Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 3
January 15, 2009

SANS Newsletters Home

The quiet time is over. Oracle, Blackberry Enterprise Server and Windows users all have critical vulnerabilities to deal with this week. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 5 (#1, #6)
    • Other Microsoft Products
    • 3
    • Third Party Windows Apps
    • 10 (#2, #4, #5)
    • Linux
    • 3
    • Solaris
    • 1
    • Cross Platform
    • 26 (#3)
    • Web Application - Cross Site Scripting
    • 9
    • Web Application - SQL Injection
    • 25
    • Web Application
    • 20
    • Network Device
    • 6

***********************************************************************

1) Take part in the SANS 5th Annual Log Management Survey: A Leading Source for Actionable Data on Key Issues and Trends. http://www.sans.org/ info/37128"> http://www.sans.org/ info/37128

2) Visit the SANS Vendor Demo resource page to see the latest INFOSEC products & solutions in action! http://www.sans.org/ info/37133"> http://www.sans.org/ info/37133

3) "Compliance" does not mean "Secure". Is your organization maximizing vulnerability management to maintain compliance standards? Listen to this popular SANS webcast on emerging VM trends featuring David Hoelzer. http://www.sans.org/ info/37138"> http://www.sans.org/ info/37138

*************************************************************************

TRAINING UPDATE - - SANS 2009 in Orlando in early march - the largest security training conference and expo in the world. lots of evening sessions: http://www.sans.org/ - - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/ - - Looking for training in your own Community? http://sans.org/community/ For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (5) HIGH: NullSoft Winamp Audio File Parsing Multiple Buffer Overflows
  • Affected:
    • NullSoft Winamp versions 5.3.2 and prior

  • Description: NullSoft Winamp is a popular media play for Microsoft Windows. It contains flaws in its parsing of MP3 and Audio Interchange File Format (AIFF) files. A specially crafted MP3 or AIFF file could trigger one of these flaws, leading to a buffer overflow condition. Successfully exploiting one of these buffer overflows would allow an attacker to execute arbitrary code with the privileges of the current user. Depending upon configuration, a malicious file may be opened upon receipt by the vulnerable application. A proof-of-concept for these vulnerabilities is publicly available.

  • Status: Vendor has not confirmed, no updates available.

  • References:
  • (6) MODERATE: Microsoft Windows Compiled HTML Help Handling Buffer Overflow
  • Affected:
    • Microsoft Windows XP SP3

  • Description: Compiled HTML (CHM) is a document format used most commonly for help files on Microsoft Windows. Microsoft Windows XP SP3 contains a flaw in its parsing of these files. A specially crafted CHM file could trigger a buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Depending upon configuration, the malicious file may be opened by the vulnerable application upon receipt. A proof-of-concept is publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.3.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CHM File Processing Buffer Overflow
  • Description: CHM files are compiled HTML files used on the Microsoft Windows platform. Windows is exposed to a buffer overflow issue because of an issue when processing CHM files. Microsoft Windows XP Service Pack 3 is affected.
  • Ref: http://www.securityfocus.com/bid/33204
  • 09.3.2 - CVE: Not Available
  • Platform: Windows
  • Title: Triologic Media Player ".m3u" File Heap Buffer Overflow
  • Description: Triologic Media Player is a media player application for Microsoft Windows. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed ".m3u" files. Triologic Media Player version 7 is affected.
  • Ref: http://www.securityfocus.com/bid/33219
  • 09.3.3 - CVE: Not Available
  • Platform: Windows
  • Title: Winamp MP3 and AIFF File Parsing Multiple Buffer Overflow Vulnerabilities
  • Description: Winamp is a multi-format media player application for Micorosft Windows platforms. The application is exposed to multiple buffer overflow issues because it fails to perform adequate checks on user-supplied input. Winamp versions up to and including 5.541 are affected.
  • Ref: http://www.securityfocus.com/bid/33226
  • 09.3.4 - CVE: CVE-2008-4834
  • Platform: Windows
  • Title: Microsoft Windows SMB Buffer Overflow
  • Description: Microsoft Windows is exposed to a buffer overflow issue that occurs in the SMB (Server Message Block) protocol implementation. This issue occurs because the server service fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx
  • 09.3.5 - CVE: CVE-2008-4835
  • Platform: Windows
  • Title: Microsoft Windows SMB Remote Code Execution
  • Description: Microsoft Windows is exposed to a remote code execution vulnerability in the SMB (Server Message Block) protocol implementation. This issue occurs because the server service fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-001.mspx
  • 09.3.6 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer "screen[""]" Remote Denial of Service
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. Internet Explorer is exposed to a remote denial of service issue when handling specially crafted web pages. The issue stems from a NULL pointer access error when handling the "screen" object. Microsoft Internet Explorer versions 6, 7 and 8 Beta are affected. Ref: http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details/
  • 09.3.7 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft HTML Help Workshop ".hhp" File Handling Buffer Overflow
  • Description: Microsoft HTML Help Workshop is part of Microsoft Office Resource Kit and is used to create help topics that may be integrated with the Office Help system. Microsoft HTML Help Workshop is exposed to a remote buffer overflow issue that arises because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. HTML Help Workshop versions 4.74 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33189
  • 09.3.8 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Office Viewer OCX ActiveX Control "Open()" Method Arbitrary Command Execution
  • Description: Office OCX Office Viewer is an ActiveX control that allows users to view and edit Microsoft Office documents through a web browser. The Office Viewer OCX ActiveX control is exposed to an issue that lets attackers execute arbitrary commands. Office Viewer OCX version 3.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.3.9 - CVE: CVE-2008-4827
  • Platform: Third Party Windows Apps
  • Title: Multiple Vendor SizerOne ActiveX Control "AddTab" Method Buffer Overflow
  • Description: SizerOne is an ActiveX control used in products by multiple vendors. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://secunia.com/secunia_research/2008-53/
  • 09.3.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Perception LiteServe "USER" FTP Command Remote Buffer Overflow
  • Description: Perception LiteServe is a server application for Microsoft Windows. LiteServe is able to act as an FTP server. LiteServe is exposed to a remote buffer overflow issue that occurs in the handling of the "USER" FTP command. LiteServe version 2.81 is affected.
  • Ref: http://www.securityfocus.com/bid/33158
  • 09.3.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: gen_msn Winamp Plugin ".pls" Playlist File Remote Heap Buffer Overflow
  • Description: gen_msn Winamp Plugin is used to display currently playing songs in the personal status message of Windows Live Messenger. The application is exposed to a remote heap-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. gen_msn version 0.31 is affected.
  • Ref: http://www.securityfocus.com/bid/33159
  • 09.3.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MP3 TrackMaker ".mp3" File Remote Heap Buffer Overflow
  • Description: Heathco Software MP3 TrackMaker is an audio editing application for Microsoft Windows. The application is exposed to a remote heap-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. TrackMaker version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/33183
  • 09.3.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VUPlayer ".asx" Playlist File Buffer Overflow
  • Description: VUPlayer is a media player for Microsoft Windows. VUPlayer is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. VUPlayer version 2.49 is affected.
  • Ref: http://www.securityfocus.com/bid/33185
  • 09.3.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities
  • Description: Excel Viewer OCX is an ActiveX control that allows users to view and interact with Microsoft Excel documents in Win Forms or webpages. Excel Viewer OCX ActiveX control is exposed to multiple remote issues. Excel Viewer OCX version 3.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.3.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ciansoft PDFBuilderX Control (ActiveX) Arbitrary File Overwrite
  • Description: Ciansoft PDFBuilderX Control (ActiveX) is an application for creating PDF documents. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. Ciansoft PDFBuilderX Control (ActiveX) version 2.2.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.3.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple Office OCX ActiveX Controls "Save()" Arbitrary File Overwrite
  • Description: Word Viewer, PowerPoint Viewer and Office Viewer are ActiveX controls that allow users to view and edit Microsoft Word documents through a web browser. The controls are exposed to an issue that allows attackers to overwrite arbitrary attacker-specified files.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.3.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple Office OCX ActiveX Controls "OpenWebFile()" Arbitrary Program Execution
  • Description: Microsoft Word Viewer, PowerPoint Viewer, and Office Viewer are ActiveX controls that allow users to view and edit Office documents through a web browser. The controls are exposed to an issue that allows attackers to execute arbitrary remote attacker-specified files.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.3.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ots Labs OtsTurntables OFL File Buffer Overflow
  • Description: Ots Labs OtsTurntables is an MP3 mixer available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied input. OtsTurntables version 1.00.027 is affected.
  • Ref: http://www.securityfocus.com/bid/33257
  • 09.3.19 - CVE: CVE-2009-0024
  • Platform: Linux
  • Title: Linux Kernel "sys_remap_file_pages()" Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue. This issue is due to an unspecified error in the "sys_remap_file_pages()" function. Linux kernel versions prior to 2.6.24.1 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1
  • 09.3.20 - CVE: CVE-2008-4307
  • Platform: Linux
  • Title: Linux Kernel "locks_remove_flock()" Local Race Condition
  • Description: The Linux kernel is exposed to a local race condition issue because it fails to properly handle POSIX locks. The vulnerability occurs in the "locks_remove_flock()" function of the "/fs/locks.c" source file. A local attacker may exploit this issue to crash the computer or to gain elevated privileges on the affected computer.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4307
  • 09.3.21 - CVE: Not Available
  • Platform: Linux
  • Title: HP Linux Imaging and Printing System "hplip.postinst" Local Privilege Escalation
  • Description: HP Linux Imaging and Printing System (HPLIP) is a Linux-based application to print, scan, and fax with HP inkjet and laser printers. The application is exposed to a local privilege escalation issue because an installation script changes ownership and permission on certain files in user's home directories.
  • Ref: http://www.securityfocus.com/bid/33249
  • 09.3.22 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "aio_suspend()" Integer Overflow Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a local denial of service issue. It is the result of an integer overflow in the "aio_suspend()" function.
  • Ref: http://www.trapkit.de/advisories/TKADV2009-001.txt
  • 09.3.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Mail Security For SMTP Denial of Service
  • Description: Symantec Mail Security for SMTP is an email-scanning security application for multiple operating platforms. The application is exposed to a remote denial of service issue. Symantec Mail Security for SMTP version 5.0.1 with Patch 189 is affected. Ref: ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail_security/5.0.1_smtp/updates/RELEASE_NOTES.p200.txt
  • 09.3.24 - CVE: CVE-2008-0067
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager HTTP Request Multiple Buffer Overflow Vulnerabilities
  • Description: HP OpenView Network Node Manager is a fault-management application for IP networks. The application is exposed to multiple buffer overflow issues because it fails to adequately bounds check user-supplied input before copying it to insufficiently sized buffers. HP OpenView Network Node Manager version 7.51 with NNM_01168 is affected.
  • Ref: http://secunia.com/secunia_research/2008-13/
  • 09.3.25 - CVE: CVE-2008-5077, CVE-2009-0046, CVE-2009-0047,CVE-2009-0048, CVE-2009-0049, CVE-2009-0021
  • Platform: Cross Platform
  • Title: OpenSSL "EVP_VerifyFinal" Function Signature Verification
  • Description: OpenSSL is an open-source cryptography library. OpenSSL is exposed to a signature verification issue that arises because of a design error as several functions do not properly verify the result of the "EVP_VerifyFinal" function call. OpenSSL release versions prior to 0.9.8j are affected.
  • Ref: http://www.securityfocus.com/archive/1/499855
  • 09.3.26 - CVE: CVE-2009-0025, CVE-2009-0050, CVE-2009-0051
  • Platform: Cross Platform
  • Title: Multiple Vendor OpenSSL "DSA_verify" Function Signature Verification
  • Description: Products by multiple vendors using OpenSSL are exposed to a signature verification issue that arises because of a design error as the applications fail to verify the result of the OpenSSL "DSA_verify" function call.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521
  • 09.3.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox "designMode" Null Pointer Dereference Denial of Service
  • Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue. Specifically, this issue arises when the "document.designMode" property is set to "on". Firefox version 3.0.5 is affected.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=456727
  • 09.3.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Audacity ".aup" Project File Parsing Buffer Overflow
  • Description: Audacity is an audio-editing application available for multiple platforms. Audacity is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when the application parses a specially crafted ".aup" project file. Audacity version 1.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33160
  • 09.3.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Openfire "log.jsp" Directory Traversal
  • Description: Openfire is a freely available instant-messaging server available for various platforms. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "log" parameter of the "log.jsp" script. Openfire version 3.6.2 is affected. Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
  • 09.3.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial of Service
  • Description: IBM WebSphere DataPower XML Security Gateway XS40 is a device for securing web services. The device is exposed to a remote denial of service issue because it fails to handle user-supplied data. WebSphere DataPower XML Security Gateway XS40 with firmware version 3.6.1.5 is affected.
  • Ref: http://www-01.ibm.com/software/integration/datapower/xs40/
  • 09.3.31 - CVE: CVE-2007-0707
  • Platform: Cross Platform
  • Title: Gretech GOM Player ".asx" File Remote Stack Buffer Overflow
  • Description: Gretech GOM Player is a multimedia player application. GOM Player is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. GOM Player version 2.0.12.3375 is affected.
  • Ref: http://www.securityfocus.com/bid/33172
  • 09.3.32 - CVE: CVE-2009-0041
  • Platform: Cross Platform
  • Title: Asterisk IAX2 Authentication Response Remote Information Disclosure
  • Description: Asterisk is an open-source PBX application available for multiple operating platforms. Asterisk is exposed to an information disclosure issue because it does not provide safe responses to failed authentication attempts.
  • Ref: http://downloads.digium.com/pub/security/AST-2009-001.html
  • 09.3.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Anope IRC Services "bs_fantasy_ext" Extension IP Address Information Disclosure
  • Description: The "bs_fantasy_ext" extension for Anope IRC Services provides a variety of commands used for Internet Relay Chat (IRC) administration. The application is exposed to an information disclosure issue related to the "unban" IRC command. bs_fantasy_ext version 1.1.16 is affected.
  • Ref: http://www.securityfocus.com/bid/33175
  • 09.3.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IntelliTamper ".CAT" Catalog File Buffer Overflow
  • Description: IntelliTamper is a spider application for scanning websites. IntelliTamper is exposed to a buffer overflow issue because it fails to properly validate the size of user-supplied data before copying it into a fixed-sized buffer. IntelliTamper versions 2.07 and 2.08 are affected.
  • Ref: http://www.securityfocus.com/bid/33179
  • 09.3.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Serv-U Remote Denial of Service Vulnerabilities
  • Description: Serv-U is a file server. Serv-U is exposed to multiple remote denial of service issues. Successfully exploiting these issues will allow attackers to deny service to legitimate users. Serv-U versions prior to 7.4.0.0 are affected.
  • Ref: http://www.serv-u.com/releasenotes/
  • 09.3.36 - CVE: CVE-2008-5031
  • Platform: Cross Platform
  • Title: Python "expandtabs" Multiple Integer Overflow Vulnerabilities
  • Description: Python is an interpreted dynamic object-oriented programming language that is available for many operating systems. Python is exposed to multiple integer overflow issues that stem from an incomplete fix for an earlier issue in the "expandtabs" method. Python versions prior to 2.5.2 are affected.
  • Ref: http://www.openwall.com/lists/oss-security/2008/11/05/2
  • 09.3.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Browse3D ".sfs" File Handling Buffer Overflow
  • Description: Browse3D is a web-browsing client. The application is exposed to a remote buffer overflow issue that arises because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. Browse3D version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/33199
  • 09.3.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: mlmmj Unspecified
  • Description: mlmmj (Mailing List Managing Made Joyful) is a mailing list manager. The application is exposed to an unspecified issue related to the "contrib/web/perl-user" script. mlmmj versions prior to 1.2.16 are affected.
  • Ref: http://www.securityfocus.com/bid/33208
  • 09.3.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Amarok "audible.cpp" Audible File Multiple Integer Overflow and Memory Allocation Vulnerabilities
  • Description: Amarok is a music player for multiple operating systems. Amarok is exposed to multiple integer overflow and memory allocation issues because it fails to perform adequate boundary checks on user-supplied data while handling Audible files. Amarok versions prior to 2.0.1.1 are affected.
  • Ref: http://www.trapkit.de/advisories/TKADV2009-002.txt
  • 09.3.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BluePex IE-2000 IP-Based Session Hijacking
  • Description: The BluePex IE-2000 is a security appliance. The device is exposed to an authentication bypass issue because it maintains authentication states based on the IP address of users.
  • Ref: http://www.gsec.com.br/GSEC-2008001-en.txt
  • 09.3.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP "popen()" Function Buffer Overflow
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a buffer overflow issue because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP version 5.2.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/499972
  • 09.3.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BlackBerry Attachment Service PDF Distiller Remote Code Execution
  • Description: BlackBerry Attachment Service is a component of BlackBerry Enterprise Server and BlackBerry Unite! that is used to process email attachments. BlackBerry Attachment Service is exposed to a remote code execution issue that occurs when the service's PDF distiller tries to process specially crafted PDF files. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=764
  • 09.3.43 - CVE: CVE-2008-5262
  • Platform: Cross Platform
  • Title: DevIL "RGBE" File Parsing Multiple Buffer Overflow Vulnerabilities
  • Description: DevIL is a multi-platform image processing library. The library is exposed to multiple buffer overflow issues because it fails to perform adequate checks on user-supplied input. DevIL version 1.7.4 is affected.
  • Ref: http://secunia.com/secunia_research/2008-59/
  • 09.3.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari RSS Feed Information Disclosure
  • Description: Apple Safari is a browser for multiple operating platforms. Safari is exposed to an information disclosure issue that occurs in the default RSS feed used by Safari. Successfully exploiting this issue will allow the attacker to obtain information that may lead to further attacks.
  • Ref: http://brian.mastenbrook.net/display/27
  • 09.3.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: libmikmod Multiple Sound Channel Media Playback Remote Denial of Service
  • Description: libmikmod is an audio library available for various operating systems. It is used by the MikMod media player application. libmikmod is exposed to a remote denial of service issue because it fails to perform adequate boundary checks on user-supplied input. libmikmod versions 3.1.9 through 3.2.0 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519
  • 09.3.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: dBpowerAMP Audio Player ".pls" File Buffer Overflow
  • Description: dBpowerAMP Audio Player is an audio player that plays various media formats. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. dBpowerAMP Audio Player version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33239
  • 09.3.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: libmikmod ".XM" File Remote Denial of Service
  • Description: libmikmod is an audio library available for various operating systems. It is used by the MikMod media player application. libmikmod is exposed to a remote denial of service issue because it fails to perform adequate boundary checks on user-supplied input. libmikmod versions 3.1.9 through 3.2.0 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=479833
  • 09.3.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TeamSpeak "help" Command Directory Traversal
  • Description: TeamSpeak is a freely available chat server available for various platforms. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input submitted through the "help" command. TeamSpeak versions up to and including 2.0.23.17 are affected.
  • Ref: http://www.securityfocus.com/bid/33256
  • 09.3.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MyNETS 1.2.0.1 and prior Unspecified Cross-Site Scripting
  • Description: MyNETS is a web-based application implemented in PHP. MyNETS is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. MyNETS versions 1.2.0.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33145
  • 09.3.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Movable Type Prior to Version 4.23 Unspecified Cross-Site Scripting
  • Description: Movable Type is a web-log application written in PERL and PHP. Movable Type is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. Movable Type versions prior to 4.23 are affected.
  • Ref: http://www.securityfocus.com/bid/33163
  • 09.3.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Openfire "logviewer.jsp" Cross-Site Scripting
  • Description: Openfire is a freely available instant-messaging server available for various platforms. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "log" parameter of the "logviewer.jsp" script. Openfire version 3.6.2 is affected. Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
  • 09.3.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Openfire "group-summary.jsp" Cross-Site Scripting
  • Description: Openfire is a freely available instant-messaging server available for various platforms. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "search" parameter of the "group-summary.jsp" script. Openfire version 3.6.2 is affected. Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
  • 09.3.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Openfire "user-properties.jsp" Cross-Site Scripting
  • Description: Openfire is a freely available instant-messaging server available for various platforms. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "username" parameter of the "user-properties.jsp" script. Openfire version 3.6.2 is affected. Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
  • 09.3.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Openfire "audit-policy.jsp" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Openfire is a freely available instant-messaging server available for various platforms. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "logDir", "logTimeout", "maxDays", "maxFileSize", and "maxTotalSize" parameters of the "audit-policy.jsp" script. Openfire version 3.6.2 is affected. Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
  • 09.3.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Openfire "log.jsp" Cross-Site Scripting
  • Description: Openfire is a freely available instant-messaging server available for various platforms. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "log" parameter of the "log.jsp" script. Openfire version 3.6.2 is affected. Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
  • 09.3.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MODx Prior to 0.9.6.3 Multiple Cross-Site Scripting Vulnerabilities
  • Description: MODx is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input during weblogin. MODx versions prior to 0.9.6.3 are affected.
  • Ref: http://jvn.jp/en/jp/JVN10170564/index.html
  • 09.3.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ovidentia "index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Ovidentia is a content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "pat" and "smap_node_id" parameters of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/33230
  • 09.3.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion E-Cart Module "CA" Parameter SQL Injection
  • Description: AusiMods E-Cart is an e-commerce module for the PHP-Fusion content manager. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "CA" parameter of the "item.php" script before using it an SQL query. E-Cart version 1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499835
  • 09.3.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Members CV (job) Module for PHP-Fusion "members.php" SQL Injection
  • Description: The Members CV (job) module for PHP-Fusion is a PHP-based application that allows members to apply for jobs on web sites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sortby" parameter of the "members.php" script before using it in an SQL query. Members CV (job) version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499829
  • 09.3.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion VArcade Module "callcomments.php" SQL Injection
  • Description: Venue VArcade is a module for the PHP-Fusion content manager. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "comment_id" parameter of the "callcomments.php" script before using it an SQL query. VArcade version 1.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499868
  • 09.3.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PizzisCMS "visualizza.php" SQL Injection
  • Description: PizzisCMS is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idvar" parameter of the "visualizza.php" script before using it in an SQL query. PizzisCMS version 1.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33173
  • 09.3.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MODx "searchid" Parameter SQL Injection
  • Description: MODx is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "searchid" parameter of the "index.php" script when the "submitok" parameter is non-NULL before using it in an SQL query. MODx versions prior to 0.9.6.3 are affected.
  • Ref: http://jvn.jp/en/jp/JVN72630020/index.html
  • 09.3.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Fast FAQs System "admin/authorize.php" SQL Injection
  • Description: Fast FAQs System is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uname" parameter of the "admin/authorize.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33186
  • 09.3.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SocialEngine "browse_classifieds.php" SQL Injection
  • Description: SocialEngine is a PHP-based platform for social networking. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "classifiedcat_id" parameter of the "browse_classifieds.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33190
  • 09.3.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion Kroax Module "callcomments.php" SQL Injection
  • Description: Kroax is a module for the PHP-Fusion content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "comment_id" parameter of the "callcomments.php" script.
  • Ref: http://www.securityfocus.com/bid/33191
  • 09.3.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpMDJ "animateurs.php" SQL Injection
  • Description: phpMDJ is a web-based application implemented in PHP. The application is exposed to an SQL injection isssue because it fails to sufficiently sanitize user-supplied data to the "id_animateur" parameter of the "animateurs.php" script before using it in an SQL query. phpMDJ versions up to and including 1.0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/33192
  • 09.3.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Weight Loss Recipe Book Multiple SQL Injection Vulnerabilities
  • Description: Weight Loss Recipe Book is PHP-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Weight Loss Recipe Book version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33193
  • 09.3.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DeZine Dz cms "products.php" SQL Injection
  • Description: Dz cms is a content-management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pcat" parameter of the "products.php" script. Dz cms version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33194
  • 09.3.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BKWorks ProPHP SQL Injection
  • Description: BKWorks ProPHP is an application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the username field of the authentication script when logging in to the affected application. BKWorks ProPHP version 0.50 Beta 1 is affected.
  • Ref: http://www.securityfocus.com/bid/33195
  • 09.3.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: tadbook2 Module for XOOPS "open_book.php" SQL Injection
  • Description: tadbook2 is a PHP-based component for the XOOPS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "book_sn" parameter of the "open_book.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33196
  • 09.3.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Fast Guest Book Login SQL Injection
  • Description: Fast Guest Book is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" text boxes when logging in to the affected application.
  • Ref: http://www.securityfocus.com/bid/33197
  • 09.3.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_newsflash" Component "id" Parameter SQL Injection
  • Description: The "com_newsflash" component is a module for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it an SQL query.
  • Ref: http://www.milw0rm.com/exploits/7718
  • 09.3.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_jashowcase" Component "catid" Parameter SQL Injection
  • Description: The "com_jashowcase" component is a news application for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it an SQL query.
  • Ref: http://www.milw0rm.com/exploits/7717
  • 09.3.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_xevidmegahd" Component "catid" Parameter SQL Injection
  • Description: The "com_xevidmegahd" component is a news application for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it an SQL query.
  • Ref: http://www.milw0rm.com/exploits/7716
  • 09.3.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Visuplay CMS Multiple SQL Injection Vulnerabilities
  • Description: Visuplay CMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Weight Loss Recipe Book version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33209
  • 09.3.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! Portfol Component "vcatid" Parameter SQL Injection
  • Description: Joomla! Portfol component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "vcatid" parameter of the "com_portfol" component. Portfol version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33218
  • 09.3.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Plugin WP-Forum "forum_feed.php" SQL Injection
  • Description: WordPress is a web-based publishing application implemented in PHP. WP-Forum plugin for WordPress provides forum functionality. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "thread" parameter of the "forum_feed.php" script before using it in an SQL query. WP-Forum version 1.7.8 is affected.
  • Ref: http://www.securityfocus.com/bid/33223
  • 09.3.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo gigCalendar Component SQL Injection
  • Description: gigCalendar is a PHP-based component for the Joomla! and Mambo content managers. gigCalendar is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gigcal_gigs_id" parameter of the "com_gigcal" component before using it in an SQL query. gigCalendar version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33241
  • 09.3.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_fantasytournament" Component Multiple SQL Injection Vulnerabilities
  • Description: The "com_fantasytournament" component is a plugin for the Joomla! content manager. The component is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "roundID" and "managerID" parameters before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/33252
  • 09.3.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_camelcitydb2" Component SQL Injection
  • Description: The "com_camelcitydb2" component is a plugin for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it an SQL query. This affects com_camelcitydb2 version 2.2.
  • Ref: http://www.securityfocus.com/bid/33254
  • 09.3.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DMXReady Multiple Products "upload_image_category.asp" SQL Injection
  • Description: Multiple products by DMXReady are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the 'cid' parameter of the "upload_image_category.asp" script. DMXReady Classified Listings Manager versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33253
  • 09.3.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DMXReady Members Area Manager "upload_image_security_level.asp" SQL Injection
  • Description: DMXReady Members Area Manager an ASP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "upload_image_security_level.asp" script. DMXReady Members Area Manager versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33255
  • 09.3.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Plunet BusinessManager ACL Security Bypass and HTML Injection Vulnerabilities
  • Description: Plunet BusinessManager is a project management tool for language translation projects. The application is exposed to multiple issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/499837
  • 09.3.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Project Release Module Multiple Remote Vulnerabilities
  • Description: Drupal Project Release module is a component within Drupal's Project module. The application is exposed to multiple issues. Drupal Project Release module versions prior to 5.x-1.3 are vulnerable.
  • Ref: http://drupal.org/node/355672
  • 09.3.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Project issue tracking Security Bypass and Cross-Site Scripting Vulnerabilities
  • Description: Project issue tracking is a module for Drupal used to track issues for projects. The module is exposed to multiple issues. Project issue tracking 5.x versions prior to 5.x-2.3 are affected.
  • Ref: http://drupal.org/node/355673
  • 09.3.86 - CVE: Not Available
  • Platform: Web Application
  • Title: QuoteBook Information Disclosure, SQL Injection and HTML Injection Vulnerabilities
  • Description: QuoteBook is a web-based application. The application is exposed to multiple input validation issues. An attacker may exploit these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/33166
  • 09.3.87 - CVE: Not Available
  • Platform: Web Application
  • Title: CuteNews "add_ip" Parameter PHP Code Injection
  • Description: CuteNews is a PHP-based content management application. CuteNews is exposed to an issue that lets attackers inject arbitrary PHP code. The issue occurs because the application fails to properly sanitize user-supplied input to the "add_ip" parameter of the "index.php" script, when called with the "action" parameter set to "add" and the "mod" parameter set to "ipban". CuteNews version 1.4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/33167
  • 09.3.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Openfire "server-properties.jsp" HTML Injection
  • Description: Openfire is a freely available instant-messaging server available for various platforms. Openfire is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Openfire version 3.6.2 is affected.
  • Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabili ties
  • 09.3.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Openfire "muc-room-edit-form.jsp" HTML Injection
  • Description: Openfire is a freely available instant-messaging server available for various platforms. Openfire is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Openfire version 3.6.2 is affected. Ref: http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
  • 09.3.90 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS "mydirname" Parameter Multiple PHP Code Injection Vulnerabilities
  • Description: XOOPS is a PHP-based content manager. The application is exposed to multilple issues that let attackers inject arbitrary PHP code. The problem occurs because the application fails to validate user-supplied input. XOOPS version 2.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33176
  • 09.3.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Silentum Uploader Arbitrary File Deletion
  • Description: Silentum Uploader is a PHP-based file upload application. Silentum Uploader is exposed to an arbitrary file deletion issue. This issue is due to improper sensitization of user-supplied data. Silentum Uploader version 1.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33198
  • 09.3.92 - CVE: Not Available
  • Platform: Web Application
  • Title: A Free Text-To-Speech System "TFLivre.php" Remote Command Execution
  • Description: A Free Text-To-Speech System is an application. A Free Text-To-Speech System is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "voz" parameter of the "TFLivre.php" script. A Free Text-To-Speech System versions 2.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33200
  • 09.3.93 - CVE: CVE-2008-5819
  • Platform: Web Application
  • Title: Photobase "header.php" Local File Include
  • Description: Photobase is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "include/header.php" script. Photobase version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33205
  • 09.3.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Interspire Shopping Cart Cookie Authentication Bypass
  • Description: Interspire Shopping Cart is a web-based shopping cart script. The application is exposed to an authentication bypass issue because it fails to adequately verify user credentials when setting cookie-based authentication tokens. Interspire Shopping Cart version 4.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499967
  • 09.3.95 - CVE: CVE-2008-5517
  • Platform: Web Application
  • Title: Git gitweb Unspecified Remote Command Execution
  • Description: The "gitweb" program is a web-based interface to the Git revision control system. The software is exposed to an unspecified remote command-execution issue. This issue occurs due to insufficient validation of user input supplied via the "gitweb" interface. Git version 1.5.2.4 supplied with openSUSE 10.3 is affected.
  • Ref: http://www.securityfocus.com/bid/33215
  • 09.3.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Comersus Cart User Email and User Password Unauthorized Access
  • Description: Comersus Cart is an ASP-based e-commerce application. The application is exposed to an issue that can result in unauthorized access. The issue occurs because the application allows registered users to modify another user's email address and password through the "comersus_customerModifyExec.asp" script. Comersus Cart version 6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499962
  • 09.3.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Machine Forum Password Reset Security Bypass
  • Description: Simple Machine Forum is a PHP-based application for setting up online communities. The application is exposed to a security bypass isssue related to the password reset feature. This issue is the result of a failure to restrict access to the "index.php" script when the parameter "action" is set to "reminder". Simple Machine Forum versions up to and including 1.1.7 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/33219
  • 09.3.98 - CVE: Not Available
  • Platform: Web Application
  • Title: PWP Wiki Processor "run.php" Arbitrary File Upload
  • Description: PWP Wiki Processor is a PHP-based wiki application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files through the "run.php" script. PWP Wiki Processor version 1-5-1 is affected.
  • Ref: http://www.securityfocus.com/bid/33225
  • 09.3.99 - CVE: Not Available
  • Platform: Web Application
  • Title: REALTOR 747 "include/define.php" Remote File Include
  • Description: REALTOR 747 is web-based realty application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "INC_DIR" parameter of the "include/define.php" script. REALTOR 747 version 4.11 is affected.
  • Ref: http://www.securityfocus.com/bid/33227
  • 09.3.100 - CVE: Not Available
  • Platform: Web Application
  • Title: RackTables Blank Password Authentication Bypass
  • Description: RackTables is a PHP-based application. The software is exposed to an authentication bypass issue. Specifically, the vulnerability allows attackers to gain access as an existing LDAP user by supplying a blank password. RackTables versions prior to 0.16.6 are affected.
  • Ref: http://racktables.org/trac/browser/tags/RackTables-0.16.6/ChangeLog
  • 09.3.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Hspell GUI "cilla.cgi" Remote Command Execution
  • Description: Hspell GUI is a Hebrew spell checker application implemented in Perl. Hspell is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "root" parameter of the "cgi-bin/cilla.cgi" script. Hspell GUI version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33244
  • 09.3.102 - CVE: Not Available
  • Platform: Web Application
  • Title: DMXReady Blog Manager Arbitrary File Deletion
  • Description: DMXReady Blog Manager is an ASP-based application for hosting blogs. DMXReady Blog Manager is exposed to an issue that lets attackers delete arbitrary files in the context of the web server process. DMXReady Blog Manager versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33251
  • 09.3.103 - CVE: CVE-2008-3819
  • Platform: Network Device
  • Title: Cisco Global Site Selector DNS Server Remote Denial of Service
  • Description: Cisco Global Site Selector is a hardware device which optionally provides DNS server functionality. Cisco Global Site Selector is exposed to a remote denial of service issue. Specifically, the vulnerability occurs when the application handles an unspecified sequence of DNS requests.
  • Ref: http://www.cisco.com/en/US/products/hw/contnetw/ps4162/index.html
  • 09.3.104 - CVE: CVE-2009-0043
  • Platform: Network Device
  • Title: Multiple CA Service Management Products Unspecified Remote Command Execution
  • Description: CA Service Metric Analysis and Service Level Management are applications for managing service centers. The applications are exposed to an issue that attackers can leverage to execute arbitrary commands. This issue is the result of an unspecified access validation error in the "smmsnmpd" service.
  • Ref: http://www.securityfocus.com/archive/1/499857
  • 09.3.105 - CVE: Not Available
  • Platform: Network Device
  • Title: NetGear WG102 SNMP Write Community String Information Disclosure
  • Description: The NetGear WG102 is a wireless access point hardware device. The device is exposed to a remote information disclosure issue because it fails to restrict access to sensitive information. The NetGear WG102 with firmware versions 4.0.16 and 4.0.27 are affected.
  • Ref: http://www.securityfocus.com/archive/1/499917
  • 09.3.106 - CVE: Not Available
  • Platform: Network Device
  • Title: Atheria SV-SIP1042 Administrator Authentication Credentials Information Disclosure
  • Description: Atheria SV-SIP1042 is an ADSL/VoIP router. Atheria SV-SIP1042 is exposed to an information disclosure issue that occurs when the routers console cable is connected to a computer. Atheria SV-SIP1042 version 1.4.18 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499961
  • 09.3.107 - CVE: Not Available
  • Platform: Network Device
  • Title: BlackBerry Attachment Service PDF Distiller "bitmaps" Remote Buffer Overflow
  • Description: BlackBerry Attachment Service is a component of BlackBerry Enterprise Server and BlackBerry Unite!. It is used to process email attachments. BlackBerry Attachment Service is exposed to a heap-based buffer overflow issue that occurs when the service's PDF distiller tries to process specially crafted PDF files. Ref: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118
  • 09.3.108 - CVE: Not Available
  • Platform: Network Device
  • Title: BlackBerry Attachment Service PDF Distiller Uninitialized Heap Memory Code Execution
  • Description: BlackBerry Attachment Service is a component of BlackBerry Enterprise Server and BlackBerry Unite!. It is used to process email attachments. BlackBerry Attachment Service is exposed to a remote code execution issue that occurs when the service's PDF distiller tries to process specially crafted PDF files. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=766

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Intense training! An excellent combination of technical and theory instruction.
-Richard Brull

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc