@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) HIGH: Mozilla Firefox "_moveToEdgeShift" Remote Code Execution Vulnerability
• (2) HIGH: SAP AG SAPgui EAI WebViewer3D ActiveX Control Buffer Overflow Vulnerability
• (3) MODERATE: W3C Amaya "defer" Attribute Buffer Overflow Vulnerability
• (4) MODERATE: Ghostscript "pdf_base_font_alloc()" Buffer Overflow Vulnerability
• (5) MODERATE: Wireshark PN-DCP Dissector Data Processing Format String Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 09.14.1 - Microsoft GDI+ EMF
• 09.14.2 - Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities

Third Party Windows Apps

• 09.14.3 - PowerCHM ".HHP" File Stack Buffer Overflow
• 09.14.4 - Forte Agent XML File Handling Remote Buffer Overflow
• 09.14.5 - AtomixMP3 Malformed "m3u" Playlist File Buffer Overflow
• 09.14.6 - Trend Micro Internet Security 2008/9 IOCTL Request Local Privilege Escalation
• 09.14.7 - SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow

Linux

• 09.14.8 - SystemTap Local Privilege Escalation

Solaris

• 09.14.9 - OpenSolaris Module Debugger Process Cross Zone Local Privilege Escalation
• 09.14.10 - Sun Solaris "dircmp(1)" Insecure Temporary File Creation

Novell

• 09.14.11 - Novell NetStorage Multiple Remote Vulnerabilities

Cross Platform

• 09.14.12 - ldns "rr.c" Remote Buffer Overflow
• 09.14.13 - Mozilla Firefox XSL Parsing "root" XML Tag Remote Memory Corruption
• 09.14.14 - Lua Unspecified Bytecode Verifier Security
• 09.14.15 - Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
• 09.14.16 - Apple Safari XML Parser Nested XML Tag Remote Denial of Service
• 09.14.17 - UltraISO Multiple Security Vulnerabilities
• 09.14.18 - IBM DB2 Content Manager eClient Unspecified Security
• 09.14.19 - OpenSSL Multiple Vulnerabilities
• 09.14.20 - MIT Kerberos "NegTokenInit" Token Handling Remote Denial of Service
• 09.14.21 - IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
• 09.14.22 - PhotoStand BASE64 Administrator Nickname Cookie Authentication Bypass
• 09.14.23 - Squid Proxy Cache ICAP Adaptation Denial of Service
• 09.14.24 - Moodle TeX Filter Remote File Disclosure
• 09.14.25 - Abee CHM Maker "FileName" Stack Buffer Overflow
• 09.14.26 - IBM Tivoli Storage Manager Multiple Vulnerabilities
• 09.14.27 - Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
• 09.14.28 - Wireshark PN-DCP Data Format String
• 09.14.29 - HP OpenView Network Node Manager "OvOSLocale" Cookie Parameter Heap Buffer Overflow
• 09.14.30 - W3C Amaya HTML "script" Tag Buffer Overflow
• 09.14.31 - Openswan and strongSwan DPD Packet Remote Denial of Service
• 09.14.32 - Opera XML Parser Remote Buffer Overflow
• 09.14.33 - Nokia Siemens Networks Flexi ISN GGSN Multiple Authentication Bypass Vulnerabilities
• 09.14.34 - MapServer Multiple Remote Security Vulnerabilities
• 09.14.35 - Hitachi JP1/Cm2/Network Node Manager Shared Trace Service Denial of Service
• 09.14.36 - Sun Java System Calendar Server Duplicate URI Request Denial of Service

Web Application - Cross Site Scripting

• 09.14.37 - SAP MaxDB "webdbm" Multiple Cross-Site Scripting Vulnerabilities
• 09.14.38 - Drupal Wikitools Module Multiple Unspecified Cross-Site Scripting Vulnerabilities
• 09.14.39 - Drupal Feed Element Mapper Module Content Title Multiple Cross-Site Scripting Vulnerabilities
• 09.14.40 - Aurora FoodPro Nutritive Analysis Module Multiple Cross-Site Scripting Vulnerabilities
• 09.14.41 - My Simple Forum Local File Include and Cross-Site Scripting Vulnerabilities
• 09.14.42 - Cisco ASA Appliance WebVPN Cross-Site Scripting
• 09.14.43 - Bugzilla "attachment.cgi" Cross-Site Request Forgery
• 09.14.44 - Sun Java System Calendar Server "login.wcap" Cross-Site Scripting
• 09.14.45 - Sun Java System Calendar Server "command.shtml" Cross-Site Scripting

Web Application - SQL Injection

• 09.14.46 - CCCP Community Clan Portal Multiple SQL Injection Vulnerabilities
• 09.14.47 - Acute Control Panel SQL Injection Vulnerability and Remote File Include
• 09.14.48 - Simply Classified "adverts.php" SQL Injection
• 09.14.49 - Free PHP Petition Signing Script Login Page SQL Injection
• 09.14.50 - YAP Multiple SQL Injection Vulnerabilities
• 09.14.51 - glFusion Multiple SQL Injection Vulnerabilities
• 09.14.52 - iWare Multiple SQL Injection Vulnerabilities
• 09.14.53 - Arcadwy Arcade Script "user" Cookie Parameter SQL Injection
• 09.14.54 - Auth2DB Unspecified SQL Injection
• 09.14.55 - Xlight FTP Server "user" SQL Injection
• 09.14.56 - Diskos CMS Manager Multiple SQL Injection Vulnerabilities
• 09.14.57 - BandSite CMS "members.php" SQL Injection
• 09.14.58 - Family Connections Multiple SQL Injection Vulnerabilities
• 09.14.59 - JobHut "browse.php" SQL Injection
• 09.14.60 - Multiple Gravy Media Applications Multiple SQL Injection Vulnerabilities
• 09.14.61 - X-Forum "cookie_username" Cookie Parameter Multiple SQL Injection Vulnerabilities
• 09.14.62 - Community CMS "index.php" and "view.php" SQL Injection Vulnerabilities

Web Application

• 09.14.63 - phpMyAdmin "setup.php" PHP Code Injection
• 09.14.64 - JobHut "manageUser.php" Unauthorized Access
• 09.14.65 - webEdition CMS "WE_LANGUAGE" Parameter Local File Include
• 09.14.66 - WeBid "upldgallery.php" Arbitrary File Upload
• 09.14.67 - PHPizabi "modules/interact/file.php" Arbitrary File Upload
• 09.14.68 - Blogplus Multiple Local File Include Vulnerabilities
• 09.14.69 - Critical Path Presentation Server HTML Injection
• 09.14.70 - Arcadwy "register.php" HTML Injection
• 09.14.71 - Frog CMS Multiple Remote Vulnerabilities and Weaknesses
• 09.14.72 - Podcast Generator "core/admin/delete.php" Arbitrary File Deletion

Network Device

• 09.14.73 - Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities
• 09.14.74 - Cisco IOS Mobile IP/Mobile IPv6 Multiple Denial of Service Vulnerablities
• 09.14.75 - Cisco IOS Multiple Features TCP Packet Denial of Service
• 09.14.76 - Cisco IOS Multiple Features IP Sockets Denial of Service
• 09.14.77 - Cisco IOS Session Initiation Protocol Denial of Service
• 09.14.78 - Cisco IOS Cisco Tunneling Control Protocol Remote Denial of Service
• 09.14.79 - Cisco IOS Multiple Features UDP Packet Denial of Service
• 09.14.80 - Cisco IOS Secure Copy Remote Privilege Escalation
• 09.14.81 - InGate Firewall And SIParator Multiple Vulnerabilities

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 14, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 6825 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.14.1 - CVE: Not Available
• Platform: Windows
• Title: Microsoft GDI+ EMF
• Description: Microsoft GDI+ (graphics device interface) enables applications to use graphics and formatted text on the video display and on printers. GDI+ is exposed to a stack-based buffer overflow issue that occurs when an application that uses the library tries to process a specially-crafted EMF (Enhanced Metafile) image file. This issue is related to the "GpFont.SetData()" function. Ref: http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html

• 09.14.2 - CVE: Not Available
• Platform: Windows
• Title: Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities
• Description: Microsoft Windows Services for UNIX and Microsoft Subsystem for UNIX-based Applications are software packages available for Microsoft Windows operating systems that add compatibility services for UNIX-based applications and services. The applications are exposed to multiple remote code execution issues that arise due to unspecified errors in the "unlzh.c" and "unpack.c" gzip libraries.
• Ref: http://support.microsoft.com/kb/953602

• 09.14.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: PowerCHM ".HHP" File Stack Buffer Overflow
• Description: PowerCHM is an application used to generate Windows help files. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed ".HHP" files with excessive quantities of data in a [FILES] section header. PowerCHM version 5.7 is affected.
• Ref: http://www.securityfocus.com/archive/1/502207

• 09.14.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Forte Agent XML File Handling Remote Buffer Overflow
• Description: Agent is an integrated newsreader and email client. It is available for the Microsoft Windows platform. Agent is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing address book XML files containing large amounts of data as a value for the domain part of an email address. Agent versions 4.2.0.1118 and 5.0.0.1171 are affected.
• Ref: http://www.securityfocus.com/bid/34268

• 09.14.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: AtomixMP3 Malformed "m3u" Playlist File Buffer Overflow
• Description: AtomixMP3 is an application that allows users to edit and listen to MP3 file formats. It is available for Microsoft Windows. AtomixMP3 is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Specifically, the application fails to handle specially crafted ".m3u" playlist files. AtomixMP3 version 2.3 is affected.
• Ref: http://www.securityfocus.com/bid/34290

• 09.14.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Trend Micro Internet Security 2008/9 IOCTL Request Local Privilege Escalation
• Description: Trend Micro Internet Security 2008 and 2009 are security applications for Microsoft Windows platforms. The applications are exposed to a local privilege escalation issue in the "tmactmon.sys" driver. The problem occurs when handling a large buffer passed to IOCTL request 0x91004407. Internet Security and Internet Security Pro versions 2008 and 2009 are affected.
• Ref: http://www.securityfocus.com/archive/1/502314

• 09.14.7 - CVE: CVE-2007-4475
• Platform: Third Party Windows Apps
• Title: SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow
• Description: SAP AG SAPgui is a graphical user interface (GUI) included in various SAP applications. The application is exposed to a remote stack-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer).
• Ref: http://www.kb.cert.org/vuls/id/985449

• 09.14.8 - CVE: CVE-2009-0784
• Platform: Linux
• Title: SystemTap Local Privilege Escalation
• Description: SystemTap is an application that includes a command line interface and scripting language for analyzing a running Linux kernel. SystemTap is exposed to a local privilege escalation issue that arises due to a race condition error when kernel modules are loaded. SystemTap versions 0.0.20080705 and 0.0.20090314 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=489808

• 09.14.9 - CVE: Not Available
• Platform: Solaris
• Title: OpenSolaris Module Debugger Process Cross Zone Local Privilege Escalation
• Description: OpenSolaris is exposed to a local privilege escalation issue. This issue is triggered when an "mdb" (Module Debugger) process within the global zone attaches to a nonglobal zone process. A local, privileged user in the nonglobal zone may exploit this issue to execute arbitrary code within the context of the "mdb" process in the global zone. OpenSolaris versions prior to build snv_102 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-255608-1

• 09.14.10 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris "dircmp(1)" Insecure Temporary File Creation
• Description: Sun Solaris is an operating system developed by Sun Microsystems. The software creates temporary files in an insecure manner. This issue occurs in the "dircmp(1)" command. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in privilege escalation or cause a denial of service condition.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253468-1

• 09.14.11 - CVE: Not Available
• Platform: Novell
• Title: Novell NetStorage Multiple Remote Vulnerabilities
• Description: Novell NetStorage is exposed to multiple remote issues. Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial of service condition. Novell NetStorage version 3.1.5-19 on Open Enterprise Server (OES) and NetStorage versions 2.0.1 on NetWare 6.5 SP6 are affected.
• Ref: http://www.securityfocus.com/bid/34267

• 09.14.12 - CVE: Not Available
• Platform: Cross Platform
• Title: ldns "rr.c" Remote Buffer Overflow
• Description: ldns is a library used for DNS programming. The library is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Specifically, the issue exists in the "ldns_rr_new_from_str_internal()" function of the "rr.c" source file. ldns versions prior to 1.5.0 are affected.
• Ref: http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.1/Changelog

• 09.14.13 - CVE: CVE-2009-1169
• Platform: Cross Platform
• Title: Mozilla Firefox XSL Parsing "root" XML Tag Remote Memory Corruption
• Description: Mozilla Firefox is a web browser available for various operating systems. Firefox is exposed to a remote memory corruption issue because it fails to handle malformed XML files embedded in an HTML file. Specifically, the browser fails to handle specially crafted "root" tags contained in an XML file.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-12.html

• 09.14.14 - CVE: Not Available
• Platform: Cross Platform
• Title: Lua Unspecified Bytecode Verifier Security
• Description: Lua is an embeddable scripting language implemented in ANSI C. Lua is exposed to an unspecified security issue related to the bytecode verifier. Lua version 5.1.4 is affected.
• Ref: http://lua-users.org/lists/lua-l/2009-03/msg00039.html

• 09.14.15 - CVE: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107
• Platform: Cross Platform
• Title: Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
• Description: Sun Java Runtime Environment (JRE) allows users to run Java applications. JRE and Sun Java Development Kit are exposed to multiple security issues. Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial of service conditions. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779

• 09.14.16 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari XML Parser Nested XML Tag Remote Denial of Service
• Description: Apple Safari is a web browser for Mac OS X and Microsoft Windows. Safari is prone to a remote denial of service vulnerability that occurs when handling nested XML tags contained in an XML file. Apple Safari versions 3.2.2 and 4 Beta are affected.
• Ref: http://www.securityfocus.com/bid/34318

• 09.14.17 - CVE: CVE-2008-4825, CVE-2008-3871
• Platform: Cross Platform
• Title: UltraISO Multiple Security Vulnerabilities
• Description: UltraISO is an application used to handle CD and DVD images. The application is exposed to multiple issues. Attackers may leverage these issues to execute arbitrary code in the context of the application. UltraISO version 9.3.1.2633 is affected.
• Ref: http://secunia.com/secunia_research/2008-49/

• 09.14.18 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM DB2 Content Manager eClient Unspecified Security
• Description: IBM DB2 is a database server application designed to run on various platforms including Linux, AIX, Solaris, and Microsoft Windows. Content Manager provides imaging, digital asset management, Web content management and content integration. The software is exposed to an unspecified issue that affects the eClient component. IBM DB2 Content Manager version 8.4.1 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27015162

• 09.14.19 - CVE: CVE-2009-0590, CVE-2009-0591, CVE-2009-0789
• Platform: Cross Platform
• Title: OpenSSL Multiple Vulnerabilities
• Description: OpenSSL is an open-source implementation of the SSL protocol that is used by a number of other projects, including but not restricted to Apache, Sendmail, and Bind. It is commonly found on Linux and UNIX systems. OpenSSL is exposed to multiple issues. These issues may allow attackers to trigger denial of service conditions or bypass certain security checks. OpenSSL versions prior to 0.9.8k are affected.
• Ref: http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

• 09.14.20 - CVE: CVE-2009-0845
• Platform: Cross Platform
• Title: MIT Kerberos "NegTokenInit" Token Handling Remote Denial of Service
• Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network-authentication protocol. It is freely available and operates on numerous platforms. The application is exposed to a denial of service issue that affects the "spnego_gss_accept_sec_context()" function of the "src/lib/gssapi/spnego/spnego_mech.c" file and arises due to a NULL pointer dereference error when a specially-crafted "NegTokenInit" token containing certain ContextFlags is processed. MIT Kerberos 5 version 1.6.3 is affected. Ref: http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402

• 09.14.21 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
• Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. WAS for z/OS is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. This issue affects the administrative console. WAS version 7.0 for z/OS is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK82988

• 09.14.22 - CVE: Not Available
• Platform: Cross Platform
• Title: PhotoStand BASE64 Administrator Nickname Cookie Authentication Bypass
• Description: PhotoStand is a photo-blogging script. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Specifically, an attacker may create a cookie with the nickname of the administrator encoded in BASE64. PhotoStand version 1.2.0 is affected.
• Ref: http://www.securityfocus.com/bid/34262

• 09.14.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Squid Proxy Cache ICAP Adaptation Denial of Service
• Description: Squid is an open-source proxy server available for a number of platforms. Squid is exposed to a remote denial of service issue because it fails to adequately bounds check user-supplied data from an ICAP-server before copying it to an insufficiently sized buffer. This issue occurs in the "ICAPModXact::readMore()" function. The Squid version 3.x branch is affected.
• Ref: http://www.squid-cache.org/bugs/show_bug.cgi?id=2619

• 09.14.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Moodle TeX Filter Remote File Disclosure
• Description: Moodle is an open-source application for managing online courseware. It is freely available under the GNU Public license for UNIX and variants and for Microsoft Windows. Moodle supports an optional TeX filter for LaTeX processing. The TeX filter is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input passed as LaTeX commands.
• Ref: http://www.securityfocus.com/archive/1/502231

• 09.14.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Abee CHM Maker "FileName" Stack Buffer Overflow
• Description: Abee CHM Maker is an application used to generate Microsoft Compiled HTML Help (.chm) files. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed data in the "FileName" attribute of the CHM header. Abee CHM Maker version 1.9.5 is affected.
• Ref: http://www.securityfocus.com/bid/34279

• 09.14.26 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Tivoli Storage Manager Multiple Vulnerabilities
• Description: IBM Tivoli Storage Manager is an automated data backup and recovery solution. IBM Tivoli Storage Manager is exposed to multiple issues. Attackers can exploit these issues to cause denial of service conditions or bypass certain security restrictions. The impact of one of the issues is unknown. IBM Tivoli versions prior to 6.1 are affected.
• Ref: http://www.securityfocus.com/bid/34285

• 09.14.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
• Description: Firewall-1 is a commercially available enterprise firewall software package. The application is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. Specifically, these issues occur when attackers send excessively long HTTP "Authorization" and "Referer" headers to the service over TCP port 18264.
• Ref: http://www.securityfocus.com/archive/1/502256

• 09.14.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Wireshark PN-DCP Data Format String
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and UNIX-like operating systems. Wireshark is exposed to a format string issue. Specifically, this issue occurs when handling maliciously constructed PN-DCP (PROFINET Discovery and basic Configuration Protocol) data. Wireshark version 1.0.6 is affected.
• Ref: http://www.securityfocus.com/bid/34291

• 09.14.29 - CVE: CVE-2009-0920
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager "OvOSLocale" Cookie Parameter Heap Buffer Overflow
• Description: HP OpenView Network Node Manager is a fault-management application for IP networks. The application is exposed to a stack-based buffer overflow issue because it fails to adequately bounds check user-supplied input before copying it to insufficiently sized buffers. Specifically, the issue occurs when an overly large string is passed to "Toolbar.exe" with a large "OvOSLocale" cookie parameter via an HTTP request. HP OpenView Network Node Manager versions 7.51, 7.53, and 7.53 with patch NNM_01195 are affected.
• Ref: http://www.securityfocus.com/archive/1/502094

• 09.14.30 - CVE: Not Available
• Platform: Cross Platform
• Title: W3C Amaya HTML "script" Tag Buffer Overflow
• Description: W3C Amaya is a freely available web browser and editor that runs on multiple platforms. Amaya is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when handling long strings given as the "defer" attribute to an HTML "script" tag. Amaya version 11.1 is affected.
• Ref: http://www.securityfocus.com/bid/34295

• 09.14.31 - CVE: CVE-2009-0790
• Platform: Cross Platform
• Title: Openswan and strongSwan DPD Packet Remote Denial of Service
• Description: Openswan and strongSwan are open-source implementations of IPSec and an IPSec VPN for Linux. The applications are exposed to a remote denial of service issue. Specifically, the issue stems from a NULL-pointer dereference triggered by specially-crafted R_U_THERE or R_U_THERE_ACK Dead Peer Detection (DPD) UDP packets.
• Ref: http://www.securityfocus.com/archive/1/502270

• 09.14.32 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera XML Parser Remote Buffer Overflow
• Description: Opera is a web browser for multiple operating systems. Opera is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. Opera version 9.64 is affected.
• Ref: http://www.securityfocus.com/bid/34298

• 09.14.33 - CVE: Not Available
• Platform: Cross Platform
• Title: Nokia Siemens Networks Flexi ISN GGSN Multiple Authentication Bypass Vulnerabilities
• Description: Nokia Siemens Networks Flexi ISN GGSN (GPRS (General Packet Radio Service) Gateway Service Node) is a device used for P2P traffic management and data charging. The device is exposed to multiple authentication bypass issues because its web-based management interface application fails to restrict access to the following administrative scripts: "cgi-bin/aaa.tcl?", "cgi-bin/aggr_config.tcl?", "opt/cgi-bin/ggsn/cgi.tcl": "page" parameter "opt/cgi-bin/services.tcl": "instance" parameter. Flexi ISN GGSN running FISN version 3.1 is affected.
• Ref: http://www.securityfocus.com/bid/34299

• 09.14.34 - CVE: CVE-2009-0839, CVE-2009-0840, CVE-2009-0841,CVE-2009-0843, CVE-2009-0842
• Platform: Cross Platform
• Title: MapServer Multiple Remote Security Vulnerabilities
• Description: MapServer is a development environment for building spatially enabled Internet applications. The application is available for various platforms. Attackers can exploit these issues to obtain sensitive information, create files in arbitrary locations, execute arbitrary code within the context of the affected application, or crash the application, denying service to legitimate users. MapServer versions prior to 4.10.4 and 5.2.2 are affected.
• Ref: http://www.positronsecurity.com/advisories/2009-000.html

• 09.14.35 - CVE: Not Available
• Platform: Cross Platform
• Title: Hitachi JP1/Cm2/Network Node Manager Shared Trace Service Denial of Service
• Description: Hitachi JP1/Cm2/Network Node Manager are exposed to a denial of service issue affecting Shared Trace Service. Attackers can exploit this issue to disrupt services, denying service to legitimate users. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-004/index.html

• 09.14.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java System Calendar Server Duplicate URI Request Denial of Service
• Description: Sun Java System Calendar Server is an application for managing events, tasks, and resources. The application is exposed to a denial of service issue because it fails to handle certain duplicate URI requests. Specifically, sending multiple HTTP requests with the "tzid" parameter set to the samearbitrary value will cause the server to become unresponsive.
• Ref: http://www.securityfocus.com/archive/1/502320

• 09.14.37 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SAP MaxDB "webdbm" Multiple Cross-Site Scripting Vulnerabilities
• Description: SAP MaxDB is a database application. It is available for multiple platforms. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "Database", "User", and "Password" parameters of the "webdbm" CGI process.
• Ref: http://www.securityfocus.com/archive/1/502318

• 09.14.38 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Drupal Wikitools Module Multiple Unspecified Cross-Site Scripting Vulnerabilities
• Description: Wikitools is a module for the Drupal content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to unspecified parameters of unspecified pages.
• Ref: http://drupal.org/node/413714

• 09.14.39 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Drupal Feed Element Mapper Module Content Title Multiple Cross-Site Scripting Vulnerabilities
• Description: Feed Element Mapper is a module for the Drupal content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to unspecified content titles of unspecified pages.
• Ref: http://drupal.org/node/414702

• 09.14.40 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Aurora FoodPro Nutritive Analysis Module Multiple Cross-Site Scripting Vulnerabilities
• Description: Aurora FoodPro is an application for managing food production, planning and control. It is implemented in ASP. The Nutritive Analysis module of the application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "locationName" parameter of the "nutframe.asp" and "Menusamp.asp" scripts.
• Ref: http://www.securityfocus.com/archive/1/502238

• 09.14.41 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: My Simple Forum Local File Include and Cross-Site Scripting Vulnerabilities
• Description: My Simple Forum is a web-based application implemented in PHP. The application is exposed to multiple input validation issues. An attacker can exploit the local file include issue using directory traversal strings to view local files and execute local scripts within the context of the webserver process. My Simple Forum version 7.1 is affected.
• Ref: http://www.securityfocus.com/bid/34280

• 09.14.42 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Cisco ASA Appliance WebVPN Cross-Site Scripting
• Description: Cisco ASA appliances provide security services such as a firewall, intrusion prevention system, and virtual private networking. The Clientless SSL VPN (WebVPN) component of Cisco ASA is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input through the HTTP HOST header. Cisco ASA 5520 running IOS version 7.2(2)22 is affected.
• Ref: http://www.securityfocus.com/archive/1/502313

• 09.14.43 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Bugzilla "attachment.cgi" Cross-Site Request Forgery
• Description: Bugzilla is a freely available, open-source bug tracker available for Linux, UNIX, and Microsoft Windows. The application is exposed to a cross-site request forgery issue because the "attachment.cgi" script fails to properly validate requests. Bugzilla versions prior to 3.2.3 and 3.3.4 are affected.
• Ref: http://www.bugzilla.org/security/3.2.2/

• 09.14.44 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Sun Java System Calendar Server "login.wcap" Cross-Site Scripting
• Description: Sun Java System Calendar Server is an application for managing events, tasks, and resources. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "login.wcap" script via TCP port 3443.
• Ref: http://www.coresecurity.com/content/sun-calendar-express

• 09.14.45 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Sun Java System Calendar Server "command.shtml" Cross-Site Scripting
• Description: Sun Java System Calendar Server is an application for managing events, tasks, and resources. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "command.shtml" script via TCP port 3443.
• Ref: http://www.coresecurity.com/content/sun-calendar-express

• 09.14.46 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: CCCP Community Clan Portal Multiple SQL Injection Vulnerabilities
• Description: CCCP Community Code Portal is a web portal application implemented in PHP. The application is exposed to multiple SQL injection issues. Specifically input passed to the "subject", "language", and "nickname" parameters of the "php/cccp-pages/submit.php" script is not sanitized before using it in a SQL-query. CCCP Community Clan Portal versions prior to 2.80 are affected.
• Ref: http://www.securityfocus.com/bid/34264

• 09.14.47 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Acute Control Panel SQL Injection Vulnerability and Remote File Include
• Description: Acute Control Panel is a web-based control panel application. The application is exposed to multiple input validation issues. A successful exploit may allow an attacker to execute malicious code within the context of the webserver process, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Acute Control Panel version 1.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/34265

• 09.14.48 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Simply Classified "adverts.php" SQL Injection
• Description: Simply Classified is a PHP-based classifieds application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Specifically, it fails to properly sanitize the "category_id" parameter of the "adverts.php" script. Simply Classified version 0.2 is affected.
• Ref: http://www.securityfocus.com/bid/34271

• 09.14.49 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Free PHP Petition Signing Script Login Page SQL Injection
• Description: Free PHP Petition Signing Script is a petition application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" textbox when logging into the affected application.
• Ref: http://www.securityfocus.com/bid/34273

• 09.14.50 - CVE: CVE-2009-1038
• Platform: Web Application - SQL Injection
• Title: YAP Multiple SQL Injection Vulnerabilities
• Description: YAP is a web-based application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. YAP version 1.1.1 is affected.
• Ref: http://www.securityfocus.com/bid/34274

• 09.14.51 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: glFusion Multiple SQL Injection Vulnerabilities
• Description: glFusion is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "order" and "direction" parameters in the "private/system/classes/listfactory.class.php" script. glFusion versions 1.1.2 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/34281

• 09.14.52 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: iWare Multiple SQL Injection Vulnerabilities
• Description: iWare is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "D", "id" and "category" parameters in the "index.php" script. iWare version 5.0.4 is affected.
• Ref: http://www.securityfocus.com/bid/34282

• 09.14.53 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Arcadwy Arcade Script "user" Cookie Parameter SQL Injection
• Description: Arcadwy Arcade Script is a PHP-based application for creating entertainment sites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" cookie parameter used to log in to the application.
• Ref: http://www.securityfocus.com/bid/34284

• 09.14.54 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Auth2DB Unspecified SQL Injection
• Description: Auth2db is used to parse auth.log files from intrusion detection systems and store them into a MySQL database. It also includes log viewing and alerting functionality. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. This issue arises when multibyte character encodings are handled. Auth2DB versions prior to 0.2.7 are affected.
• Ref: http://www.securityfocus.com/bid/34287

• 09.14.55 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Xlight FTP Server "user" SQL Injection
• Description: Xlight FTP Server is an FTP server for Windows. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" field before using it in an SQL query. Xlight FTP Server versions prior to 3.2.1 are affected.
• Ref: http://www.securityfocus.com/bid/34288

• 09.14.56 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Diskos CMS Manager Multiple SQL Injection Vulnerabilities
• Description: Diskos CMS Manager is an ASP-based content manager. The application is exposed to multiple SQL injection issues. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/34289

• 09.14.57 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: BandSite CMS "members.php" SQL Injection
• Description: BandSite CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "memid" parameter of the "members.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/34292

• 09.14.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Family Connections Multiple SQL Injection Vulnerabilities
• Description: Family Connections is a web-based application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Family Connections version 1.8.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/502272

• 09.14.59 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: JobHut "browse.php" SQL Injection
• Description: BandSite CMS is a PHP-based job board application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pk" parameter of the "browse.php" script before using it in an SQL query. JobHut version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/34300

• 09.14.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Multiple Gravy Media Applications Multiple SQL Injection Vulnerabilities
• Description: Gravy Media CMS and Gravy Media's Photo Host are web-based applications. The applications are exposed to multiple SQL injection issues because they fail to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Gravy Media's Photo Host version 1.0.7 and Gravy Media CMS version 1.0 are affected.
• Ref: http://www.securityfocus.com/bid/34301

• 09.14.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: X-Forum "cookie_username" Cookie Parameter Multiple SQL Injection Vulnerabilities
• Description: X-Forum is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cookie_username" cookie parameter of the "Configure.php" and "SaveConfig.php" scripts. This data is then used in an SQL statement in the "xforum_validateUser()" function of the "Common.php" script. X-Forum version 0.6.2 is affected.
• Ref: http://www.securityfocus.com/bid/34302

• 09.14.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Community CMS "index.php" and "view.php" SQL Injection Vulnerabilities
• Description: Community CMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Community CMS version 0.5 is affected.
• Ref: http://www.securityfocus.com/archive/1/502276

• 09.14.63 - CVE: Not Available
• Platform: Web Application
• Title: phpMyAdmin "setup.php" PHP Code Injection
• Description: phpMyAdmin is a PHP-based web application. phpMyAdmin is exposed to an issue that lets attackers inject arbitrary PHP code. The issue occurs because the application fails to properly sanitize user-supplied input to the "setup.php" script. An attacker may exploit this issue to write arbitrary PHP commands to the configuration file generated by the affected script. phpMyAdmin versions prior to 2.11.9.5 and 3.1.3.1 are affected.
• Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php

• 09.14.64 - CVE: Not Available
• Platform: Web Application
• Title: JobHut "manageUser.php" Unauthorized Access
• Description: JobHut is a PHP-based job site application. The application is exposed to an access validation issue because it fails to properly restrict access to the "manageUser.php" script. JobHut version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/34321

• 09.14.65 - CVE: Not Available
• Platform: Web Application
• Title: webEdition CMS "WE_LANGUAGE" Parameter Local File Include
• Description: webEdition is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "WE_LANGUAGE" parameter of the "index.php" script. webEdition CMS version 6.0.0.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/502315

• 09.14.66 - CVE: Not Available
• Platform: Web Application
• Title: WeBid "upldgallery.php" Arbitrary File Upload
• Description: WeBid is an auction script implemented in PHP. WeBid is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. Specifically, the application fails to sufficiently sanitize file extensions before uploading files via the "upldgallery.php" script. WeBid versions 0.7.3 RC9 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/34254

• 09.14.67 - CVE: Not Available
• Platform: Web Application
• Title: PHPizabi "modules/interact/file.php" Arbitrary File Upload
• Description: PHPizabi is a social-networking application implemented in PHP. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. PHPizabi versions 0.848b C1 HFP1 to .848b C1 HFP3 are affected.
• Ref: http://www.securityfocus.com/bid/34255

• 09.14.68 - CVE: Not Available
• Platform: Web Application
• Title: Blogplus Multiple Local File Include Vulnerabilities
• Description: Blogplus a weblog application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory traversal strings to view local files and execute local scripts within the context of the webserver process. Blogplus version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/34261

• 09.14.69 - CVE: Not Available
• Platform: Web Application
• Title: Critical Path Presentation Server HTML Injection
• Description: Critical Path Presentation Server is a mobile phone messaging solution. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue arises when the application handles specially-crafted email messages.
• Ref: http://www.securityfocus.com/bid/34270

• 09.14.70 - CVE: Not Available
• Platform: Web Application
• Title: Arcadwy "register.php" HTML Injection
• Description: Arcadwy is a game content manager implemented in PHP. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, the issue affects the "username" textbox of the "register.php" script.
• Ref: http://www.securityfocus.com/bid/34275

• 09.14.71 - CVE: Not Available
• Platform: Web Application
• Title: Frog CMS Multiple Remote Vulnerabilities and Weaknesses
• Description: Frog CMS is a PHP-based content manager. Frog CMS is exposed to multiple remote issues. An attacker can exploit these issues to execute arbitrary script code, steal cookie-based authentication credentials, enumerate through valid email addresses, view arbitrary files, and create user accounts. Frog CMS version 0.9.4 is affected.
• Ref: http://www.securityfocus.com/bid/34293

• 09.14.72 - CVE: Not Available
• Platform: Web Application
• Title: Podcast Generator "core/admin/delete.php" Arbitrary File Deletion
• Description: Podcast Generator is a PHP-based podcasting script. The application is exposed to an issue that lets attackers delete arbitrary files on the affected computer in the context of the webserver. This issue affects the "core/admin/delete.php" script. Podcast Generator version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/34317

• 09.14.73 - CVE: CVE-2009-0628, CVE-2009-0627
• Platform: Network Device
• Title: Cisco IOS WebVPN/SSLVPN Multiple Denial of Service Vulnerabilities
• Description: Cisco IOS is exposed to multiple remote denial of service issues. Successfully exploiting these issues allows remote attackers to cause targeted device to crash, denying service to legitimate users. Ref: http://www.cisco.com/en/US/products/products_security_advisories_listing.html

• 09.14.74 - CVE: CVE-2009-0633, CVE-2009-0634
• Platform: Network Device
• Title: Cisco IOS Mobile IP/Mobile IPv6 Multiple Denial of Service Vulnerablities
• Description: Cisco IOS is exposed to multiple remote denial of service issues. Successfully exploiting these issues allows remote attackers to crash the targeted device, denying service to legitimate users. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml

• 09.14.75 - CVE: CVE-2009-0629
• Platform: Network Device
• Title: Cisco IOS Multiple Features TCP Packet Denial of Service
• Description: Multiple features of Cisco IOS (Internetwork Operating System) are exposed to a denial of service issue when handling specially-crafted TCP packets. To exploit this issue, attackers must complete a three-way handshake to associated TCP ports of the affected IOS features.
• Ref: http://www.securityfocus.com/archive/1/502162

• 09.14.76 - CVE: CVE-2009-0630
• Platform: Network Device
• Title: Cisco IOS Multiple Features IP Sockets Denial of Service
• Description: Cisco IOS is exposed to a remote denial of service issue that can be triggered by malformed IP packets. A remote attacker may exploit this issue to cause excessive CPU utilization or memory consumption, to cause the affected device to reload, or to cause the affected device to refuse new connections.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml

• 09.14.77 - CVE: CVE-2009-0636
• Platform: Network Device
• Title: Cisco IOS Session Initiation Protocol Denial of Service
• Description: Cisco IOS is exposed to a remote denial of service issue that occurs when handling specially crafted SIP messages. An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c0.shtml

• 09.14.78 - CVE: CVE-2009-0635
• Platform: Network Device
• Title: Cisco IOS Cisco Tunneling Control Protocol Remote Denial of Service
• Description: Cisco IOS (Internetwork Operating System) is exposed to a denial of service issue that exists in devices configured as an Easy VPN with cTCP (Cisco Tunneling Control Protocol) enabled. An attacker can exploit this issue by sending multiple TCP packets to the affected device. Ref: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a90463.html

• 09.14.79 - CVE: CVE-2009-0631
• Platform: Network Device
• Title: Cisco IOS Multiple Features UDP Packet Denial of Service
• Description: Multiple features of Cisco IOS (Internetwork Operating System) are prone to a denial of service issue when handling specially crafted UDP packets. Attackers can leverage this issue to block the input queue on an inbound interface. An attacker can exploit this issue to trigger an affected device to block an interface and silently drop packets, causing denial of service conditions. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90426.shtml#@ID

• 09.14.80 - CVE: CVE-2009-0637
• Platform: Network Device
• Title: Cisco IOS Secure Copy Remote Privilege Escalation
• Description: Cisco IOS is exposed to a remote privilege escalation issue that occurs in the Secure Copy (SCP) server. Specifically, authenticated users with a CLI view may exploit this issue to read or write to any file on the affected computer.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml

• 09.14.81 - CVE: Not Available
• Platform: Network Device
• Title: InGate Firewall And SIParator Multiple Vulnerabilities
• Description: Ingate Firewalls are hardware firewall devices that support Session Initiation Protocol (SIP) via SIParator SIP-based communication devices. InGate Firewall And SIParator are exposed to multiple issues that may allow attackers to trigger denial of service conditions or bypass certain security checks. Ingate Firewalls versions prior to 4.7.1 are affected.
• Ref: http://www.ingate.com/Relnote.php?ver=471

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organ