@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Adobe Reader JavaScript Handling Remote Code Execution
• (2) CRITICAL: Mozilla Firefox Memory Corruption
• (3) HIGH: HP OpenView Network Node Manager Remote Code Execution
• (4) MODERATE: Sun Java Virtual Machine Memory Corruption

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 09.18.1 - DSP Downloader "ASX" File Heap Buffer Overflow
• 09.18.2 - Recover Data for Novell Netware ".SAV" File Remote Denial of Service
• 09.18.3 - Symantec Norton Ghost "EasySetupInt.dll" ActiveX Multiple Remote Denial of Service Vulnerabilities
• 09.18.4 - Popcorn POP3 Response Remote Heap Buffer Overflow
• 09.18.5 - DWebPro Directory Traversal Vulnerability and Arbitrary File Disclosure

Linux

• 09.18.6 - Linux Kernel "drivers/char/agp/generic.c" Local Information Disclosure
• 09.18.7 - acpid Local Denial of Service
• 09.18.8 - Linux Kernel "CAP_FS_SET" Incomplete Capabilities List Access Validation

HP-UX

• 09.18.9 - HP-UX "useradd" Local Unauthorized Access

BSD

• 09.18.10 - FreeBSD libc Berkley DB Interface Uninitialized Memory Local Information Disclosure

Solaris

• 09.18.11 - Sun Solaris DTrace Handler IOCTL Request Multiple Local Denial of Service Vulnerabilities

Unix

• 09.18.12 - CUPS Insufficient "Host" Header Validation Weakness

Cross Platform

• 09.18.13 - Juniper Networks ScreenOS "about.html" Information Disclosure
• 09.18.14 - Aruba Mobility Controller Public Key Based SSH Authentication Security Bypass
• 09.18.15 - RealNetworks RealPlayer MP3 File Handling Remote Denial of Service
• 09.18.16 - Sun Java Runtime Environment Unspecified Remote Code Execution
• 09.18.17 - Xitami HTTP Server Multiple Socket HEAD Request Remote Denial of Service
• 09.18.18 - OAuth Unspecified Information Disclosure
• 09.18.19 - Mani's Admin Plugin Remote Denial of Service
• 09.18.20 - Acritum Femitter Server Remote File Disclosure
• 09.18.21 - Citrix XenApp Unspecified Security Bypass
• 09.18.22 - Symantec Brightmail Gateway Control Center Remote Privilege Escalation
• 09.18.23 - OCS Inventory NG Server Prior to 1.02 Multiple Unspecified Vulnerabilities
• 09.18.24 - Home Web Server Graphical User Interface Remote Denial of Service
• 09.18.25 - Google Chrome "chromehtml:" Protocol Handler Same Origin Policy Bypass
• 09.18.26 - Absolute Form Processor XE "userid" Parameter Authentication Bypass
• 09.18.27 - Destiny Media Player ".rdl" File Remote Stack Buffer Overflow
• 09.18.28 - Multiple Avira AntiVir Products CAB File Scan Evasion
• 09.18.29 - Aladdin eSafe Unspecified Archive File Scan Evasion
• 09.18.30 - iodine "iodined" Remote Denial of Service
• 09.18.31 - Adobe Reader "getAnnots()" Javascript Function Remote Code Execution
• 09.18.32 - Multiple Teraway Products Unauthorized Access and Cookie Authentication Bypass Vulnerabilities
• 09.18.33 - Comodo Internet Security RAR File Scan Evasion
• 09.18.34 - HP OpenView Network Node Manager Unspecified Remote Code Execution
• 09.18.35 - IceWarp Merak Mail Server "Base64FileEncode()" Stack-Based Buffer Overflow
• 09.18.36 - Adobe Reader "spell.customDictionaryOpen()" JavaScript Function Remote Code Execution
• 09.18.37 - Mozilla Firefox "nsTextFrame::ClearTextRun()" Remote Memory Corruption
• 09.18.38 - file "cdf_read_sat()" Buffer Overflow
• 09.18.39 - MuPDF PDF File Handling Remote Code Execution
• 09.18.40 - libmodplug "load_pat.c" Remote Buffer Overflow
• 09.18.41 - Symantec Reporting Server URL Handling Phishing
• 09.18.42 - Multiple Symantec Products Intel Common Base Agent Remote Command Execution
• 09.18.43 - Multiple Symantec Products Intel Alert Originator Service Stack Overflow
• 09.18.44 - Multiple Symantec Products Intel Alert Originator Service Multiple Buffer Overflow Vulnerabilities
• 09.18.45 - Multiple Symantec Products Alert Management System Console Arbitrary Code Execution
• 09.18.46 - TIBCO SmartSockets RTserver Stack Buffer Overflow
• 09.18.47 - DBD::Pg "pg_getline()" and "getline()" Heap Buffer Overflow Vulnerabilities
• 09.18.48 - Memcached and MemcacheDB ASLR Information Disclosure Weakness
• 09.18.49 - DBD::Pg BYTEA Values Memory Leak Denial of Service
• 09.18.50 - Pablo Software Solutions Quick n Easy Web Server Directory Traversal
• 09.18.51 - Citrix Licensing License Server Unspecified Security
• 09.18.52 - LevelOne AMG-2000 Security Bypass

Web Application - Cross Site Scripting

• 09.18.53 - CGI Rescue MiniBBS Cross-Site Scripting
• 09.18.54 - Mahara User Profile Cross-Site Scripting
• 09.18.55 - Apache Struts Multiple Cross-Site Scripting Vulnerabilities
• 09.18.56 - Symantec Brightmail Gateway Control Center Cross-Site Scripting
• 09.18.57 - Movable Type Prior to Version 4.25 Unspecified Cross-Site Scripting
• 09.18.58 - MataChat "input.php" Multiple Cross-Site Scripting Vulnerabilities
• 09.18.59 - Citrix Web Interface Unspecified Cross-Site Scripting

Web Application - SQL Injection

• 09.18.60 - New5starRating "admin/control_panel_sample.php" SQL Injection
• 09.18.61 - FOWLCMS Multiple SQL Injection Vulnerabilities
• 09.18.62 - PuterJam's Blog PJBlog3 "action.asp" SQL Injection
• 09.18.63 - Pragyan CMS Multiple SQL Injection Vulnerabilities
• 09.18.64 - EZ-Blog "public/specific.php" SQL Injection
• 09.18.65 - ECShop "user.php" SQL Injection
• 09.18.66 - Multiple Symantec Products Log Viewer Multiple Script Injection Vulnerabilities
• 09.18.67 - MIM:InfiniX Multiple SQL Injection Vulnerabilities

Web Application

• 09.18.68 - OrangeHRM Multiple Cross-Site Scripting and Security Bypass Vulnerabilities
• 09.18.69 - Axigen Mail Server HTML Injection
• 09.18.70 - CGI Rescue FORM2MAIL and MiniBBS2 Security Bypass
• 09.18.71 - Plone PlonePAS Unspecified Authentication Bypass
• 09.18.72 - DirectAdmin "/CMD_DB" Backup Action Insecure Temporary File Creation
• 09.18.73 - DirectAdmin "/CMD_DB" Restore Action Local Privilege Escalation
• 09.18.74 - Elkagroup Image Gallery "upload.php" Arbitrary File Upload
• 09.18.75 - aMule "wxExecute()" Arbitrary Command Execution
• 09.18.76 - RSMonials Joomla! Component Multiple HTML Injection Vulnerabilities
• 09.18.77 - Flat Calendar "add.php" HTML Injection
• 09.18.78 - WebPortal CMS Multiple Remote and Local File Include Vulnerabilities
• 09.18.79 - CS Whois Lookup "ip" Parameter Remote Command Execution
• 09.18.80 - Scorpio Framework "baseAdminSite" Security Bypass
• 09.18.81 - FormShield "CAPTCHA" Replay Security Bypass
• 09.18.82 - Photo-Rigma.BiZ SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.18.83 - OpenCart "index.php" Local File Include
• 09.18.84 - Invision Power Board Multiple HTML Injection and Information Disclosure Vulnerabilities
• 09.18.85 - LightBlog PHP Code Injection and Authentication Bypass Vulnerabilities
• 09.18.86 - Dew-NewPHPLinks "index.php" Local File Include and Cross-Site Scripting Vulnerabilities
• 09.18.87 - Flatchat "pmscript.php" Local File Include
• 09.18.88 - Thickbox Gallery "index.php" Local File Include
• 09.18.89 - VisionLMS "changePW.php" Remote Password Change
• 09.18.90 - WebSPELL "picture.php" Local File Disclosure

Network Device

• 09.18.91 - Linksys WVC54GCA Wireless-G "adm/file.cgi" Multiple Directory Traversal Vulnerabilities
• 09.18.92 - Linksys WVC54GCA Wireless-G Multiple Cross-Site Scripting Vulnerabilities
• 09.18.93 - Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass
• 09.18.94 - Multiple Precidia Devices Unspecified Memory Corruption and Authentication Bypass Vulnerabilities

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 18, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.18.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DSP Downloader "ASX" File Heap Buffer Overflow
• Description: DSP Downloader is a downloading application for MMS (Microsoft Media Server) data. It is available for Microsoft Windows. DSP Downloader is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. DSP Downloader version 2.3.0 is affected.
• Ref: http://www.securityfocus.com/bid/34712

• 09.18.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Recover Data for Novell Netware ".SAV" File Remote Denial of Service
• Description: Recover Data for Novell Netware is a data recovery application available for Windows. Recover Data for Novell Netware is exposed to a remote denial of service issue when handling a specially crafted ".SAV" file. Recover Data for Novell Netware version 1.0 is affected. Ref: http://www.insight-tech.org/index.php?p=Novell-Data-Recovery-Software-SAV-DoS

• 09.18.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Symantec Norton Ghost "EasySetupInt.dll" ActiveX Multiple Remote Denial of Service Vulnerabilities
• Description: Symantec Norton Ghost is a backup utility for Microsoft Windows. The EasySetup Wizard ActiveX control of Norton Ghost ("EasySetupInt.dll") is exposed to denial of service issues. A remote attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious webpage. "EasySetupInt.dll" version 14.0.4.30167 is affected.
• Ref: http://www.securityfocus.com/bid/34696

• 09.18.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Popcorn POP3 Response Remote Heap Buffer Overflow
• Description: Popcorn is a mail client available for the Microsoft Windows platform. Popcorn is exposed to a remote heap-based buffer overflow issue because it fails to properly sanitize user-supplied input. Specifically, this error occurs when handling excessive amounts of data in an "+OK" response received from an POP3 mail server. Popcorn version 1.87 is affected.
• Ref: http://www.securityfocus.com/bid/34699

• 09.18.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DWebPro Directory Traversal Vulnerability and Arbitrary File Disclosure
• Description: DWebPro is web server application available for Microsoft Windows. The application is exposed to multiple input validation issues. An attacker can exploit these issues to view sensitive information. Information obtained may lead to other attacks. DWebPro version 6.8.26 is affected.
• Ref: http://www.securityfocus.com/bid/34721

• 09.18.6 - CVE: CVE-2009-1192
• Platform: Linux
• Title: Linux Kernel "drivers/char/agp/generic.c" Local Information Disclosure
• Description: The Linux kernel is exposed to a local information-disclosure vulnerability that affects the AGP (Accelerated Graphics Port) driver. The software fails to clear memory pages used by the AGP driver before they are released from kernel space. This memory may in time be allocated to userspace processes, which could then gain access to sensitive information. Linux kernel versions prior to the 2.6.30-rc3 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1192

• 09.18.7 - CVE: CVE-2009-0798
• Platform: Linux
• Title: acpid Local Denial of Service
• Description: acpid is an ACPI (Advanced Configuration and Power Interface) policy daemon for Linux. The daemon is exposed to a denial of service issue because it fails to properly close sockets. When the number of available sockets is exhausted the daemon enters an infinite loop, resulting in denial of service conditions. acpid versions prior to 1.0.10 is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=494443

• 09.18.8 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "CAP_FS_SET" Incomplete Capabilities List Access Validation
• Description: The Linux Kernel is exposed to an unauthorized access issue because of an error in the definition of the "CAP_FS_SET" capabilities mask. Specifically, the software fails to include the "CAP_MKNOD" and "CAP_LINUX_IMMUTABLE" capabilities in the "CAP_FS_SET" mask.
• Ref: http://lkml.org/lkml/2009/3/11/157

• 09.18.9 - CVE: CVE-2009-0719
• Platform: HP-UX
• Title: HP-UX "useradd" Local Unauthorized Access
• Description: HP-UX is a Unix-based operating system. HP-UX is exposed to an unauthorized-access issue because the software fails to properly restrict access to certain functionality. HP-UX B.11.11, B.11.23 and B.11.31 are affected.
• Ref: http://www.securityfocus.com/archive/1/503038

• 09.18.10 - CVE: Not Available
• Platform: BSD
• Title: FreeBSD libc Berkley DB Interface Uninitialized Memory Local Information Disclosure
• Description: FreeBSD is exposed to a local information disclosure issue that affects the Berkley DB interface implemented in the libc library. The software fails to initialize memory used to create new database files. A local attacker with read access to a newly created database file may be able to obtain sensitive information contained in previously created files.
• Ref: http://www.freebsd.org/cgi/query-pr.cgi?pr=123529

• 09.18.11 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris DTrace Handler IOCTL Request Multiple Local Denial of Service Vulnerabilities
• Description: Sun Solaris is an operating system developed by Sun Microsystems. Solaris is exposed to multiple local denial of service issues that affect the "dtrace(1M)" handler. Solaris 10 and OpenSolaris builds snv_01 to snv_113 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-257708-1

• 09.18.12 - CVE: CVE-2009-0164
• Platform: Unix
• Title: CUPS Insufficient "Host" Header Validation Weakness
• Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to a weakness because it fails to properly validate the HTTP "Host" header. An attacker can exploit the issue by using a user's web browser or browser plugin that is vulnerable to DNS rebinding attacks.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=490597

• 09.18.13 - CVE: Not Available
• Platform: Cross Platform
• Title: Juniper Networks ScreenOS "about.html" Information Disclosure
• Description: Juniper Networks ScreenOS is the operating system for multiple Juniper Networks network devices. ScreenOS is exposed to an information disclosure issue that occurs because the ScreenOS WebUI interface does not properly restrict remote access to the "about.html" file. That file contains the version, patch level, and features of the currently running ScreenOS.
• Ref: http://www.securityfocus.com/archive/1/502958

• 09.18.14 - CVE: Not Available
• Platform: Cross Platform
• Title: Aruba Mobility Controller Public Key Based SSH Authentication Security Bypass
• Description: Aruba Mobility Controller is used to scale ArubaOS and other software modules on enterprise networks. Aruba Mobility Controllers are exposed to a security bypass issue. This issue affects devices which are configured to authenticate users using public key based SSH authentication. ArubaOS versions 3.3.1.24, 3.3.2.11 and 3.3.2.8-rn-2.1_20469 are affected.
• Ref: http://www.arubanetworks.com/support/alerts/aid-42309.asc

• 09.18.15 - CVE: Not Available
• Platform: Cross Platform
• Title: RealNetworks RealPlayer MP3 File Handling Remote Denial of Service
• Description: RealNetworks RealPlayer is an application that allows users to play various media formats. The application is exposed to a remote denial of service issue because it fails to handle specially crafted ".mp3" files. RealPlayer version 10 Gold is affected. Ref: http://www.insight-tech.org/index.php?p=RealPlayer-11-GOLD-MP3-remote-DoS

• 09.18.16 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java Runtime Environment Unspecified Remote Code Execution
• Description: Sun Java Runtime Environment (JRE) allows users to run Java applications. JRE is exposed to an unspecified security issue that permits remote attackers to execute arbitrary code. This issue is related to Microsoft Internet Explorer and other unspecified browsers and is caused by memory corruption from a write attempt to a user-controllable offset location. JRE 6 Update 1 and 2 are affected.
• Ref: http://www.securityfocus.com/archive/1/502872

• 09.18.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Xitami HTTP Server Multiple Socket HEAD Request Remote Denial of Service
• Description: Xitami is a web server for Microsoft Windows and Unix platforms. The application is exposed to a denial of service issue because it fails to adequately handle multiple sockets attempting to process HTTP HEAD requests. Xitami version 5.0 is affected.
• Ref: http://www.xitami.com/issue:1

• 09.18.18 - CVE: Not Available
• Platform: Cross Platform
• Title: OAuth Unspecified Information Disclosure
• Description: OAuth is an open-source protocol for online authentication. OAuth is exposed to a remote information disclosure issue. Attackers can exploit this issue, through the use of social-engineering, to gain access to potentially sensitive information. Ref: http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html#more

• 09.18.19 - CVE: Not Available
• Platform: Cross Platform
• Title: Mani's Admin Plugin Remote Denial of Service
• Description: Mani's Admin Plugin is an application for managing Counter-Strike game servers. The application is exposed to a remote denial of service issue. Attackers can trigger this issue by sending malformed alias directives.
• Ref: http://www.securityfocus.com/bid/34685

• 09.18.20 - CVE: Not Available
• Platform: Cross Platform
• Title: Acritum Femitter Server Remote File Disclosure
• Description: Acritum Femitter Server is an FTP and HTTP server application available for Microsoft Windows. The FTP component is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input. Specifically, an attacker can obtain access to an arbitrary file by supplying the file's name preceded with a "/" character (version 0.96) or two "//" characters (version 1.03). Acritum Femitter Server versions 0.96 and 1.03 are affected.
• Ref: http://www.securityfocus.com/bid/34689

• 09.18.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Citrix XenApp Unspecified Security Bypass
• Description: Citrix XenApp (formerly Presentation Server) is an access control application for Citrix desktops. Citrix Presentation Server is exposed to an unspecified security bypass issue that occurs because access policy defined using the Access Gateway filters is not properly enforced. Citrix XenApp version 4.5 with Hotfix Rollup Pack 3 installed is affected.
• Ref: http://support.citrix.com/article/CTX118792

• 09.18.22 - CVE: CVE-2009-0064
• Platform: Cross Platform
• Title: Symantec Brightmail Gateway Control Center Remote Privilege Escalation
• Description: Symantec Brightmail Gateway is an appliance used to filter and scan content. The application is exposed to a remote privilege escalation issue that affects unspecified console functions. Brightmail Gateway versions prior to 8.0.1 are affected. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01

• 09.18.23 - CVE: Not Available
• Platform: Cross Platform
• Title: OCS Inventory NG Server Prior to 1.02 Multiple Unspecified Vulnerabilities
• Description: OCS Inventory NG is an inventory management application. OCS Inventory NG Server is exposed to multiple unspecified issues. OCS Inventory NG Server versions prior to 1.02 are affected. Ref: http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=51

• 09.18.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Home Web Server Graphical User Interface Remote Denial of Service
• Description: Home Web Server is a web server for Microsoft Windows. The application is exposed to a denial of service issue because it fails to adequately handle malformed HTTP requests. Specifically, this issue is triggered when processing a request containing an excessive number of carriage return (0x0D) characters. Home Web Server version 1.7.1.147 is affected.
• Ref: http://www.securityfocus.com/bid/34698

• 09.18.25 - CVE: CVE-2009-1340
• Platform: Cross Platform
• Title: Google Chrome "chromehtml:" Protocol Handler Same Origin Policy Bypass
• Description: Google Chrome is a web browser. Google Chrome is exposed to an issue that allows attackers to bypass the same-origin policy. The issue occurs when handling "chromehtml:" protocol. Specifically, when the protocol is used via Internet Explorer, the system executes "chrome.exe" process with the parameters provided along with the "chromehtml:" protocol handler. Google Chrome versions 1.0.154.55 and prior versions are affected. Ref: http://googlechromereleases.blogspot.com/2009/04/stable-update-security-fix.html

• 09.18.26 - CVE: Not Available
• Platform: Cross Platform
• Title: Absolute Form Processor XE "userid" Parameter Authentication Bypass
• Description: Absolute Form Processor XE is a web-based script used for managing forms. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for authentication. Absolute Form Processor XE version 1.5 is affected.
• Ref: http://www.securityfocus.com/bid/34706

• 09.18.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Destiny Media Player ".rdl" File Remote Stack Buffer Overflow
• Description: Destiny Media Player is a multimedia player application. Destiny Media Player is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening ".rdl" files. Destiny Media Player version 1.61.0 is affected.
• Ref: http://www.securityfocus.com/bid/34720

• 09.18.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple Avira AntiVir Products CAB File Scan Evasion
• Description: Avira AntiVir products provide antivirus, antispyware, and firewalling capabilities for both enterprise and endpoint-based systems. Multiple Avira AntiVir products are exposed to an issue that may allow certain compressed archives to bypass the scan engine. The vulnerability occurs because the application fails to properly inspect specially crafted "CAB" files.
• Ref: http://www.securityfocus.com/archive/1/503013

• 09.18.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Aladdin eSafe Unspecified Archive File Scan Evasion
• Description: Aladdin eSafe is a series of applications that provides virus protection. The product's scan engine is exposed to an issue that may allow certain compressed archives to go undetected. The vulnerability occurs because the software fails to properly inspect specially crafted archive files. Ref: http://blog.zoller.lu/2009/04/aladdin-esafe-generic-evasion-bypass.html

• 09.18.30 - CVE: Not Available
• Platform: Cross Platform
• Title: iodine "iodined" Remote Denial of Service
• Description: iodine is an application that allows IPV4 data to be tunneled through a DNS server. The application is exposed to a remote denial of service issue that occurs when it receives specially crafted DNS packets. iodine version 0.4.2 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521260

• 09.18.31 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe Reader "getAnnots()" Javascript Function Remote Code Execution
• Description: Adobe Reader is an application for handling PDF files. The application is exposed to a remote code execution issue due to an error in the "getAnnots()" javascript function. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader versions 8.1.4 and 9.1 for Linux are affected. Ref: http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html

• 09.18.32 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple Teraway Products Unauthorized Access and Cookie Authentication Bypass Vulnerabilities
• Description: Multiple Teraway products are exposed to multiple remote issues. An attacker can exploit these issues to gain administrative access to the affected application and change users' passwords. Teraway LinkTracker version 1.0, Teraway FileStream version 1.0 and Teraway LiveHelp version 2.0 are affected.
• Ref: http://www.securityfocus.com/bid/34735

• 09.18.33 - CVE: Not Available
• Platform: Cross Platform
• Title: Comodo Internet Security RAR File Scan Evasion
• Description: Comodo Internet Security is security software providing antivirus, antispyware, and firewalling capabilities for both enterprise and endpoint-based systems. The application is exposed to an issue that may allow certain compressed archives to bypass the scan engine. The vulnerability occurs because the application fails to properly inspect specially crafted "RAR" files. Comodo Internet Security versions 3.5.x and 3.8.x are affected.
• Ref: http://www.securityfocus.com/archive/1/503018

• 09.18.34 - CVE: CVE-2008-2438
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager Unspecified Remote Code Execution
• Description: HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks. The application is exposed to a remote code execution issue caused by an unspecified error. Successfully exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user running the affected application. HP OpenView Network Node Manager (NNM) versions 7.01, 7.51, and 7.53 are affected.
• Ref: http://www.securityfocus.com/archive/1/503024

• 09.18.35 - CVE: Not Available
• Platform: Cross Platform
• Title: IceWarp Merak Mail Server "Base64FileEncode()" Stack-Based Buffer Overflow
• Description: IceWarp Merak Mail Server is a commercially available mail server application. The application is exposed to a stack-based buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. IceWarp Merak Mail Server version 9.4.1 is affected.
• Ref: http://www.securityfocus.com/bid/34739

• 09.18.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe Reader "spell.customDictionaryOpen()" JavaScript Function Remote Code Execution
• Description: Adobe Reader is an application for handling PDF files. The application is exposed to a remote code execution issue due to an error in the "spell.customDictionaryOpen()" JavaScript function. Reader versions 8.1.4 and 9.1 for Linux are affected.
• Ref: http://www.securityfocus.com/bid/34740

• 09.18.37 - CVE: CVE-2009-1313
• Platform: Cross Platform
• Title: Mozilla Firefox "nsTextFrame::ClearTextRun()" Remote Memory Corruption
• Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote memory corruption issue that occurs in the "nsTextFrame::ClearTextRun()" function. This issue occurs when the HTML Validator add-on is enabled and in other unspecified situations.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-23.html

• 09.18.38 - CVE: Not Available
• Platform: Cross Platform
• Title: file "cdf_read_sat()" Buffer Overflow
• Description: file is an application for determining file types. It is available for multiple platforms. file is exposed to a buffer overflow issue because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. file version 5.0 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820

• 09.18.39 - CVE: Not Available
• Platform: Cross Platform
• Title: MuPDF PDF File Handling Remote Code Execution
• Description: MuPDF is a PDF parsing application. The application is exposed to a remote code-execution issue that stems from heap overflow error when it processes a malformed PDF file. Specifically, this issue affects the "loadexponentialfunc()" function of the "pdf_function.c" file.
• Ref: http://www.securityfocus.com/bid/34746

• 09.18.40 - CVE: Not Available
• Platform: Cross Platform
• Title: libmodplug "load_pat.c" Remote Buffer Overflow
• Description: The libmodplug library allows various media players to play various media formats. The library is exposed to a remote buffer overflow issue that occurs because it fails to perform adequate boundary checks on user-supplied data. libmodplug versions prior to 0.8.7 are affected.
• Ref: http://www.securityfocus.com/bid/34747

• 09.18.41 - CVE: CVE-2009-1432
• Platform: Cross Platform
• Title: Symantec Reporting Server URL Handling Phishing
• Description: Symantec Reporting Server is a component of Symantec System Center (SCS) and Symantec Endpoint Protection Manager (SEPM). Reporting Server is exposed to an issue caused by a URL-handling problem on the login webpage. Successful exploits may aid in phishing attacks. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00

• 09.18.42 - CVE: CVE-2009-1429
• Platform: Cross Platform
• Title: Multiple Symantec Products Intel Common Base Agent Remote Command Execution
• Description: Symantec AMS2 (Alert Management Systems 2) is an optional component for a number of Symantec security products. The Intel LANDesk Common Base Agent (CBA) component of AMS2 is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the software fails to sufficiently sanitize user-supplied data submitted as a TCP packet on port 12174 before passing it as a parameter to a "CreateProcessA()" function call. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

• 09.18.43 - CVE: CVE-2009-1430
• Platform: Cross Platform
• Title: Multiple Symantec Products Intel Alert Originator Service Stack Overflow
• Description: Symantec AMS2 (Alert Management Systems 2) is an optional component for a number of Symantec security products. The Intel Alert Originator Service component of AMS2 is exposed to a stack-based buffer overflow issue that affects the "IAO.exe" process and is triggered when processing a malformed packet. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

• 09.18.44 - CVE: CVE-2009-1430
• Platform: Cross Platform
• Title: Multiple Symantec Products Intel Alert Originator Service Multiple Buffer Overflow Vulnerabilities
• Description: Symantec AMS2 (Alert Management Systems 2) is an optional component for a number of Symantec security products. The Intel Alert Originator Service component of AMS2 is exposed to multiple stack-based buffer overflow issues that occur because the "IAO.exe" process fails to sufficiently validate data received from the "MsgSys.exe" process. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

• 09.18.45 - CVE: CVE-2009-1431
• Platform: Cross Platform
• Title: Multiple Symantec Products Alert Management System Console Arbitrary Code Execution
• Description: Symantec AMS2 (Alert Management Systems 2) is an optional component for a number of Symantec security products. The Intel File Transfer service (XFR.EXE) component of the AMS2 Console is prone to a vulnerability that attackers can leverage to execute arbitrary code. An attacker able to establish a TCP connection to the affected process can exploit this issue to execute arbitrary code hosted on remote fileshares or WebDav (Web-based Distributed Authoring and Versioning) servers. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

• 09.18.46 - CVE: CVE-2009-1291
• Platform: Cross Platform
• Title: TIBCO SmartSockets RTserver Stack Buffer Overflow
• Description: TIBCO SmartSockets is a message-passing framework. The application is exposed to a stack-based buffer overflow issue that occurs because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. SmartSockets versions prior to 6.8.2 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785

• 09.18.47 - CVE: CVE-2009-0663
• Platform: Cross Platform
• Title: DBD::Pg "pg_getline()" and "getline()" Heap Buffer Overflow Vulnerabilities
• Description: DBD::Pg is a PostgreSQL driver module for the DBI Perl module. DBD::Pg is exposed to multiple heap-based buffer overflow issues due to a failure to properly validate row data read from the database via the "pg_getline()" and "getline()" functions. DBD::Pg version 1.49 as distributed with Debian 4.0 is affected.
• Ref: http://www.securityfocus.com/bid/34755

• 09.18.48 - CVE: Not Available
• Platform: Cross Platform
• Title: Memcached and MemcacheDB ASLR Information Disclosure Weakness
• Description: Memcached and MemcacheDB are database caching applications available for multiple operating systems. Memcached and MemcacheDB are exposed to an information disclosure weakness that may aid attackers in bypassing address space layout randomization (ASLR) protections. This issue occurs because the application fails to perform authentication before allowing users to issue a "stats maps" command. memcached version v1.2.7 and MemcacheDB version v1.2.0 are affected.
• Ref: http://www.positronsecurity.com/advisories/2009-001.html

• 09.18.49 - CVE: CVE-2009-1341
• Platform: Cross Platform
• Title: DBD::Pg BYTEA Values Memory Leak Denial of Service
• Description: DBD::Pg is a PostgreSQL driver module for the DBI Perl module. DBD::Pg is exposed to a remote denial of service issue due to memory leak when handling BYTEA values returned from a database. DBD::Pg version 1.49 as distributed with Debian 4.0 is affected.
• Ref: http://www.securityfocus.com/bid/34757

• 09.18.50 - CVE: Not Available
• Platform: Cross Platform
• Title: Pablo Software Solutions Quick n Easy Web Server Directory Traversal
• Description: Quick 'n Easy Web Server is webserver available for Microsoft Windows. The application is exposed to a directory traversal issue that results from insufficient sensitization of user-supplied input. Quick 'n Easy Web Server version 3.3.5 is affected.
• Ref: http://www.securityfocus.com/bid/34758

• 09.18.51 - CVE: Not Available
• Platform: Cross Platform
• Title: Citrix Licensing License Server Unspecified Security
• Description: Citrix Licensing is a solution that is used to license Citrix products. Citrix Licensing is exposed to an unspecified issue affecting the Licensing Management Console component of the Citrix License Server. Citrix Licensing version 11.5 is affected.
• Ref: http://support.citrix.com/article/CTX120742

• 09.18.52 - CVE: Not Available
• Platform: Cross Platform
• Title: LevelOne AMG-2000 Security Bypass
• Description: AMG-2000 is an access point management gateway appliance. It facilitates deployment and management of wireless networks. AMG-2000 is exposed to a security bypass issue. Specifically, attackers can modify the "Host:" header and Request-URI in HTTP requests sent to the proxy service of the appliance. LevelOne AMG-2000 running firmware version 2.00.00build00600 and earlier are affected. Ref: https://www.sec-consult.com/files/20090429-0_levelone_proxy_bypass.txt

• 09.18.53 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: CGI Rescue MiniBBS Cross-Site Scripting
• Description: CGI Rescue MiniBBS is a web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an unspecified parameter. MiniBBS versions prior to 8.95, 9.08, and 10.32 are affected.
• Ref: http://www.securityfocus.com/bid/34718

• 09.18.54 - CVE: CVE-2009-0664
• Platform: Web Application - Cross Site Scripting
• Title: Mahara User Profile Cross-Site Scripting
• Description: Mahara is a Perl-based eportfolio application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the introduction field of user profiles.
• Ref: http://www.securityfocus.com/bid/34677

• 09.18.55 - CVE: CVE-2008-6682
• Platform: Web Application - Cross Site Scripting
• Title: Apache Struts Multiple Cross-Site Scripting Vulnerabilities
• Description: Apache Struts is a web application framework. Struts is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. Struts versions prior to 2.0.1.11 and 2.1.1 are affected.
• Ref: https://issues.apache.org/struts/browse/WW-2427

• 09.18.56 - CVE: CVE-2009-0063
• Platform: Web Application - Cross Site Scripting
• Title: Symantec Brightmail Gateway Control Center Cross-Site Scripting
• Description: Symantec Brightmail Gateway is an appliance used to filter and scan content. The appliance is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data submitted to the application's web-based Control Center. Brightmail Gateway versions prior to 8.0.1 are affected. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01

• 09.18.57 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Movable Type Prior to Version 4.25 Unspecified Cross-Site Scripting
• Description: Movable Type is a web-log application written in PERL and PHP. Movable Type is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. Movable Type versions prior to 4.25 are affected.
• Ref: http://www.securityfocus.com/bid/34703

• 09.18.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MataChat "input.php" Multiple Cross-Site Scripting Vulnerabilities
• Description: MataChat is a web-based chat application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "nickname" and "color" parameters of the "input.php" script.
• Ref: http://www.securityfocus.com/archive/1/503014

• 09.18.59 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Citrix Web Interface Unspecified Cross-Site Scripting
• Description: Citrix Web Interface is an application deployment system that provides users with access to Presentation Server applications through a standard browser. Citrix Web Interface is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input to an unspecified parameter. Citrix Web Interface versions 4.6, 5.0 and 5.0.1 are affected.
• Ref: http://support.citrix.com/article/CTX120697

• 09.18.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: New5starRating "admin/control_panel_sample.php" SQL Injection
• Description: New5starRating is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "myusername" parameter of the "admin/control_panel_sample.php" script. New5starRating version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/34680

• 09.18.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: FOWLCMS Multiple SQL Injection Vulnerabilities
• Description: FOWLCMS is a web-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "User_ID" and "PW" cookie parameters before using it in an SQL query. FOWLCMS version 1.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/502887

• 09.18.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PuterJam's Blog PJBlog3 "action.asp" SQL Injection
• Description: PJBlog3 is a weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cname" parameter of the "action.asp" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/34701

• 09.18.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Pragyan CMS Multiple SQL Injection Vulnerabilities
• Description: Pragyan CMS is a web-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "fileget" parameter when "action" is set to "view" before using it in an SQL query. Multiple unspecified parameters and scripts are also reported vulnerable. Pragyan CMS version 2.6.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/502933

• 09.18.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: EZ-Blog "public/specific.php" SQL Injection
• Description: EZ-Blogl is a PHP-based weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "public/specific.php" script. EZ-Blog version beta2 is affected.
• Ref: http://www.securityfocus.com/archive/1/503010

• 09.18.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ECShop "user.php" SQL Injection
• Description: ECShop is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "order_sn" field of the "user.php" script. ECShop version 2.5.0 is affected.
• Ref: http://www.securityfocus.com/bid/34733

• 09.18.66 - CVE: CVE-2009-1428
• Platform: Web Application - SQL Injection
• Title: Multiple Symantec Products Log Viewer Multiple Script Injection Vulnerabilities
• Description: Multiple Symantec products are exposed to multiple script-injection issues because the applications fail to properly sanitize user-supplied input before using it in dynamically generated content. Norton version 360 1.0, Norton Internet Security 2005 through 2008, Symantec AntiVirus versions 10.1 MR7 and earlier and Symantec Endpoint Protection version 11.0 are affected. Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01

• 09.18.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: MIM:InfiniX Multiple SQL Injection Vulnerabilities
• Description: MIM:InfiniX is a web-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. MIM:InfiniX version 1.2.003 is affected.
• Ref: http://www.securityfocus.com/archive/1/503046

• 09.18.68 - CVE: Not Available
• Platform: Web Application
• Title: OrangeHRM Multiple Cross-Site Scripting and Security Bypass Vulnerabilities
• Description: OrangeHRM is a PHP-based application for managing human resources. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. The application is also exposed to a security-bypass issue that may allow users with "ESS" privileges to view or modify "Time Mod", "Benefits Mod", "Leave Mod", "PIM Mod", or "Admin Mod" information. OrangeHRM versions prior to 2.4.2 are affected.
• Ref: http://www.securityfocus.com/bid/34715

• 09.18.69 - CVE: Not Available
• Platform: Web Application
• Title: Axigen Mail Server HTML Injection
• Description: Axigen is a mail server designed for various operating systems. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input in incoming email messages. The input is then used when displaying the email in the web mail interface. Axigen Mail Server version 6.2.2 is affected.
• Ref: http://www.securityfocus.com/bid/34716

• 09.18.70 - CVE: Not Available
• Platform: Web Application
• Title: CGI Rescue FORM2MAIL and MiniBBS2 Security Bypass
• Description: MiniBBS2 and FORM2MAIL are web-based applications written as CGI scripts. CGI Rescue FORM2MAIL and MiniBBS2 are exposed to a remote security bypass issue. An attacker may leverage the issue to use webservers that are hosting the vulnerable software to send arbitrary unsolicited email. This may facilitate spam distribution. MiniBBS2 versions prior to 1.01 and FORM2MAIL versions prior to 1.42 are affected.
• Ref: http://www.securityfocus.com/bid/34717

• 09.18.71 - CVE: CVE-2009-0662
• Platform: Web Application
• Title: Plone PlonePAS Unspecified Authentication Bypass
• Description: Plone is a web-based content manager implemented in Python. Plone is exposed to an unspecified authentication bypass issue affecting the PlonePAS (Pluggable Authentication System) component. All 3.x versions of Plone running versions of PlonePAS prior to 3.9, 3.9 egg, and 3.2.2 are affected. Ref: http://plone.org/products/plone/security/advisories/cve-2009-0662#affected-versions

• 09.18.72 - CVE: Not Available
• Platform: Web Application
• Title: DirectAdmin "/CMD_DB" Backup Action Insecure Temporary File Creation
• Description: DirectAdmin is an administrative application suite for web hosting. The application creates temporary files in an insecure manner. The problem occurs in the "/CMD_DB" script, when used with the "backup" action. The script runs a "mysqldump" as the root user and creates a predictable file named "$tmpdir/$.gz" without adequate checks. DirectAdmin versions prior to 1.33.4 are affected.
• Ref: http://www.securityfocus.com/bid/34676

• 09.18.73 - CVE: Not Available
• Platform: Web Application
• Title: DirectAdmin "/CMD_DB" Restore Action Local Privilege Escalation
• Description: DirectAdmin is an administrative application suite for web hosting. The application is exposed to a local privilege escalation because it fails to sufficiently validate user-supplied data. Specifically, the 'restore' action in the "/CMD_DB" script decompresses a database file as the root user without verification. DirectAdmin versions prior to 1.33.4 are affected.
• Ref: http://www.securityfocus.com/bid/34678

• 09.18.74 - CVE: Not Available
• Platform: Web Application
• Title: Elkagroup Image Gallery "upload.php" Arbitrary File Upload
• Description: Elkagroup Image Gallery is a PHP-based web application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input before uploading files via the "upload.php" script. Image Gallery version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/34679

• 09.18.75 - CVE: Not Available
• Platform: Web Application
• Title: aMule "wxExecute()" Arbitrary Command Execution
• Description: aMule is a peer-to-peer application. The application is exposed to an issue that lets attackers execute arbitrary commands in the context of the vulnerable application. Specifically, the issue occurs in the "wxExecute()" function of the "src/DownloadListCtrl.cpp" source file when processing filenames that contain certain shell metacharacters. aMule version 2.2.4 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078

• 09.18.76 - CVE: Not Available
• Platform: Web Application
• Title: RSMonials Joomla! Component Multiple HTML Injection Vulnerabilities
• Description: RSMonials is a component for the Joomla! content manager. The module is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. RSMonials version 1.5.1 is affected.
• Ref: http://www.milw0rm.com/exploits/8517

• 09.18.77 - CVE: Not Available
• Platform: Web Application
• Title: Flat Calendar "add.php" HTML Injection
• Description: Flat Calendar is a PHP-based scheduling application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "Description" field of the "admin/add.php" script.
• Ref: http://www.securityfocus.com/bid/34688

• 09.18.78 - CVE: Not Available
• Platform: Web Application
• Title: WebPortal CMS Multiple Remote and Local File Include Vulnerabilities
• Description: WebPortal CMS is a PHP-based content manager. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings to execute local script code in the context of the application or to execute remote scripts in the context of the webserver process. WebPortal CMS version 0.8-beta is affected.
• Ref: http://www.securityfocus.com/bid/34687

• 09.18.79 - CVE: Not Available
• Platform: Web Application
• Title: CS Whois Lookup "ip" Parameter Remote Command Execution
• Description: CS Whois Lookup is a PHP script use to check for domain information. CS Whois Lookup is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the software fails to adequately sanitize user-supplied input to the "ip" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/34700

• 09.18.80 - CVE: Not Available
• Platform: Web Application
• Title: Scorpio Framework "baseAdminSite" Security Bypass
• Description: Scorpio Framework is a set of tools used for developing web applications. Scorpio Framework is exposed to a security bypass issue. Specifically, the issue occurs in the "baseAdminSite" function because it fails to properly authenticate Ajax calls to view action. Scorpio Framework versions prior to 0.2.0 are affected. Ref: http://scorpiofwork.svn.sourceforge.net/viewvc/scorpiofwork?view=rev&revision=288

• 09.18.81 - CVE: Not Available
• Platform: Web Application
• Title: FormShield "CAPTCHA" Replay Security Bypass
• Description: FormShield is a CAPTCHA application implemented in ASP. The application is exposed to a security bypass issue which allows CAPTCHA images to be replayed. Specifically, this issue is the result of the CAPTCHA image and text being stored in the client side "__VIEWSTATE" parameter. FormShield versions prior to 2.0 are affected.
• Ref: http://www.securityfocus.com/archive/1/502930

• 09.18.82 - CVE: Not Available
• Platform: Web Application
• Title: Photo-Rigma.BiZ SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: Photo-Rigma.BiZ is PHP-based image gallery application. Photo-Rigma.BiZ is exposed to the following input validation issues due to a failure to sufficiently sanitize user-supplied input. Photo-Rigma.BiZ version 30 is affected.
• Ref: http://www.securityfocus.com/archive/1/502935

• 09.18.83 - CVE: Not Available
• Platform: Web Application
• Title: OpenCart "index.php" Local File Include
• Description: OpenCart is a is a shopping cart application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "route" parameter of the "index.php" script. OpenCart version 1.1.8 is affected.
• Ref: http://www.securityfocus.com/bid/34724

• 09.18.84 - CVE: Not Available
• Platform: Web Application
• Title: Invision Power Board Multiple HTML Injection and Information Disclosure Vulnerabilities
• Description: Invision Power Board is a web-based forum. The application is exposed to multiple input validation issues. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. Invision Power Board version 3.0.0b5 is affected.
• Ref: http://www.securityfocus.com/bid/34725

• 09.18.85 - CVE: Not Available
• Platform: Web Application
• Title: LightBlog PHP Code Injection and Authentication Bypass Vulnerabilities
• Description: LightBlog is a web application implemented in PHP. LightBlog is exposed to multiple issues. Attackers can exploit these issues to bypass authentication or to inject and execute arbitrary PHP commands in the context of the webserver process. LightBlog version 9.9.2 is affected.
• Ref: http://www.securityfocus.com/bid/34730

• 09.18.86 - CVE: Not Available
• Platform: Web Application
• Title: Dew-NewPHPLinks "index.php" Local File Include and Cross-Site Scripting Vulnerabilities
• Description: Dew-NewPHPLinks is a link management application implemented in PHP. The application is exposed to multiple input validation issues. An attacker can exploit the local file include vulnerability using directory traversal strings to view local files and execute local scripts within the context of the web server process. Dew-NewPHPLinks version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/34732

• 09.18.87 - CVE: Not Available
• Platform: Web Application
• Title: Flatchat "pmscript.php" Local File Include
• Description: Flatchat is a web-based chat application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "with" parameter of the "pmscript.php" script. Flatchat version 3.0 is affected.
• Ref: http://www.securityfocus.com/bid/34734

• 09.18.88 - CVE: Not Available
• Platform: Web Application
• Title: Thickbox Gallery "index.php" Local File Include
• Description: Thickbox Gallery is a PHP-based photo-gallery application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "ln" parameter of the "index.php" script. Thickbox Gallery version 2 is affected.
• Ref: http://www.securityfocus.com/bid/34741

• 09.18.89 - CVE: Not Available
• Platform: Web Application
• Title: VisionLMS "changePW.php" Remote Password Change
• Description: VisionLMS is web-based learning management application. The application is exposed to an issue that may permit attackers to change the password of arbitrary users. Exploiting this issue may allow attackers to gain unauthorized access to the affected application. VisionLMS version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/34749

• 09.18.90 - CVE: Not Available
• Platform: Web Application
• Title: WebSPELL "picture.php" Local File Disclosure
• Description: WebSPELL is a gaming CMS application. The application is exposed to a local file disclosure issue because it fails to adequately validate user-supplied input. This issue affects the "file" parameter of the "picture.php" script. WebSPELL version 4.2.0d is affected.
• Ref: http://www.securityfocus.com/bid/34751

• 09.18.91 - CVE: Not Available
• Platform: Network Device
• Title: Linksys WVC54GCA Wireless-G "adm/file.cgi" Multiple Directory Traversal Vulnerabilities
• Description: Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is exposed to multiple directory traversal issues because it fails to sufficiently sanitize user-supplied input. The "next_file" and "this_file" parameters of the "adm/file/cgi" script are affected. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware versions 1.00R22 and 1.00R24 are affected.
• Ref: http://www.securityfocus.com/bid/34713

• 09.18.92 - CVE: Not Available
• Platform: Network Device
• Title: Linksys WVC54GCA Wireless-G Multiple Cross-Site Scripting Vulnerabilities
• Description: Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware versions 1.00R22 and 1.00R24 are affected.
• Ref: http://www.securityfocus.com/bid/34714

• 09.18.93 - CVE: Not Available
• Platform: Network Device
• Title: Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass
• Description: Multiple Samsung devices are exposed to an authentication bypass vulnerability. This issue arises when the devices handle USERPIN and NETWPIN SMS provisioning messages. Reports indicate that the devices do not verify whether the messages have been authenticated or whether the parameters in the messages are valid. Samsung M8800 Innov8 and Samsung SGH-J750 are affected.
• Ref: http://www.securityfocus.com/archive/1/502959

• 09.18.94 - CVE: Not Available
• Platform: Network Device
• Title: Multiple Precidia Devices Unspecified Memory Corruption and Authentication Bypass Vulnerabilities
• Description: Precidia 232 devices provide internet conversion to serial-based devices. Multiple Precidia devices are exposed to unspecified memory corruption and authentication bypass vulnerabilities. Precidia Ether3201-232 running firmware 3.00.250 and Precidia Ether232 Duo running firmware 5.00.02 are affected.
• Ref: http://www.securityfocus.com/archive/1/503023

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.