@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Mozilla Products Multiple Vulnerabilities
• (2) CRITICAL: Opera Web Browser Multiple Vulnerabilities
• (3) CRITICAL: libsndfile 'CAF' Processing Integer Overflow Vulnerability
• (4) CRITICAL: Novell eDirectory Management Console Accept-Language Buffer Overflow Vulnerability
• (5) HIGH: NovaStor NovaNET 'DtbClsLogin()' Buffer Overflow Vulnerability
• (6) HIGH: Fujitsu Jasmine2000 Enterprise Edition WebLink Multiple Vulnerabilities
• (7) MODERATE: Media Commands Playlist Processing Buffer Overflow Vulnerability
• (8) MODERATE: BreakPoint Software Hex Workshop '.hex' Processing Buffer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 09.10.1 - Sopcast SopCore "SetExternalPlayer()" ActiveX Control Remote Code Execution
• 09.10.2 - POP Peeper UIDL Remote Buffer Overflow
• 09.10.3 - BreakPoint Software Hex Workshop ".hex" File Handling Buffer Overflow
• 09.10.4 - Internet Download Manager Language File Parsing Buffer Overflow
• 09.10.5 - iDefense COMRaider Active X Control "write()" Arbitrary File Overwrite
• 09.10.6 - NovaStor NovaNET "DtbClsLogin()" Remote Stack Buffer Overflow
• 09.10.7 - Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
• 09.10.8 - VUPlayer ".CUE" File Buffer Overflow
• 09.10.9 - EFS Software Easy Chat Server "registresult.htm" Authentication Bypass

Linux

• 09.10.10 - Linux Kernel Audit System "audit_syscall_entry()" System Call Security Bypass
• 09.10.11 - Linux Kernel Cloned Process "CLONE_PARENT" Local Origin Validation Weakness
• 09.10.12 - Linux Kernel "seccomp" System Call Security Bypass
• 09.10.13 - Ubuntu network-manager-applet Permission Enforcement Multiple Local Vulnrabilities

Novell

• 09.10.14 - Novell eDirectory iMonitor "Accept-Language" Request Buffer Overflow

Cross Platform

• 09.10.15 - Multiple Cisco ACE Products Multiple Remote Vulnerabilities
• 09.10.16 - Cisco Unified MeetingPlace Web Conferencing Authentication Bypass
• 09.10.17 - ksquirrel-libs "RGBE" File Parsing Multiple Stack Buffer Overflow Vulnerabilities
• 09.10.18 - Cisco Application Network Manager and Application Control Engine Multiple Vulnerabilities
• 09.10.19 - SHOUTcast Server DNAS Relay Remote Buffer Overflow
• 09.10.20 - IBM WebSphere Application Server Cluster Configuration File Information Disclosure
• 09.10.21 - Apple Safari Malformed "feeds:" URI Null Pointer Dereference Remote Denial of Service
• 09.10.22 - Apache Tomcat POST Data Information Disclosure
• 09.10.23 - Cisco Unified MeetingPlace Web Conferencing "E-Mail Address" Field HTML Injection
• 09.10.24 - OpenSC PKCS#11 Implementation Unauthorized Access
• 09.10.25 - PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
• 09.10.26 - MPFR Library "printf.c" Multiple Buffer Overflow Vulnerabilities
• 09.10.27 - Avahi "avahi-core/server.c" Multicast DNS Denial of Service
• 09.10.28 - djbdns Long Response Packet Remote Cache Poisoning
• 09.10.29 - Mozilla Firefox Multiple Unspecified Vulnerabilities
• 09.10.30 - Fujitsu Jasmine2000 Enterprise Edition Multiple Remote Vulnerabilities
• 09.10.31 - Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
• 09.10.32 - cURL/libcURL HTTP "Location:" Redirect Security Bypass
• 09.10.33 - libsndfile CAF Processing Buffer Overflow
• 09.10.34 - Mozilla Firefox Nested "window.print()" Denial of Service
• 09.10.35 - MySQL XPath Expression Remote Denial of Service

Web Application - Cross Site Scripting

• 09.10.36 - JOnAS "select" Parameter Error Page Cross-Site Scripting
• 09.10.37 - BitDefender Internet Security 2009 File Name Cross-Site Scripting
• 09.10.38 - Yektaweb Academic Web Tools CMS Multiple Cross-Site Scripting Vulnerabilities
• 09.10.39 - Blogsa "Widgets.aspx" Cross-Site Scripting

Web Application - SQL Injection

• 09.10.40 - Joomla! and Mambo DigiStore Component "pid" Parameter SQL Injection
• 09.10.41 - PenPal "admin/login.asp" Multiple SQL Injection Vulnerabilities
• 09.10.42 - Orooj CMS "news.php" SQL Injection
• 09.10.43 - Parsi PHP CMS "index.php" SQL Injection
• 09.10.44 - BannerManager "default.asp" Multiple SQL Injection Vulnerabilities
• 09.10.45 - Multiple EtoShop Products Login Parameters SQL Injection Vulnerabilities
• 09.10.46 - EZ-Blog "public/view.php" SQL Injection
• 09.10.47 - Centreon "oreon.php" SQL Injection

Web Application

• 09.10.48 - BlogMan Multiple Input Validation Vulnerabilities
• 09.10.49 - Graugon PHP Article Publisher SQL Injection and Cookie Authentication Bypass Vulnerabilities
• 09.10.50 - Drupal Theme System Template File Local File Include
• 09.10.51 - Multiple SkyPortal Modules Multiple Authentication Bypass Vulnerabilities
• 09.10.52 - Coppermine Photo Gallery "IMG" BBCode HTML Injection
• 09.10.53 - HP Virtual Rooms Client Unspecified Remote Code Execution
• 09.10.54 - Drupal Taxonomy Theme Module "Vocabulary name" HTML Injection
• 09.10.55 - APC PowerChute Network Shutdown HTTP Response Splitting and Cross Site Scripting Vulnerabilities
• 09.10.56 - Drupal Viewfield Module HTML Injection
• 09.10.57 - Irokez Blog Multiple Input Validation Vulnerabilities
• 09.10.58 - Demium CMS Multiple Local File Include and SQL Injection Vulnerabilities
• 09.10.59 - Drupal Protected node Module "Password page info" HTML Injection
• 09.10.60 - CMME Multiple Unspecified Security Vulnerabilities
• 09.10.61 - Golabi CMS "index_logged.php" Remote File Include
• 09.10.62 - Afian "includer.php" Directory Traversal
• 09.10.63 - eXtplorer "include/init.php" Local File Include
• 09.10.64 - access2asp "default_Image.asp" Arbitrary File Upload
• 09.10.65 - RitsBlog SQL Injection and HTML Injection Vulnerabilities
• 09.10.66 - WikyBlog Arbitrary File Upload
• 09.10.67 - ZABBIX "locales.php" Local File Include and Remote Code Execution
• 09.10.68 - NovaBoard HTML Injection and Cross-Site Scripting Vulnerabilities

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 10, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 6599 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.10.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Sopcast SopCore "SetExternalPlayer()" ActiveX Control Remote Code Execution
• Description: Sopcast SopCore is an ActiveX control included in SopPlayer. The application is exposed to a remote code execution issue that occurs in the "SetExternalPlayer()" method of the ActiveX control identified by CLSID: 8FEFF364-6A5F-4966-A917-A3AC28411659. Attackers can assign an arbitrary executable application without confirmation.
• Ref: http://www.securityfocus.com/archive/1/501252

• 09.10.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: POP Peeper UIDL Remote Buffer Overflow
• Description: POP Peeper is an email notifier application for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. POP Peeper version 3.4.0.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/501317

• 09.10.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: BreakPoint Software Hex Workshop ".hex" File Handling Buffer Overflow
• Description: Hex Workshop is a hex editor for the Microsoft Windows platform. Hex Workshop is exposed to a buffer overflow issue because it fails to adequately validate user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when the application processes specially crafted ".hex" files. Hex Workshop version 6 is affected.
• Ref: http://www.securityfocus.com/archive/1/501300

• 09.10.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Internet Download Manager Language File Parsing Buffer Overflow
• Description: Internet Download Manager (IDM) is an application designed to increase the speed of downloading files from remote sites. It runs on Microsoft Windows. IDM is exposed to a buffer overflow issue because it fails to sufficiently sanitize user-supplied input. The issue occurs when handling an excessively long "Toolbar" name in a specially crafted language file. Internet Download Manager version 5.15 Build 3 is affected.
• Ref: http://securityreason.com/wlb_show/WLB-2009020053

• 09.10.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: iDefense COMRaider Active X Control "write()" Arbitrary File Overwrite
• Description: iDefense COMRaider is an ActiveX fuzzing utility. The application is exposed to an issue that allows attackers to overwrite arbitrary local files. Specifically, the "write()" method of the "VbDevKit.dll" ActiveX control will overwrite files in an insecure manner.
• Ref: http://support.microsoft.com/kb/240797

• 09.10.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: NovaStor NovaNET "DtbClsLogin()" Remote Stack Buffer Overflow
• Description: NovaStor NovaNET is a backup-and-recovery solution available for various platforms. The application is exposed to a stack-based buffer overflow issue. Specifically, the issue occurs in the "DtbClsLogin()" function in the "nnwindtb.dll" file on Windows systems and in the "libnnlindtb.so" file on Linux systems. NovaNET version 12 is affected. Ref: http://www.insight-tech.org/index.php?p=NovaNET-12-Remote-Buffer-Oveflow

• 09.10.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
• Description: Media Commands is a media player for Microsoft Windows. The application is exposed to multiple heap-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. These issues occur when the application opens malformed ".m3u", ".m3l", ".txt" and ".lrc" files. Media Commands version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33958

• 09.10.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: VUPlayer ".CUE" File Buffer Overflow
• Description: VUPlayer is a media player for Microsoft Windows. VUPlayer is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue occurs when parsing a specially crafted ".cue" metadata file. VUPlayer version 2.49 is affected.
• Ref: http://www.securityfocus.com/bid/33960

• 09.10.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: EFS Software Easy Chat Server "registresult.htm" Authentication Bypass
• Description: EFS Software Easy Chat Server is a web-based chat application for Microsoft Windows. The application is exposed to an authentication bypass issue because it fails to perform adequate authentication checks. Easy Chat Server version 2.2 is affected.
• Ref: http://www.securityfocus.com/bid/33967

• 09.10.10 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel Audit System "audit_syscall_entry()" System Call Security Bypass
• Description: The Linux kernel is exposed to a local security bypass issue when running as a 64-bit aware kernel. This issue affects the Linux Audit System, which is used to log a configurable set of events, including system calls. A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.
• Ref: http://scary.beasts.org/security/CESA-2009-001.html

• 09.10.11 - CVE: CVE-2009-0028
• Platform: Linux
• Title: Linux Kernel Cloned Process "CLONE_PARENT" Local Origin Validation Weakness
• Description: The Linux kernel supports a "clone()" function used to create child processes. This function allows the calling process to define a signal that will be sent to the parent process when the child process terminates. To exploit this issue, attackers must have access to a privileged process that will create child processes for attacker-supplied executables. Linux kernel version 2.6.28 is affected.
• Ref: http://scary.beasts.org/security/CESA-2009-002.html

• 09.10.12 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "seccomp" System Call Security Bypass
• Description: The Linux kernel is exposed to a local security bypass issue when running as a 64-bit aware kernel. This issue affects the "seccomp" sandbox mechanism, which can be used to restrict the system calls available to specific userspace processes. A local attacker may be able to make unintended system calls, which may result in an elevation of privileges.
• Ref: http://scary.beasts.org/security/CESA-2009-001.html

• 09.10.13 - CVE: CVE-2009-0365, CVE-2009-0578
• Platform: Linux
• Title: Ubuntu network-manager-applet Permission Enforcement Multiple Local Vulnrabilities
• Description: network-manager applet is a network management framework for Ubuntu Linux. network-manager-applet is exposed to multiple local issues because the application fails to properly enforce permissions.
• Ref: http://www.securityfocus.com/bid/33966

• 09.10.14 - CVE: Not Available
• Platform: Novell
• Title: Novell eDirectory iMonitor "Accept-Language" Request Buffer Overflow
• Description: Novell eDirectory is software for identity management and security. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Novell eDirectory versions 8.8 SP3 and earlier are affected. Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5042340.html

• 09.10.15 - CVE: CVE-2009-0620, CVE-2009-0621, CVE-2009-0622,CVE-2009-0623, CVE-2009-0624, CVE-2009-0625
• Platform: Cross Platform
• Title: Multiple Cisco ACE Products Multiple Remote Vulnerabilities
• Description: Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine are load-balancing and application-delivery solutions for data centers. The products are exposed to multiple remote issues. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml

• 09.10.16 - CVE: CVE-2009-0614
• Platform: Cross Platform
• Title: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass
• Description: Cisco Unified MeetingPlace Web Conferencing is an online meeting application. The application is exposed to an unspecified authentication bypass issue. A remote attacker may exploit this issue by submitting a specially crafted URI to the application. This issue is tracked by Cisco Bug ID CSCsv65815. Unified MeetingPlace Web Conferencing versions 6.0 and 7.0 are affected. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml

• 09.10.17 - CVE: CVE-2008-5263
• Platform: Cross Platform
• Title: ksquirrel-libs "RGBE" File Parsing Multiple Stack Buffer Overflow Vulnerabilities
• Description: ksquirrel-libs is an image-processing library. The library is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate checks on user-supplied input. Specifically, these issues affect the "mt_codec::getHdrHead()" function of the "kernel/kls_hdr/fmt_codec_hdr.cpp" source file when processing malicious "RGBE" files. ksquirrel-libs version 0.8.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/501228

• 09.10.18 - CVE: CVE-2009-0615, CVE-2009-0616, CVE-2009-0617,CVE-2009-0618
• Platform: Cross Platform
• Title: Cisco Application Network Manager and Application Control Engine Multiple Vulnerabilities
• Description: Cisco Application Network Manager (ANM) provides management for multi-device data centers; Application Control Engine (ACE) Device Manager is a management application for networking gear for data centers. A successful exploit may allow an attacker to obtain sensitive information, view or modify files, cause denial of service conditions, or gain unauthorized access to the affected application. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml#@ID

• 09.10.19 - CVE: Not Available
• Platform: Cross Platform
• Title: SHOUTcast Server DNAS Relay Remote Buffer Overflow
• Description: SHOUTcast Server is a streaming audio server for multiple platforms, including Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically this issue occurs when the application is configured to act as a DNAS (Distributed Network Audio Software) relay server. SHOUTcast Server version 1.9.8 for Windows is affected.
• Ref: http://secunia.com/secunia_research/2008-62/

• 09.10.20 - CVE: CVE-2009-0507
• Platform: Cross Platform
• Title: IBM WebSphere Application Server Cluster Configuration File Information Disclosure
• Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. WAS is exposed to an information disclosure issue. Specifically when a user exports the cluster configuration file from the administration console, sensitive information (such as the JMSAPI and mail session data) is included. WAS versions 6.1.2 and 6.2 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27006649

• 09.10.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari Malformed "feeds:" URI Null Pointer Dereference Remote Denial of Service
• Description: Apple Safari is a web browser available for multiple operating platforms. The browser is exposed to a denial of service issue that stems from a NULL-pointer dereference. This issue occurs when handling malformed "feeds:" URIs. Apple Safari version 4 Beta is affected.
• Ref: http://www.securityfocus.com/archive/1/501229

• 09.10.22 - CVE: CVE-2008-4308
• Platform: Cross Platform
• Title: Apache Tomcat POST Data Information Disclosure
• Description: Apache Tomcat is a Java-based webserver for multiple operating systems. Tomcat is exposed to a remote information disclosure issue. Specifically, attackers may potentially access data from previous POST requests sent to the server.
• Ref: http://www.securityfocus.com/archive/1/501250

• 09.10.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Cisco Unified MeetingPlace Web Conferencing "E-Mail Address" Field HTML Injection
• Description: Cisco Unified MeetingPlace Web Conferencing is an online meeting application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "E-Mail Address" field in the application's section for user account settings.
• Ref: http://www.securityfocus.com/archive/1/501251

• 09.10.24 - CVE: Not Available
• Platform: Cross Platform
• Title: OpenSC PKCS#11 Implementation Unauthorized Access
• Description: OpenSC is an application for managing smart cards; it is available for Linux, Mac OS X, and windows. OpenSC is exposed to an unauthorized access issue that occurs in the OpenSC PKCS#11 implementation. Attackers can exploit this issue to gain unauthorized access to private data. Successfully exploiting this issue may lead to other attacks. OpenSC versions prior to 0.11.7 are affected.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1527

• 09.10.25 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP 5.2.8 and Prior Versions Multiple Vulnerabilities
• Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to multiple security issues. Successful exploits could allow an attacker to cause a denial of service condition. PHP versions 5.2.8 and earlier are affected.
• Ref: http://www.php.net/releases/5_2_9.php

• 09.10.26 - CVE: Not Available
• Platform: Cross Platform
• Title: MPFR Library "printf.c" Multiple Buffer Overflow Vulnerabilities
• Description: The MPFR library is a C library for multiple-precision floating-point computations with correct rounding. The library is exposed to multiple buffer overflow issues because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. These issues occur in the "mpfr_snprintf()" and "mpfr_vsnprintf()" functions in the "printf.c" source file. MPFR versions prior to 2.4.1 are affected.
• Ref: http://mpfr.loria.fr/mpfr-2.4.1/

• 09.10.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Avahi "avahi-core/server.c" Multicast DNS Denial of Service
• Description: Avahi is an application for discovering available services on the local network. Avahi is exposed to a denial of service issue because the application fails to handle exceptional conditions. This issue occurs in the "local_legacy_unicast_socket()" function in the "avahi-core/server.c" source file. Avahi version 0.6.23 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683

• 09.10.28 - CVE: Not Available
• Platform: Cross Platform
• Title: djbdns Long Response Packet Remote Cache Poisoning
• Description: djbdns is a Domain Name System (DNS) toolkit. djbns is exposed to a remote DNS cache poising issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability affects the "response_addname()" function of "response.c". djbdns version 1.05 is affected.
• Ref: http://www.securityfocus.com/bid/33937

• 09.10.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Firefox Multiple Unspecified Vulnerabilities
• Description: Mozilla Firefox is exposed to multiple unspecified vulnerabilities. The impact of these issues is not known. Firefox versions prior to 3.0.7 Beta are affected.
• Ref: http://www.securityfocus.com/bid/33939

• 09.10.30 - CVE: Not Available
• Platform: Cross Platform
• Title: Fujitsu Jasmine2000 Enterprise Edition Multiple Remote Vulnerabilities
• Description: Fujitsu Jasmine2000 Enterprise Edition is exposed to the following issues: 1. An HTML injection vulnerability occurs because the application fails to properly sanitize unspecified user-supplied input before using it in dynamically generated content. 2. A remote denial of service vulnerability affects the application due to an unspecified error. An attacker can exploit this issue to deny access to legitimate users. 3. An unspecified buffer overflow vulnerability exists and may allow remote attackers to execute arbitrary code in the context of the affected application or cause denial of service conditions. Ref: http://www.fujitsu.com/global/support/software/security/products-f/jasmine-200801e.html

• 09.10.31 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera Web Browser prior to 9.64 Multiple Security Vulnerabilities
• Description: Opera Web Browser is a browser that runs on multiple operating systems. Opera is exposed to multiple security issues. Opera 9.64 provides various security enhancements and fixes numerous bugs which may also be security related. Opera versions prior to 9.64 are affected.
• Ref: http://www.opera.com/support/kb/view/926/

• 09.10.32 - CVE: CVE-2009-0037
• Platform: Cross Platform
• Title: cURL/libcURL HTTP "Location:" Redirect Security Bypass
• Description: cURL is a utility for transferring files with URL syntax over a number of protocols. As a shared library, libcURL provides this functionality to applications. The application is exposed to a security bypass issue because of an access validation error. This issue occurs when the application handles HTTP "Location:" redirect requests and fails to verify target protocols used in an automatic redirect request. cURL/libcURL 5.11 up to and including 7.19.3 are affected.
• Ref: http://curl.haxx.se/docs/adv_20090303.html

• 09.10.33 - CVE: CVE-2009-0186
• Platform: Cross Platform
• Title: libsndfile CAF Processing Buffer Overflow
• Description: The "libsndfile" library is a C library for reading and writing audio files. The library is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue stems from an integer overflow error when processing CAF description chunks. libsndfile version 1.0.18 is affected.
• Ref: http://www.securityfocus.com/archive/1/501413

• 09.10.34 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Firefox Nested "window.print()" Denial of Service
• Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue that occurs when the browser parses a malicious webpage that contains nested "window.print()" JavaScript functions. Firefox version 2.0.0.20 is affected.
• Ref: http://www.securityfocus.com/bid/33969

• 09.10.35 - CVE: Not Available
• Platform: Cross Platform
• Title: MySQL XPath Expression Remote Denial of Service
• Description: MySQL is an open-source SQL database available for multiple operating systems. MySQL is exposed to a remote denial of service issue because it fails to handle certain XPath expressions. MySQL versions prior to 5.1.32 and 6.0.9 and earlier are affected.
• Ref: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html

• 09.10.36 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: JOnAS "select" Parameter Error Page Cross-Site Scripting
• Description: JOnAS is an open source Java application server. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue affects the "select" parameter of the "ListMBeanDetails.do". When multiple values are passed to the parameter, an error page is generated. JOnAS version 4.10.3 is affected.
• Ref: http://www.securityfocus.com/archive/1/501232

• 09.10.37 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: BitDefender Internet Security 2009 File Name Cross-Site Scripting
• Description: BitDefender Internet Security 2009 is a security application suite for Microsoft Windows platforms. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the File Name value.
• Ref: http://www.securityfocus.com/archive/1/501277

• 09.10.38 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Yektaweb Academic Web Tools CMS Multiple Cross-Site Scripting Vulnerabilities
• Description: Yektaweb Academic Web Tools CMS is a web-based content management application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Academic Web Tools CMS version 1.5.7 is affected.
• Ref: http://www.securityfocus.com/archive/1/501350

• 09.10.39 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Blogsa "Widgets.aspx" Cross-Site Scripting
• Description: Blogsa is an ASP-based blogging application. Blogsa is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "searchText" parameter of the "Widgets.aspx" script. Blogsa version 1.0 Beta 3 is vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/archive/1/501382

• 09.10.40 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! and Mambo DigiStore Component "pid" Parameter SQL Injection
• Description: DigiStore an ecommerce component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "com_digistore" component before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/33953

• 09.10.41 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PenPal "admin/login.asp" Multiple SQL Injection Vulnerabilities
• Description: PenPal is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" text boxes when logging in to the application through the "admin/login.asp" script. PenPal version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/33907

• 09.10.42 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Orooj CMS "news.php" SQL Injection
• Description: Orooj CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "nid" parameter of the "news.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/33908

• 09.10.43 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Parsi PHP CMS "index.php" SQL Injection
• Description: Parsi PHP CMS is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Cat" parameter of the "index.php" script before using it in an SQL query. Parsi PHP CMS version 2.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/33914

• 09.10.44 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: BannerManager "default.asp" Multiple SQL Injection Vulnerabilities
• Description: BannerManager is a PHP-based application for managing online banners. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" text boxes when logging in to the application through the "default.asp" script. BannerManager version 0.81 is affected.
• Ref: http://www.securityfocus.com/bid/33925

• 09.10.45 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Multiple EtoShop Products Login Parameters SQL Injection Vulnerabilities
• Description: EtoShop produces a number of ASP-based web applications. The applications are exposed to multiple SQL injection issues because they fail to sufficiently sanitize user-supplied data provided to the "username" and "password" form fields of the "admin.asp" script.
• Ref: http://www.securityfocus.com/bid/33930

• 09.10.46 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: EZ-Blog "public/view.php" SQL Injection
• Description: EZ-Blog is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "storyid" parameter of the "public/view.php" script before using it in an SQL query. EZ-Blog Beta version 1 is affected.
• Ref: http://www.securityfocus.com/archive/1/501352

• 09.10.47 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Centreon "oreon.php" SQL Injection
• Description: Centreon (formerly Oreon) is a PHP-based application for monitoring networks. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "p" parameter of the "oreon.php" script before using it in an SQL query. Centreon versions prior to 2 are vulnerable.
• Ref: http://trac.centreon.com/changeset/7582/trunk/centreon/www/main.php

• 09.10.48 - CVE: Not Available
• Platform: Web Application
• Title: BlogMan Multiple Input Validation Vulnerabilities
• Description: BlogMan is a weblog application. BlogMan is exposed to multiple input validation issues. A successful exploit may allow an attacker to compromise the application, gain unauthorized access to the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. BlogMan version 0.45 is affected.
• Ref: http://www.securityfocus.com/bid/33950

• 09.10.49 - CVE: Not Available
• Platform: Web Application
• Title: Graugon PHP Article Publisher SQL Injection and Cookie Authentication Bypass Vulnerabilities
• Description: Graugon PHP Article Publisher is an article publishing application. The application is exposed to these input validation issue. The attacker can leverage the authentication bypass vulnerability to gain administrative access to the affected application. Graugon PHP Article Publisher version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33952

• 09.10.50 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Theme System Template File Local File Include
• Description: Drupal is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input included with the URI before using it to select a template file.
• Ref: http://drupal.org/node/383724

• 09.10.51 - CVE: Not Available
• Platform: Web Application
• Title: Multiple SkyPortal Modules Multiple Authentication Bypass Vulnerabilities
• Description: Classifieds System, WebLinks and Picture are modules for the SkyPortal content manager. Multiple SkyPortal modules are exposed to multiple authentication bypass issues because the applications fails to restrict access to certain administration scripts. An attacker can exploit these issues to gain unauthorized access to the affected applications.
• Ref: http://www.securityfocus.com/bid/33911

• 09.10.52 - CVE: Not Available
• Platform: Web Application
• Title: Coppermine Photo Gallery "IMG" BBCode HTML Injection
• Description: Coppermine Photo Gallery is a web-based photo application. Coppermine Photo Gallery is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, BBCode "IMG" tags are not properly sanitized in new messages. Coppermine Photo Gallery version 1.4.2 is affected.
• Ref: http://www.securityfocus.com/bid/33917

• 09.10.53 - CVE: CVE-2009-0208
• Platform: Web Application
• Title: HP Virtual Rooms Client Unspecified Remote Code Execution
• Description: HP Virtual Rooms client is a web conferencing application. The application is exposed to a remote code execution issue caused by an unspecified error. Successfully exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user running the affected application. Virtual Rooms versions 7.0 and earlier running on Microsoft Windows are affected.
• Ref: http://www.kb.cert.org/vuls/id/461321

• 09.10.54 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Taxonomy Theme Module "Vocabulary name" HTML Injection
• Description: Taxonomy Theme is a PHP-based component for Drupal. It is used to change the theme of nodes based on taxonomy terms. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Vocabulary name" field, when a new vocabulary is added, before using the input in dynamically generated content. Taxonomy Theme version 5.x-1.1 is affected.
• Ref: http://www.lampsecurity.org/node/21

• 09.10.55 - CVE: Not Available
• Platform: Web Application
• Title: APC PowerChute Network Shutdown HTTP Response Splitting and Cross Site Scripting Vulnerabilities
• Description: APC PowerChute Network Shutdown is a software package that will safely shut down computer systems when UPS power starts to fail. APC PowerChute Network Shutdown is exposed to multiple input validation isses affecting the web interface. Ref: http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=9539

• 09.10.56 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Viewfield Module HTML Injection
• Description: Viewfield is a PHP-based Drupal component that allows administrators to put views directly into nodes. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Drupal Viewfield version 5.x-1.5 is affected.
• Ref: http://www.lampsecurity.org/node/20

• 09.10.57 - CVE: Not Available
• Platform: Web Application
• Title: Irokez Blog Multiple Input Validation Vulnerabilities
• Description: Irokez Blog is a PHP-based blog application. Irokez Blog is exposed to multiple input validation issues. Irokez Blog version 0.7.3.2 is affected.
• Ref: http://www.securityfocus.com/bid/33931

• 09.10.58 - CVE: Not Available
• Platform: Web Application
• Title: Demium CMS Multiple Local File Include and SQL Injection Vulnerabilities
• Description: Demium CMS is a PHP-based content manager. The application is exposed to multiple input-validation issues. The attacker can exploit the local file include vulnerabilities using directory-traversal strings to view and execute arbitrary local files within the context of the web server process. Demium CMS version 0.2.1 Beta is affected.
• Ref: http://www.securityfocus.com/bid/33933

• 09.10.59 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Protected node Module "Password page info" HTML Injection
• Description: Protected node is a PHP-based Drupal component for adding password protection to nodes. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, this affects input to the "Password page info" field when password protection is added to a node. Protected node version 5.x-1.3 is affected.
• Ref: http://lampsecurity.org/node/28

• 09.10.60 - CVE: Not Available
• Platform: Web Application
• Title: CMME Multiple Unspecified Security Vulnerabilities
• Description: CMME is a PHP-based content manager. The application is exposed to multiple remote security issues caused by unspecified errors. CMME version 1.19 is affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=215535&release_id=663882

• 09.10.61 - CVE: Not Available
• Platform: Web Application
• Title: Golabi CMS "index_logged.php" Remote File Include
• Description: Golabi CMS is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cur_module" parameter of the "/templates/default/index_logged.php" script.
• Ref: http://www.securityfocus.com/bid/33916

• 09.10.62 - CVE: Not Available
• Platform: Web Application
• Title: Afian "includer.php" Directory Traversal
• Description: Afian is a web-based document sharing application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "files" parameter of the "includer.php" script.
• Ref: http://www.securityfocus.com/archive/1/501341

• 09.10.63 - CVE: Not Available
• Platform: Web Application
• Title: eXtplorer "include/init.php" Local File Include
• Description: eXtplorer is a PHP-based file explorer. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "include/init.php" script. eXtplorer 2.0.0 is vulnerable; prior versions may also be affected.
• Ref: http://www.securityfocus.com/archive/1/501377

• 09.10.64 - CVE: Not Available
• Platform: Web Application
• Title: access2asp "default_Image.asp" Arbitrary File Upload
• Description: access2asp is a web-based application implemented in ASP. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize file extensions before uploading images onto the web server. access2asp version 4.6 is affected.
• Ref: http://www.securityfocus.com/bid/33956

• 09.10.65 - CVE: Not Available
• Platform: Web Application
• Title: RitsBlog SQL Injection and HTML Injection Vulnerabilities
• Description: RitsBlog is a weblog application. The application is exposed to multiple input validation issues. RitsBlog version 0.4.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/501383

• 09.10.66 - CVE: Not Available
• Platform: Web Application
• Title: WikyBlog Arbitrary File Upload
• Description: WikyBlog is a combined wiki and blog application implemented in PHP and MySQL. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize multiple file extensions before uploading files onto the web server. WikyBlog version 1.7.1 is affected.
• Ref: http://www.wikyblog.com/Help/en/Notes

• 09.10.67 - CVE: Not Available
• Platform: Web Application
• Title: ZABBIX "locales.php" Local File Include and Remote Code Execution
• Description: ZABBIX is a network monitoring tool available for Unix, Linux, and other Unix-like operating systems. ZABBIX is exposed to these input validation issues that occurs in the front-end web interface. ZABBIX version 1.6.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/501400

• 09.10.68 - CVE: Not Available
• Platform: Web Application
• Title: NovaBoard HTML Injection and Cross-Site Scripting Vulnerabilities
• Description: NovaBoard is a web-based messaging application implemented in PHP. Since it fails to properly sanitize user-supplied input, the application is exposed to multiple input validation issues. NovaBoard version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/501439

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.