The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 11
March 12, 2009

SANS Newsletters Home

The Windows Kernel problem is really important, but automated patching seems to handle it. Also the 50 million instances of FoxIt PDF reader need to be fixed, but does that happen automatically? Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 8 (#1, #4, #7)
    • Third Party Windows Apps
    • 8 (#2)
    • Linux
    • 4
    • Solaris
    • 4
    • Cross Platform
    • 18 (#3, #5, #6 #8)
    • Web Application - Cross Site Scripting
    • 10
    • Web Application - SQL Injection
    • 24
    • Web Application
    • 19
    • Network Device
    • 4

**************** Sponsored By SANS Penetration Testing Summit ***********

Come to the Penetration Testing and Ethical Hacking Summit: an interactive User-to-User conference. Hear the hot issues your peers have faced and how they resolved them. Learn from these lessons in large and medium size environments. Las Vegas June 1-2. http://www.sans.org/info/40168

*************************************************************************

TRAINING UPDATE - - Phoenix 3/23-3/30 (5 courses) http://www.sans.org/phoenix09/ - - Washington DC (Tyson's Corner) 4/14-4/22 (5 long courses and 8 short courses) http://www.sans.org/tysonscorner09/event.php - - Log Management Summit in Washington 4/5-4/7 http://www.sans.org/logmgtsummit09/ - - Plus Calgary, New Orleans, San Diego and more... - - Looking for training in your own Community? http://sans.org/community/ For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Windows Kernel Multiple Vulnerabilities (MS09-006)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP1 (Itanium)
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Vista
    • Microsoft Windows Vista Service Pack 1
    • Microsoft Windows Vista x64 Edition
    • Microsoft Windows Vista x64 Edition Service Pack 1
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (x64)
    • Microsoft Windows Server 2008 (Itanium)

  • Description: Windows kernel, the core of the Microsoft operating system, has multiple vulnerabilities. One of them is a remote code execution vulnerability caused due to an error in the Windows kernel while validating inputs that are passed from the user-mode through the kernel component of Microsoft Windows graphics device interface (GDI). A specially crafted Windows Metafile (WMF) or Enhanced Metafile (EMF) when viewed by a user can be used to trigger this vulnerability remotely. To exploit the flaw in this scenario, an attacker can take any of the following actions: (a) Create a webpage containing a malicious WMF or EMF image file, and entice an attacker to visit his webpage. (b) Send an email with a specially crafted EMF or WMF image file embedded in it and convincing the user to view it or embedding the malicious image file in an Office document and convincing the user to open it. This vulnerability can also be exploited locally by an attacker logged on to the local system. There is an escalation of privilege vulnerability due to an error in the kernel while validating handles. With successful exploitation an attacker could execute arbitrary code with elevated privileges. This is not remotely exploitable and the attacker must have valid credentials. The third is also an escalation of privilege vulnerability caused due to an error in the kernel while validating invalid pointer. This too is not remotely exploitable and the attacker must have valid credentials.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) CRITICAL: Foxit Reader Multiple Vulnerabilities
  • Affected:
    • Foxit Reader 3.0.2009 1301
    • Foxit Reader 3.0
    • Foxit Reader 2.3

  • Description: Foxit Reader, a small and fast Portable Document Format (PDF) document viewer and printer with over 50 million customer base, has multiple vulnerabilities in it. A specially crafted PDF with an overlong filename argument combined with an "Open/Execute a file" action defined when opened with the vulnerable reader can be used to exploit a stack-based buffer overflow vulnerability. Successful exploitation can be used to execute arbitrary code or crash the application. There is authorization bypass vulnerability with the same "Open/Execute a file" action as a result of which the Foxit Reader will open/execute the file without confirming with the user. The third vulnerability is due to an error while decoding JBIG2 symbol dictionary segments, and this can be used to dereference uninitialized memory that might lead to execution of arbitrary code. Note that this JBIG2 vulnerability is different from the Adobe JBIG2 vulnerability. The technical details of these security issues have been publicly posted along with the some proof-of-concepts.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) HIGH: IBM Tivoli Storage Manager Buffer Overflow Vulnerability
  • Affected:
    • IBM Tivoli Storage Manager 5.4.0.0 through 5.4.4.0
    • IBM Tivoli Storage Manager 5.3 and prior
    • IBM Tivoli Storage Manager Express (all levels)

  • Description: IBM Corp's Tivolli Storage Manager (TSM), a storage management software for centralized and policy-based data backups, has a head-based buffer overflow vulnerability in it. The vulnerability is in "adsmdll.dll" which has an validation error while processing session related data. The vulnerable function allocates a fixed-sized buffer and only a part of that is used for session related data. The user supplied inputs are copied into that buffer without adequate boundary checks which can lead to a buffer overflow condition. Successfully exploiting this vulnerability could allow the attackers to execute arbitrary code with system or root privileges. And unsuccessful attempts can lead to a denial-of-service condition. Authentication is not required to exploit this vulnerability. Details of this vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) Moderate: Microsoft Windows DNS/WINS Multiple vulnerabilities (MS09-008)
  • Affected:
    • Microsoft Windows 2000 Server Service Pack 4
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP1 (Itanium)
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (x64)

  • Description: Microsoft Windows DNS/WINS servers have multiple vulnerabilities in them. One of them is a spoofing vulnerability in the Microsoft Windows DNS servers. When an attacker sends specially crafted queries to a vulnerable DNS server and if the server doesn't reuse the DNS cache properly then the attacker is in a position to better predict subsequent transaction ID's and hence, could insert arbitrary addresses into the cache. There is another spoofing vulnerability in the Windows DNS server caused by the servers not caching correctly the specially crafted DNS responses. This could lead to DNS servers making unnecessary lookups thus leading to greater predictability of subsequent transaction ID's. Sites using the SSL/TLS are not affected by these vulnerabilities. A man-in-the-middle attack vulnerability exists in Windows DNS servers because of inadequate validation on who can register Web Proxy Auto-Discovery (WPAD) entries on the DNS server. This could allow an attacker to create registration on the server if it doesn't already exist, point to an IP address that the attacker controls and thus allow the attacker to intercept or redirect the traffic. Please note that there is a possibility that the patched servers which already exploited before the patch was applied might still get exploited because of a WPAD entry from the previous attack. The fourth vulnerability is a man-in-the-middle attack vulnerability in the Windows WINS server caused due to inadequate validation on who can register WPAD or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) entries on the WINS server. Successful exploitation can allow an attacker to intercept or redirect internet traffic. By default a DNS or WINS server will allow any user to create a registration. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) MODERATE: Belkin BullDog Plus HTTP Server Buffer Overflow Vulnerability
  • Affected:
    • Belkin Bulldog Plus 4.x and prior

  • Description: Belkin BullDog Plus, a product from Belkin International, is designed to protect the equipments of the end users from potential damages. The application comes in with a built-in HTTP server which is not enabled by default. The authentication mechanism for the HTTP server is Basic Authentication. This server has a boundary error in the base64 decoding error which handles the Basic Authentication data. So an overlong HTTP authentication with a specially crafted base64 encoded data can be used by an attacker to overflow the buffer. Successful exploitation may lead to arbitrary code execution. Some technical detail is available for this vulnerability.

  • Status: Vendor not confirmed, no updates available.

  • References:
  • (6) MODERATE: MediaCoder '.m3u' File Processing Buffer Overflow Vulnerability
  • Affected:
    • MediaCoder 0.6.2.4275 and prior

  • Description: MediaCoder is a free universal media transcoder for integrating the most popular audio/video codecs. It has a buffer overflow vulnerability while processing specially crafted '.m3u' playlist file. The vulnerability is caused due to inadequate boundary checks while processing '.m3u' playlist files with an overly long filename in the "Properties" dialog item. User interaction is needed where the victim has to open the malicious file with the vulnerable application. Successful exploitation can leveraged to execute arbitrary code in the context of the user running the application. Technical details are available for this vulnerability along with some public Proof of Concept.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (7) LOW: Microsoft Windows Secure Channel Spoofing Vulnerability (MS09-007)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP1 (Itanium)
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Vista
    • Microsoft Windows Vista Service Pack 1
    • Microsoft Windows Vista x64 Edition
    • Microsoft Windows Vista x64 Edition Service Pack 1
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (x64)
    • Microsoft Windows Server 2008 (Itanium)

  • Description: Microsoft Windows Secure Channel (SChannel) is a Security Support Provider that implements the Secure Socket Layer (SSL) and the Transport Layer Security (TLS) authentication protocols. An error in the SChannel when using certificate based authentication can allow an attacker to bypass security mechanisms of a SSL protected server with only the public key component of a certificate, and no associated private key. An attacker would need to get the public component of an actual certificate. In most cases like an SSL connection to an Internet Information Services (IIS) web server the certificates are used for only one purpose and they are not in clear text. In cases where a single certificate might be used for multiple purposes the public key might be in the clear. This issue also applies to cases where the certificates are mapped to the local Windows accounts on the server. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) LOW: IBM Tivoli Storage Manager HSM Buffer Overflow Vulnerability
  • Affected:
    • IBM Tivoli Storage Manager HSM for Windows 5.3.2.0 to 5.3.5.0
    • IBM Tivoli Storage Manager HSM for Windows 5.4.0.0 to 5.4.2.5
    • IBM Tivoli Storage Manager HSM for Windows 5.5.0.0 to 5.5.1.4

  • Description: IBM Tivoli Storage Manager HSM for Windows is used for automatic migration of rarely used files thereby controlling the disk storage. This has a buffer overflow vulnerability caused due to unspecified boundary errors in the client. Successful Exploitation can lead to either an arbitrary code execution with the privileges of the user running the application or a denial-of-service condition. Technical details are not publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 11, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 6633 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.11.1 - CVE: CVE-2009-0233
  • Platform: Windows
  • Title: Microsoft Windows DNS Server Response Caching DNS Spoofing
  • Description: The Microsoft Windows DNS Server is prone to a DNS spoofing vulnerability because the software fails to properly reuse cached responses. Specifically, the DNS server fails to use cached responses when receiving specially crafted DNS queries.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx
  • 09.11.2 - CVE: CVE-2009-0234
  • Platform: Windows
  • Title: Microsoft Windows DNS Server Incorrect Caching DNS Spoofing
  • Description: The Microsoft Windows DNS Server is exposed to a DNS spoofing issue because the software fails to properly cache responses. Specifically, the DNS server fails to cache responses when handling specially crafted DNS queries. A remote attacker may exploit this issue to gain additional information about values used as transaction IDs, which may help the attacker predict future transaction IDs.
  • Ref: http://www.kb.cert.org/vuls/id/319331
  • 09.11.3 - CVE: CVE-2009-0093
  • Platform: Windows
  • Title: Microsoft Windows DNS Server WPAD Access Validation
  • Description: The Microsoft Windows DNS Server is prone to an access validation vulnerability because the software fails to restrict access to sensitive functions. This issue is related to the handling of WPAD (Web Proxy Autodiscovery Protocol) entries. WPAD is a method for browsers to discover files used to automatically configure proxy servers. Specifically, the DNS server fails to properly validate users attempting to register WPAD entries. By default, vulnerable DNS servers allow any authenticated user to register a WPAD entry if one is not already defined.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx
  • 09.11.4 - CVE: CVE-2009-0081
  • Platform: Windows
  • Title: Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution
  • Description: Microsoft Windows is exposed to a remote code execution issue affecting the kernel component of GDI. This issue occurs because the operating system fails to sanitize user-supplied input passed from user mode to the kernel component of GDI. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious EMF or WMF file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx
  • 09.11.5 - CVE: CVE-2009-0094
  • Platform: Windows
  • Title: Microsoft Windows WINS Server WPAD and ISATAP Access Validation
  • Description: The Microsoft Windows WINS Server is prone to an access validation vulnerability because the software fails to restrict access to sensitive functions. This issue is related to the handling of WPAD (Web Proxy Autodiscovery Protocol) and ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) entries. Specifically, the WINS server fails to properly validate users attempting to register WPAD and ISATAP entries.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx
  • 09.11.6 - CVE: CVE-2009-0085
  • Platform: Windows
  • Title: Microsoft Windows SChannel Authentication Spoofing
  • Description: Microsoft Windows SChannel is a security package used to provide Secure Sockets Layer (SSL) and Transport Layer Security (TLS) authentication protocols. SChannel is exposed to an authentication spoofing issue because it fails to properly validate certain client-server certificate exchanges.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-007.mspx
  • 09.11.7 - CVE: CVE-2009-0083
  • Platform: Windows
  • Title: Microsoft Windows Invalid Pointer Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel. This issue occurs because the software fails to handle a specially crafted pointer. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx
  • 09.11.8 - CVE: CVE-2009-0082
  • Platform: Windows
  • Title: Microsoft Windows Kernel Handle Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel. This issue occurs because the software fails to sufficiently validate handles when performing certain actions. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-006.mspx
  • 09.11.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Imera Systems ImeraIEPlugin ActiveX Control Arbitrary File Download
  • Description: ImeraIEPlugin is an ActiveX control that is used to install the Imera TeamLinks client application. ImeraIEPlugin is exposed to an issue that can allow malicious files to be downloaded and saved to arbitrary locations on an affected computer. This issue occurs because the application fails to validate user-supplied data. ImeraIEPlugin.dll version 1.0.2.54 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.11.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SupportSoft DNA Editor Module ActiveX Control Insecure Method Remote Code Execution Vulnerability
  • Description: SupportSoft DNA Editor Module is a web-based application. The ActiveX control is exposed to a remote code execution issue because the "Packagefiles()" method fails to adequately validate user-supplied input. DNA Editor Module provided by "dnaedit.dll" version 6.9.2205 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501480
  • 09.11.11 - CVE: CVE-2009-0191
  • Platform: Third Party Windows Apps
  • Title: Foxit Reader PDF Handling Multiple Remote Vulnerabilities
  • Description: Foxit Reader is a PDF viewer for windows. The application is exposed to multiple remote issues. Foxit Reader versions 3.0.2009.1301, 2.3 and 3.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/501590
  • 09.11.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: mks_vir "mksmonen.sys" IOCTL Request Local Privilege Escalation
  • Description: mks_vir is a security driver available for Microsoft Windows. The application is exposed to a local privilege escalation issue in the "mksmonen.sys" driver. The problem occurs when handling a large buffer passed to IOCTL request 0x95FE0007. mks_vir 9 Beta versions prior to 1.2.0.0 build 297 are affected.
  • Ref: http://ntinternals.org/ntiadv0809/ntiadv0809.html
  • 09.11.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nokia Multimedia Player ".npl" File Heap Buffer Overflow
  • Description: Nokia Multimedia Player is a media player for Microsoft Windows. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed ".npl" files. Nokia Multimedia Player version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/34041
  • 09.11.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RadASM ".rap" Project File Stack-Based Buffer Overflow
  • Description: RadASM is an assembly language IDE for the Microsoft Windows operating system. RadASM is exposed to a stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. This issue can be triggered with a specially crafted ".rap" project file. RadASM version 2.2.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/34042
  • 09.11.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: eZip Wizard Zip File Stack Remote Buffer Overflow
  • Description: eZip Wizard is a file extractor application available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling specially crafted ZIP files. eZip Wizard version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/34044
  • 09.11.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RainbowPlayer ".rpl" File Remote Buffer Overflow
  • Description: RainbowPlayer is a multimedia player available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".rpl" file. RainbowPlayer version 0.91 is affected.
  • Ref: http://www.securityfocus.com/bid/34072
  • 09.11.17 - CVE: Not Available
  • Platform: Linux
  • Title: Arno's IPTables Firewall Script Restart Security Bypass
  • Description: Arno's IPTables Firewall Script creates firewall rules for Linux platforms. The application is exposed to a security bypass issue because it fails to properly restrict network traffic following a restart of the application. This issue occurs because the NIC interface stays up during "arno-iptables-firewall restart" service commands, causing default policies to be accepted. Arno's IPTables Firewall Script versions prior to 1.9.0b are affected. Ref: http://rocky.eld.leidenuniv.nl/pipermail/firewall/2009-February/001046.html
  • 09.11.18 - CVE: Not Available
  • Platform: Linux
  • Title: Linux-PAM Configuration File Non-ASCII User Name Handling Local Privilege Escalation
  • Description: PAM (Pluggable Authentication Module) provides a standard interface to various authentication mechanisms. Linux-PAM is a PAM implementation for the Linux operating system. Linux-PAM is exposed to an issue related to the parsing of user names containing non-ASCII characters from PAM configuration files. Linux-PAM versions prior to 1.0.4 are affected. Ref: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log
  • 09.11.19 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "/ipc/shm.c" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. Specifically, this issue occurs because the "shm_get_stat()" function in the "/ipc/shm.c" source file makes an incorrect assumption about the type of inode parameter. This issue may be triggered by the "ipcs" command on kernels configured with "!CONFIG_SHMEM". Linux kernel versions prior to 2.6.28.5 are affected.
  • Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5
  • 09.11.20 - CVE: CVE-2009-0848
  • Platform: Linux
  • Title: openSUSE Linux gtk2 Package Search Path Remote Command Execution
  • Description: GTK is a library used to develop GUI applications for a number of platforms and window systems. The openSUSE gtk2 package is exposed to a remote command execution issue because it may include GTK modules from an unsafe location. Specifically, this is because the package includes a relative path in the module search path. openSUSE versions 11.0 and 11.1 are affected.
  • Ref: http://www.securityfocus.com/bid/34068
  • 09.11.21 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Crypto Driver Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a local denial of service issue caused by an unspecified error in the "crypto" pseudo-device driver. Solaris 10 and OpenSolaris based on builds snv_88 through snv_102 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254088-1
  • 09.11.22 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NFS Version 4 Server Kernel Module Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. The Solaris NFSv4 Server kernel module is exposed to an unspecified local denial of service issue that can be triggered when the server is sharing a "hsfs" filesystem, such as a CD-ROM or DVD media.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-252469-1
  • 09.11.23 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NFS Daemon (nfsd(1M)) Security Bypass
  • Description: Sun Solaris NFS Daemon (nfsd(1M)) is exposed to a security bypass issue because it fails to properly implement access control mechanisms. This issue arises because the application incorrectly grants multiple security modes to certain NFSv3 remote clients. Solaris 10 and OpenSolaris builds versions prior to snv_106 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1
  • 09.11.24 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NFS Server (nfssec(5)) Security Modes Security Bypass
  • Description: Sun Solaris NFS Server (nfssec(5)) is prone to a security bypass vulnerability because it fails to properly implement access control mechanisms. This issue arises because the application incorrectly grants unauthorized access to file systems shared via NFS. Solaris version 10 and OpenSolaris build versions prior to snv_111 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1
  • 09.11.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and - -11 Multiple Remote Vulnerabilities
  • Description: The Mozilla Foundation has released multiple advisories regarding security vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. The following issues have been reported: Multiple memory corruption vulnerabilities affect the browser engine. A denial of service vulnerability affects the garbage collection service. This problem is due to improper memory management of a set of cloned XUL DOM elements. A cross-domain information disclosure vulnerability affects the nsIRDFService. A vulnerability allows attackers to spoof the location bar.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-013/
  • 09.11.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server for z/OS Unspecified Cross-Site Scripting
  • Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. (WAS) for z/OS is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. This issue affects the administrative console. WAS versions prior to 6.1.0.23 for z/OS are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK81212
  • 09.11.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Big Faceless PDF Library Unspecified JavaScript
  • Description: Big Faceless PDF Library allows users to create and modify PDF documents. The library is exposed to an unspecified issue that occurs when processing JavaScript. Big Faceless PDF Library versions prior to 2.11.4 are affected.
  • Ref: http://big.faceless.org/products/pdf/docs/CHANGELOG.txt
  • 09.11.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Samhain SRP Authentication Bypass
  • Description: Samhain is a file-integrity checker and host-based IDS. It is available for a number of platforms. Samhain is exposed to an issue that allows an attacker to bypass authentication and gain unauthorized access to the affected application. This issue is due to an input verification error in Secure Remote Password (SRP) protocol authentication and allows a remote attacker to authenticate without providing a valid password. Samhain versions prior to 2.5.4 are affected.
  • Ref: http://la-samhna.de/samhain/index.html
  • 09.11.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FileZilla Server SSL/TLS Unspecified Buffer Overflow Denial of Service
  • Description: FileZilla Server is an FTP server available for Microsoft Windows platforms. FileZilla Server is exposed to a denial of service issue because it fails to adequately validate data before copying it into an insufficiently sized buffer. This issue occurs in an unspecified function within the SSL/TLS code. FileZilla Server versions prior to 0.9.31 are affected.
  • Ref: http://filezilla-project.org/index.php
  • 09.11.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Big Faceless Report Generator Unspecified
  • Description: Big Faceless Report Generator is an application that converts XML files into PDF files. The application is exposed to an unspecified vulnerability when completing forms in malicious PDF documents. Big Faceless Report Generator versions 1.1.39 to 1.1.41 are affected.
  • Ref: http://big.faceless.org/products/report/docs/CHANGELOG.txt
  • 09.11.31 - CVE: CVE-2009-0537
  • Platform: Cross Platform
  • Title: Multiple Vendor libc "fts.c" Denial of Service
  • Description: The libc library is used by applications implemented using the C programming language. Multiple libc libraries are exposed to a denial of service issue caused by an error when handling deeply nested directory structures. This issue affects multiple functions in the "fts.c" source code file and is due to a failure to check the "fts_level" variable for overflow conditions.
  • Ref: http://securityreason.com/achievement_securityalert/60
  • 09.11.32 - CVE: CVE-2009-0027
  • Platform: Cross Platform
  • Title: JBoss Enterprise Application Platform Arbitrary XML File Information Disclosure
  • Description: JBoss Enterprise Application Platform (EAP) is a tool for developing Web 2.0 applications on a pure Java platform. EAP is exposed to a remote information disclosure issue because it fails to properly verify certain resource paths.
  • Ref: http://rhn.redhat.com/errata/RHSA-2009-0346.html
  • 09.11.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Belkin Bulldog Plus Web Service Buffer Overflow
  • Description: Belkin Bulldog Plus is an uninterruptible power supply (UPS) management application. It is available for various platforms. Belkin Bulldog Plus includes a web server component that can be enabled to remotely monitor the application. The application is exposed to a buffer overflow issue because its web server component fails to adequately validate data before copying it into an insufficiently sized buffer. This issue arises when the application handles a specially-crafted authentication request. Belkin Bulldog Plus version 4.0.2 build 1219 is affected.
  • Ref: http://www.securityfocus.com/bid/34033
  • 09.11.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Storage Manager HSM for Windows Client Remote Buffer Overflow
  • Description: IBM Tivoli Storage Manager (TSM) is an enterprise product for managing data backup. HSM for Windows is used to control disk storage by automatically migrating rarely used files. The IBM TSM HSM for Windows client is exposed to a remote buffer overflow issue. Specifically, this issue occurs because the application uses user-supplied data without performing boundary checks. TSM versions 5.3.2.0 to 5.3.5.0 inclusive, 5.4.0.0 to 5.4.2.5 inclusive and 5.5.0.0 to 5.5.1.4 inclusive are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21329223
  • 09.11.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MediaCoder ".m3u" File Remote Stack Buffer Overflow
  • Description: MediaCoder is a multimedia player application available for Microsoft Windows. MediaCoder is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a ".m3u" playlist file which contains excessive data. MediaCoder version 6.2.4275 is affected.
  • Ref: http://www.securityfocus.com/bid/34051
  • 09.11.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Director CIM Server Consumer Name Remote Denial of Service
  • Description: IBM Director is an application that can track and view system configurations of remote computers. It is available for Linux and Windows. The CIM Server of IBM Director is exposed to a remote denial of service issue because the application fails to properly handle specially-crafted requests. Specifically, requests containing large consumer names can trigger this issue. IBM Director versions prior to 5.20.3 Service Update 2 are affected.
  • Ref: https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt
  • 09.11.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Director CIM Server Privilege Escalation
  • Description: IBM Director is an application that can track and view system configurations of remote computers. It is available for Linux and Windows. IBM Director is exposed to a privilege escalation issue that affects the CIM server because it fails to sufficiently validate user-supplied input if the form of indication requests. IBM Director versions prior to 5.20.3 Service Update 2 are affected. Ref: https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt
  • 09.11.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Asterisk Pedantic Mode SIP Channel Driver INVITE Header Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. Asterisk is exposed to a remote denial of service issue because it fails to adequately validate INVITE headers in pedantic mode. Successful exploits can crash the SIP channel driver, resulting in denial of service conditions for legitimate users.
  • Ref: http://www.securityfocus.com/archive/1/501656
  • 09.11.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PostgreSQL Low Cost Function Information Disclosure
  • Description: PostgreSQL is an open-source relational database suite. It is available for UNIX, Linux, and variants, as well as Apple Mac OS X and Microsoft Windows operating systems. PostgreSQL is exposed to an information disclosure issue that occurs when executing a low cost function with views. PostgreSQL version 8.3.6 is affected.
  • Ref: http://archives.postgresql.org/pgsql-hackers/2009-02/msg00861.php
  • 09.11.40 - CVE: CVE-2008-4563
  • Platform: Cross Platform
  • Title: IBM Tivoli Storage Manager Express and Enterprise Server Remote Buffer Overflow
  • Description: IBM Tivoli Storage Manager (TSM) is an enterprise product for managing data backup. The IBM TSM Express and Enterprise servers are exposed to a remote heap-based buffer overflow issue. Specifically, this issue occurs because "adsmdll.dll" uses user-supplied data without performing boundary checks. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=775
  • 09.11.41 - CVE: CVE-2009-0712, CVE-2009-0713
  • Platform: Cross Platform
  • Title: Hewlett-Packard WMI Mapper for HP Systems Insight Manager Unauthorized Access Vulnerabilities
  • Description: Hewlett-Packard Systems Insight Manager (SIM) is a tool for managing HP servers. WMI Mapper is used to convert Web-Based Enterprise Management (WBEM) queries into Windows Management Instrumentation (WMI) and WMI responses into WBEM. Systems Insight Manager (SIM) WMI Mapper is exposed to multiple unspecified unauthorized access issues. WMI Mapper for HP Systems Insight Manager versions prior to 2.5.2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/34078
  • 09.11.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GuildFTPd "DELE" Command Security Bypass
  • Description: GuildFTPd is a Windows-based FTP server. The application is exposed to a security bypass issue. Specifically, the issue affects the "DELE" command. An attacker may exploit the issue to delete arbitrary files outside the FTP root directory. GuildFTPd version 0.999.14 is affected.
  • Ref: http://www.securityfocus.com/bid/34079
  • 09.11.43 - CVE: CVE-2005-4878
  • Platform: Web Application - Cross Site Scripting
  • Title: Basic Analysis and Security Engine Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Basic Analysis and Security Engine (BASE) is a web interface to perform analysis of intrusions from the SNORT intrusion detection system. BASE is exposed to multiple unspecified cross-site scripting issues because it fails to properly sanitize user-supplied input. BASE versions prior to 1.2.1 are affected.
  • Ref: http://www.debian.org/security/2005/dsa-893
  • 09.11.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpBB "ucp.php" Cross-Site Scripting
  • Description: phpBB is a web application implemented in PHP. phpBB is exposed to a cross-site scripting issue that affects the private messaging system of the application. This issue arises because it fails to sufficiently sanitize user-supplied input to the "f" parameter of the "ucp.php" script when the "i" parameter is set to "pm" and the "mode" parameter is set to "compose". phpBB 3.x versions are affected.
  • Ref: http://www.securityfocus.com/bid/33995
  • 09.11.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Calendar Base Search Parameters Unspecified Cross-Site Scripting
  • Description: Calendar Base is an extension for TYPO3. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. This issue affects certain search parameters. Calendar Base versions prior to 1.1.1 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/
  • 09.11.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Management Center Performance Reporting Module Cross-Site Scripting
  • Description: Sun Management Center (SunMC) provides management capabilities for Sun enterprise servers. SunMC Performance Reporting module is exposed to an unspecified cross-site scripting issue. This issue arises because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1
  • 09.11.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: UMI CMS "fields_filter" Parameter Cross-Site Scripting
  • Description: UMI CMS is a web application implemented in PHP. UMI CMS is exposed to a cross-site scripting issue that affects the private messaging system of the application. This issue arises because it fails to sufficiently sanitize user-supplied input to the "fields_filter[price][0]" parameter of the "index.php" script. UMI CMS versions prior to 2.7.1 (build 10856) are affected.
  • Ref: http://www.securityfocus.com/archive/1/501533
  • 09.11.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dotclear Unspecified Cross-Site Scripting
  • Description: Dotclear is a blog application implemented in PHP. Dotclear is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the administration interface. Dotclear versions prior to 2.1.5 are affected.
  • Ref: http://dotclear.org/blog/post/2009/02/05/Dotclear-2.1.5
  • 09.11.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VBook Multiple Cross-Site Scripting Vulnerabilities
  • Description: VBook is a web-log application written in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "title" and "message" parameter.
  • Ref: http://www.securityfocus.com/archive/1/501603
  • 09.11.50 - CVE: CVE-2009-0660
  • Platform: Web Application - Cross Site Scripting
  • Title: Mahara Multiple Cross-Site Scripting Vulnerabilities
  • Description: Mahara is a Perl-based portfolio application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters of the user profile data and blogs sections. Mahara versions prior to 1.0.10 and 1.1.2 are affected.
  • Ref: http://mahara.org/interaction/forum/topic.php?id=350
  • 09.11.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Multiple Aryanic Products "includes/web_search.aspx" Cross-Site Scripting
  • Description: Aryanic products are content managers implemented in ASP. The applications are exposed to a cross-site scripting issue because they fail to sufficiently sanitize user-supplied input to the "q" parameter of the "includes/web_search.aspx" script. HighPortal version 10 and HighCMS version 10 are affected.
  • Ref: http://www.securityfocus.com/archive/1/501642
  • 09.11.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WordPress MU "wp-includes/wpmu-functions.php" Cross-Site Scripting
  • Description: WordPress MUs allows users to generate news pages and web-logs dynamically; it is implemented in PHP with a MySQL database. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the HTTP "Host:" header used in the "choose_primary_blog()" function of the "wp-includes/wpmu-functions.php" script. WordPress MU versions prior to 2.7 are affected.
  • Ref: http://www.securityfocus.com/archive/1/501667
  • 09.11.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Webformatique Reservation Manager Joomla! Component "ItemID" Parameter SQL Injection
  • Description: Webformatique Reservation Manager is a PHP-based component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemID" parameter.
  • Ref: http://www.securityfocus.com/bid/33976
  • 09.11.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Webformatique Car Manager Joomla! Component "ItemID" Parameter SQL Injection
  • Description: Webformatique Car Manager is a PHP-based component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemID" parameter when called with the "task" parameter set to "listall". Car Manager version 2.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33978
  • 09.11.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlindBlog Multiple Local File Include and SQL Injection Vulnerabilities
  • Description: BlindBlog is a PHP-based blog application. The application is exposed to multiple input validation issues. The attacker can exploit the local file include issue using directory traversal strings to view and execute arbitrary local files within the context of the web server process. BlindBlog version 1.3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501420
  • 09.11.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JProfile Gold "index.php" SQL Injection
  • Description: Profile Gold is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_news" parameter of the "index.php" script when the "action" parameter is set to "news.detail" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33986
  • 09.11.57 - CVE: CVE-2008-6202
  • Platform: Web Application - SQL Injection
  • Title: CoBaLT "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: CoBaLT is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. CoBaLT version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33987
  • 09.11.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Accessibility Glossary Extension Unspecified SQL Injection
  • Description: TYPO3 Accessibility Glossary ("a21glossary") is an extension for the TYPO3 content manager. The extension is not part of the TYPO3 default installation. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Accessibility Glossary versions 0.4.10 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/
  • 09.11.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Flat Manager Unspecified SQL Injection
  • Description: TYPO3 Flat Manager ("flatmgr") is an extension for the TYPO3 content manager. The extension is not part of the TYPO3 default installation. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Flat Manager versions 1.9.15 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/
  • 09.11.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iJoomla Archive Component "catid" Parameter SQL Injection
  • Description: iJoomla Archive component is an Archive component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_ijoomla_archive" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/34011
  • 09.11.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CelerBB Information Disclosure and Multiple SQL Injection Vulnerabilities
  • Description: CelerBB is a web-based forum application. The application is exposed to multiple input validation issues. CelerBB version 0.0.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501481
  • 09.11.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Amoot Web Directory Password Field SQL Injection
  • Description: Amoot Web Directory is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" field in the login page before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/34016
  • 09.11.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMSCart "maindatafunctions.php" SQL Injection
  • Description: CMSCart is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "MenuLevel1" parameter in the "GetPageTemplateName()" function of the "maindatafunctions.php" file before using it in an SQL query. CMSCart version 1.04 is affected.
  • Ref: http://redlevel.org/advisory/cmscart-sqlinjection/
  • 09.11.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Wili-CMS SQL Injection Vulnerability and Remote File Include
  • Description: Wili-CMS is a content manager similar to a wiki. The application is exposed to multiple input validation issues. Wili-CMS version 0.4beta0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501536
  • 09.11.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Blue Eye CMS "BlueEyeCMS_login" Cookie Parameter SQL Injection
  • Description: Blue Eye CMS is a PHP-based content manager. The application is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "BlueEyeCMS_login" cookie parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/34022
  • 09.11.66 - CVE: CVE-2009-0825
  • Platform: Web Application - SQL Injection
  • Title: TinX CMS "rss.php" SQL Injection
  • Description: TinX CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "rss.php" script before using it in an SQL query. TinX CMS versions prior to 3.5.1 are affected.
  • Ref: http://www.securityfocus.com/bid/34021
  • 09.11.67 - CVE: CVE-2008-6237
  • Platform: Web Application - SQL Injection
  • Title: Scripts For Sites EZ Hotscripts "software-description.php" SQL Injection
  • Description: EZ Hotscripts is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "software-description.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/34024
  • 09.11.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: nforum Multiple SQL Injection Vulnerabilities
  • Description: nforum is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. nforum version 25042004 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501560
  • 09.11.69 - CVE: CVE-2008-6326
  • Platform: Web Application - SQL Injection
  • Title: Simple Customer "email" Parameter SQL Injection
  • Description: Simple Customer is a web-based contact manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "email" parameter of the "login.php" script before using it in an SQL query. Simple Customer version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/34043
  • 09.11.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Director "cat" Parameter SQL Injection
  • Description: PHP Director is a video content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat" parameter of the "index.php" script. PHP Director version 0.21 is affected.
  • Ref: http://www.securityfocus.com/bid/34047
  • 09.11.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CS-Cart "product_id" Parameter SQL Injection
  • Description: CS-Cart is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "product_id" parameter of the "index.php" script when "dispatch" is set to "product.view". CS-Cart version 2.0.0 Beta 3 is affected.
  • Ref: http://www.securityfocus.com/bid/34048
  • 09.11.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion Book Panel Module "books.php" SQL Injection
  • Description: Book Panel is a module for the PHP-Fusion content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bookid" parameter of the "books.php" script.
  • Ref: http://www.securityfocus.com/bid/34049
  • 09.11.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPRecipeBook "base_id" Parameter SQL Injection
  • Description: PHPRecipeBook is a web-based cookbook tool implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "base_id" parameter of the "index.php" script before using it in an SQL query. PHPRecipeBook version 2.24 is affected.
  • Ref: http://www.securityfocus.com/bid/34052
  • 09.11.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Content management system WEBJump! Multiple SQL Injection Vulnerabilities
  • Description: Content management system WEBJump! is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/34058
  • 09.11.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Nenriki CMS "ID" Cookie SQL Injection
  • Description: Nenriki CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" cookie parameter of the "index.php" script. Nenriki CMS version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/34067
  • 09.11.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPRecipeBook "course_id" Parameter SQL Injection
  • Description: PHPRecipeBook is a web-based cookbook tool. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "course_id" parameter of the "index.php" script before using it in an SQL query. PHPRecipeBook version 2.24 is affected.
  • Ref: http://www.securityfocus.com/bid/34073
  • 09.11.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy File Sharing Web Server "thumbnail.php" File Disclosure
  • Description: Easy File Sharing Web Server is a commercially available web server package distributed by EFS Software. It is available for the Microsoft Windows platform. Easy File Sharing Web Server is exposed to an issue that lets attackers obtain potentially sensitive information because it fails to properly sanitize user-supplied input. This issue occurs in the "vfolder" parameter of the "thumbnail.php" script. Easy File Sharing Web Server version 4.8 is affected.
  • Ref: http://www.securityfocus.com/bid/33973
  • 09.11.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Web Password ".ewp" File Buffer Overflow
  • Description: Easy Web Password is an application to add password protection to HTML files. Easy Web Password is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue occurs when parsing a specially crafted ".ewp" file. Easy Web Password version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33979
  • 09.11.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Digital Interchange Document Library "admin/save_user.asp" Unauthorized Access
  • Description: Digital Interchange Document Library is an ASP-based application. The application is exposed to an issue that can result in unauthorized access. The issue occurs because the "admin/save_user.asp" allows arbitrary administrative users to be created. Digital Interchange Document Library version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33983
  • 09.11.80 - CVE: Not Available
  • Platform: Web Application
  • Title: GhostScripter Amazon Shop Multiple Vulnerabilities
  • Description: Amazon Shop is an ecommerce application. The application is exposed to multiple issues, because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to execute malicious PHP code in the context of the web server process, execute script code in an unsuspecting user's browser, steal cookie-based authentication credentials or gain access to sensitive information; other attacks are also possible.
  • Ref: http://www.securityfocus.com/bid/33994
  • 09.11.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Nullsoft Winamp "skin.xml" Skin File Buffer Overflow
  • Description: Nullsoft Winamp is a media player for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue occurs when parsing a specially-crafted "skin.xml" skin file. Winamp versions prior to 5.55 are affected.
  • Ref: http://www.securityfocus.com/bid/34009
  • 09.11.82 - CVE: CVE-2008-6273
  • Platform: Web Application
  • Title: MyKtools "configuration_script.php" Local File Include
  • Description: MyKtools is a set of PHP-based tools for database administration. MyKtools is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "langage" parameter of the "configuration_script.php" script. MyKtools 3.0 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/34026
  • 09.11.83 - CVE: Not Available
  • Platform: Web Application
  • Title: OneOrZero Helpdesk "login.php" Local File Include
  • Description: OneOrZero Helpdesk is a PHP-based helpdesk application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "default_language" parameter of the "login.php" script. OneOrZero Helpdesk version 1.6.5.7 is affected.
  • Ref: http://www.securityfocus.com/bid/34029
  • 09.11.84 - CVE: CVE-2009-0710, CVE-2009-0709
  • Platform: Web Application
  • Title: PHPFootball SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: PHPFootball is a web-based management application for football leagues. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/34032
  • 09.11.85 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS S.Builder "index.php" Remote File Include
  • Description: CMS S.Builder is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "binn_include_path" parameter of the "index.php" script. CMS S.Builder version 3.7 is affected.
  • Ref: http://www.securityfocus.com/bid/34037
  • 09.11.86 - CVE: Not Available
  • Platform: Web Application
  • Title: PHORTAIL "poster.php" Multiple HTML Injection Vulnerabilities
  • Description: PHORTAIL is a PHP-based web application. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data. PHORTAIL version 1.2.1 is affected.
  • Ref: http://packetstorm.linuxsecurity.com/0903-exploits/phortail-xss.txt
  • 09.11.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Nucleus CMS Media Manager Unspecified Directory Traversal
  • Description: Nucleus CMS is a web-based content management system. The application is exposed to an unspecified directory traversal issue affecting the media manager because it fails to sufficiently sanitize user-supplied input data. Nucleus CMS versions prior to 3.40 are affected.
  • Ref: http://www.nucleuscms.org/index.php/item/3051
  • 09.11.88 - CVE: CVE-2009-0752
  • Platform: Web Application
  • Title: Movable Type Unspecified Security
  • Description: Movable Type is a web-log application written in PERL and PHP. Movable Type is exposed to an unspecified security issue. The problem may involve the "Password Recovery System". Movable Type versions prior to 4.24 are affected. Ref: http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html
  • 09.11.89 - CVE: Not Available
  • Platform: Web Application
  • Title: phpCommunity2 Multiple Remote Input Validation Vulnerabilities
  • Description: phpCommunity2 is a PHP-based content manager. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to view arbitrary local files within the context of the web server, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/archive/1/501588
  • 09.11.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Woltlab Burning Board Multiple Input Validation Vulnerabilites
  • Description: Woltlab Burning Board is a free web-based bulletin board based on PHP and MySQL. Woltlab Burning Board is exposed to multiple input validation issues. Attackers can exploit these issues to delete private messages, execute arbitrary script code, steal cookie-based authentication credentials and redirect users to malicious sites.
  • Ref: http://www.securityfocus.com/bid/34057
  • 09.11.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Roundup EditCSVAction Security Bypass
  • Description: Roundup is an issue-tracking system. It is implemented in Python. The application is exposed to a security bypass issue because the "EditCSVAction" component fails to properly implement access control mechanisms. Authenticated users may change content of existing messages and modify user settings which can allow them to gain administrative privileges. Roundup version 1.4.6 is affected.
  • Ref: http://issues.roundup-tracker.org/issue2550521
  • 09.11.92 - CVE: Not Available
  • Platform: Web Application
  • Title: NextApp Echo XML Parsing Local File Disclosure
  • Description: NextApp Echo is a framework for building web-based applications. The application is exposed to a local file disclosure issue due to a design error. Specifically the default XML parser configuration allows XML passed in an HTTP POST request to reference external entities. NextApp versions prior to 2.1.1 and 3.0.b6 are affected.
  • Ref: http://www.securityfocus.com/archive/1/501637
  • 09.11.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Futomi's CGI Cafe MP Form Mail CGI Unspecified Security Bypass
  • Description: Futomi's CGI Cafe MP Form Mail CGI is a web application. It is implemented in Perl and available for a number of operating systems. The application is exposed to an unspecified security bypass issue.
  • Ref: http://www.securityfocus.com/bid/34071
  • 09.11.94 - CVE: Not Available
  • Platform: Web Application
  • Title: WeBid "include_path" Parameter Multiple Remote File Include Vulnerabilities
  • Description: WeBid is a PHP-based web auction application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. WeBid version 0.7.3 RC9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/501657
  • 09.11.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Djice Shoutbox Module Unspecified HTML Injection
  • Description: Djice Shoutbox is a module for the Joomla! content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to an unspecified parameter of the "com_djiceshoutbox" component. Djice Shoutbox version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/34076
  • 09.11.96 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com Switch 4500G SFTP Authentication Bypass
  • Description: 3Com Switch 4500G is network switch hardware device. The device is exposed to an unspecified authentication bypass issue that can allow SFTP users access to the affected device. This issue occurs when TACACS (Terminal Access Controller Access-Control System) access is permitted for SSH users. 3Com Switch 4500G versions prior to s3q05_02_00s56(s168) are affected.
  • Ref: http://www.securityfocus.com/bid/33974
  • 09.11.97 - CVE: CVE-2009-0619
  • Platform: Network Device
  • Title: Cisco Session Border Controller (SBC) Remote Denial of Service
  • Description: Cisco Session Border Controller (SBC) is a multimedia device that sits on the border of a network and controls call admission to that network. SBC is exposed to a remote denial of service issue. Specifically, the vulnerability occurs when the device handles specially crafted TCP packets via TCP port 2000. Cisco SBC software versions prior to 3.0(2) are affected. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a80faa.shtml
  • 09.11.98 - CVE: Not Available
  • Platform: Network Device
  • Title: SMART Technologies SMART Board Unspecified Directory Traversal
  • Description: SMART Technologies SMART Board is an interactive whiteboard device. The device's embedded web server is exposed to an unspecified directory traversal issue because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/501602
  • 09.11.99 - CVE: Not Available
  • Platform: Network Device
  • Title: Addonics NAS Adapter "nas.cgi" Multiple Buffer Overflow Vulnerabilities
  • Description: Addonics NAS Adapter is a network storage device. NAS Adapter includes an embedded web server. NAS Adapter is exposed to multiple buffer overflow issues because it fails to perform adequate checks on user-supplied input. Specifically, these issues occur when handling long strings provided as parameters to the "nas.cgi" CGI application.
  • Ref: http://www.securityfocus.com/bid/34054

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Provided more depth on available tools than any other conference!
-Eric Moriak, Flowserve

SANS Northern Virginia Bootcamp

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT