Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 25
June 18, 2009

SANS Newsletters Home

Apple Mac OS and Thunderbird's Firefox are on the critical list this week. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 5
    • Linux
    • 1
    • BSD
    • 2
    • Solaris
    • 2
    • Cross Platform
    • 66 (#1, #2, #3, #4, #5)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 9
    • Web Application
    • 16
    • Network Device
    • 1

******************** Sponsored By Sourcefire, Inc. **********************

Your Network Security Isn't Good Enough Anymore

Today's threats-and networks-are dynamic. Unfortunately most network security systems are not.

Join Martin Roesch, Founder and CTO of Sourcefire(r) and Creator of Snort(r), in a series of seminars, as he shows why network security must include full network visibility, relevant context, and automated impact assessment to be effective.

More information http://www.sans.org/info/44859

*************************************************************************

TRAINING UPDATE - - Rocky Mountain SANS, July 7-13 (6 full-length hands-on courses) http://www.sans.org/rockymnt2009/event.php - - SANS Boston, Aug 2-9 (6 full-length hands-on courses) https://www.sans.org/boston09/index.php - - National Forensiscs Summit, July 6-14 http://www.sans.org/forensics09_summit/ Looking for training in your own community? http://sans.org/community/ Save 25% on all On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php Plus Amsterdam, London, Dubai, Riyahd, Cairo, Melbourne, Canberra, and Singapore all in the next 90 days. For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
BSD
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Apple Mac OS X Java Pointer Dereference Remote Code Execution Vulnerability
  • Affected:
    • Apple Mac OS X 10.5.7
    • Apple Mac OS X 10.5.6
    • Apple Mac OS X 10.5.5
    • Apple Mac OS X 10.5.4
    • Apple Mac OS X 10.5.3
    • Apple Mac OS X 10.5.2
    • Apple Mac OS X 10.5.1
    • Apple Mac OS X 10.5

  • Description: The Java Runtime Environment installed by default on Apple Mac OS X contains a remote code execution vulnerability. The error is due to improper validation of input to "apple.laf.CColourUIResource" constructor. The first argument to this constructor, which is a long integer, is interpreted as pointer to a C-object. Successful exploitation may allow an attacker to execute arbitrary code on the vulnerable installations, with the privileges of the logged on user. Attacker will have to entice the user to visit the malicious page to carry out this attack.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) HIGH: Apple iPhone and Apple iPod touch Multiple Vulnerabilities
  • Affected:
    • iPhone OS 1.0 through 2.2.1
    • iPhone OS for iPod touch 1.1 through 2.2.1

  • Description: The Apple iPhone and Apple iPod Touch contain multiple vulnerabilities in their handling of a variety of web page contents, certain image, video and document formats, ICMP echo requests, mails, certain untrusted Exchange server certificates and other inputs. Attackers may use these vulnerabilities to bypass security restrictions, cause information disclosure, carry out cross site scripting and cross site request forgery attacks, cause a denial-of-service condition and possibly compromise a system. These vulnerabilities are caused by integer overflows, buffer overflows, integer underflow, use-after-free memory, uninitialized pointers, input validation errors, and etc. Some technical details are publicly available for some of these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) HIGH: Green Dam Web Filtering and Blacklist Update Buffer Overflow vulnerabilities
  • Affected:
    • Green Dam 3.x

  • Description: Green Dam is a censorship program aimed at blocking pornography or politically sensitive contents. It has got two buffer overflow vulnerabilities. The first issue is a boundary error in the code that processes web requests and since it has a fixed buffer for processing URL's, an overly long URL cause the buffer to overflow. Successful exploitation might allow an attacker to execute arbitrary code. The second issue is in Blacklist Update due to the way Green Dam reads the filter files using unsafe C string libraries. This could lead to buffer overflow and eventually code execution. Technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 25, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7127 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.25.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities
  • Description: Microsoft Windows Media Player is a multimedia application available for the Windows operating system. Microsoft Windows Media Player is exposed to multiple information disclosure issues because it fails to properly restrict access to certain functionality when handling media files. Specifically, an attacker can use specially crafted media files (WMP and ASX) with script commands such as "FILENAME" to enumerate local and network accessible files and also scan the internal network for the presence of other hosts. Ref: http://sites.google.com/site/tentacoloviola/backdooring-windows-media-files
  • 09.25.2 - CVE: CVE-2009-1705
  • Platform: Third Party Windows Apps
  • Title: Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a remote code execution issue because it fails to adequately handle TrueType fonts. This vulnerability results from an arithmetic issue in the automatic hinting of fonts and facilitates memory corruption. Safari versions prior to 4.0 running on Windows XP and Windows Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35308
  • 09.25.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: McAfee Policy Manager "naPolicyManager.dll" Arbitrary File Overwrite
  • Description: McAfee Policy Manager is an IT auditing application. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. Specifically, the "WriteTaskDataToIniFile()" method of the "naPolicyManager.dll" ActiveX control will overwrite files in an insecure manner.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.25.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple Safari Windows Installer Local Privilege Escalation
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Apple Safari is exposed to a local privilege escalation issue because it fails to properly drop permissions the first time it is run. The problem occurs in the compression method used in the installer. Safari versions prior to 4.0 running on Microsoft Windows XP and Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35339
  • 09.25.5 - CVE: CVE-2009-1706
  • Platform: Third Party Windows Apps
  • Title: Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Apple Safari is exposed to a local information disclosure issue because it fails to properly delete browser cookies that are created while the "Private Browsing" feature is enabled. Safari versions prior to 4.0 running on Microsoft Windows XP and Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35346
  • 09.25.6 - CVE: CVE-2009-1707
  • Platform: Third Party Windows Apps
  • Title: Apple Safari for Windows Reset Password Information Disclosure
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a local information disclosure issue because it fails to properly reset user passwords. Specifically, when the "Reset saved names and passwords" menu option is selected, passwords may persist for up to 30 seconds before being cleared. Safari versions prior to 4.0 running on Microsoft Windows XP and Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35352
  • 09.25.7 - CVE: CVE-2009-1389
  • Platform: Linux
  • Title: Linux Kernel RTL8169 NIC Remote Denial of Service
  • Description: The Linux Kernel is exposed to a remote denial of service issue in the NTL6269 driver. This issue occurs when a large packet is sent to a computer with NTL6269 NIC installed. Specifically, the driver permits frame sizes of up to 16383 bytes, but allocates only "skb" to "rx" rings of 1536 bytes. Linux Kernel versions prior to 2.6.30 are affected.
  • Ref: http://lkml.org/lkml/2009/6/8/194
  • 09.25.8 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD Direct Pipe Write Local Information Disclosure
  • Description: FreeBSD is exposed to a local information disclosure issue. Specifically, an integer overflow can occur when performing direct pipe writes. This issue will prevent the virtual-to-physical address lookups from occurring. Local attackers can exploit this issue to read pages in memory belonging to other processes or to the kernel.
  • Ref: http://www.securityfocus.com/bid/35279
  • 09.25.9 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD IPv6 "SIOCSIFINFO_IN6" Permission Check Local Security Bypass
  • Description: FreeBSD is exposed to a local security bypass issue due to a failure to properly check user permissions. Specifically, the "SIOCSIFINFO_IN6" permission is not checked when changing IPv6 network stack properties via the "ioctl()" system call.
  • Ref: http://www.securityfocus.com/bid/35285
  • 09.25.10 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun OpenSolaris "smbfs(7FS)" Local Information Disclosure
  • Description: OpenSolaris is a free operating system from Sun. OpenSolaris is exposed to an information disclosure issue that affects "smbfs(7FS)" when using default mount permissions. The issue may allow local attackers to gain access to the contents of files and directories on volumes mounted using CIFS. OpenSolaris based on builds snv_84 through snv_110 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-257548-1
  • 09.25.11 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "lp" Client Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a local denial of service issue. An unspecified problem occurs in the "lp" client that can allow a local attacker to cancel print jobs owned by root, creating a denial of service in the print process. Solaris 10 kernel patches 127127-11 and 127128-11 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247386-1
  • 09.25.12 - CVE: CVE-2009-1904
  • Platform: Cross Platform
  • Title: Ruby BigDecimal Library Denial of Service
  • Description: Ruby is an object-oriented scripting language. Ruby is exposed to a remote denial of service issue. This issue is triggered when the BigDecimal standard library is used to convert BigDecimal objects into float numbers. Due to an unspecified error, attackers can trigger segmentation faults. Ruby versions prior to 1.8.6-p369 and 1.8.7-p173 are affected. Ref: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
  • 09.25.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Large GIF File Background Denial of Service
  • Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue because it fails to handle excessively large GIF files specified as a background by the "body" HTML tag. Firefox version 3.0.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/504214
  • 09.25.14 - CVE: CVE-2009-1700
  • Platform: Cross Platform
  • Title: WebKit XSLT Redirects Remote Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue because of how it handles redirects when processing Extensible Stylesheet Language Transformations (XSLT).
  • Ref: http://www.securityfocus.com/archive/1/504218
  • 09.25.15 - CVE: CVE-2009-1713
  • Platform: Cross Platform
  • Title: WebKit "Document()" Function Remote Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue in the XSL "document()" function. Specifically, a failure to check cross-domain access can result in the disclosure of XML across domains.
  • Ref: http://www.securityfocus.com/archive/1/504218
  • 09.25.16 - CVE: CVE-2009-1390
  • Platform: Cross Platform
  • Title: Mutt "mutt_ssl.c" X.509 Certificate Chain Security Bypass
  • Description: Mutt is a mail client available for Unix based operating systems. Mutt 1.5.19 added support for chained SSL certificates. Mutt is exposed to a security bypass issue because it fails to properly validate chained X.509 certificates. Specifically, individual certificates in a chain are verified and accepted; however, the certificate chain as a whole is not properly validated. This issue occurs in the "mutt_ssl.c" source code file. Mutt version 1.5.19 is affected.
  • Ref: http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a
  • 09.25.17 - CVE: CVE-2009-1859
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat Unspecified Memory Corruption
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Reader and Acrobat are exposed to an unspecified memory corruption issue. Exploiting this issue will allow remote attackers to execute arbitrary code within the context of the affected application or crash the application.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-07.html
  • 09.25.18 - CVE: CVE-2009-0889
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat JBIG Halftone Region Grid Area Remote Heap Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote heap-based buffer overflow issue because they fail to sufficiently sanitize user-supplied input. Specifically, this issue occurs due to a failure to properly validate integer values read from the Halftone Region Grid Area section of a JBIG segment embedded in a PDF file.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-07.html
  • 09.25.19 - CVE: CVE-2009-0512
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat JBIG "Halftone Region" Remote Heap Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote heap-based buffer overflow issue because they fail to sufficiently sanitize user-supplied input. Specifically, this issue occurs due to a failure to properly validate integer values read from the "Halftone Region" section of a JBIG segment embedded in a PDF file.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-07.html
  • 09.25.20 - CVE: CVE-2009-1856
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat 9.1.1 and Prior Integer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Reader and Acrobat are exposed to an integer overflow issue. An attacker can exploit this issue to cause the affected application to crash. Arbitrary code execution may also be possible, although this has not been confirmed. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=807
  • 09.25.21 - CVE: CVE-2009-1861
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to multiple remote heap-based buffer overflow issues because they fail to sufficiently sanitize user-supplied input. An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial of service conditions.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-07.html
  • 09.25.22 - CVE: CVE-2009-1857
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat 9.1.1 and Prior Unspecified Memory Corruption
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Reader and Acrobat are exposed to an unspecified memory corruption issue. An attacker can exploit this issue to cause the affected application to crash. Arbitrary code execution may also be possible, although this has not been confirmed.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-07.html
  • 09.25.23 - CVE: CVE-2009-1858
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat JBIG2 Filter Unspecified Memory Corruption
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Reader and Acrobat are exposed to a memory corruption issue that occurs due to an unspecified problem in the JBIG2 filter.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-07.html
  • 09.25.24 - CVE: CVE-2009-0510
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat JBIG "Pattern Dictionary" Remote Heap Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote heap-based buffer overflow issue because they fail to sufficiently sanitize user-supplied input. Specifically, this issue occurs due to a failure to properly validate integer values read from the "Pattern Dictionary" section of a JBIG segment embedded in a PDF file.
  • Ref: http://www.iss.net/threats/327.html
  • 09.25.25 - CVE: CVE-2009-0511
  • Platform: Cross Platform
  • Title: Adobe Reader & Acrobat JBIG Pattern Dictionary Allocation Remote Heap Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote heap-based buffer overflow issue because they fail to sufficiently sanitize user-supplied input. Specifically, this issue occurs due to a failure to properly allocate memory when handling "Pattern Dictionary" sections of a JBIG segment embedded in a PDF file.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-07.html
  • 09.25.26 - CVE: CVE-2009-0888
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat JBIG "Halftone Region" Remote Heap Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote heap-based buffer overflow issue because they fail to sufficiently sanitize user-supplied input. Specifically, this issue occurs due to a failure to properly validate integer values read from the "Halftone Region" section of a JBIG segment embedded in a PDF file.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-07.html
  • 09.25.27 - CVE: CVE-2009-0198
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat Huffman-encoded JBIG2 Text Heap Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The application is exposed to a heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The issue occurs in the JBIG2 filter when processing Huffman-encoded JBIG2 text region segments.
  • Ref: http://www.securityfocus.com/archive/1/504217
  • 09.25.28 - CVE: CVE-2009-0509
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat JBIG Segments "Text Region" Memory Corruption
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a memory corruption issue that occurs in the "Text Region" of JBIG segments. Specifically, integer values read from these regions aren't properly checked before being used.
  • Ref: http://www.securityfocus.com/archive/1/504258
  • 09.25.29 - CVE: CVE-2009-1391
  • Platform: Cross Platform
  • Title: "Compress::Raw::Zlib" Perl Module Remote Code Execution
  • Description: Perl is a multi-platform programming language. The "Compress::Raw::Zlib" module provides a low-level interface to the zlib compression library. The "Compress::Raw::Zlib" Perl module is exposed to a remote code execution issue. This issue is triggered when the module is used to process compressed data. "Compress::Raw::Zlib" versions prior to 2.017 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=504386
  • 09.25.30 - CVE: CVE-2009-1687
  • Platform: Cross Platform
  • Title: Apple Safari WebKit JavaScript Garbage Collector Memory Corruption
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a remote code execution vulnerability because of an issue in the JavaScript garbage collector. This can corrupt memory and can allow an attacker to write to a memory location at an offset of a NULL pointer. Safari versions prior to 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35309
  • 09.25.31 - CVE: CVE-2009-1711
  • Platform: Cross Platform
  • Title: Apple Safari WebKit "Attr" DOM Objects Remote Code Execution
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a remote code execution issue that affects WebKit because of uninitialized memory when handling "Attr" DOM objects. Safari versions prior to 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35310
  • 09.25.32 - CVE: CVE-2009-1686
  • Platform: Cross Platform
  • Title: Apple Safari WebKit JavaScript Exception Handling Remote Code Execution
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a remote code execution issue because it fails to adequately handle JavaScript exceptions. This vulnerability results in memory corruption when an exception is assigned to a variable that is declared as a constant and causes an object to be cast as an invalid type. Safari versions prior to 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35311
  • 09.25.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Lxlabs Kloxo Hosting Platform Multiple Security Vulnerabilities
  • Description: Kloxo Hosting Platform (formerly known as Lxadmin) is an application for managing multiple websites, domains, and webservers. Kloxo is exposed to multiple security issues: security bypass, information disclosure, cross-site scripting, SQL injection, denial of service, command injection, and insecure file creation. Kloxo Hosting Platform version 5.75 is affected.
  • Ref: http://www.securityfocus.com/bid/35316
  • 09.25.34 - CVE: CVE-2009-1681
  • Platform: Cross Platform
  • Title: WebKit Subframe Click Jacking
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a click-jacking issue that stems from a design error when opening third-party sites in a subframe.
  • Ref: http://www.securityfocus.com/bid/35317/references
  • 09.25.35 - CVE: CVE-2009-1698
  • Platform: Cross Platform
  • Title: WebKit CSS "Attr" Function Remote Code Execution
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote code execution issue because of an uninitialized pointer when handling the CSS "attr" function. An attacker can exploit this issue by tricking a victim into viewing a specially crafted page. Ref: http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html
  • 09.25.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Sophos Products CAB File Scan Evasion
  • Description: Sophos develops a range of antivirus products. Multiple Sophos products are exposed to an issue that may allow certain compressed archives to bypass the scan engine. The issue occurs because the software fails to properly inspect specially crafted ".CAB" files.
  • Ref: http://www.sophos.com/support/knowledgebase/article/59992.html
  • 09.25.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Browser HTTP Resource in HTTPS Context Security Bypass
  • Description: Multiple web browsers are prone to a security bypass vulnerability. Recent versions of major web browsers provide error warnings when insecure resources are loaded within secure contexts. In particular, a warning is provided to the user with a webpage retrieved through HTTPS attempts to include a resource retrieved via HTTP. This is intended to protect against various man-in-the-middle and phishing attacks. Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Google Chrome are affected.
  • Ref: http://research.microsoft.com/apps/pubs/default.aspx?id=79323
  • 09.25.38 - CVE: CVE-2009-1694
  • Platform: Cross Platform
  • Title: WebKit "Canvas" HTML Element Image Capture Remote Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue affecting the HTML "canvas" element. Specifically, a malicious webpage may use a "canvas" element in conjunction with a redirect in order to access image data across domains.
  • Ref: http://www.securityfocus.com/bid/35322
  • 09.25.39 - CVE: CVE-2009-1699
  • Platform: Cross Platform
  • Title: WebKit XML External Entity Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue because of how it handles external identities in XML. A malicious page could exploit this issue to retrieve arbitrary files from the local filesystem.
  • Ref: http://scary.beasts.org/security/CESA-2009-006.html
  • 09.25.40 - CVE: CVE-2009-1701
  • Platform: Cross Platform
  • Title: WebKit JavaScript DOM User After Free Remote Code Execution
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote code execution issue because of use-after-free issue in the handling of JavaScript DOM. An attacker can exploit this issue by tricking a victim into viewing a specially crafted page.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-033/
  • 09.25.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities
  • Description: The Mozilla Foundation has released multiple advisories regarding security issues in Firefox, Thunderbird, and SeaMonkey. Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
  • 09.25.42 - CVE: CVE-2009-1693
  • Platform: Cross Platform
  • Title: WebKit "Canvas" SVG Image Capture Remote Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue affecting the HTML "canvas" element. Specifically, a malicious webpage may use a "canvas" element with an SVG image to access image data across domains.
  • Ref: http://www.securityfocus.com/bid/35331
  • 09.25.43 - CVE: CVE-2009-1901, CVE-2009-1900, CVE-2009-1899,CVE-2009-1898
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Multiple Security Vulnerabilities
  • Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. WAS is exposed to multiple security issues. Attackers can leverage these issues to bypass security measures or obtain sensitive information that can aid in further attacks. WAS versions in the 6.0.2.x branch prior to 6.0.2.35 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27007951
  • 09.25.44 - CVE: CVE-2009-0899
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server "IsSecurityEnabled" Flag Information Disclosure
  • Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. WAS is exposed to an information disclosure issue. Specifically, when WAS is migrated from WebSphere Member Manager to Virtual Member Manager, the "IsSecurityEnabled" configuration flag is not set. WAS versions prior to 6.1.0.25 and 7.0.0.5 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21375859
  • 09.25.45 - CVE: CVE-2009-1689
  • Platform: Cross Platform
  • Title: WebKit "about:blank" Security Bypass
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. A security bypass scripting issue affects WebKit when handling a form submitted to "about:blank". This may improperly replace the document's security context.
  • Ref: http://www.securityfocus.com/bid/35332
  • 09.25.46 - CVE: CVE-2009-1703
  • Platform: Cross Platform
  • Title: WebKit File Enumeration Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue because of how it handles audio and video HTML elements. A malicious page could exploit this issue to reference local "file:" URLs and determine the existence of files on a system.
  • Ref: http://www.securityfocus.com/bid/35333
  • 09.25.47 - CVE: CVE-2009-1709
  • Platform: Cross Platform
  • Title: WebKit SVG Animation Elements User After Free Remote Code Execution
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote code execution issue because of a use-after-free issue in the handling of SVG animation elements. Specifically, the issue arises because memory is referenced after it has already been freed.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-034/
  • 09.25.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Serena Dimensions CM "DOWNLOAD" Command Security Bypass
  • Description: Serena Dimensions CM is a tool for configuration management. The application is exposed to a security bypass issue that may allow an authenticated attacker to view files without having the proper permission to do so. This issue occurs because the "DOWNLOAD" command fails to adhere to fine-grained access controls as expected. Serena Dimensions versions 10.1 and later are affected.
  • Ref: http://www.securityfocus.com/archive/1/504261
  • 09.25.49 - CVE: CVE-2009-1710
  • Platform: Cross Platform
  • Title: WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to an issue that may allow attackers to spoof browser UI elements. The problem occurs when handling a large and mostly transparent custom cursor and adjusting CSS3 "hotspot" properties.
  • Ref: http://www.securityfocus.com/bid/35340
  • 09.25.50 - CVE: CVE-2009-1704
  • Platform: Cross Platform
  • Title: Apple Safari CFNetwork Script Injection Weakness
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The CFNetwork component of Apple Safari is exposed to a weakness that may allow attackers to run arbitrary script code. The problem occurs because certain downloaded files may be misidentified as HTML. This can allow malicious JavaScript to be run without warning the user. Safari versions prior to 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7 and on Microsoft Windows XP and Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35344
  • 09.25.51 - CVE: CVE-2009-1716
  • Platform: Cross Platform
  • Title: Apple Safari CFNetwork Downloaded Files Information Disclosure
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Apple Safari is exposed to an information disclosure issue because during the file-download process, the application stores a copy of the file in a world-readable temporary file. Safari versions prior to 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft Windows XP and Vista are affected.
  • Ref: http://www.securityfocus.com/bid/35347
  • 09.25.52 - CVE: CVE-2009-1715
  • Platform: Cross Platform
  • Title: WebKit Web Inspector Page Privilege Cross Domain Scripting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a cross-domain scripting issue because it fails to adequately validate user-supplied input. Web Inspector may allow script code on webpages to execute with incorrect privileges.
  • Ref: http://www.securityfocus.com/bid/35349
  • 09.25.53 - CVE: CVE-2009-1712
  • Platform: Cross Platform
  • Title: WebKit Java Applet Remote Code Execution
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote code execution issue because the application allows sites to load untrusted Java applets from the local system. Successfully exploiting this issue will allow attackers to execute arbitrary code or obtain sensitive information.
  • Ref: http://www.securityfocus.com/bid/35350
  • 09.25.54 - CVE: CVE-2009-1708
  • Platform: Cross Platform
  • Title: Apple Safari "open-help-anchor" URI Handler Remote Code Execution
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a remote code execution issue because the application's "open-help-anchor" URI handler may permit a specially crafted website to open local help files.
  • Ref: http://www.securityfocus.com/bid/35351
  • 09.25.55 - CVE: CVE-2009-1682
  • Platform: Cross Platform
  • Title: Safari X.509 Extended Validation Certificate Revocation Security Bypass
  • Description: Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a security bypass issue because it fails to properly verify X.509 extended validation (EV) certificates. Specifically, the browser may fail to display a warning when a webpage provides a revoked certificate.
  • Ref: http://www.securityfocus.com/bid/35353
  • 09.25.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple F-PROT Products TAR File Scan Evasion
  • Description: F-PROT develops a range of antivirus products. Multiple F-PROT products are exposed to an issue that may allow certain compressed archives to bypass the scan engine. The issue occurs because the software fails to properly inspect specially crafted "TAR" files.
  • Ref: http://www.securityfocus.com/archive/1/504289
  • 09.25.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Norman Products RAR/CAB File Scan Evasion
  • Description: Norman products provide antivirus and firewalling capabilities for various platforms. Multiple Norman products are exposed to an issue that may allow certain compressed archives to bypass the scan engine. The vulnerability occurs because the software fails to properly inspect specially crafted "CAB" and "RAR" files.
  • Ref: http://norman.com/support/security_bulletins/69333/en
  • 09.25.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple IKARUS Products RAR/CAB/ZIP File Scan Evasion
  • Description: IKARUS products provide antivirus and firewalling capabilities. Multiple IKARUS products are exposed to an issue that may allow certain compressed archives to bypass the scan engine. The vulnerability occurs because the software fails to properly inspect specially crafted "ZIP", "CAB", and "RAR" files. Ref: http://blog.zoller.lu/2009/06/subscribe-to-rss-feed-in-case-you-are.html
  • 09.25.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple QuickTime NULL Pointer Dereference Denial of Service
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a denial of service issue. Specifically, this issue occurs when handling specially crafted file URIs and results in a NULL pointer dereference in the "CFRelease()" function.
  • Ref: http://www.securityfocus.com/archive/1/504290
  • 09.25.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox "NPObject" Access Remote Code Execution
  • Description: Mozilla Firefox is a web browser available for various platforms. Firefox is exposed to a remote code execution issue that results from a race condition error and arises in "NPObjWrapper_NewResolve" when accessing properties of a "NPObject" object. The vulnerability presents itself when a user navigates away from a webpage while a Java applet is loading.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
  • 09.25.61 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Kaspersky Products PDF File Scan Evasion
  • Description: Kaspersky products provide antivirus, antispyware, and firewalling capabilities. Multiple Kaspersky products are exposed to an issue that may allow certain specially formatted PDF files to bypass the scan engine. The vulnerability occurs because the software fails to properly inspect specially crafted PDF container files. Specifically, the files containing arbitrary data before the PDF container (%PDF start marker) are not properly inspected. Ref: http://blog.zoller.lu/2009/05/advisory-kaspersky-generic-pdf-evasion.html
  • 09.25.62 - CVE: CVE-2009-1392
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey Multiple Browser Engine Memory Corruption Vulnerabilities
  • Description: Firefox is a web browser. SeaMonkey is a suite of applications including a web browser and an email client. Thunderbird is an email client. Firefox, Thunderbird, and SeaMonkey are exposed to multiple remote memory corruption issues in the browser engine.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
  • 09.25.63 - CVE: CVE-2009-1832
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey Double Frame Construction Memory Corruption
  • Description: Firefox is a Web browser. SeaMonkey is a suite of application including a Web browser and an email client. Thunderbird is an email client. All three application are available for multiple platforms. Firefox, Thunderbird, and SeaMonkey are exposed to a remote memory corruption issue as a result of a double frame construction.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
  • 09.25.64 - CVE: CVE-2009-1761
  • Platform: Cross Platform
  • Title: Computer Associates ARCserve Backup Message Engine Denial of Service
  • Description: Computer Associates ARCserve Backup products provide backup and restore protection for Windows, NetWare, Linux, and Unix servers as well as Windows, Mac OS X, Linux, Unix, AS/400, and VMS clients. The software is exposed to multiple remote denial of service issues it fails to handle specially crafted RPC packets sent to the message engine listening on TCP port 6503 by default. These issues occur in the ASCORE module and when handling stub data containing more than 38 bytes.
  • Ref: http://www.securityfocus.com/archive/1/504348
  • 09.25.65 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ClamAV Embedded Archive File Scan Evasion
  • Description: ClamAV is cross-platform security software providing antivirus, antispyware, and firewalling capabilities for both enterprise and endpoint-based systems. ClamAV is exposed to an issue that may allow certain compressed archives to bypass the scan engine. The issue occurs because the application fails to properly inspect archive files embedded in other files, such as disk images. ClamAV versions prior to 0.95.2 are affected.
  • Ref: http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html
  • 09.25.66 - CVE: CVE-2009-1833
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey Multiple JavaScript Engine Memory Corruption Vulnerabilities
  • Description: Firefox is a Web browser. SeaMonkey is a suite of application including a Web browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. Firefox, Thunderbird, and SeaMonkey are exposed to multiple remote memory corruption issues in the browser engine.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
  • 09.25.67 - CVE: CVE-2009-1841
  • Platform: Cross Platform
  • Title: Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation
  • Description: Mozilla Firefox and SeaMonkey are web browsers. Mozilla Firefox and SeaMonkey are exposed to a privilege escalation issue that exists in the browser's Sidebar and FeedWriter. Attackers can exploit this issue to execute arbitrary code with the object's chrome privileges.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
  • 09.25.68 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple QuickTime Clipping Region (CRGN) Atom Types Stack Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a stack-based buffer overflow issue when processing specially crafted Clipping Region (CRGN) atom types contained in a ".mov" movie file. Quicktime version 7.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/35375
  • 09.25.69 - CVE: CVE-2009-1841
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey XUL Scripts Content-Policy Check Security Bypass
  • Description: Firefox is a Web browser. SeaMonkey is a suite of applications including a Web browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. Mozilla Firefox, Thunderbird and SeaMonkey are exposed to a security bypass issue that occurs because the content-loading policies aren't properly checked before loading external script files into XUL documents.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
  • 09.25.70 - CVE: CVE-2009-1836
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey Malicious Proxy HTTPS Man In The Middle
  • Description: Firefox is a Web browser. SeaMonkey is a suite of application including a Web browser and an email client. Thunderbird is an email client. Firefox, Thunderbird, and SeaMonkey are exposed to a man-in-the-middle issue that affects applications which are configured to use a web proxy. Specifically, this issue results from a failure to properly handle proxy error messages provided when attempting an SSL encrypted connection.
  • Ref: http://research.microsoft.com/apps/pubs/default.aspx?id=79323
  • 09.25.71 - CVE: CVE-2009-1719
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Aqua Look and Feel Multiple Privilege Escalation Vulnerabilities
  • Description: Sun Java Runtime Environment (JRE) is an enterprise development platform. Sun Java Runtime Environment is exposed to a privilege escalation issue when running untrusted applications or applets. These issues occur in the "Aqua" look and feel for Java. Sun Java Runtime Environment version 1.5 running on Mac OS X 10.5 is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-043/
  • 09.25.72 - CVE: CVE-2009-1838
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution
  • Description: Firefox is a Web browser. SeaMonkey is a suite of applications including a Web browser and an email client. Thunderbird is an email client. Firefox, Thunderbird, and SeaMonkey are exposed to a remote code execution issue that is caused by an error in garbage collection which may leave objects with a NULL owner document. This may result in event handlers being called in the incorrect JavaScript context.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
  • 09.25.73 - CVE: CVE-2009-1839
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey "file://" URI Security Bypass
  • Description: Firefox is a Web browser. SeaMonkey is a suite of application including a Web browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. When handling local files via "file://" URIs, the applications restrict access to other areas of the local file system based on "principals" associated with each open file.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
  • 09.25.74 - CVE: CVE-2009-1834
  • Platform: Cross Platform
  • Title: Mozilla Firefox/SeaMonkey Address Bar URI Spoofing
  • Description: Mozilla Firefox/SeaMonkey are affected by a URI-spoofing vulnerability because they fail to adequately handle user-supplied data. This issue allows attackers to use certain invalid unicode characters as part of an internationalized domain name (IDN) which are displayed as whitespace in the location bar. The whitespace could be used to force part of the URL out of view in the location bar. Firefox versions prior to 3.0.11 and SeaMonkey versions prior to 1.1.17 are affected.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
  • 09.25.75 - CVE: Not Available
  • Platform: Cross Platform
  • Title: F-Secure Messaging Security Gateway Email Relay
  • Description: F-Secure Messaging Security Gateway provides protection against spam, viruses, and other attacks that target a corporation's email infrastructure. F-Secure Messaging Security Gateway may allow remote attackers to employ a vulnerable server as a spam relay. This issue occurs because of a design error. F-Secure Messaging Security Gateway versions 5.5.x are affected. Ref: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-2.html
  • 09.25.76 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GUPnP Message Handling Denial of Service
  • Description: GUPnP is an object-oriented open source framework for creating UPnP devices and control points. It is implemented in the C programming language. GUPnP is exposed to a remote denial of service issue that is triggered when the application processes subscription or control messages without content. GUPnP versions prior to 0.12.8 are affected. Ref: http://git.gupnp.org/cgit.cgi?url=gupnp/tree/NEWS&id=ce714a6700ce03953a2886a66ec57db59205f4e6
  • 09.25.77 - CVE: CVE-2009-1835
  • Platform: Cross Platform
  • Title: Mozilla Firefox/SeaMonkey "file://" URI Information Disclosure
  • Description: Firefox is a Web browser. SeaMonkey is a suite of applications including a Web browser and an email client. The applications are available for multiple platforms. An information disclosure issue affects Firefox and SeaMonkey because of how a domain is calculated from the URL. Specifically, local resources loaded via the "file:" protocol can access cookies for arbitrary domains stored on the vulnerable computer.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
  • 09.25.78 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Nodequeue Module Security Bypass and Cross-Site Scripting Vulnerabilities
  • Description: The Drupal Nodequeue module allows a Drupal administrator to place nodes in a group. The application is exposed to multiple issues. The attacker may leverage the security bypass issue to view or modify data, despite the attacker's insufficient privileges. Nodequeue for Drupal 5.x versions prior to Nodequeue 5.x-2.7 and Nodequeue for Drupal 6.x versions prior to Nodequeue 6.x-2.2 are affected.
  • Ref: http://drupal.org/node/488092
  • 09.25.79 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: F5 Networks FirePass SSL VPN Unspecified Cross-Site Scripting
  • Description: F5 Networks FirePass SSL VPN is a secure Virtual Private Network device that uses SSL connections to encapsulate network traffic. F5 Networks FirePass SSL VPN is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/504232
  • 09.25.80 - CVE: CVE-2009-1684
  • Platform: Web Application - Cross Site Scripting
  • Title: WebKit JavaScript "onload()" Event Cross-Domain Scripting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a cross-domain scripting issue because it fails to properly restrict the access of JavaScript code when loading new web pages. Specifically, the "onload()" JavaScript event may be set to call a malicious JavaScript function when a new web page is loaded in an affected browser.
  • Ref: http://www.securityfocus.com/archive/1/504198
  • 09.25.81 - CVE: CVE-2009-1685
  • Platform: Web Application - Cross Site Scripting
  • Title: WebKit "document.implementation" Cross-Domain Scripting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a cross-domain scripting issue because of an issue in the separation of JavaScript contexts. A remote attacker may be able to overwrite the "document.implementation" of an embedded or parent document from a different security zone.
  • Ref: http://www.securityfocus.com/bid/35319
  • 09.25.82 - CVE: CVE-2009-1688
  • Platform: Web Application - Cross Site Scripting
  • Title: WebKit HTML 5 Standard Method Cross-Site Scripting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. A cross-site scripting issue affects WebKit because it fails to properly use the HTML 5 standard method to determine the security context of an associated script.
  • Ref: http://www.securityfocus.com/bid/35320
  • 09.25.83 - CVE: CVE-2009-1702
  • Platform: Web Application - Cross Site Scripting
  • Title: WebKit "Location" and "History" Objects Cross-Site Scripting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. A cross-site scripting issue affects WebKit because it fails to properly sanitize user-supplied input. Specifically, the issue arises when the application handles the "Location" and "History" objects.
  • Ref: http://www.securityfocus.com/bid/35327
  • 09.25.84 - CVE: CVE-2009-1695
  • Platform: Web Application - Cross Site Scripting
  • Title: WebKit Frame Transition Cross-Domain Scripting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a cross-domain scripting issue because it allows the contents of a frame to be accessed by an HTML document after a page transition has taken place. The attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.
  • Ref: http://www.securityfocus.com/bid/35328
  • 09.25.85 - CVE: CVE-2009-1691
  • Platform: Web Application - Cross Site Scripting
  • Title: WebKit JavaScript Prototypes Cross-Site Scripting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. A cross-site scripting issue affects WebKit because it allows a specially crafted site to alter standard JavaScript prototypes served from a different domain.
  • Ref: http://www.securityfocus.com/bid/35330
  • 09.25.86 - CVE: CVE-2009-1714
  • Platform: Web Application - Cross Site Scripting
  • Title: WebKit Web Inspector Cross-Site Scripting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a cross-site scripting issue because it fails to adequately validate user-supplied input. This issue affects Web Inspector and can be triggered with improperly escaped HTML attributes.
  • Ref: http://www.securityfocus.com/bid/35348
  • 09.25.87 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TBDEV.NET Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: TBDEV.NET is a PHP-based torrent tracker and content manager based on torrentbits/bytemonsoon source code. The application is exposed to multiple input validation issues. TBDEV-01-01-08 is affected.
  • Ref: http://www.securityfocus.com/bid/35366
  • 09.25.88 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Webmedia Explorer Multiple Cross-Site Scripting Vulnerabilities
  • Description: Webmedia Explorer is a PHP-based blog application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. Webmedia Explorer versions 5.0.9 and 5.10.0 are affected.
  • Ref: http://www.securityfocus.com/bid/35368
  • 09.25.89 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Modern Guestbook / Commenting System Extension Unspecified Cross-Site Scripting
  • Description: Modern Guestbook / Commenting System (ve_guestbook) is an extension for the TYPO3 content manager. The extension is part of the TYPO3 default installation. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Modern Guestbook / Commenting System versions prior to 2.7.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/
  • 09.25.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ModSecurity SQL Injection Rule Security Bypass
  • Description: ModSecurity is an Apache module that provides firewall protection for web applications. ModSecurity is exposed to a security bypass issue because it fails to sufficiently validate user-supplied input. This issue affects the SQL Injection rule base of ModSecurity Core Rules, and occurs with ASP and ASP.NET applications. ModSecurity versions 2.5.9 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/504240
  • 09.25.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpWebThings "fdown.php" SQL Injection
  • Description: phpWebThings is a content manager and open-source portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the 'id' parameter of the "fdown.php" script before using it in an SQL query. phpWebThings version 1.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/35336
  • 09.25.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 FrontEnd MP3 Player Extension Unspecified SQL Injection
  • Description: FrontEnd MP3 Player ("fe_mp3player") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. FrontEnd MP3 Player versions prior to 0.2.4 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008
  • 09.25.93 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Virtual Civil Services Extension Unspecified SQL Injection
  • Description: Virtual Civil Services ("civserv") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Virtual Civil Services versions prior to 4.3.3 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/
  • 09.25.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iJoomla RSS Feeder Component "cat" Parameter SQL Injection
  • Description: iJoomla RSS Feeder is a component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "com_ijoomla_rss" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/35379
  • 09.25.95 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Photoracer Plugin "id" Parameter SQL Injection
  • Description: Photoracer is a plugin for the WordPress web-based publishing application. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "viewimg.php" script before using the data in an SQL query. Photoracer version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/35382
  • 09.25.96 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_jumi" Component "fileid" Parameter SQL Injection
  • Description: com_jumi is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fileid" parameter of the "com_jumi" component before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/35384
  • 09.25.97 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phPortal "topicler.php" SQL Injection
  • Description: phPortal is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "topicler.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/35387
  • 09.25.98 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 References database Extension Unspecified SQL Injection
  • Description: References database ("t3references") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. References database versions prior to 0.1.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/
  • 09.25.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Taxonomy Manager Administrative Page HTML Injection
  • Description: Taxonomy is a PHP-based component for the Drupal content manager that is used to organize content. It is part of Drupal Core and is enabled by default. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, this issue occurs in the administrative page.
  • Ref: http://drupal.org/node/487818
  • 09.25.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Services Module Key Based Access Unauthorized Access
  • Description: The Service module for the Drupal content manager provides an API for exposing Drupal functions, allowing clients to call server methods to obtain data for local processing. The module is exposed to an unauthorized access issue that occurs when key-based access is enabled. Specifically, any user may view or add keys allowing unauthorized users to gain access to certain services.
  • Ref: http://drupal.org/node/488004
  • 09.25.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Views Module Multiple Security Bypass and HTML Injection Vulnerabilities
  • Description: Views is a module for the Drupal content manager. The module is exposed to mulitple issues. An attacker may exploit these vulnerabilities to bypass intended access controls or to render arbitrary HTML and script code in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Views versions prior to 6.x-2.6 are affected.
  • Ref: http://drupal.org/node/488068
  • 09.25.102 - CVE: Not Available
  • Platform: Web Application
  • Title: phpWebThings "module" Parameter Local File Include
  • Description: phpWebThings is a content manager and open-source portal. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "module" parameter of the "help" script. phpWebThings version 1.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/35313
  • 09.25.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Yogurt Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: Yogurt is a social network application implemented in PHP. The application is exposed to multiple input validation issues. A successful exploit may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Yogurt version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/35324
  • 09.25.104 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS "module_icon.php" Local File Include
  • Description: XOOP is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "mydirpath" parameter in the "module_icon.php" script. XOOPS version 2.3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/35407
  • 09.25.105 - CVE: Not Available
  • Platform: Web Application
  • Title: 4homepages 4images Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: 4images is a PHP-based application for managing image galleries. The application is exposed to multiple input validation issues. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. 4images version 1.7.7 is affected.
  • Ref: http://www.securityfocus.com/bid/35342
  • 09.25.106 - CVE: Not Available
  • Platform: Web Application
  • Title: SugarCRM Email Attachment Arbitrary File Upload
  • Description: SugarCRM is a customer relationship management (CRM) suite that is implemented in Java and PHP. It is available for Microsoft Windows and for UNIX/Linux variants. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately validate user-supplied input. SugarCRM versions 5.2.0e and earlier are affected.
  • Ref: http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt
  • 09.25.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Pivot Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: Pivot is a web-based application implemented in PHP. The application is exposed to multiple input validation issues. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Pivot versions 1.40.4 and 1.40.7 are affected. Ref: http://forum.intern0t.net/intern0t-advisories/1119-intern0t-pivot-1-40-4-7-multiple-vulnerabilities.html
  • 09.25.108 - CVE: Not Available
  • Platform: Web Application
  • Title: 4homepages 4images "global.php" Local File Include
  • Description: 4images is a PHP-based application for managing image galleries. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "l" parameter of the "global.php" script. 4images versions prior to 1.7.7 are affected.
  • Ref: http://bbs.wolvez.org/topic/56/
  • 09.25.109 - CVE: Not Available
  • Platform: Web Application
  • Title: FireStats "firestats-wordpress.php" Remote File Include
  • Description: FireStats is a PHP-based web site statistics application for WordPress. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "fs_javascript" parameter of the "firestats-wordpress.php" script. FireStats version 1.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/35367
  • 09.25.110 - CVE: Not Available
  • Platform: Web Application
  • Title: TorrentTrader Classic Multiple Remote Vulnerabilities
  • Description: TorrentTrader Classic is a PHP-based web application. The application is exposed to multiple issues: an insufficient entropy weakness, multiple information disclosure issues, multiple SQL injection issues, multiple HTML injection issues, multiple cross-site scripting issues, and a local file include issue. TorrentTrader Classic version 1.09 is affected.
  • Ref: http://www.waraxe.us/advisory-74.html
  • 09.25.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Uebimiau Webmail "admin/editor.php" Arbitrary File Overwrite
  • Description: Uebimiau Webmail provides webmail access to IMAP and POP3 accounts. The application is exposed to an issue that could permit an attacker to overwrite arbitrary files within the context of the webserver process. This issue occurs because the application fails to sanitize user-supplied input to the "admin/editor.php" script.
  • Ref: http://www.securityfocus.com/bid/35374
  • 09.25.112 - CVE: Not Available
  • Platform: Web Application
  • Title: JoomlaPraise Projectfork Joomla! Component "section" Parameter Local File Include
  • Description: Projectfork is a component for the Joomla! content manager. The application is exposed to a local file-include vulnerability because it fails to properly sanitize user-supplied input to the "section" parameter in the "com_projectfork" component. Projectfork version 2.0.10 is affected.
  • Ref: http://www.securityfocus.com/bid/35378
  • 09.25.113 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin Radio and TV Player Add-On Multiple HTML Injection Vulnerabilities
  • Description: vBulletin is a PHP-based web application. The Radio and TV Player add-on allows streaming radio and television content to be included in a forum. The application is exposed to multiple HTML-injection issues because it fails to sufficiently sanitize user-supplied data provided as "Station Name" and "URL" values.
  • Ref: http://www.securityfocus.com/bid/35385
  • 09.25.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Zend Framework "Zend_View::render()" Directory Traversal
  • Description: Zend Framework is a server for PHP applications. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input in the "Zend_View::render()" function. Zend Framework versions prior to 1.7.5 are affected. Ref: http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html
  • 09.25.115 - CVE: Not Available
  • Platform: Network Device
  • Title: NetGear DG632 Router Multiple Remote Vulnerabilities
  • Description: NetGear DG632 is an ADSL modem router. NetGear DG632 router is exposed to multiple remote issues in the web interface. An attacker with access to the web interface of the router can exploit these issues to enumerate files and directories in the router's "www" directory, cause denial-of-service conditions, and bypass authentication to administrative scripts.
  • Ref: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The quick pace is awesome! Moving forward and actively covering topics is invigorating!
-Steven Park, Boeing

Community SANS Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc