DNAS Relay Remote Buffer Overflow Vulnerability (2009-02-26)

SHOUTcast Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers may exploit this issue to overwrite the application's web administration password and possibly to execute arbitrary code within the context of the application, but this has not been confirmed. Failed exploit attempts will cause a denial-of-service condition.

SHOUTcast Server 1.9.8 for Windows is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2009-02-27)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-02-26 - RoboHelp Server Multiple Cross-Site Scripting Vulnerabilities (APSB09-02 Update 2) (Medium)

WatchMouse: Recently added scans (2009-03-12)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-03-11 - MS09-008: Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) (Medium)
• 2009-03-11 - MS09-007: Vulnerability in SChannel Could Allow Spoofing (960225) (Medium)
• 2009-03-11 - MS09-006: Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) (High)
• 2009-03-11 - Adobe Reader < 9.1 (High)

Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability (2009-03-18)

Talkative IRC is prone to a stack-based buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Talkative IRC 0.4.4.16 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2009-04-01)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-03-31 - Moodle LaTeX Information Disclosure (Low)
• 2009-03-31 - Xlight FTP Server Authentication SQL Injection Vulnerability (High)

WatchMouse: Recently added scans (2009-04-04)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-04-03 - MapServer < 5.2.2 / 4.10.4 Multiple Flaws (High)
• 2009-04-03 - ClamAV < 0.95 Scan Evasion (Medium)

WatchMouse: Recently added scans (2009-04-12)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-04-11 - ClamAV < 0.95.1 Multiple Vulnerabilities (Medium)
• 2009-04-11 - IBM WebSphere Application Server 7.0 < Fix Pack 3 (Medium)
• 2009-04-11 - SeaMonkey < 1.1.16 XSL Transformation (High)
• 2009-04-11 - IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities (Medium)

WatchMouse: Recently added scans (2009-04-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-04-15 - MS09-014: Cumulative Security Update for Internet Explorer (963027) (High)
• 2009-04-15 - MS09-016: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway Could Cause Denial of Service (961759) (Medium)
• 2009-04-15 - MS09-009: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) (High)
• 2009-04-15 - MS09-010: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) (High)
• 2009-04-15 - MS09-011: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) (High)
• 2009-04-15 - MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) (Medium)
• 2009-04-15 - MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) (High)

WatchMouse: Recently added scans (2009-04-17)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-04-16 - SAP GUI KWEdit ActiveX Control SaveDocumentAs() Insecure Method (High)
• 2009-04-16 - IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws (Medium)
• 2009-04-16 - PGP Desktop < 9.10 Multiple Local DoS (Medium)

IceWarp Merak Mail Server 'Base64FileEncode()' Stack-Based Buffer Overflow Vulnerability (2009-04-29)

IceWarp Merak Mail Server s prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

IceWarp Merak Mail Server 9.4.1 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2009-04-30)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-04-29 - Firefox 3.0.9 Memory Corruption (High)
• 2009-04-29 - Memcached / MemcacheDB ASLR Bypass Weakness (Medium)
• 2009-04-29 - BlackBerry Enterprise Server MDS Connection Service XSS (Medium)
• 2009-04-29 - Sun Java System Identity Manager Account Disclosure (Medium)
• 2009-04-29 - EMC RepliStor < 6.2 SP5/6.3 SP2 Multiple Heap Overflows (Critical)

WatchMouse: Recently added scans (2009-05-02)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-05-01 - McAfee Anti-Virus ZIP/RAR File Scan Evasion (Medium)
• 2009-05-01 - Atmail WebMail < 5.61 webadmin/admin.php Multiple Parameter XSS (Medium)
• 2009-05-01 - Symantec Fax Viewer Control ActiveX Control AppendFax Overflow (High)
• 2009-05-01 - Atmail WebMail < 5.6 Email Body Injection (Medium)
• 2009-05-01 - Symantec Reporting Server Improper URL Handling Exposure (Medium)
• 2009-05-01 - ESET Anti-Virus .CAB File Scan Evasion (Medium)

WatchMouse: Recently added scans (2009-05-08)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-05-07 - Sun Glassfish Default Administrator Credentials (High)
• 2009-05-07 - Google Chrome < 1.0.154.64 (High)
• 2009-05-07 - Adobe Flash Media Server RPC Privilege Escalation (APSB09-05) (High)

WatchMouse: Recently added scans (2009-05-10)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-05-09 - IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities (Medium)

WatchMouse: Recently added scans (2009-05-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-05-14 - Adobe Reader getAnnots() JavaScript Method PDF Handling Memory Corruption (High)
• 2009-05-14 - A-A-S Application Access Server Default Admin Password (Critical)

WatchMouse: Recently added scans (2009-05-17)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-05-16 - SquirrelMail < 1.4.18 Cross-Site Scripting Vulnerability (Medium)
• 2009-05-16 - HP Data Protector Express Local Privilege Escalation (Medium)
• 2009-05-16 - Open QMTP Relay (High)
• 2009-05-16 - Google Chrome < 1.0.154.65 (Medium)
• 2009-05-16 - SquirrelMail < 1.4.18 map_yp_alias Function Remote Code Execution (Medium)
• 2009-05-16 - XEROX WorkCentre Web Server Unspecified Command Injection (XRX09-002) (Critical)

WatchMouse: Recently added scans (2009-05-28)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-05-27 - DokuWiki config_cascade Parameter Remote File Inclusion (Medium)
• 2009-05-27 - Panda Antivirus TAR / CAB Scan Evasion (Medium)
• 2009-05-27 - WP-Lytebox pg Parameter Local File Inclusion (Medium)
• 2009-05-27 - Novell GroupWise WebAccess 'User.lang' Cross-Site Scripting (Medium)
• 2009-05-27 - AXIGEN Webmail < 7.1.0 HTML Body Script Insertion (Medium)
• 2009-05-27 - Sun Java System Calendar Server login.wcap Fmt-out Parameter XSS (Medium)

WatchMouse: Recently added scans (2009-05-30)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-05-29 - BlackBerry Enterprise Server Attachment Service Unspecified Vulnerabilities (KB18327) (High)

WatchMouse: Recently added scans (2009-05-31)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-05-30 - CrashPlan Server Default Administrative Credentials (High)
• 2009-05-30 - ImageMagick < 6.5.2-9 Integer Overflow (Critical)

IBM WebSphere MQ Remote Buffer Overflow Vulnerability (2009-06-03)

IBM WebSphere MQ is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of an affected server. Failed exploit attempts will result in denial-of-service conditions.

The following are vulnerable:

WebSphere MQ 6.x (prior to 6.0.2.7)
WebSphere MQ 7.x (prior to 7.0.1.0)

WatchMouse: Recently added scans (2009-06-03)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-06-02 - IBM Access Support ActiveX Control GetXMLValue Method Overflow (High)
• 2009-06-02 - IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities (Medium)

WatchMouse: Recently added scans (2009-06-07)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-06-06 - Sun Java System Directory Server Online Help Feature Information Disclosure (Medium)
• 2009-06-06 - lighttpd Trailing Slash Information Disclosure (Medium)
• 2009-06-06 - DB2 < 9.5 Fix Pack 4 (Medium)

WatchMouse: Recently added scans (2009-06-09)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-06-08 - Open NNTP Server (read only) (Low)

WatchMouse: Recently added scans (2009-06-12)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-06-11 - IBM Baseboard Management Controller Default Credentials (Critical)
• 2009-06-11 - Adobe Reader < 9.1.2 / 8.1.6 / 7.1.3 (High)
• 2009-06-11 - Kerio MailServer < 6.6.2 Patch 3 / 6.7.0 Patch 1 XSS (KSEC-2009-06-08-01) (Medium)
• 2009-06-11 - Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass (Medium)
• 2009-06-11 - Google Chrome < 2.0.172.31 (Medium)

WatchMouse: Recently added scans (2009-06-20)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-06-19 - Google Chrome < 1.0.154.53 (Medium)
• 2009-06-19 - Sophos Anti-Virus For Windows CAB File Scan Evasion Vulnerability (Medium)
• 2009-06-19 - Apache Tomcat RequestDispatcher Directory Traversal Vulnerability (Medium)
• 2009-06-19 - IBM WebSphere Application Server < 6.1.0.25 Multiple Flaws (Medium)

Unisys Business Information Server Remote Stack Buffer Overflow Vulnerability (2009-06-30)

Unisys Business Information Server (formerly known as MAPPER) is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of an affected server, possibly with SYSTEM-level privileges. Failed exploit attempts will result in denial-of-service conditions.

Business Information Server 10 and 10.1 are vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2009-07-08)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-07-07 - HP DDMI Agent Unauthorized Access (Critical)
• 2009-07-07 - HP DDMI Web Interface Default Credentials (High)
• 2009-07-07 - Sun Java System Web Server ::$DATA Extension Request JSP Resource Disclosure (Medium)

Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability (2009-07-13)

Microsoft CDO is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the library to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue presents itself when an attacker sends a specifically crafted email message to an email server utilizing the affected library.

This issue allows remote attackers to execute arbitrary machine code in the context of the application utilizing the library.

Pirch IRC Client Remote Buffer Overflow Vulnerability (2009-07-16)

Pirch IRC is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Pirch IRC 98 is vulnerable; other versions may also be affected.

NOTE: The vulnerability may be related to the issue described in BID 5079. We will update the BID when more information emerges.

WatchMouse: Recently added scans (2009-07-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-07-15 - MS09-030: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) (High)
• 2009-07-15 - MS09-028: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) (High)
• 2009-07-15 - MS09-033: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) (High)
• 2009-07-15 - MS09-029: Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) (High)
• 2009-07-15 - Adobe ColdFusion < 8.0.1 FCKeditor 'CurrentFolder' File Upload (Critical)
• 2009-07-15 - MS09-031: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) (High)

WatchMouse: Recently added scans (2009-07-24)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-07-23 - Firefox < 3.0.12 Multiple Vulnerabilities (High)
• 2009-07-23 - RealNetworks Helix Server 12.x Multiple Denial of Service Flaws (Medium)
• 2009-07-23 - eAccelerator encoder.php File Backup (High)

WatchMouse: Recently added scans (2009-08-21)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-08-20 - Citrix License Server Licensing Management Console Unspecified Issue (Critical)
• 2009-08-20 - CA Host-Based Intrusion Prevention System Client kmxIds.sys Denial of Service (CA20090818) (High)
• 2009-08-20 - SAP SAPgui SAPIrRfc ActiveX (sapirrfc.dll) Accept Function Overflow (High)
• 2009-08-20 - Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption (High)
• 2009-08-20 - Subversion Client/Server Multiple Buffer Overflows (High)
• 2009-08-20 - SAP SAPgui MDrmSap ActiveX (mdrmsap.dll) Buffer Overflow (High)
• 2009-08-20 - Citrix Password Manager Agent Secondary Credentials Information Disclosure (Medium)

WatchMouse: Recently added scans (2009-08-26)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-08-25 - Ipswitch WS_FTP Server < 6.1.1 (High)
• 2009-08-25 - Ipswitch WS_FTP Server < 6.1.1 (Uncredentialed check) (High)

WatchMouse: Recently added scans (2009-09-02)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-09-01 - Cerberus FTP Command Processing DoS (Medium)
• 2009-09-01 - Altiris Deployment Solution Server DB Manager Unauthenticated Command Execution (High)
• 2009-09-01 - OpenOffice < 3.1.1 Multiple Buffer Overflows (High)
• 2009-09-01 - FlexCMS Login Cookie SQL Injection (High)
• 2009-09-01 - IBM WebSphere Application Server 7.0 < Fix Pack 5 (Medium)
• 2009-09-01 - Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability (Critical)

Cyrus IMAP Server SIEVE Script Local Buffer Overflow Vulnerability (2009-09-10)

Cyrus IMAP Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code as the affected process, possibly resulting in elevated privileges. Failed exploit attempts will likely cause denial-of-service conditions.

Cryus IMAP Server 2.2.13 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2009-09-10)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-09-09 - Asterisk IAX2 Call Number Exhaustion DoS (Medium)
• 2009-09-09 - Zmanda Recovery Manager for MySQL socket-server.pl MYSQL_BINPATH Variable Command Execution (High)

BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability (2009-09-17)

BigAnt IM Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the server. Failed exploit attempts will result in a denial-of-service condition.

BigAnt IM Server 2.50 is vulnerable; other versions may also be affected.

NOTE: This issue may be related to the vulnerability described in BID 28795 (BigAnt IM Server HTTP GET Request Remote Buffer Overflow Vulnerability). We will update or retire this BID if further analysis or reports reveal that the two records represent the same vulnerability.

WatchMouse: Recently added scans (2009-09-17)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-09-16 - Orion Application Server Web Examples Multiple XSS (Medium)
• 2009-09-16 - ChartDirector for .NET cacheId Parameter Arbitrary File Access (Medium)
• 2009-09-16 - BF Survey Pro Component for Joomla! table Parameter SQL Injection (High)
• 2009-09-16 - Oracle Secure Backup Administration Server Authentication Bypass (Critical)
• 2009-09-16 - Random password for 'root' account (Critical)
• 2009-09-16 - Pidgin < 2.6.1 Multiple Vulnerabilities (Medium)

Check Point Connectra '/Login/Login' Arbitrary Script Injection Vulnerability (2009-09-23)

Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.

Omni-NFS Multiple Stack Buffer Overflow Vulnerabilities (2009-10-08)

Omni-NFS is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied network data before copying it into an insufficiently sized memory buffer. The issues affect both server and client.

Exploiting these issues allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions.

Omni-NFS 5.2 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2009-10-11)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-10-10 - Symantec SecurityExpressions Audit and Compliance Server Multiple XSS (Medium)

WatchMouse: Recently added scans (2009-09-25)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-09-24 - IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities (Medium)
• 2009-09-24 - iTunes < 9.0.1 PLS File Buffer Overflow (Registry Check) (High)
• 2009-09-24 - iTunes < 9.0.1 PLS File Buffer Overflow (Network Check) (High)
• 2009-09-24 - Altiris Altiris.AeXNSPkgDL.1 ActiveX Control DownloadAndInstall() Method Arbitrary Code Execution (High)
• 2009-09-24 - Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure (Medium)

WatchMouse: Recently added scans (2009-09-30)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-09-29 - NaviCOPA ::$DATA Extension Request Source Code Disclosure (Medium)
• 2009-09-29 - Ability Mail Server < 2.70 IMAP4 FETCH DoS (Medium)
• 2009-09-29 - IDoBlog Component for Joomla! userid Parameter SQL Injection (High)

WatchMouse: Recently added scans (2009-10-02)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-10-01 - Adobe RoboHelp Server Security Bypass (APSA09-05 / safe check) (Critical)
• 2009-10-01 - Adobe RoboHelp Server Security Bypass (APSA09-05 / unsafe check) (Critical)
• 2009-10-01 - FlexCell Grid FlexCell.Grid ActiveX Control Multiple Method Arbitrary File Overwrite (High)

Sun Java System Web Server Unspecified Remote Buffer Overflow Vulnerability (2009-10-27)

Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Currently very few technical details are available. We will update this BID as more information emerges.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Sun Java System Web Server 7.0 Update 6 is affected; other versions may also be vulnerable.

Multiple Vendor Hummingbird STR Service Buffer Overflow Vulnerability (2009-10-30)

The Hummingbird STR service ('STRsvc.exe') used in products by multiple vendors is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in denial-of-service conditions.

This issue affects the following:

EMC Documentum eRoom (prior to 7.4.2)
Open Text Search Server 6.0 and 6.1.

Other versions may be vulnerable as well.

DataWizard FtpXQ Server Multiple Remote Vulnerabilities (2009-11-18)

DataWizard FtpXQ Server is prone to multiple remote vulnerabilities:

- A remote denial-of-service issue occurs because the application fails to perform adequate bounds checks on user-supplied data before copying it to an insufficiently sized buffer. An attacker could exploit this issue to crash the application, denying access to legitimate users.

- The application creates two testing accounts by default. An attacker can access these accounts to gain read/write privileges on the server, which could result in the compromise of the affected computer.

FtpXQ Server 3.01 is vulnerable; other version may also be affected.

WatchMouse: Recently added scans (2009-11-19)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-11-18 - IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21405562) (Critical)
• 2009-11-18 - Jumi Component for Joomla! <= 2.0.5 Backdoor (High)
• 2009-11-18 - IBM WebSphere Application Server 7.0 < Fix Pack 7 (Medium)
• 2009-11-18 - eMule IRC Module / Web Server DecodeBase16 Function Remote Overflow (High)
• 2009-11-18 - Jumi Component for Joomla! fileid Parameter SQL Injection (High)
• 2009-11-18 - Sun VirtualBox Guest Additions < 2.0.12 / 3.0.10 Local DoS (Medium)
• 2009-11-18 - HP Power Manager Default Credentials (High)

WatchMouse: Recently added scans (2009-11-20)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-11-19 - Movable Type mt-check.cgi Information Disclosure (Medium)
• 2009-11-19 - Unisys Business Information Server Stack Overflow (Critical)

TrackerCam Multiple Remote Vulnerabilities (2009-11-27)

TrackerCam is reported prone to multiple vulnerabilities. The following individual issues are reported:

A remote buffer overrun vulnerability is reported to affect the TrackerCam HTTP server.

A remote attacker may potentially exploit this vulnerability to execute arbitrary code in the context of a vulnerable TrackerCam HTTP service.

Another remote buffer overrun vulnerability is reported to affect the TrackerCam service. The issue is reported to exist due to a lack of sufficient boundary checks performed on any argument passed to the TrackerCam PHP scripts.

A remote attacker may potentially exploit this vulnerability to execute arbitrary code in the context of a vulnerable TrackerCam HTTP service.

TrackerCam is reported prone to a directory traversal vulnerability. This issue is reported to exist in the 'ComGetLogFile.php3' script.

A remote attacker may exploit this vulnerability to reveal the contents of web server readable files.

The 'ComGetLogFile.php3' script of TrackerCam is also reported prone to an installation path disclosure vulnerability.

Additionally, the 'ComGetLogFile.php3' script may be leveraged to view potentially sensitive information that is contained in TrackerCam log files.

TrackerCam is reported prone to a HTML injection vulnerability. It is reported that the username and password fields are not correctly sanitized of HTML content.

A remote attacker may exploit this vulnerability to launch phishing style attacks or steal cookie based authentication credentials.

Finally, the TrackerCam HTTP service is reported prone to multiple remote denial of service vulnerabilities.

A remote attacker may exploit these vulnerabilities to deny service to legitimate users.

MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability (2009-11-27)

Windows Index Server ships with Windows NT 4.0 Option Pack and Windows Indexing Service ships with Windows 2000. An unchecked buffer exists in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow the execution of arbitrary code on the host in the Local System context.

It should be noted that Index Server and Indexing Service do not need to be running in order for an attacker to exploit this issue. 'idq.dll' is installed by default when IIS is installed, subsequently IIS would need to be the only service running.

It should be noted that this vulnerability is currently being exploited by the 'Code Red' worm. In addition, all products that run affected versions of Microsoft IIS are subject to this issue. Please see the reference section for further information regarding this worm.

**UPDATE**: It is believed that an aggressive worm may be in the wild that actively exploits this vulnerability.

WatchMouse: Recently added scans (2009-12-06)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-12-05 - BlackBerry Enterprise Server / Attachment Service PDF Distiller Unspecified Vulnerabilities (KB19860) (High)
• 2009-12-05 - RT Session Fixation (Medium)
• 2009-12-05 - RT Default Credentials (High)

WatchMouse: Recently added scans (2009-12-16)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-12-15 - HP OpenView Network Node Manager Multiple Scripts hostname Parameter Remote Command Execution (Critical)
• 2009-12-15 - phpShop Default Credentials (High)
• 2009-12-15 - Kiwi Syslog Server Web Access Login Username Enumeration (Medium)
• 2009-12-15 - ntpd Mode 7 Error Response Packet Loop DoS (Medium)
• 2009-12-15 - CGI Generic SQL Injection (blind, time based) (High)
• 2009-12-15 - phpShop shop/flypage SQL Injection (Medium)

WatchMouse: Recently added scans (2009-12-24)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-12-23 - ZABBIX Server send_history_last_id() SQL Injection (High)
• 2009-12-23 - Adobe Flash Media Server < 3.5.3 Multiple Vulnerabilities (APSB09-18) (Critical)

BigAnt IM Server 'USV' Request Buffer Overflow Vulnerability (2009-12-31)

BigAnt IM Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the server. Failed exploit attempts will result in a denial-of-service condition.

BigAnt IM Server 2.52 is vulnerable; other versions may also be affected.

WatchMouse: Recently added scans (2010-01-01)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2009-12-31 - Netbiter Config NetbiterConfig.exe Device Hostname Remote Overflow (High)
• 2009-12-31 - Sun Java System Directory Proxy Server 6.x < 6.3.1.1 Multiple Vulnerabilities. (Medium)

WatchMouse: Recently added scans (2010-01-11)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-01-10 - Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection (High)
• 2010-01-10 - Altiris Deployment Solution Server < 6.9.430 Multiple Vulnerabilities (SYM09-011) (High)

WatchMouse: Recently added scans (2010-01-15)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-01-14 - TurboFTP Server < 1.00.720 DoS (Medium)
• 2010-01-14 - Adobe Acrobat < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02) (High)
• 2010-01-14 - Adobe Reader < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02) (High)

Sendmail check_relay Access Bypassing Vulnerability (2010-01-16)

A vulnerability in Sendmail may allow attackers who use bogus DNS data to bypass the access restrictions imposed by the 'access_db' FEATURE when used with the 'check_relay' ruleset.

An attacker can exploit this vulnerability to connect to a sendmail server that would otherwise be inaccessible.

WatchMouse: Recently added scans (2010-01-20)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-01-19 - Flash 6 ActiveX Control On Windows XP Multiple Vulnerabilities (979267) (High)
• 2010-01-19 - PDF-XChange Viewer/PDF-XChange PDF File Handling Memory Corruption (High)
• 2010-01-19 - WS_FTP Pro HTTP Server Response Format String (High)

Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability (2010-01-23)

Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. The issue affects the WebDAV functionality.

Currently very few technical details are available. We will update this BID as more information emerges.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Sun Java System Web Server 7.0 Update 7 and prior.

Sun Java System Web Server Digest Authentication Remote Buffer Overflow Vulnerability (2010-01-23)

Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

The issues affects the following:
Sun Java System Web Server 7.0 without Update Release 8
Sun Java System Web Server 6.1 without Service Pack 12
Sun Java System Web Proxy Server 4.0 without Service pack 13

WatchMouse: Recently added scans (2010-01-27)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-01-26 - CGI Generic Cookie Injection Scripting (Medium)
• 2010-01-26 - Web Server Generic Cookie Injection (Medium)
• 2010-01-26 - CGI Generic Unseen Parameters Discovery (High)

WatchMouse: Recently added scans (2010-01-28)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-01-27 - Mort Bay Jetty Multiple XSS (Medium)
• 2010-01-27 - Google Chrome < 4.0.249.78 Multiple Vulnerabilities (High)
• 2010-01-27 - Oracle WebLogic Server Node Manager Remote Command Execution (Critical)
• 2010-01-27 - Apache Tomcat WAR Deployment Multiple Vulnerabilities (Medium)

WatchMouse: Recently added scans (2010-01-31)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-01-30 - Altiris Notification Server Static Encryption Key (KB46763) (High)
• 2010-01-30 - Joomla! tinybrowser_lang Cookie Local File Inclusion (Medium)
• 2010-01-30 - Wireshark / Ethereal Dissector LWRES Multiple Buffer Overflows (High)

WatchMouse: Recently added scans (2010-02-06)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-02-05 - OCS Inventory NG Server Administration Console header.php login Parameter SQL Injection (High)

WatchMouse: Recently added scans (2010-02-11)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-02-10 - MS10-007: Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) (High)
• 2010-02-10 - MS10-005: Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) (High)
• 2010-02-10 - MS10-006: Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) (High)
• 2010-02-10 - MS10-013: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) (High)
• 2010-02-10 - MS10-011: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) (Medium)
• 2010-02-10 - MS10-015: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) (Medium)
• 2010-02-10 - MS10-008: Cumulative Security Update of ActiveX Kill Bits (978262) (High)

WatchMouse: Recently added scans (2010-02-13)

The most recently added vulnerability checks and solutions for the WatchMouse Periodic Vulnerability Scan.

• 2010-02-12 - IBM WebSphere Application Server 6.0 < 6.0.2.39 Multiple Vulnerabilities (Medium)
• 2010-02-12 - Apache < 1.3.42 mod_proxy Integer Overflow (Critical)

New features: POSTing forms and Read limit (2005-03-28)

Today, we released the new monitoring software to our checkpoints. New features:

• Post form fields to a webserver (both in http and match rules)
• Limit the number of bytes read. Relevant for checking very large pages or streams

The site will be updated within days. Look at the settings page after logging in.