@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: HP OpenView Multiple Vulnerabilities
• (2) HIGH: ComponentOne SizerOne ActiveX Control Buffer Overflow
• (3) MODERATE: Computer Associates Multiple Products Remote Command Execution
• (4) LOW: OpenSSL Signature Verification Weakness

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 09.2.1 - Microsoft MSN Messenger IP Address Information Disclosure

Third Party Windows Apps

• 09.2.2 - Elecard MPEG Player ".m3u" File Remote Stack Buffer Overflow

Linux

• 09.2.3 - Linux Kernel Malformed "msghdr" Structure Remote Denial of Service
• 09.2.4 - Linux Kernel "FWD-TSN" Chunk Remote Buffer Overflow

Solaris

• 09.2.5 - Sun Solaris NFS Version 4 Client Unspecified Local Denial of Service

Cross Platform

• 09.2.6 - Destiny Media Player ".lst" File Remote Stack Buffer Overflow
• 09.2.7 - Apple Safari Webkit "alink" Property Memory Leak Remote Denial of Service
• 09.2.8 - MemberKit My Picture Album Arbitrary File Upload
• 09.2.9 - Audacity "lib-src/allegro/strparse.cpp" Buffer Overflow
• 09.2.10 - Destiny Media Player
• 09.2.11 - VMWare Player and Workstation "vmware-authd" Multiple Remote Denial of Service Vulnerabilities
• 09.2.12 - aMSN ".ctt" File Remote Denial of Service
• 09.2.13 - Links SSL Certificate Verification Security Weakness
• 09.2.14 - DotNetNuke User Account Security Bypass
• 09.2.15 - Google Chrome FTP Client PASV Port Scan Information Disclosure
• 09.2.16 - Walusoft TFTPServer2000 TFTP Server Directory Traversal
• 09.2.17 - Samba Registry Share Name Unauthorized Access
• 09.2.18 - L2J Multiple Unspecified Security Vulnerabilities
• 09.2.19 - Mozilla Firefox xdg-open "mailcap" File Remote Code Execution
• 09.2.20 - Massimiliano Montoro Cain & Abel Malformed ".conf" File Buffer Overflow
• 09.2.21 - Mylene Multiple Unspecified Security Vulnerabilities

Web Application - Cross Site Scripting

• 09.2.22 - KDE Konqueror 4.1 Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
• 09.2.23 - Apache Roller "q" Parameter Cross-Site Scripting

Web Application - SQL Injection

• 09.2.24 - Joomla! and Mambo Simple Review Component "category" Parameter SQL Injection
• 09.2.25 - 2Capsule Sticker "sticker.php" SQL Injection
• 09.2.26 - PowerNews "news.php" SQL Injection
• 09.2.27 - w3blabor CMS "admin/index.php" SQL Injection
• 09.2.28 - PowerClan Admin Login SQL Injection
• 09.2.29 - ASPThai.Net Webboard "bview.asp" SQL Injection
• 09.2.30 - GForge "GroupJoinRequest.class" SQL Injection
• 09.2.31 - WSN Guest "search.php" SQL Injection
• 09.2.32 - Aydan Bilisim Ayemsis Emlak PRO Multiple SQL Injection Vulnerabilities
• 09.2.33 - PhpMesFilms "index.php" SQL Injection
• 09.2.34 - plxWebDev plx Autoreminder "members.php" SQL Injection
• 09.2.35 - webSPELL Multiple SQL Injection Vulnerabilities
• 09.2.36 - SolucionXpressPro "main.php" SQL Injection
• 09.2.37 - Joomla! Phoca Documentation Component "id" Parameter SQL Injection
• 09.2.38 - Joomla! "com_na_newsdescription" Component "newsid" Parameter SQL Injection
• 09.2.39 - RiotPix "read.php" SQL Injection
• 09.2.40 - RiotPix "username" Parameter SQL Injection
• 09.2.41 - Goople CMS "frontpage.php" SQL Injection
• 09.2.42 - IT!CMS "login.php" SQL Injection

Web Application

• 09.2.43 - Cybershade CMS "index.php" Multiple Remote File Include Vulnerabilities
• 09.2.44 - PNphpBB2 "ModName" Parameter Local File Include Vulnerabilities
• 09.2.45 - Lito Lite SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.2.46 - DDL-Speed Script Multiple Remote File Include Vulnerabilities
• 09.2.47 - PHPFootball "filter.php" Password Hash Information Disclosure
• 09.2.48 - phpSkelSite Multiple Input Validation Vulnerabilities
• 09.2.49 - Built2Go PHP Rate My Photo "member.php" Arbitrary File Upload
• 09.2.50 - Built2Go PHP Link Portal "member.php" Arbitrary File Upload
• 09.2.51 - PHPAuctions "profile.php" SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.2.52 - PHPAuctions Cookie Authentication Bypass
• 09.2.53 - SimpleIrcBot Authentication Unspecified Security Bypass
• 09.2.54 - PHPAuctions Multiple Remote File Include Vulnerabilities
• 09.2.55 - ezPack "index.php" SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.2.56 - Movable Type "publish post" Security Bypass
• 09.2.57 - playSMS Multiple Remote and Local File Include Vulnerabilities
• 09.2.58 - Joomla! XStandard Component Directory Traversal

Network Device

• 09.2.59 - Nokia Series 60 SMS/MMS Remote Denial of Service
• 09.2.60 - Intel Trusted Execution Technology Multiple Unspecified Security Bypass Vulnerabilities

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 2, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 6391 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.2.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft MSN Messenger IP Address Information Disclosure
• Description: Microsoft MSN Messenger is an instant messaging application. The application is exposed to an information disclosure issue because it fails to properly handle various NAT clients. Microsoft MSN Messenger version 8.5.1 is affected. Ref: http://www.securityfocus.com/archive/1/archive/1/499624/100/0/threaded

• 09.2.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Elecard MPEG Player ".m3u" File Remote Stack Buffer Overflow
• Description: Elecard MPEG Player is a multimedia player application available for Microsoft Windows. Elecard MPEG Player is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Elecard MPEG Player version 5.5 is affected.
• Ref: http://www.securityfocus.com/bid/33089

• 09.2.3 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel Malformed "msghdr" Structure Remote Denial of Service
• Description: The Linux Kernel gets exposed to a remote denial of service issue while handling malformed data passed to the "msg_control" parameter of the "msghdr" structure. Linux Kernel versions 2.6.18, 2.6.20, 2.6.21, 2.6.22 and 2.6.24 are affected.
• Ref: http://www.securityfocus.com/archive/1/499700

• 09.2.4 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "FWD-TSN" Chunk Remote Buffer Overflow
• Description: The Linux Kernel is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, the vulnerability occurs because of a failure to validate "FWD-TSN" chunks. Linux Kernel version 2.6.28 is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=478800

• 09.2.5 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris NFS Version 4 Client Unspecified Local Denial of Service
• Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a local denial of service issue. Specifically, the issue is related to an unspecified error in the NFS version 4 (NFSv4) client. Solaris 10 and OpenSolaris based on builds snv_01 to snv_101 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248566-1

• 09.2.6 - CVE: Not Available
• Platform: Cross Platform
• Title: Destiny Media Player ".lst" File Remote Stack Buffer Overflow
• Description: Destiny Media Player is a multimedia player application. Destiny Media Player is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Destiny Media Player version 1.61.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/499740

• 09.2.7 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari Webkit "alink" Property Memory Leak Remote Denial of Service
• Description: Apple Safari is a web browser application available for Mac OS X and Microsoft Windows. Apple Safari is exposed to a denial of service issue that exists in the Webkit library. This issue occurs when handling an excessively large string passed to the "alink" property of the "body" HTML tag. Apple Safari version 3.2 running on Microsoft Windows Vista is affected. Ref: http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html

• 09.2.8 - CVE: Not Available
• Platform: Cross Platform
• Title: MemberKit My Picture Album Arbitrary File Upload
• Description: MemberKit is PHP-based content management system for membership sites. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files via the My Picture Album section of the affected application. MemberKit version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33088

• 09.2.9 - CVE: Not Available
• Platform: Cross Platform
• Title: Audacity "lib-src/allegro/strparse.cpp" Buffer Overflow
• Description: Audacity is an audio editing application available for multiple platforms. Audacity is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs in the "String_parse::get_nonspace_quoted()" function of the "lib-src/allegro/strparse.cpp" source file when handling malformed ".gro" files. Audacity version 1.6.2 is affected.
• Ref: http://www.securityfocus.com/bid/33090

• 09.2.10 - CVE: Not Available
• Platform: Cross Platform
• Title: Destiny Media Player
• Description: Destiny Media Player is a multimedia player application available for Microsoft Windows and Mac OS X. Destiny Media Player is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Destiny Media Player 1.61.0 is vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/33091

• 09.2.11 - CVE: Not Available
• Platform: Cross Platform
• Title: VMWare Player and Workstation "vmware-authd" Multiple Remote Denial of Service Vulnerabilities
• Description: VMWare Player and Workstation are actualization applications available for multiple platforms. VMWare Player and Workstation are exposed to multiple remote denial of service issues because the applications fail to perform adequate boundary checks on user-supplied input.
• Ref: http://www.securityfocus.com/bid/33095

• 09.2.12 - CVE: Not Available
• Platform: Cross Platform
• Title: aMSN ".ctt" File Remote Denial of Service
• Description: aMSN is an instant messaging application available for various operating systems. aMSN is exposed to a remote denial of service issue that occurs because the application fails to perform adequate boundary checks on user-supplied input.
• Ref: http://www.securityfocus.com/bid/33096

• 09.2.13 - CVE: Not Available
• Platform: Cross Platform
• Title: Links SSL Certificate Verification Security Weakness
• Description: Links is a text-based web browser. Links is exposed to an SSL certificate verification security weakness. Reports indicate that the browser fails for verify SSL certificates presented by a remote server. Links version 2.2 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510417

• 09.2.14 - CVE: Not Available
• Platform: Cross Platform
• Title: DotNetNuke User Account Security Bypass
• Description: DotNetNuke is a framework to develop websites. The application is exposed to an unspecified security bypass issue which can allow a user to add additional roles to their user account. DotNetNuke versions 4.5.2 up to and including 4.9.0 are affected. Ref: http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno24/tabid/1188/Default.aspx

• 09.2.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome FTP Client PASV Port Scan Information Disclosure
• Description: Google Chrome is a web browser. The application is exposed to an information disclosure issue because it fails to adequately validate server-issued instructions while in PASV (passive) mode. Google Chrome version 1.0.154.36 is affected.
• Ref: http://www.securityfocus.com/archive/1/499745

• 09.2.16 - CVE: Not Available
• Platform: Cross Platform
• Title: Walusoft TFTPServer2000 TFTP Server Directory Traversal
• Description: Walusoft TFTPServer2000 is a TFTP server for Windows platforms. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Walusoft TFTPServer2000 version 3.6.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/499765

• 09.2.17 - CVE: CVE-2009-0022
• Platform: Cross Platform
• Title: Samba Registry Share Name Unauthorized Access
• Description: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba is exposed to an unauthorized access vulnerability that occurs when registry shares are enabled. Specifically, the application fails to sufficiently validate share names.
• Ref: http://www.securityfocus.com/bid/33118

• 09.2.18 - CVE: Not Available
• Platform: Cross Platform
• Title: L2J Multiple Unspecified Security Vulnerabilities
• Description: L2J is an Alternative Lineage 2 Game Server written in Java. The application is exposed to multiple remote issues caused by unspecified errors. L2J versions prior to L2J Gracia v2 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=109190&release_id=650923

• 09.2.19 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Firefox xdg-open "mailcap" File Remote Code Execution
• Description: Mozilla Firefox is a web browser application available for various operating systems. Mozilla Firefox is exposed to a remote code execution issue. This issue occurs because the application does not properly validate the "mime-type" of files before calling the "xdg-open" utility, as defined in "/etc/mailcap". Mozilla Firefox running on Slackware Linux version 12.2 is affected.
• Ref: http://www.securityfocus.com/bid/33137/references

• 09.2.20 - CVE: Not Available
• Platform: Cross Platform
• Title: Massimiliano Montoro Cain & Abel Malformed ".conf" File Buffer Overflow
• Description: Cain & Abel is an application for recovering passwords by sniffing them from the connected network. Cain & Abel is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. Cain & Abel version 4.9.25 is affected.
• Ref: http://www.securityfocus.com/bid/33142

• 09.2.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Mylene Multiple Unspecified Security Vulnerabilities
• Description: Mylene is a command line audio player. The application is exposed to multiple remote issues caused by unspecified errors. Mylene versions prior to 7.20081231 are affected. Ref: http://freshmeat.net/projects/mylene/?branch_id=72395&release_id=291577

• 09.2.22 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: KDE Konqueror 4.1 Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
• Description: KDE Konqueror is a web browser included with the KDE desktop manager. The application is exposed to multiple input validation issues. KDE Konqueror version 4.1 is affected.
• Ref: http://www.securityfocus.com/bid/33085

• 09.2.23 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Apache Roller "q" Parameter Cross-Site Scripting
• Description: Apache Roller is a group blog server application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "q" parameter when performing a search. Apache Roller versions 2.3, 3.0, 3.1, and 4.0 are affected.
• Ref: https://issues.apache.org/roller/browse/ROL-1766

• 09.2.24 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! and Mambo Simple Review Component "category" Parameter SQL Injection
• Description: Simple Review is a review module for the Mambo and Joomla! content managers. It can be used to publish reviews of various items. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "com_simple_review" option before using it in an SQL query. Simple Review version 1.3.5 is affected.
• Ref: http://www.securityfocus.com/bid/33102

• 09.2.25 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: 2Capsule Sticker "sticker.php" SQL Injection
• Description: 2Capsule Sticker is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "sticker/sticker.php" script.
• Ref: http://www.securityfocus.com/bid/33075

• 09.2.26 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PowerNews "news.php" SQL Injection
• Description: PowerNews is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsid" parameter of the "news.php" script. PowerNews version 2.5.4 is affected.
• Ref: http://www.securityfocus.com/bid/33081

• 09.2.27 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: w3blabor CMS "admin/index.php" SQL Injection
• Description: w3blabor CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "benutzername" parameter of the "admin/index.php" script. w3blabor CMS versions 3.3.0 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/33082

• 09.2.28 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PowerClan Admin Login SQL Injection
• Description: PowerClan is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the username field in the admin login page. PowerClan version 1.14a is affected.
• Ref: http://www.securityfocus.com/bid/33083

• 09.2.29 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ASPThai.Net Webboard "bview.asp" SQL Injection
• Description: ASPThai.Net Webboard is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "bview.asp" script. ASPThai.Net Webboard version 6.0 is affected.
• Ref: http://www.securityfocus.com/bid/33084

• 09.2.30 - CVE: CVE-2008-2381
• Platform: Web Application - SQL Injection
• Title: GForge "GroupJoinRequest.class" SQL Injection
• Description: GForge is a web-based tool for collaborative development. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "create()" function of the "common/include/GroupJoinRequest.class" script before using it in an SQL query. GForge versions 4.5 and 4.6 are affected.
• Ref: http://security-tracker.debian.net/tracker/CVE-2008-2381

• 09.2.31 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: WSN Guest "search.php" SQL Injection
• Description: WSN Guest is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "search" parameter of the "search.php" script. WSN Guest version 1.23 is affected.
• Ref: http://www.securityfocus.com/bid/33097

• 09.2.32 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Aydan Bilisim Ayemsis Emlak PRO Multiple SQL Injection Vulnerabilities
• Description: Ayemsis Emlak PRO is an ASP-based content management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/33099

• 09.2.33 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PhpMesFilms "index.php" SQL Injection
• Description: PhpMesFilms is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script. PhpMesFilms version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33105

• 09.2.34 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: plxWebDev plx Autoreminder "members.php" SQL Injection
• Description: plx Autoreminder is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "members.php" script. plx Autoreminder version 3.7 is affected.
• Ref: http://www.securityfocus.com/bid/33106

• 09.2.35 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: webSPELL Multiple SQL Injection Vulnerabilities
• Description: webSPELL is a clan and gaming CMS. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input. The issues affect webSPELL 4.
• Ref: http://www.securityfocus.com/bid/33107

• 09.2.36 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SolucionXpressPro "main.php" SQL Injection
• Description: SolucionXpressPro is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_area" parameter of the "main.php" script.
• Ref: http://www.securityfocus.com/archive/1/499742

• 09.2.37 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! Phoca Documentation Component "id" Parameter SQL Injection
• Description: Phoca Documentation is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter to the "com_phocadocumentation" component.
• Ref: http://www.securityfocus.com/bid/33114

• 09.2.38 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_na_newsdescription" Component "newsid" Parameter SQL Injection
• Description: The "com_na_newsdescription" component is a news application for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsid" parameter before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/33116

• 09.2.39 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: RiotPix "read.php" SQL Injection
• Description: RiotPix is a PHP-based discussion forum. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forumid" parameter of the "read.php" script before using it in an SQL query. RiotPix version 0.61 is affected.
• Ref: http://www.securityfocus.com/bid/33129

• 09.2.40 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: RiotPix "username" Parameter SQL Injection
• Description: RiotPix is a PHP-based discussion forum. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter when logging into the affected application. RiotPix version 0.61 is affected.
• Ref: http://www.securityfocus.com/bid/33132

• 09.2.41 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Goople CMS "frontpage.php" SQL Injection
• Description: Goople CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "frontpage.php" script before using it in an SQL query. Goople CMS version 1.8.2 is affected.
• Ref: http://www.securityfocus.com/bid/33135

• 09.2.42 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: IT!CMS "login.php" SQL Injection
• Description: IT!CMS is a content manager application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "Username" and "Password" textboxes of the "login.php" script when logging in to the affected application.
• Ref: http://www.securityfocus.com/bid/33139

• 09.2.43 - CVE: Not Available
• Platform: Web Application
• Title: Cybershade CMS "index.php" Multiple Remote File Include Vulnerabilities
• Description: Cybershade CMS is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "THEME_header" and "THEME_footer" parameters in the "index.php" script. Cybershade CMS version 0.2b is affected.
• Ref: http://www.securityfocus.com/bid/33101

• 09.2.44 - CVE: Not Available
• Platform: Web Application
• Title: PNphpBB2 "ModName" Parameter Local File Include Vulnerabilities
• Description: PNphpBB2 is a PHPBB forum for the PostNuke content manager. The application is exposed to multiple local file include issues because it fails to sufficiently sanitize user-supplied input. PNphpBB2 versions 1.2i and earlier are affected.
• Ref: http://www.securityfocus.com/bid/33103

• 09.2.45 - CVE: Not Available
• Platform: Web Application
• Title: Lito Lite SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: Lito Lite is a web-based content manager. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/33104

• 09.2.46 - CVE: Not Available
• Platform: Web Application
• Title: DDL-Speed Script Multiple Remote File Include Vulnerabilities
• Description: DDL-Speed Script is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/33078

• 09.2.47 - CVE: Not Available
• Platform: Web Application
• Title: PHPFootball "filter.php" Password Hash Information Disclosure
• Description: PHPFootball is a web-based management application for football leagues. The application is exposed to an information disclosure issue because it fails to properly restrict access to the "filter.php" script. PHPFootball version 1.6 is affected.
• Ref: http://www.securityfocus.com/bid/33087

• 09.2.48 - CVE: Not Available
• Platform: Web Application
• Title: phpSkelSite Multiple Input Validation Vulnerabilities
• Description: phpSkelSite is web site skeleton application. The application is exposed to the multiple issues because it fails to properly sanitize user-supplied input. phpSkelSite version 1.4 is affected.
• Ref: http://www.securityfocus.com/bid/33092

• 09.2.49 - CVE: Not Available
• Platform: Web Application
• Title: Built2Go PHP Rate My Photo "member.php" Arbitrary File Upload
• Description: Built2Go PHP Rate My Photo is a photo rating application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading photos via the "member.php" script. Built2Go PHP Rate My Photo version 1.46.4 is affected.
• Ref: http://www.securityfocus.com/bid/33093

• 09.2.50 - CVE: Not Available
• Platform: Web Application
• Title: Built2Go PHP Link Portal "member.php" Arbitrary File Upload
• Description: Built2Go PHP Link Portal is a web-based application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files via the "member.php" script. Built2Go PHP Link Portal version 1.95.1 is affected.
• Ref: http://www.securityfocus.com/bid/33094

• 09.2.51 - CVE: Not Available
• Platform: Web Application
• Title: PHPAuctions "profile.php" SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: PHPAuctions is a web-based auction script implemented in PHP. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/33115

• 09.2.52 - CVE: Not Available
• Platform: Web Application
• Title: PHPAuctions Cookie Authentication Bypass
• Description: PHPAuctions is a web-based auction script implemented in PHP. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
• Ref: http://www.securityfocus.com/bid/33120

• 09.2.53 - CVE: Not Available
• Platform: Web Application
• Title: SimpleIrcBot Authentication Unspecified Security Bypass
• Description: SimpleIrcBot is PHP-based bot application for IRC networks. The application is exposed to a security bypass issue due to an unspecified error in the authentication process. SimpleIrcBot versions prior to 1.0 Stable are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=650796&group_id=249202

• 09.2.54 - CVE: Not Available
• Platform: Web Application
• Title: PHPAuctions Multiple Remote File Include Vulnerabilities
• Description: PHPAuctions is a web-based auction script. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "include_path" parameter.
• Ref: http://www.securityfocus.com/bid/33130

• 09.2.55 - CVE: Not Available
• Platform: Web Application
• Title: ezPack "index.php" SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: ezPack is a web-based application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ezPack version 4.2b2 is affected.
• Ref: http://www.securityfocus.com/bid/33131

• 09.2.56 - CVE: CVE-2008-5846
• Platform: Web Application
• Title: Movable Type "publish post" Security Bypass
• Description: Movable Type is a web-log application implemented in Perl and PHP. The application is exposed to a security bypass issue because it fails to adequately validate user permissions. Movable Type versions prior to 4.23 are affected.
• Ref: http://www.movabletype.org/mt_423_change_log.html

• 09.2.57 - CVE: Not Available
• Platform: Web Application
• Title: playSMS Multiple Remote and Local File Include Vulnerabilities
• Description: playSMS is a PHP-based mobile portal application. The application is exposed to multiple input validation issues. Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the web server process or obtain potentially sensitive information. playSMS version 0.9.3 is affected.
• Ref: http://www.securityfocus.com/bid/33138

• 09.2.58 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! XStandard Component Directory Traversal
• Description: XStandard is a WYSIWYG editor plugin for browser-based content managers. The XStandard component for Joomla! is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "X_CMS_LIBRARY_PATH" header field of the "plugins/editors/xstandard/attachmentlibrary.php" script.
• Ref: http://www.securityfocus.com/bid/33143

• 09.2.59 - CVE: Not Available
• Platform: Network Device
• Title: Nokia Series 60 SMS/MMS Remote Denial of Service
• Description: The Series 60 Operating System (OS) is an embedded operating system that is based on the Symbian OS. Nokia Series 60 devices are exposed to a remote denial of service issue that occurs when Nokia Series 60 devices try to display an overly large email address present in the "from-address" field of an SMS or MSS message. Nokia Series 60 versions 2.6, 2.8, 3.0 and 3.1 are affected.
• Ref: https://berlin.ccc.de/~tobias/cos/s60-curse-of-silence-advisory.txt

• 09.2.60 - CVE: Not Available
• Platform: Network Device
• Title: Intel Trusted Execution Technology Multiple Unspecified Security Bypass Vulnerabilities
• Description: Intel Trusted Execution Technology (TXT) is a set of hardware extensions that provide support for verifying data, including executable code. Trusted Boot (tboot) is a TXT-based system loader. Multiple issues have been reported in TXT which may allow attackers to compromise the integrity of boot, system or kernel code loaded using TXT. Ref: http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.