@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Microsoft Office PowerPoint Remote Code Execution Vulnerability
• (2) CRITICAL: VMWare Hosted Products Multiple Vulnerabilities
• (3) HIGH: Novell Client/NetIdentity Agent Remote Code Execution Vulnerability
• (4) HIGH: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Vulnerability
• (5) HIGH: ClamAV Multiple Vulnerabilities
• (6) MODERATE: IrfanView Formats Plug-in XPM Handling Integer Overflow Vulnerability
• (7) MODERATE: Xine-lib STTS QuickTime Atom Handling Integer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Microsoft Office

• 09.15.1 - Microsoft PowerPoint File Parsing Remote Code Execution

Third Party Windows Apps

• 09.15.2 - PrecisionID Data Matrix Barcode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
• 09.15.3 - Xfig Multiple Insecure Temporary File Creation Vulnerabilities
• 09.15.4 - Fortinet FortiClient VPN Connection Name Local Format String
• 09.15.5 - Autodesk IDrop ActiveX Control "IDrop.ocx" Multiple Heap Memory Corruption Vulnerabilities
• 09.15.6 - UltraISO CCD and IMG File Buffer Overflow
• 09.15.7 - Particle Software IntraLaunch ActiveX Control Remote Code Execution
• 09.15.8 - Unsniff Network Analyzer ".usnf" File Heap-Based Buffer Overflow
• 09.15.9 - UltraISO ".ui" ISO Project File Buffer Overflow
• 09.15.10 - Xpdf Search Path Local Privilege Escalation
• 09.15.11 - JustSystems Ichitaro RTF File Buffer Overflow

Linux

• 09.15.12 - Linux Kernel "/proc/net/udp" Local Denial of Service
• 09.15.13 - Linux Kernel "EFER_LME" Local Denial of Service
• 09.15.14 - Linux Kernel "NFS filename" Local Denial of Service
• 09.15.15 - Linux Kernel "exit_notify()" CAP_KILL Verification Local Privilege Escalation
• 09.15.16 - multipath-tools "multipathd" Local Denial of Service
• 09.15.17 - Tunapie Insecure Temporary File Creation
• 09.15.18 - Tunapie Stream URI Remote Command Execution

Unix

• 09.15.19 - mpg123 "store_id3_text()" Memory Corruption
• 09.15.20 - MoinMoin 1.6.1 Multiple Remote Vulnerabilities
• 09.15.21 - OpenAFS Unix Cache Manager Heap-Based Buffer Overflow

Novell

• 09.15.22 - Novell NetIdentity Agent "XTIERRPCPIPE" Remote Code Execution

Cross Platform

• 09.15.23 - IBM WebSphere Application Server Username Token Option Session Hijacking
• 09.15.24 - pam_ssh Existing/Non-Existing Username Enumeration Weakness
• 09.15.25 - QtWeb Browser Malformed HTML File Remote Denial of Service
• 09.15.26 - BibTeX ".bib" File Handling Memory Corruption
• 09.15.27 - XBMC Multiple Remote Buffer Overflow Vulnerabilities
• 09.15.28 - Ghostscript "CCITTFax" Decoding Filter Denial of Service
• 09.15.29 - Ghostscript "gdevpdtb.c" Buffer Overflow
• 09.15.30 - ClamAV RAR File Scan Evasion
• 09.15.31 - IBM Proventia RAR File Scan Evasion
• 09.15.32 - Asterisk Authentication SIP Response Remote Information Disclosure
• 09.15.33 - ClamAV Multiple Remote Denial of Service Vulnerabilities
• 09.15.34 - IBM WebSphere Application Server File Permission
• 09.15.35 - VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
• 09.15.36 - xine-lib STTS Quicktime Atom Remote Buffer Overflow
• 09.15.37 - TYPO3 Directory Listing Unspecified Directory Traversal
• 09.15.38 - W3C Amaya HTML "ParseCharsetAndContentType()" Buffer Overflow
• 09.15.39 - IrfanView FORMATS Plugin XPM Format Handling Remote Buffer Overflow
• 09.15.40 - OpenAFS Error Codes Remote Denial of Service
• 09.15.41 - MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
• 09.15.42 - MIT Kerberos "asn1_decode_generaltime()" Uninitialized Pointer Memory Corruption
• 09.15.43 - Little CMS Null Pointer Dereference Denial of Service
• 09.15.44 - Apache Tomcat mod_jk Content Length Information Disclosure

Web Application - Cross Site Scripting

• 09.15.45 - Turnkey eBook Store "keywords" Parameter Cross-Site Scripting
• 09.15.46 - SAP Business Objects Crystal Reports "viewreport.asp" Cross-Site Scripting
• 09.15.47 - XOOPS Cube Legacy Multiple Cross-Site Scripting Vulnerabilities
• 09.15.48 - Joomla! Prior to 1.5.10 Multiple Cross-Site Scripting Vulnerabilities
• 09.15.49 - glFusion Unspecified Cross-Site Scripting
• 09.15.50 - TYPO3 Visitor Tracking Extension Unspecified Cross-Site Scripting
• 09.15.51 - TYPO3 Userdata Create/Edit Extension Unspecified Cross-Site Scripting
• 09.15.52 - Apache mod_perl "Apache::Status" and "Apache2::Status" Cross-Site Scripting
• 09.15.53 - Apache Struts Unspecified Cross-Site Scripting

Web Application - SQL Injection

• 09.15.54 - MyioSoft Ajax Portal "ajaxp_backend.php" SQL Injection
• 09.15.55 - Q2 Solutions ConnX "frmLoginPwdReminderPopup.aspx" SQL Injection
• 09.15.56 - 4CMS SQL Injection and Local File Include Vulnerabilities
• 09.15.57 - glFusion "SESS_getUserIdFromSession()" SQL Injection
• 09.15.58 - Joomla! RD-Autos Component "makeid" Parameter SQL Injection
• 09.15.59 - form2list "page.php" Parameter SQL Injection
• 09.15.60 - Family Connections "fcms_login_id" Cookie Parameter SQL Injection
• 09.15.61 - Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution
• 09.15.62 - AdaptBB "topic_id" Parameter SQL Injection
• 09.15.63 - TYPO3 ultraCards Unspecified SQL Injection
• 09.15.64 - TYPO3 Versatile Calendar Extension Unspecified SQL Injection
• 09.15.65 - ConnX "frmLoginPwdReminderPopup.aspx" SQL Injection
• 09.15.66 - Joomla! BookJoomlas Component "gbid" Parameter SQL Injection
• 09.15.67 - FlexCMS "ItemId" Parameter SQL Injection

Web Application

• 09.15.68 - Hitachi Groupmax World Wide Web Desktop Multiple Unauthorized Access Vulnerabilities
• 09.15.69 - Hitachi uCosminexus Portal Framework Multiple Vulnerabilities
• 09.15.70 - Access Analyzer CGI Unspecified Privilege Escalation
• 09.15.71 - KoschtIT Image Gallery "file" Parameter Multiple Local File Include Vulnerabilities
• 09.15.72 - OpenX Prior to 2.8 Multiple Input Validation Vulnerabilities
• 09.15.73 - TinyPHPForum Directory Traversal
• 09.15.74 - Atlassian JIRA Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
• 09.15.75 - File Thingie ".sql" Extension Arbitrary File Upload
• 09.15.76 - osCommerce "oscid" Session Fixation
• 09.15.77 - Asbru Web Content Management SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.15.78 - TinyPHPForum Avatar Upload Arbitrary File Upload
• 09.15.79 - BlogMan "Title" HTML Injection
• 09.15.80 - ActiveKB "Panel" Parameter Local File Include
• 09.15.81 - The Tricky.net Joomla! Messaging Component "controller" Parameter Local File Include
• 09.15.82 - Family Connections "fcms/upload.php" Arbitrary File Upload
• 09.15.83 - TYPO3 ClickStream Analyzer Information Disclosure
• 09.15.84 - TYPO3 Store Locator Extension SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.15.85 - Web Help Desk Multiple HTML Injection Vulnerabilities
• 09.15.86 - vBulletin Admin Control Panel Multiple HTML Injection Vulnerabilities
• 09.15.87 - iDB "skin" Parameter Local File Include
• 09.15.88 - Lanius CMS "upload.php" Arbitrary File Upload

Network Device

• 09.15.89 - ContentKeeper Versions 125.09 and Prior Multiple Remote Vulnerabilites

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 15, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 6869 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.15.1 - CVE: CVE-2009-0556
• Platform: Microsoft Office
• Title: Microsoft PowerPoint File Parsing Remote Code Execution
• Description: Microsoft PowerPoint is exposed to a remote code execution issue. The vulnerability is caused by an error when the application parses a PowerPoint file. Specifically, an object that is created during the file parsing will be incorrectly de-referenced. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
• Ref: http://www.kb.cert.org/vuls/id/627331

• 09.15.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: PrecisionID Data Matrix Barcode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
• Description: PrecisionID Data Matrix Barcode ActiveX Control is used to create barcode images. The application is exposed to multiple issues that allow attackers to overwrite arbitrary local files. Specifically, the "SaveBarCode()" and "SaveEnhWMF()" methods of the vulnerable control will overwrite files in an insecure manner.
• Ref: http://www.securityfocus.com/archive/1/502319

• 09.15.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Xfig Multiple Insecure Temporary File Creation Vulnerabilities
• Description: Xfig is a drawing application for X Windows. The application is exposed to multiple insecure temporary file creation issues. An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting temporary files in the context of the affected application.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1609

• 09.15.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Fortinet FortiClient VPN Connection Name Local Format String
• Description: Fortinet FortiClient is an end-point security suite for Microsoft Windows. The application is exposed to a local format string issue because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function. This issue occurs when a VPN connection is initiated with specially crafted strings as input to the VPN connection name. FortiClient version 3.0.614 is affected.
• Ref: http://www.securityfocus.com/archive/1/502354

• 09.15.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Autodesk IDrop ActiveX Control "IDrop.ocx" Multiple Heap Memory Corruption Vulnerabilities
• Description: Autodesk IDrop ActiveX control gives users the ability to drag-n-drop content from the web straight into their drawing session. The application is exposed to multiple heap memory corruption issues that affect the "Src", "Background" and "PackageXml" properties of the "IDrop.ocx" ActiveX control. Autodesk IDrop ActiveX control version 17.1.51.160 is affected.
• Ref: http://www.securityfocus.com/archive/1/502414

• 09.15.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: UltraISO CCD and IMG File Buffer Overflow
• Description: UltraISO is an application for handling CD/DVD images; it is available for Microsoft Windows. UltraISO is exposed to a remote buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Specifically, this issue occurs when the application handles CCD or IMG files with excessively long strings. UltraISO version 9.3.3.2685 is affected.
• Ref: http://www.securityfocus.com/bid/34363

• 09.15.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Particle Software IntraLaunch ActiveX Control Remote Code Execution
• Description: Particle Software IntraLaunch ActiveX Control is an ActiveX control used to launch arbitrary local applications or file associations. The control is exposed to a remote code execution issue due to a failure to restrict access to sensitive methods. An attacker can exploit this issue to execute arbitrary code in the context of the application using the vulnerable ActiveX control (typically Internet Explorer).
• Ref: http://www.kb.cert.org/vuls/id/908801

• 09.15.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Unsniff Network Analyzer ".usnf" File Heap-Based Buffer Overflow
• Description: Unsniff Network Analyzer is a network traffic analysis tool for the Microsoft Windows operating system. Unsniff Network Analyzer is exposed to a heap-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. This issue can be triggered with a specially crafted ".usnf" file. Unsniff Network Analyzer version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/34396

• 09.15.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: UltraISO ".ui" ISO Project File Buffer Overflow
• Description: UltraISO is an application for handling CD/DVD images; it is available for Microsoft Windows. UltraISO is exposed to a remote buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Specifically, this issue occurs when the application handles malformed ".ui" ISO Project Files. UltraISO version 9.3.3.2685 is affected.
• Ref: http://www.securityfocus.com/bid/34398

• 09.15.10 - CVE: CVE-2009-1144
• Platform: Third Party Windows Apps
• Title: Xpdf Search Path Local Privilege Escalation
• Description: Xpdf is an open-source implementation of a PDF viewer for the X Window System. Xpdf is exposed to a local privilege escalation issue. This issue occurs because the application uses the "xpdfrc" configuration file from the current working directory if the file is not found in a user's home directory. Xpdf version 3.02 is affected.
• Ref: http://www.securityfocus.com/bid/34401

• 09.15.11 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: JustSystems Ichitaro RTF File Buffer Overflow
• Description: Ichitaro is a word processor available for Microsoft Windows. The application is exposed to a remote buffer overflow issue. Attackers may exploit this issue by enticing a victim to open a maliciously crafted RTF (Rich Text Format) document. Successful exploitation will allow an attacker to execute arbitrary code within the context of the vulnerable application. Ichitaro versions 2009 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/34403

• 09.15.12 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "/proc/net/udp" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue that presents itself when zero bytes are read from the "/proc/net/udp" file or from similar files using the "seq_file" udp infrastructure.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1607

• 09.15.13 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "EFER_LME" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue because the "vmx_set_msr()" function fails to restrict i386 guests from using the AMD64-specific EFER (Extended Feature Enable Register) through the "default:" label. Linux kernel versions from 2.6.19 to 2.6.29 are affected.
• Ref: http://patchwork.kernel.org/patch/15549/

• 09.15.14 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "NFS filename" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly enforce the length of the NFS filename contained in the "nfs_server" structure. This issue occurs in the "nfs_probe_fsinfo()" and "nfs_init_server()".
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=494074

• 09.15.15 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "exit_notify()" CAP_KILL Verification Local Privilege Escalation
• Description: The Linux kernel is exposed to a local privilege escalation issue because it fails to perform adequate checks involving the CAP_KILL capability. This issue occurs in the "exit_notify()" function of the "kernel/exit.c" source file. Linux kernel versions prior to 2.6.29-git14 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=493771

• 09.15.16 - CVE: CVE-2009-0115
• Platform: Linux
• Title: multipath-tools "multipathd" Local Denial of Service
• Description: multipath-tools is an application used to streamline access to devices available by multiple paths. It is available for Linux. multipath-tools is exposed to a local denial of service issue. This issue is due to a failure to restrict access to the socket file "/var/run/multipathd.sock".
• Ref: http://www.securityfocus.com/bid/34410

• 09.15.17 - CVE: CVE-2009-1253
• Platform: Linux
• Title: Tunapie Insecure Temporary File Creation
• Description: Tunapie is a tuner application for streamed audio and video content. It is available for Linux. The application uses temporary files in an insecure manner. An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Tunapie version 2.1 is affected.
• Ref: http://www.securityfocus.com/bid/34417

• 09.15.18 - CVE: CVE-2009-1254
• Platform: Linux
• Title: Tunapie Stream URI Remote Command Execution
• Description: Tunapie is a tuner application for streaming audio and video content. It is available for Linux. Tunapie is exposed to a remote command execution issue because it fails to perform adequate checks on user-supplied input. Specifically, this error occurs when handling malformed stream URIs. Tunapie version 2.1 is affected.
• Ref: http://www.securityfocus.com/bid/34418

• 09.15.19 - CVE: Not Available
• Platform: Unix
• Title: mpg123 "store_id3_text()" Memory Corruption
• Description: The mpg123 application is a media player for UNIX/Linux variants. mpg123 is exposed to a memory corruption issue because it fails to properly bounds check user-supplied input before copying it into a finite-sized buffer. Specifically, the vulnerability affects the "store_id3_text()" function of the "libmpg123/id3.c" file and arises when a specially-crafted ID3 tag in a file is handled. mpg123 versions 1.7.1 and earlier are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=673696&group_id=135704

• 09.15.20 - CVE: CVE-2008-6549, CVE-2008-6548
• Platform: Unix
• Title: MoinMoin 1.6.1 Multiple Remote Vulnerabilities
• Description: MoinMoin is a freely available, open-source wiki written in Python. It is available for UNIX and Linux platforms. The application is exposed to multiple remote issues. An attacker can exploit these issues to read unauthorized include files and crash the affected application. Other attacks may also be possible. MoinMoin version 1.6.1 is affected.
• Ref: http://moinmo.in/SecurityFixes

• 09.15.21 - CVE: CVE-2009-1251
• Platform: Unix
• Title: OpenAFS Unix Cache Manager Heap-Based Buffer Overflow
• Description: OpenAFS is an open-source implementation of the AFS network filesystem protocol. It is available for many platforms, including Microsoft Windows, UNIX, Linux, and other UNIX-like operating systems. The OpenAFS client is exposed to a remote heap-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer in the Unix cache manager. The issue occurs because the client application assumes that AFS servers will never return more data in RX packets than what is requested.
• Ref: http://www.openafs.org/security/OPENAFS-SA-2009-001.txt

• 09.15.22 - CVE: Not Available
• Platform: Novell
• Title: Novell NetIdentity Agent "XTIERRPCPIPE" Remote Code Execution
• Description: Novell NetIdentity Agent is used with Novell eDirectory authentication to provide background authentication to web-based applications. It is available for Microsoft Windows platforms. The application is exposed to a remote code execution issue that arises because of a pointer dereference issue. Specifically, the issue affects the "wxtagent.exe" process and occurs when the application handles RPC messages over the "XTIERRPCPIPE" named pipe. Novell NetIdentity Agent version 1.2.3 is affected.
• Ref: http://www.securityfocus.com/archive/1/502514

• 09.15.23 - CVE: CVE-2009-0891
• Platform: Cross Platform
• Title: IBM WebSphere Application Server Username Token Option Session Hijacking
• Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. The application is exposed to a session hijacking issue when using the web service security feature and username tokens option. Specifically, the application fails to properly validate the nonce and timestamp values in the WS-Security bindings.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27006876

• 09.15.24 - CVE: Not Available
• Platform: Cross Platform
• Title: pam_ssh Existing/Non-Existing Username Enumeration Weakness
• Description: pam_ssh is a PAM module providing single-sign-on capability to SSH. The application is exposed to a username enumeration weakness because it displays different responses to login attempts, depending on whether the username exists or not. Specifically, if the username exists, the ssh client displays "SSH passphrase:". If the username does not exist, the ssh client displays "Password:". pam_ssh version 1.92 is affected.
• Ref: http://bugs.gentoo.org/show_bug.cgi?id=263579

• 09.15.25 - CVE: Not Available
• Platform: Cross Platform
• Title: QtWeb Browser Malformed HTML File Remote Denial of Service
• Description: QtWeb is a web browser available for multiple operating systems. The application is exposed to a remote denial of service issue when handling a specially crafted HTML file. QtWeb version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/34327

• 09.15.26 - CVE: Not Available
• Platform: Cross Platform
• Title: BibTeX ".bib" File Handling Memory Corruption
• Description: BibTeX is an application and file format for bibliographic data, used in conjunction with LaTeX documents. BibTeX is exposed to a memory corruption issue that arises when processing excessively large ".bib" files, in excess of approximately 65000 characters. BibTeX may be shipped with various packages, such as TeTeX or TexLive.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=492136

• 09.15.27 - CVE: Not Available
• Platform: Cross Platform
• Title: XBMC Multiple Remote Buffer Overflow Vulnerabilities
• Description: XBMC is a media center application for Linux, Mac OS X, Windows and XBox. The application is exposed to multiple buffer overflow issues. Attackers can exploit these issues to execute arbitrary code within the context of the affected application. XBMC version 8.10 Atlantis is affected.
• Ref: http://xbmc.org/trac/changeset/19130

• 09.15.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Ghostscript "CCITTFax" Decoding Filter Denial of Service
• Description: Ghostscript is a set of tools and libraries for Portable Document Format (PDF) and PostScript files. The application is exposed to a remote denial of service issue because it fails to validate user-supplied input. Specifically, a buffer underflow occurs in the "cf_decode_2d()" function of "src'scfd.c" when processing a malformed PDF file with an incomplete "CCITTFax" stream.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=493442

• 09.15.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Ghostscript "gdevpdtb.c" Buffer Overflow
• Description: Ghostscript is a set of tools and libraries for Portable Document Format (PDF) and PostScript files. Ghostscript is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input before copying it into a finite-sized buffer. Ghostscript versions prior to 8.64 are affected.
• Ref: http://bugs.ghostscript.com/show_bug.cgi?id=690211

• 09.15.30 - CVE: Not Available
• Platform: Cross Platform
• Title: ClamAV RAR File Scan Evasion
• Description: ClamAV is cross-platform security software providing antivirus, antispyware, and firewalling capabilities for both enterprise and endpoint-based systems. ClamAV is exposed to an issue that may allow certain compressed archives to bypass the scan engine. The issue occurs because the application fails to properly inspect specially crafted "RAR" files. ClamAV version 0.94 is affected. Ref: http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html

• 09.15.31 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Proventia RAR File Scan Evasion
• Description: IBM Proventia is a security product. The product's scan engine is exposed to an issue that may allow certain compressed archives to go undetected. The vulnerability occurs because the software fails to properly inspect specially crafted "RAR" files. IBM Proventia version 4.9.0.0.44 20081231 is affected. Ref: http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html

• 09.15.32 - CVE: CVE-2008-3903
• Platform: Cross Platform
• Title: Asterisk Authentication SIP Response Remote Information Disclosure
• Description: Asterisk is an open-source PBX application available for multiple operating platforms. Asterisk is exposed to an information disclosure issue because it doesn't provide safe responses to failed SIP authentication attempts. Specifically, different responses are provided when a user doesn't exist, as compared to when an incorrect password is given.
• Ref: http://www.securityfocus.com/archive/1/502454

• 09.15.33 - CVE: Not Available
• Platform: Cross Platform
• Title: ClamAV Multiple Remote Denial of Service Vulnerabilities
• Description: ClamAV is cross-platform security software providing antivirus, antispyware, and firewalling capabilities for both enterprise and endpoint-based systems. The application is exposed to multiple denial of service issues. Successfully exploiting these issues allows remote attackers to deny service to legitimate users. ClamAV versions prior to 0.95 are affected.
• Ref: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462

• 09.15.34 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Application Server File Permission
• Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. The application is exposed to a file permission security issue. Specifically, this issue was introduced via the interim security fixes that replaced certain files with new files having "777" permissions instead of "755". WAS versions 7.0.0.3 and earlier are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24022693

• 09.15.35 - CVE: CVE-2008-4916, CVE-2008-3761, CVE-2009-1146,CVE-2009-1147, CVE-2009-0910, CVE-2009-0909, CVE-2009-0908,CVE-2009-0177, CVE-2009-0518
• Platform: Cross Platform
• Title: VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
• Description: VMware hosted products are exposed to multiple remote issues. An attacker can exploit these issues to crash the affected applications, execute arbitrary code, compromise the affected applications, gain unauthorized access and gain access to sensitive information. Other attacks are also possible.
• Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-09-01

• 09.15.36 - CVE: Not Available
• Platform: Cross Platform
• Title: xine-lib STTS Quicktime Atom Remote Buffer Overflow
• Description: The "xine-lib" library allows various media players to play various media formats. It is available for UNIX, Linux, Mac OS X, and other UNIX-like operating systems. The library is exposed to a remote buffer overflow issue that occurs because it fails to perform adequate boundary checks on user-supplied data. Specifically an integer overflow error presents itself when the application parses Quicktime STTS atoms. xine-lib versions 1.1.16.2 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

• 09.15.37 - CVE: Not Available
• Platform: Cross Platform
• Title: TYPO3 Directory Listing Unspecified Directory Traversal
• Description: TYPO3 Directory Listing is a directory extension for TYPO3. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. TYPO3 Directory Listing version 1.1.0 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

• 09.15.38 - CVE: Not Available
• Platform: Cross Platform
• Title: W3C Amaya HTML "ParseCharsetAndContentType()" Buffer Overflow
• Description: W3C Amaya is a freely available web browser and editor that runs on multiple platforms. Amaya is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when handling long strings provided as "charset" data to the "content" parameter of a "meta http-equiv" HTML tag. Amaya versions 11.1 and 11.0 are affected.
• Ref: http://www.securityfocus.com/archive/1/502484

• 09.15.39 - CVE: CVE-2009-0197
• Platform: Cross Platform
• Title: IrfanView FORMATS Plugin XPM Format Handling Remote Buffer Overflow
• Description: IrfanView is an image viewer that supports multiple file formats. FORMATS is a plugin for IrfanView. The plugin is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. IrfanView FORMATS plugin version 4.22 is affected.
• Ref: http://www.securityfocus.com/archive/1/502516

• 09.15.40 - CVE: CVE-2009-1250
• Platform: Cross Platform
• Title: OpenAFS Error Codes Remote Denial of Service
• Description: OpenAFS is an open-source implementation of the AFS network filesystem protocol. It is available for many platforms, including Microsoft Windows, UNIX, Linux, and other UNIX-like operating systems. The application is exposed to a denial of service issue that occurs on computers running the Linux kernel. This issue occurs because the application fails to distinguish certain error codes from pointers. When AFS returns a code to the kernel, the kernel attempts to reference it.
• Ref: http://www.openafs.org/security/OPENAFS-SA-2009-002.txt

• 09.15.41 - CVE: CVE-2009-0844, CVE-2009-0847
• Platform: Cross Platform
• Title: MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
• Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network-authentication protocol. It is freely available and operates on numerous platforms. The application is exposed to multiple denial of service issues. MIT Kerberos 5 version 1.6.3 is affected.
• Ref: http://www.securityfocus.com/archive/1/502526

• 09.15.42 - CVE: CVE-2009-0846
• Platform: Cross Platform
• Title: MIT Kerberos "asn1_decode_generaltime()" Uninitialized Pointer Memory Corruption
• Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network-authentication protocol. It is freely available and operates on numerous platforms. MIT Kerberos is exposed to a memory corruption issue because it fails to properly initialize data structures. Kerberos versions prior to 5.17 and 5.1.6.4 are affected.
• Ref: http://www.securityfocus.com/archive/1/502527

• 09.15.43 - CVE: CVE-2009-0793
• Platform: Cross Platform
• Title: Little CMS Null Pointer Dereference Denial of Service
• Description: Little CMS is an open-source color-management engine that has been ported to various platforms. Little CMS is exposed to a remote denial of service issue. A null pointer dereference occurs when applications using color profiles convert a specially crafted image file.
• Ref: http://www.securityfocus.com/bid/34411

• 09.15.44 - CVE: Not Available
• Platform: Cross Platform
• Title: Apache Tomcat mod_jk Content Length Information Disclosure
• Description: The "mod_jk" module is a connector for Apache Tomcat. The application is exposed to a remote information disclosure issue. Specifically, if the Content-Length is without data or if a user submits repeated requests quickly, attackers can view the responses that correspond to certain requests. mod_jk versions 1.2.0 through 1.2.26 are affected.
• Ref: http://www.securityfocus.com/archive/1/502530

• 09.15.45 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Turnkey eBook Store "keywords" Parameter Cross-Site Scripting
• Description: Turnkey eBook Store is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "keywords" parameter of the "index.php" script when the "cmd" parameter is set to "search". Turnkey eBook Store version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/34324

• 09.15.46 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SAP Business Objects Crystal Reports "viewreport.asp" Cross-Site Scripting
• Description: Crystal Reports is a suite of reporting tools that supports web integration and server-based applications. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "ID" parameter of the "viewreport.asp" script.
• Ref: http://www.securityfocus.com/bid/34341

• 09.15.47 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: XOOPS Cube Legacy Multiple Cross-Site Scripting Vulnerabilities
• Description: XOOPS Cube Legacy is a PHP-based content manager. The application is exposed to cross-site scripting issues. Specifically, the "ErrorHandler::show()" function fails to adequately sanitize MySQL error messages. The application also fails to adequately sanitize input to unspecified scripts and parameters. XOOPS Cube Legacy versions prior to 2.1.6a are vulnerable.
• Ref: http://www.securityfocus.com/bid/34346

• 09.15.48 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Joomla! Prior to 1.5.10 Multiple Cross-Site Scripting Vulnerabilities
• Description: Joomla! is a PHP-based content manager. Joomla! is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. These issues affect the "com_content", "com_admin", "com_search", and "com_media" components. Joomla! versions prior to 1.5.10 are affected. Ref: http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html

• 09.15.49 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: glFusion Unspecified Cross-Site Scripting
• Description: glFusion is a web-based content manager written in PHP. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. glFusion versions 1.1.2 and earlier are affected.
• Ref: http://www.glfusion.org/article.php/glfusion113

• 09.15.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TYPO3 Visitor Tracking Extension Unspecified Cross-Site Scripting
• Description: Visitor Tracking ("ws_stats") is an extension for the TYPO3 content manager. The extension is not part of the TYPO3 default installation. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Visitor Tracking versions 0.1.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

• 09.15.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TYPO3 Userdata Create/Edit Extension Unspecified Cross-Site Scripting
• Description: Userdata Create/Edit ("sg_userdata") is an extension for the TYPO3 content manager. The extension is not part of the TYPO3 default installation. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Userdata Create/Edit versions 0.90.111 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

• 09.15.52 - CVE: CVE-2009-0796
• Platform: Web Application - Cross Site Scripting
• Title: Apache mod_perl "Apache::Status" and "Apache2::Status" Cross-Site Scripting
• Description: The "mod_perl" module is an Apache module that adds the Perl scripting language to the Apache web server. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "Apache::Status" and "Apache2::Status" modules. Ref: http://mail-archives.apache.org/mod_mbox/perl-advocacy/200904.mbox/%3Cad28918e0904011458h273a71d4x408f1ed286c9dfbc@mail.gmail.com%3E

• 09.15.53 - CVE: CVE-2008-2025
• Platform: Web Application - Cross Site Scripting
• Title: Apache Struts Unspecified Cross-Site Scripting
• Description: Struts is an open-source framework for building web applications. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
• Ref: http://www.securityfocus.com/bid/34399

• 09.15.54 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: MyioSoft Ajax Portal "ajaxp_backend.php" SQL Injection
• Description: MyioSoft Ajax Portal is a PHP-based framework for web applications. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "ajaxp_backend.php" script before using it in an SQL query. Ajax Portal version 3.0 is affected.
• Ref: http://www.securityfocus.com/bid/34338

• 09.15.55 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Q2 Solutions ConnX "frmLoginPwdReminderPopup.aspx" SQL Injection
• Description: Q2 Solutions ConnX is an ASP-based application for managing payroll and HR data. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "txtEmail" parameter of the "frmLoginPwdReminderPopup.aspx" script before using it in an SQL query. ConnX version 4.0.20080606 is affected.
• Ref: http://www.securityfocus.com/archive/1/502360

• 09.15.56 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: 4CMS SQL Injection and Local File Include Vulnerabilities
• Description: 4CMS is a PHP-based content manager. The application is exposed to multiple issues. An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to obtain sensitive information that may aid in further attacks.
• Ref: http://www.securityfocus.com/bid/34355

• 09.15.57 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: glFusion "SESS_getUserIdFromSession()" SQL Injection
• Description: glFusion is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. The vulnerability affects the "SESS_getUserIdFromSession()" function in the "private/system/classes/listfactory.class.php" script. glFusion versions 1.1.2 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/502420

• 09.15.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! RD-Autos Component "makeid" Parameter SQL Injection
• Description: RD-Autos is a plugin for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "makeid" parameter of the "com_rdautos" component before using it an SQL query. RD-Autos version 1.5.7 is affected.
• Ref: http://www.securityfocus.com/bid/34364

• 09.15.59 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: form2list "page.php" Parameter SQL Injection
• Description: form2list is a PHP-based content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "page.php" script before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/34366

• 09.15.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Family Connections "fcms_login_id" Cookie Parameter SQL Injection
• Description: Family Connections is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fcms_login_id" cookie parameter that is used to log in to the application via the "shome.php" script. Family Connections version 1.8.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/502455

• 09.15.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution
• Description: Gravity Board X is a PHP-based content manager. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to execute arbitrary code, compromise the application. access or modify data, or exploit latent vulnerabilities in the underlying database. Gravity Board X version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/34370

• 09.15.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: AdaptBB "topic_id" Parameter SQL Injection
• Description: AdaptBB is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "topic_id" parameter of the "index.php" script when the "do" parameter is set to "topic" before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/34371

• 09.15.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 ultraCards Unspecified SQL Injection
• Description: TYPO3 ultraCards ("th_ultracards") is an extension for the TYPO3 content manager. The extension is not part of the TYPO3 default installation. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. ultraCards versions 0.5.0 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

• 09.15.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 Versatile Calendar Extension Unspecified SQL Injection
• Description: TYPO3 Versatile Calendar Extension ("sk_calendar") is an extension for the TYPO3 content manager. The extension is not part of the TYPO3 default installation. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. Versatile Calendar Extension versions 0.3.3 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

• 09.15.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ConnX "frmLoginPwdReminderPopup.aspx" SQL Injection
• Description: ConnX is a human resource management application implemented in ASP. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. This issue affects the "txtEmail" parameter of the "frmLoginPwdReminderPopup.aspx" script. ConnX version 4.0.20080606 is affected.
• Ref: http://www.aushack.com/200904-q2solutions.txt

• 09.15.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! BookJoomlas Component "gbid" Parameter SQL Injection
• Description: BookJoomlas is a plugin for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gbid" parameter of the "com_bookjoomlas" component before using it an SQL query.
• Ref: http://www.securityfocus.com/archive/1/502480

• 09.15.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: FlexCMS "ItemId" Parameter SQL Injection
• Description: FlexCMS is a web-based content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemId" parameter before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/34394

• 09.15.68 - CVE: Not Available
• Platform: Web Application
• Title: Hitachi Groupmax World Wide Web Desktop Multiple Unauthorized Access Vulnerabilities
• Description: Hitachi Groupmax World Wide Web Desktop is a web-based desktop application. The application is exposed to multiple unauthorized access issues. An authenticated attacker can exploit these issues to modify other users' information. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-003/index.html

• 09.15.69 - CVE: Not Available
• Platform: Web Application
• Title: Hitachi uCosminexus Portal Framework Multiple Vulnerabilities
• Description: Hitachi uCosminexus Portal Framework is a web application. The application is exposed to the multiple issues. Attackers may exploit these vulnerabilities to obtain sensitive information or to modify application data. Other attacks are also possible. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-005/index.html

• 09.15.70 - CVE: Not Available
• Platform: Web Application
• Title: Access Analyzer CGI Unspecified Privilege Escalation
• Description: Access Analyzer CGI is a Perl-based application that allows users to view web access logs. The application is exposed to a privilege escalation issue. Attackers can exploit this issue to gain administrative access to the affected application. Successfully exploiting this issue will compromise the application. Access Analyzer CGI version 4.11.5 is affected.
• Ref: http://jvn.jp/en/jp/JVN63511247/index.html

• 09.15.71 - CVE: Not Available
• Platform: Web Application
• Title: KoschtIT Image Gallery "file" Parameter Multiple Local File Include Vulnerabilities
• Description: KoschtIT Image Gallery is a PHP-based photo gallery application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "file" parameter of the following scripts: "ki_makepic.php" and "ki_nojsdisplayimage.php". KoschtIT Image Gallery version 1.82 is affected.
• Ref: http://www.securityfocus.com/bid/34335

• 09.15.72 - CVE: Not Available
• Platform: Web Application
• Title: OpenX Prior to 2.8 Multiple Input Validation Vulnerabilities
• Description: OpenX is a web-based ad server implemented in PHP. The application is exposed to multiple input validation issues. Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, exploit latent vulnerabilities in the underlying database, or delete arbitrary files on the affected computer. OpenX versions prior to 2.8 are affected. Ref: http://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt

• 09.15.73 - CVE: Not Available
• Platform: Web Application
• Title: TinyPHPForum Directory Traversal
• Description: TinyPHPForum is a web-based forum implemented in PHP. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "t" parameter of the "index.php" script. TinyPHPForum version 3.61 is affected.
• Ref: http://www.securityfocus.com/bid/34339

• 09.15.74 - CVE: Not Available
• Platform: Web Application
• Title: Atlassian JIRA Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
• Description: Atlassian JIRA is a web-based application for tracking bugs. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple cross-site scripting and HTML-injection issues. Atlassian JIRA versions prior to 3.13.3 are affected. Ref: http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2009-04-02

• 09.15.75 - CVE: Not Available
• Platform: Web Application
• Title: File Thingie ".sql" Extension Arbitrary File Upload
• Description: File Thingie is a PHP-based file manager. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input to files containing a ".sql" extension before uploading it to the webserver. File Thingie version 2.5.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/502356

• 09.15.76 - CVE: Not Available
• Platform: Web Application
• Title: osCommerce "oscid" Session Fixation
• Description: osCommerce is a web-based shopping cart application. The application is exposed to a session fixation issue caused by a design error when handling sessions. Specifically, an attacker can predefine a victim user's session ID by setting the "oscid" parameter of the "index.php" script. osCommerce versions2.2 and 3.0 Beta are affected.
• Ref: http://www.securityfocus.com/archive/1/502351

• 09.15.77 - CVE: Not Available
• Platform: Web Application
• Title: Asbru Web Content Management SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: Asbru Web Content Management is an ASP-based content manager. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Asbru Web Content Management versions 6.5 and 6.6.9 are affected.
• Ref: http://www.securityfocus.com/archive/1/502357

• 09.15.78 - CVE: Not Available
• Platform: Web Application
• Title: TinyPHPForum Avatar Upload Arbitrary File Upload
• Description: TinyPHPForum is a web-based forum implemented in PHP. The application is exposed to an issue that lets attackers upload arbitrary files. The problem occurs because the avatar upload component fails to properly validate contents of an uploaded file. The avatar upload component is accessible through the "profile.php" script. TinyPHPForum version 3.61 is affected.
• Ref: http://www.securityfocus.com/bid/34356

• 09.15.79 - CVE: Not Available
• Platform: Web Application
• Title: BlogMan "Title" HTML Injection
• Description: BlogMan is a web-log application implemented in PHP. BlogMan is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "Title" parameter. BlogMan versions prior to 0.7 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=673109&group_id=251578

• 09.15.80 - CVE: Not Available
• Platform: Web Application
• Title: ActiveKB "Panel" Parameter Local File Include
• Description: ActiveKB is a PHP-based knowledge management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "Panel" parameter of the "loadpanel.php" script.
• Ref: http://www.securityfocus.com/bid/34362

• 09.15.81 - CVE: Not Available
• Platform: Web Application
• Title: The Tricky.net Joomla! Messaging Component "controller" Parameter Local File Include
• Description: The Tricky.net Messaging component is an instant message plugin for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter when the "option" attribute is set to "com_messaging" and the "view" parameter is set to "messages". Messaging component version 1.5.0 is affected.
• Ref: http://www.securityfocus.com/bid/34365

• 09.15.82 - CVE: Not Available
• Platform: Web Application
• Title: Family Connections "fcms/upload.php" Arbitrary File Upload
• Description: Family Connections is a web-based application implemented in PHP. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately validate user-supplied input to file extensions before uploading files via the "fcms/upload.php" script. Family Connections version 1.8.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/502434

• 09.15.83 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 ClickStream Analyzer Information Disclosure
• Description: ClickStream Analyzer ("alternet_csa_out") is an extension for the TYPO3 content manager. The extension is exposed to an information disclosure issue caused by an unknown error. Attackers may exploit this issue to harvest sensitive information that may lead to further attacks against the underlying system and other users. ClickStream Analyzer versions 0.3.0 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

• 09.15.84 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 Store Locator Extension SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: The Store Locator ("locator") is an extension for the TYPO3 content manager. The extension is not part of the TYPO3 default installation. The extension is exposed to multiple SQL injection issues and cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to certain unspecified parameters. Store Locator 1.2.6 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

• 09.15.85 - CVE: Not Available
• Platform: Web Application
• Title: Web Help Desk Multiple HTML Injection Vulnerabilities
• Description: Web Help Desk is a PHP-based web application. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data. Web Help Desk version 9.1.22 (Evaluation Version) is affected.
• Ref: http://www.securityfocus.com/bid/34391

• 09.15.86 - CVE: Not Available
• Platform: Web Application
• Title: vBulletin Admin Control Panel Multiple HTML Injection Vulnerabilities
• Description: vBulletin is a PHP-based web application. The application is exposed to multiple HTML injection issues due to a failure to sufficiently sanitize user-supplied data provided as "Title" values. vBulletin version 3.8.0 RC2 is affected.
• Ref: http://www.securityfocus.com/archive/1/502482

• 09.15.87 - CVE: Not Available
• Platform: Web Application
• Title: iDB "skin" Parameter Local File Include
• Description: iDB (Internet Discussion Boards) is a PHP-based bulletin board application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "skin" parameter of the "profile.php" script. iDB version 0.2.5 Pre-Alpha SVN 243 is affected.
• Ref: http://www.securityfocus.com/bid/34397

• 09.15.88 - CVE: Not Available
• Platform: Web Application
• Title: Lanius CMS "upload.php" Arbitrary File Upload
• Description: Lanius CMS (formerly known as Drake CMS) is a content management application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files with the "includes/upload.php" script. Lanius CMS versions prior to 0.5.2 r1094 are affected. Drake CMS versions 0.4.6 and later are also vulnerable.
• Ref: http://www.securityfocus.com/bid/34415

• 09.15.89 - CVE: Not Available
• Platform: Network Device
• Title: ContentKeeper Versions 125.09 and Prior Multiple Remote Vulnerabilites
• Description: ContentKeeper is a network appliance designed to monitor and control employee use of the internet. ContentKeeper is exposed to multiple remote issues. Attackers can exploit these issues to gain unauthorized access to certain binaries, overwrite arbitrary files, execute arbitrary commands and gain elevated access to the affected computer. ContentKeeper versions 125.09 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/502364

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.