@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS09-034)
• (2) CRITICAL: Microsoft Visual Studio Active Template Library Multiple Vulnerabilities (MS09-035)
• (3) CRITICAL: Cisco Wireless LAN Controller Multiple Vulnerabilities
• (4) MODERATE: VLC Player and Movie Player Integer Underflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 09.31.1 - Microsoft Internet Explorer "findText()" Unicode Parsing Denial of Service
• 09.31.2 - Microsoft Internet Explorer HTML Table Object Remote Code Execution
• 09.31.3 - Microsoft Internet Explorer Uninitialized Memory Remote Code Execution (CVE-2009-1919)
• 09.31.4 - Microsoft Visual Studio Active Template Library COM Object Remote Code Execution
• 09.31.5 - Microsoft Visual Studio Active Template Library NULL String Information Disclosure
• 09.31.6 - Microsoft Internet Explorer Deleted Object Memory Corruption (CVE-2009-1917)
• 09.31.7 - Microsoft Visual Studio ATL "VariantClear()" Remote Code Execution

Third Party Windows Apps

• 09.31.8 - Akamai Download Manager ActiveX Control Redswoosh Download Stack Buffer Overflow
• 09.31.9 - Cisco Unity ActiveX Header Active Template Library Remote Code Execution

Mac Os

• 09.31.10 - CoreGraphics Font Glyph Rendering Library Multiple Remote Code Execution Vulnerabilities

Linux

• 09.31.11 - Palm WebOS Unspecified URL Processing Denial of Service
• 09.31.12 - eCryptfs "parse_tag_3_packet()" Packet Heap Based Buffer Overflow
• 09.31.13 - Linux Kernel eCryptfs "parse_tag_11()" Remote Stack Buffer Overflow
• 09.31.14 - Mandriva "initscripts" Local Information Disclosure

BSD

• 09.31.15 - NetBSD SHA2 Implementation Buffer Overflow

Solaris

• 09.31.16 - Sun Solaris Auditing Extended File Attributes (fsattr(5)) Local Denial of Service
• 09.31.17 - Sun Solaris Auditing Race Condition Local Denial of Service

Cross Platform

• 09.31.18 - Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
• 09.31.19 - Mozilla Firefox "setTimeout()" Remote Code Execution
• 09.31.20 - Mozilla Firefox Flash Player Unloading Remote Code Execution
• 09.31.21 - Mozilla Firefox and Thunderbird Remote Integer Overflow
• 09.31.22 - Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
• 09.31.23 - Mozilla Firefox "watch()" and "__defineSetter__ ()" Functions Remote Code Execution
• 09.31.24 - Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption
• 09.31.25 - Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities
• 09.31.26 - IBM Tivoli Identity Manager Session Fixation Vulnerability
• 09.31.27 - CommuniGate Pro Web Mail URI Parsing HTML Injection
• 09.31.28 - Sun Java System Access Manager Policy Agent Denial of Service
• 09.31.29 - Kaspersky Anti-Virus And Internet Security Bypass
• 09.31.30 - nilfs-utils Multiple Local Privilege Escalation Vulnerabilities
• 09.31.31 - Mozilla Firefox Error Page Address Bar URI Spoofing
• 09.31.32 - Cisco Wireless LAN Controller HTTP Authorization Denial of Service
• 09.31.33 - Squid Multiple Remote Denial of Service Vulnerabilities
• 09.31.34 - Cisco Wireless LAN Controller SSH Connections Denial of Service
• 09.31.35 - Cisco Wireless LAN Controller HTTP/HTTPS Denial of Service
• 09.31.36 - Cisco Wireless LAN Controller Unspecified Remote Security
• 09.31.37 - MPlayer and VLC Player Real Data Transport Remote Integer Underflow
• 09.31.38 - NcFTPD Symbolic Link Information Disclosure
• 09.31.39 - Apple Safari Error Page Address Bar URI Spoofing
• 09.31.40 - Asterisk RTP Text Frames Processing Remote Denial of Service
• 09.31.41 - OpenEXR Multiple Memory Corruption Vulnerabilities
• 09.31.42 - Google Chrome "About:blank" Address Bar URI Spoofing
• 09.31.43 - Apache HTTP Server HTTP Basic Authentication Bypass
• 09.31.44 - Firebird "op_connect_request" Remote Denial of Service
• 09.31.45 - Adobe Shockwave Player Active Template Library Remote Code Execution
• 09.31.46 - Adobe Flash Player Active Template Library Remote Code Execution
• 09.31.47 - ISC BIND 9 Remote Dynamic Update Message Denial of Service
• 09.31.48 - HP ProLiant Onboard Administrator Powered by LO100i Remote Denial of Service
• 09.31.49 - TinyBrowser Multiple Vulnerabilities

Web Application - Cross Site Scripting

• 09.31.50 - Mozilla Firefox "XPCCrossOriginWrapper" Multiple Cross-Domain Scripting Vulnerabilities
• 09.31.51 - Hitachi Multiple Business Logic Products Unspecified Cross-Site Scripting
• 09.31.52 - WordPress "wp-comments-post.php" Cross-Site Scripting
• 09.31.53 - PG Matchmaking Multiple Cross-Site Scripting Vulnerabilities
• 09.31.54 - XZeroScripts XZero Community Classifieds Multiple Cross-Site Scripting Vulnerabilities
• 09.31.55 - PG Roommate Finder Solution "part" Parameter Cross-Site Scripting
• 09.31.56 - PG eTraining Multiple Cross-Site Scripting Vulnerabilities
• 09.31.57 - Google Chrome "chrome://history/" URI Cross-Site Scripting
• 09.31.58 - Matterdaddy Market "index.php" Cross-Site Scripting

Web Application - SQL Injection

• 09.31.59 - Snitz Forums 2000 "register.asp" SQL Injection
• 09.31.60 - PHPLive! "message_box.php" SQL Injection
• 09.31.61 - SaphpLesson "admin/login.php" SQL Injection
• 09.31.62 - Scripteen Free Image Hosting Script Multiple SQL Injection Vulnerabilities
• 09.31.63 - IXXO Cart! "parent" Parameter SQL Injection
• 09.31.64 - Automatic Image Upload with Thumbnails "uploadimg_view.php" SQL Injection
• 09.31.65 - phpArcadeScript "id" Parameter SQL Injection
• 09.31.66 - PunBB Reputation Module "poster" Parameter SQL Injection
• 09.31.67 - Joomla! Permis ("com_groups") Component "id" Parameter SQL Injection

Web Application

• 09.31.68 - Phorum Multiple BBCode HTML Injection Vulnerabilities
• 09.31.69 - Joomla! Remote File Upload Vulnerability and Information Disclosure Weakness
• 09.31.70 - RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities
• 09.31.71 - e107 my_gallery Plugin "file" Parameter Directory Traversal
• 09.31.72 - Joomla! "com_joomloads" Component "packageId" Parameter SQL Injection
• 09.31.73 - Multiple Drupal Modules Date Wizard HTML Injection
• 09.31.74 - Joomla! UIajaxIM Component Arbitrary Script Injection
• 09.31.75 - Scripteen Free Image Hosting Script Insecure Cookie Authentication Bypass
• 09.31.76 - Pixaria Gallery "file" Parameter Directory Traversal
• 09.31.77 - AIOCP "cp_html2txt.php" Remote File Include
• 09.31.78 - SkaDate Multiple Input Validation Vulnerabilities
• 09.31.79 - Almond Classifieds Component for Joomla! Cross-Site Scripting and SQL Injection Vulnerabilities
• 09.31.80 - AlmondSoft Almond Classifieds SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.31.81 - CELEPAR Xoops Celepar Module Multiple SQL Injection and Cross- Site Scripting Vulnerabilities
• 09.31.82 - MODx Context Policy Loading Unspecified
• 09.31.83 - Automatic Image Upload with Thumbnails for PunBB "uploadimg.php" Arbitrary File Delete
• 09.31.84 - Joomla! "com_user" Component "view" Parameter URI Redirection

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 31, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7310 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.31.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer "findText()" Unicode Parsing Denial of Service
• Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows platforms. The browser is exposed to a remote denial of service issue that arises when user-supplied data is processed through the "findText()" JavaScript method. Internet Explorer versions 7 and 8 are affected.
• Ref: http://www.securityfocus.com/bid/35799

• 09.31.2 - CVE: CVE-2009-1918
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer HTML Table Object Remote Code Execution
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue because it fails to properly handle certain operations when it accesses HTML "table" objects. Memory may become corrupted when an attacker entices an unsuspecting user into viewing a specially crafted webpage.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx

• 09.31.3 - CVE: CVE-2009-1919
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Uninitialized Memory Remote Code Execution (CVE-2009-1919)
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when the application tries to access an object that has been deleted.
• Ref: http://www.microsoft.com/technet/security/advisory/973882.mspx

• 09.31.4 - CVE: CVE-2009-2493
• Platform: Other Microsoft Products
• Title: Microsoft Visual Studio Active Template Library COM Object Remote Code Execution
• Description: Microsoft Visual Studio is an application development environment available for Microsoft Windows. The Active Template Library (ATL) is a component of Visual Studio. Components and controls created with the ATL are exposed to a remote code execution issue because of errors in the library headers that instantiate objects from data streams. Ref: http://blogs.technet.com/msrc/archive/2009/07/28/microsoft-security-advisory-973882-microsoft-security-bulletins-ms09-034-and-ms09-035-released.aspx

• 09.31.5 - CVE: CVE-2009-2495
• Platform: Other Microsoft Products
• Title: Microsoft Visual Studio Active Template Library NULL String Information Disclosure
• Description: Microsoft Visual Studio is an application development environment available for Microsoft Windows. The Active Template Library (ATL) is a component of Visual Studio. Components and controls created with the ATL are exposed to an information disclosure issue. Specifically, this issue may allow a string to be read without a terminating NULL character. Ref: http://blogs.technet.com/msrc/archive/2009/07/28/microsoft-security-advisory-973882-microsoft-security-bulletins-ms09-034-and-ms09-035-released.aspx

• 09.31.6 - CVE: CVE-2009-1917
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Deleted Object Memory Corruption (CVE-2009-1917)
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when it tries to access objects that have been deleted. The attacker can exploit this issue to execute arbitrary code in the context of the user running the browser.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx

• 09.31.7 - CVE: CVE-2009-0901
• Platform: Other Microsoft Products
• Title: Microsoft Visual Studio ATL "VariantClear()" Remote Code Execution
• Description: Microsoft Visual Studio is an application development environment for Microsoft Windows. The Active Template Library (ATL) is a component of Visual Studio. Visual Studio is exposed to a remote code execution issue in the ATL. The vulnerability stems from an issue in the ATL headers that may allow attackers to call the "VariantClear()" function on uninitialized variants. Ref: http://blogs.technet.com/msrc/archive/2009/07/28/microsoft-security-advisory-973882-microsoft-security-bulletins-ms09-034-and-ms09-035-released.aspx

• 09.31.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Akamai Download Manager ActiveX Control Redswoosh Download Stack Buffer Overflow
• Description: The Akamai Download Manager ActiveX control is a web-based file downloader. The control is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "manager.exe" process and is triggered when a malformed HTTP response is received during a "Redswoosh" peer-to-peer download. Akamai Download Manager versions prior to 2.2.4.8 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=813

• 09.31.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Cisco Unity ActiveX Header Active Template Library Remote Code Execution
• Description: Cisco Unity is a voice and messaging platform for Microsoft Windows. Cisco Unity is exposed to a remote code execution issue because it was compiled against the Microsoft Active Template Library (ATL). A remote attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml

• 09.31.10 - CVE: CVE-2009-2468
• Platform: Mac Os
• Title: CoreGraphics Font Glyph Rendering Library Multiple Remote Code Execution Vulnerabilities
• Description: CoreGraphics is a graphics-rendering API for Apple Mac OS X. CoreGraphics is exposed to a remote code execution issue that occurs when handling webpages containing a very large text run. These issues will trigger either a heap overflow or an integer overflow.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-36.html

• 09.31.11 - CVE: Not Available
• Platform: Linux
• Title: Palm WebOS Unspecified URL Processing Denial of Service
• Description: Palm WebOS is a smartphone platform based on Linux. The application is exposed to a remote denial of service issue. Specifically, the vulnerability presents itself when a URL link with a certain unspecified number of characters is handled. Palm WebOS version 1.0.4 is affected. Ref: http://tlhsecurity.blogspot.com/2009/07/palm-pre-web-os-103-overly-long-url.html

• 09.31.12 - CVE: CVE-2009-2407
• Platform: Linux
• Title: eCryptfs "parse_tag_3_packet()" Packet Heap Based Buffer Overflow
• Description: eCryptfs POSIX-compliant cryptographic filesystem for Linux. eCryptfs is exposed to a heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue affects the "parse_tag_3_packet()" function of the "keystore.c" source file.
• Ref: http://www.securityfocus.com/archive/1/505337

• 09.31.13 - CVE: CVE-2009-2406
• Platform: Linux
• Title: Linux Kernel eCryptfs "parse_tag_11()" Remote Stack Buffer Overflow
• Description: The Linux Kernel is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the eCryptfs filesystem. Specifically, the "parse_tag_11()" function of key management code in the "fs/ecryptfs/keystore.c" source file fails to verify that "tag 11" packets "tag11_contents_size" is less than "max_contents_bytes" before copying to a fixed-size stack buffer.
• Ref: http://risesecurity.org/advisories/RISE-2009002.txt

• 09.31.14 - CVE: Not Available
• Platform: Linux
• Title: Mandriva "initscripts" Local Information Disclosure
• Description: "initscripts" package is used to execute scripts whenever the system starts. The "initscripts" package of Mandriva is exposed to a local information disclosure issue. Specifically, if a WPA/WPA2 password contains a space, the application treats the string after the space as a command. When the network service is restarted, the application discloses the string as an unknown command in the log file.
• Ref: https://qa.mandriva.com/show_bug.cgi?id=52149

• 09.31.15 - CVE: Not Available
• Platform: BSD
• Title: NetBSD SHA2 Implementation Buffer Overflow
• Description: SHA-2 is a family of hash functions that include algorithms such as SHA-256 and SHA-512. The NetBSD SHA2 implementation is exposed to a buffer overflow issue that affects applications using the implementation and linking against libcrypto. Specifically a 4-byte buffer overflow for SHA256 and a 8-byte buffer overflow for SHA512 may occur. The issue presents itself when the hash "init" function is called. The function passes the wrong size of the context to the "memset" function.
• Ref: http://www.securityfocus.com/bid/35853

• 09.31.16 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris Auditing Extended File Attributes (fsattr(5)) Local Denial of Service
• Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a local denial of service issue. An unspecified problem in the Solaris Auditing when interacting with extended file attributes (fsattr(5)) can allow an attacker to trigger a kernel panic. Solaris 9, Solaris 10, and OpenSolaris snv_01 through snv_120 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-264428-1

• 09.31.17 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris Auditing Race Condition Local Denial of Service
• Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a local denial of service issue. A race condition error in Solaris Auditing when interacting with extended file attributes (fsattr(5)) can allow an attacker to trigger a kernel panic. Solaris 9 and 10 and OpenSolaris snv_01 through snv_120 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-264429-1

• 09.31.18 - CVE: CVE-2009-2462
• Platform: Cross Platform
• Title: Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
• Description: Mozilla Firefox and Thunderbird are exposed to multiple memory corruption issues that can be exploited to cause denial of service conditions, and in some cases, arbitrary code execution.
• Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=442227

• 09.31.19 - CVE: CVE-2009-2471
• Platform: Cross Platform
• Title: Mozilla Firefox "setTimeout()" Remote Code Execution
• Description: Mozilla Firefox is a web browser available for multiple platforms. Mozilla Firefox is exposed to a remote code execution issue that affects the "setTimeout()" JavaScript function. Specifically, the problem occurs when "setTimeout()" is called with object parameters that should be protected with "XPCNativeWrapper" objects. Firefox versions prior to 3.0.12 and 3.5 are affected.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-39.html

• 09.31.20 - CVE: CVE-2009-2467
• Platform: Cross Platform
• Title: Mozilla Firefox Flash Player Unloading Remote Code Execution
• Description: Mozilla Firefox is a web browser available for various platforms. Firefox is exposed to a remote code execution issue that can be triggered by a malicious page that presents a slow script dialog. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Firefox versions prior to 3.5.1 and 3.0.12 are affected.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-35.html

• 09.31.21 - CVE: CVE-2009-2463
• Platform: Cross Platform
• Title: Mozilla Firefox and Thunderbird Remote Integer Overflow
• Description: Mozilla Firefox and Thunderbird are prone to a remote integer overflow vulnerability in the base64 decoding function. An attacker can exploit this issue to cause denial of service conditions, and possibly to execute arbitrary code.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html

• 09.31.22 - CVE: CVE-2009-2465
• Platform: Cross Platform
• Title: Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
• Description: Firefox is a web browser. Thunderbird is an email client. Both applications are available for multiple platforms. Firefox and Thunderbird are exposed to multiple remote memory corruption issues because they fail to properly handle certain documents that contain double frame construction. The first issue occurs if a webpage's internal representation contains double copies of certain elements. The second issue occurs in the "nsSubDocumentFrame::Reflow()" function when double elements are present.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html

• 09.31.23 - CVE: CVE-2009-2469
• Platform: Cross Platform
• Title: Mozilla Firefox "watch()" and "__defineSetter__ ()" Functions Remote Code Execution
• Description: Mozilla Firefox is a web browser available for various platforms. Firefox is exposed to a remote code execution issue that occurs when a specific value is set on properties for "watch()" and "__defineSetter__ ()" functions for SVG elements. Firefox versions prior to 3.5 and 3.0.12 are affected.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-37.html

• 09.31.24 - CVE: CVE-2009-2464
• Platform: Cross Platform
• Title: Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption
• Description: Mozilla Firefox is a web browser available for multiple platforms. Mozilla Thunderbird is an email client also available for multiple platforms. Firefox and Thunderbird are exposed to a remote memory corruption issue that occurs when handling specially crafted RDF files. Specifically, a crash occurs when closing an open file, or right clicking on a XUL tree element after opening a file. This problem occurs in "nsXULTemplateQueryProcessorRDF::CheckIsSeparator".
• Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=441785

• 09.31.25 - CVE: CVE-2009-2466
• Platform: Cross Platform
• Title: Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities
• Description: Firefox is a web browser. Thunderbird is an email client. Both applications are available for multiple platforms. Firefox and Thunderbird are exposed to multiple remote memory corruption issues that affect the JavaScript engine. An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial of service conditions.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html

• 09.31.26 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Tivoli Identity Manager Session Fixation Vulnerability
• Description: IBM Tivoli Identity Manager is an identity life management product. The application is exposed to a session fixation issue caused by a design error when handling sessions. Specifically the issue affects the console and self service interface. IBM Tivoli Identity Manager version 5.0 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24023826

• 09.31.27 - CVE: Not Available
• Platform: Cross Platform
• Title: CommuniGate Pro Web Mail URI Parsing HTML Injection
• Description: CommuniGate Pro is a communication server application for multiple operating systems. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Attackers can exploit this issue with a plain text email message that contains a specially crafted URI. CommuniGate Pro versions prior to 5.2.15 are affected.
• Ref: http://www.securityfocus.com/archive/1/505211

• 09.31.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java System Access Manager Policy Agent Denial of Service
• Description: Sun Java System Access Manager Policy Agent is used to provide access control. The application is exposed to a remote denial of service issue that affects Web Proxy Server 4.0, when this is the deployment container that the Agent is running in. Sun Java System Access Manager Policy Agent version 2.2 is affected.
• Ref: http://docs.sun.com/app/docs/coll/1322.1

• 09.31.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Kaspersky Anti-Virus And Internet Security Bypass
• Description: Kaspersky Anti-Virus And Internet Security are exposed to a security bypass vulnerability. The issue occurs due to an unspecified error that can allow attackers to disable computer protection through external scripts. Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks.
• Ref: http://www.kaspersky.com/technews?id=203038755

• 09.31.30 - CVE: Not Available
• Platform: Cross Platform
• Title: nilfs-utils Multiple Local Privilege Escalation Vulnerabilities
• Description: The "nilfs-utils" application provides userspace utilities for creating and mounting NILFS v2 filesystems. The application is exposed to multiple local privilege escalation issues. "nilfs-utils" versions prior to 2.0.14 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=505374

• 09.31.31 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Firefox Error Page Address Bar URI Spoofing
• Description: Mozilla Firefox is a web browser available for multiple platforms. Firefox is affected by a URI-spoofing issue that occurs when displaying an error page generated from a malicious site while navigating to a legitimate site. Specifically, a "window.open()" call with a URI containing an invalid character will trigger an error page, but the URI displayed in the address bar will look legitimate. Firefox version 3.0.11 is affected.
• Ref: http://www.securityfocus.com/archive/1/505242

• 09.31.32 - CVE: CVE-2009-1164
• Platform: Cross Platform
• Title: Cisco Wireless LAN Controller HTTP Authorization Denial of Service
• Description: Cisco Wireless LAN controllers are used to control various wireless LAN functions. Cisco Wireless LAN Controller is exposed to a denial of service issue when handling specially crafted HTTP requests. Specifically, the issue occurs when an overly long Authorization header is processed and can reportedly be exploited by sending a request to the "screens/frameset.html" file with Basic HTTP Authentication containing a username and a password longer than 63 characters each. Cisco Wireless LAN Controller 4402 (software release 5.1.151.0) is affected.
• Ref: http://www.securityfocus.com/archive/1/505248

• 09.31.33 - CVE: Not Available
• Platform: Cross Platform
• Title: Squid Multiple Remote Denial of Service Vulnerabilities
• Description: Squid is an open-source proxy server available for a number of platforms. Squid is exposed to multiple remote denial of service issues. Successfully exploiting these issues allows remote attackers to crash the affected application, denying further service to legitimate users. Squid versions 3.0.STABLE16, 3.1.0.11 and earlier versions are affected.
• Ref: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

• 09.31.34 - CVE: CVE-2009-1164
• Platform: Cross Platform
• Title: Cisco Wireless LAN Controller SSH Connections Denial of Service
• Description: Cisco Wireless LAN Controller is used to control various wireless LAN functions. Cisco Wireless LAN Controller is exposed to a denial of service issue. Specifically a memory leak occurs when handling SSH management connections.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml

• 09.31.35 - CVE: CVE-2009-1166
• Platform: Cross Platform
• Title: Cisco Wireless LAN Controller HTTP/HTTPS Denial of Service
• Description: Cisco Wireless LAN Controller is used to control various wireless LAN functions. Cisco Wireless LAN Controller is prone to a denial of service vulnerability when handling specially crafted HTTP or HTTPS requests sent via the web-based administrative interface. An attacker can exploit this issue to trigger an affected device to crash and reload, causing denial of service conditions.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml

• 09.31.36 - CVE: CVE-2009-1167
• Platform: Cross Platform
• Title: Cisco Wireless LAN Controller Unspecified Remote Security
• Description: Cisco Wireless LAN Controller is used to control various wireless LAN functions. Cisco Wireless LAN Controller is exposed to an unspecified remote issue in its web administration interface. Remote attackers can exploit this issue to modify configuration settings for the vulnerable device.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml

• 09.31.37 - CVE: Not Available
• Platform: Cross Platform
• Title: MPlayer and VLC Player Real Data Transport Remote Integer Underflow
• Description: MPlayer and VLC Player are media player applications available for a number of platforms. The applications are exposed to a remote integer underflow issue because they fail to properly bounds check user-supplied input. This issue occurs when processing malicious Real Data Transport (RDT) header chunks. MPlayer versions 1.0rc2 and earlier and VLC Player versions 1.0.0 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/505284

• 09.31.38 - CVE: Not Available
• Platform: Cross Platform
• Title: NcFTPD Symbolic Link Information Disclosure
• Description: NcFTPD is an FTP server application. NcFTPD is exposed to a remote information disclosure issue. Specifically the application allows users to construct a symbolic link and link it to a directory, which is outside the FTP root directory. NcFTPD version 2.8.5 is affected.
• Ref: http://www.securityfocus.com/bid/35822

• 09.31.39 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari Error Page Address Bar URI Spoofing
• Description: Apple Safari is a web browser available for multiple platforms. Safari is affected by a URI-spoofing vulnerability. The problem occurs when displaying an error page generated from a malicious site while navigating to a legitimate site. Specifically, a "window.open()" call with a URI containing an invalid character will trigger an error page, but the URI displayed in the address bar will look legitimate. Safari version 4.0.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/505242

• 09.31.40 - CVE: Not Available
• Platform: Cross Platform
• Title: Asterisk RTP Text Frames Processing Remote Denial of Service
• Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. Asterisk is exposed to a remote denial of service issue because it fails to properly handle malformed RTP text frames.
• Ref: http://downloads.asterisk.org/pub/security/AST-2009-004.html

• 09.31.41 - CVE: CVE-2009-1720, CVE-2009-1721, CVE-2009-1722
• Platform: Cross Platform
• Title: OpenEXR Multiple Memory Corruption Vulnerabilities
• Description: OpenEXR is a software package and image file format by Industrial Light & Magic. The library is exposed to multiple memory corruption issues. A successful attack may allow attacker-supplied code to run in the context of the victim opening the file. Failed exploit attempts will result in a denial of service condition.
• Ref: http://www.securityfocus.com/bid/35838

• 09.31.42 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome "About:blank" Address Bar URI Spoofing
• Description: Google Chrome is a web browser. The application is affected by a URI-spoofing issue. The problem occurs when displaying an "About:blank" page generated from a malicious site while navigating to a legitimate site. Specifically, a "window.open()" call with a URI containing an invalid character will trigger an error page, but the URI displayed in the address bar will look legitimate. Chrome version 2.0.172.37 is affected.
• Ref: http://www.securityfocus.com/bid/35839

• 09.31.43 - CVE: Not Available
• Platform: Cross Platform
• Title: Apache HTTP Server HTTP Basic Authentication Bypass
• Description: Apache is an HTTP server available for various operating systems. The application is exposed to an authentication bypass issue because it may fail to enforce access restrictions on requests for resources protected by HTTP Basic authentication. Apache version 2.2.2 is affected.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1946

• 09.31.44 - CVE: CVE-2009-2620
• Platform: Cross Platform
• Title: Firebird "op_connect_request" Remote Denial of Service
• Description: Firebird is a Relational Database Management System (RDBMS) available for multiple operating systems. Firebird is exposed to a remote denial of service issue because it fails to properly validate user-supplied input. This issue can be triggered by sending "op_connect_request" packets to TCP port 3050.
• Ref: http://www.securityfocus.com/archive/1/505327

• 09.31.45 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe Shockwave Player Active Template Library Remote Code Execution
• Description: Adobe Shockwave Player is a multimedia player available for multiple platforms. Shockwave is exposed to a remote code execution issue because it was compiled against the Microsoft Active Template Library (ATL). A remote attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage.
• Ref: http://www.microsoft.com/technet/security/advisory/973882.mspx

• 09.31.46 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe Flash Player Active Template Library Remote Code Execution
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Flash Player is exposed to a remote code-execution issue due to being compiled against the Microsoft Active Template Library (ATL).
• Ref: http://www.microsoft.com/technet/security/advisory/973882.mspx

• 09.31.47 - CVE: CVE-2009-0696
• Platform: Cross Platform
• Title: ISC BIND 9 Remote Dynamic Update Message Denial of Service
• Description: ISC BIND is prone to a remote denial of service issue because it fails to properly handle specially crafted dynamic update requests. Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users. BIND versions prior to 9.4.3-P3, 9.5.1-P3, and 9.6.1-P3 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=514292

• 09.31.48 - CVE: CVE-2009-1426
• Platform: Cross Platform
• Title: HP ProLiant Onboard Administrator Powered by LO100i Remote Denial of Service
• Description: HP ProLiant servers are hardware storage devices. HP ProLiant Onboard Administrator powered by LO100i is a management application for ProLiant server products. HP ProLiant Onboard Administrator Powered by LO100i is exposed to an unspecified denial of service issue.
• Ref: http://www.securityfocus.com/bid/35852

• 09.31.49 - CVE: Not Available
• Platform: Cross Platform
• Title: TinyBrowser Multiple Vulnerabilities
• Description: TinyBrowser is a file browser. It was created to compliment the TinyMCE WYSIWYG content editor. The application is exposed to multiple issues. Attackers can exploit these issues to host arbitrary content on a vulnerable computer, upload and delete arbitrary files, create arbitrary folders, and carry out cross-site scripting attack. TinyBrowser version 1.41.6 is affected.
• Ref: http://www.securityfocus.com/bid/35855

• 09.31.50 - CVE: CVE-2009-2472
• Platform: Web Application - Cross Site Scripting
• Title: Mozilla Firefox "XPCCrossOriginWrapper" Multiple Cross-Domain Scripting Vulnerabilities
• Description: Mozilla Firefox is a web browser available for multiple platforms. Mozilla Firefox is exposed to multiple cross-domain scripting issues that are the result of objects which should normally be wrapped by an "XPCCrossOriginWrapper" object being constructed without this wrapper. Firefox versions prior to 3.0.12 and 3.5 are affected.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-40.html

• 09.31.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Hitachi Multiple Business Logic Products Unspecified Cross-Site Scripting
• Description: Hitachi Business Logic and Electronic Form Workflow are components for application servers. The applications are exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-011/index.html

• 09.31.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WordPress "wp-comments-post.php" Cross-Site Scripting
• Description: WordPress allows users to generate news pages and web-logs dynamically; it is implemented in PHP with a MySQL database. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "uri" parameter of the "wp-comments-post.php" script. WordPress version 2.8.1 is affected.
• Ref: http://www.securityfocus.com/bid/35797

• 09.31.53 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PG Matchmaking Multiple Cross-Site Scripting Vulnerabilities
• Description: PG Matchmaking is online dating software. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.securityfocus.com/bid/35808

• 09.31.54 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: XZeroScripts XZero Community Classifieds Multiple Cross-Site Scripting Vulnerabilities
• Description: XZero Community Classifieds is a web application for classifieds. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. XZeroScripts XZero Community Classifieds version 4.97.8 is affected.
• Ref: http://www.securityfocus.com/bid/35809

• 09.31.55 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PG Roommate Finder Solution "part" Parameter Cross-Site Scripting
• Description: PG Roommate Finder Solution is a roommate search application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. Specifically, the issue affects the "part" parameter of the "quick_search.php" and the "viewprofile.php" scripts.
• Ref: http://www.securityfocus.com/bid/35814

• 09.31.56 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PG eTraining Multiple Cross-Site Scripting Vulnerabilities
• Description: PG eTraining is a web application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.securityfocus.com/bid/35834

• 09.31.57 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Google Chrome "chrome://history/" URI Cross-Site Scripting
• Description: Google Chrome is a web browser. Chrome is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. The problem occurs when handling the "chrome://history/" URI. Chrome version 2.0.172.37 is affected.
• Ref: http://www.securityfocus.com/archive/1/505303

• 09.31.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Matterdaddy Market "index.php" Cross-Site Scripting
• Description: Matterdaddy Market is a web-based classifieds system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "q" parameter of the "index.php" script. Matterdaddy Market versions 1.2, 1.1, 1.051, 1.04 and 1.03 are affected.
• Ref: http://www.securityfocus.com/bid/35856

• 09.31.59 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Snitz Forums 2000 "register.asp" SQL Injection
• Description: Snitz Forums 2000 is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "email" parameter of the "register.asp" script before using it in an SQL query. Snitz Forums 2000 version 3.4.07 is affected.
• Ref: http://www.securityfocus.com/bid/35764

• 09.31.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHPLive! "message_box.php" SQL Injection
• Description: PHPLive! is a tool for providing live online support. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "x" parameter of the "message_box.php" script. PHPLive! versions 3.2.1 and 3.2.2 are affected.
• Ref: http://www.securityfocus.com/bid/35791

• 09.31.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SaphpLesson "admin/login.php" SQL Injection
• Description: SaphpLesson is a web-based tutoring application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter when authenticating via the "admin/login.php" script. SaphpLesson version 4.0 is affected.
• Ref: http://www.securityfocus.com/bid/35795

• 09.31.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Scripteen Free Image Hosting Script Multiple SQL Injection Vulnerabilities
• Description: Scripteen Free Image Hosting Script is PHP-based image hosting script. Flash Quiz is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cookid" and "cookgid" cookie parameters of the "header.php" script. Scripteen Free Image Hosting Script version 2.3 is affected.
• Ref: http://www.securityfocus.com/bid/35800

• 09.31.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: IXXO Cart! "parent" Parameter SQL Injection
• Description: IXXO Cart! is a PHP-based e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "parent" parameter before using it in an SQL query. IXXO Cart! versions prior to 3.9.6.1 are affected.
• Ref: http://www.securityfocus.com/archive/1/505266

• 09.31.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Automatic Image Upload with Thumbnails "uploadimg_view.php" SQL Injection
• Description: Automatic Image Upload with Thumbnails is a PHP-based module for the PunBB content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "uploading_view.php" script. Automatic Image Upload with Thumbnails version 1.3.5 is affected.
• Ref: http://www.securityfocus.com/bid/35823

• 09.31.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpArcadeScript "id" Parameter SQL Injection
• Description: phpArcadeScript is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "linkout.php" script before using it in an SQL query. phpArcadeScript version 4.0 is affected.
• Ref: http://www.securityfocus.com/bid/35843

• 09.31.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PunBB Reputation Module "poster" Parameter SQL Injection
• Description: Reputation is a module for PunBB discussion board application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "poster" parameter of the "Reputation.php" script before using it in an SQL query. PunBB version 2.0.4 is affected.
• Ref: http://www.securityfocus.com/bid/35844

• 09.31.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! Permis ("com_groups") Component "id" Parameter SQL Injection
• Description: Permis "com_groups" is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_groups" component when the "task" parameter is set to "list" before using it an SQL query. Permis version 1.0 is affected.
• Ref: http://forum.joomla.org/viewtopic.php?f=39&t=125374&start=0

• 09.31.68 - CVE: Not Available
• Platform: Web Application
• Title: Phorum Multiple BBCode HTML Injection Vulnerabilities
• Description: Phorum is a PHP-based web forum application. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input. Specifically, BBCode "color" and "size" tags aren't properly sanitized in CSS "expression" properties. Phorum versions prior to 5.2.12a are affeced.
• Ref: http://www.securityfocus.com/archive/1/505186

• 09.31.69 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! Remote File Upload Vulnerability and Information Disclosure Weakness
• Description: Joomla! is a web-based content manager. The application is exposed to multiple issues. Attackers can exploit these issues to disclose sensitive information, or upload arbitrary code and execute it in the context of the webserver process. Joomla! 1.5.x versions prior to 1.5.13 are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/505231

• 09.31.70 - CVE: Not Available
• Platform: Web Application
• Title: RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities
• Description: RaidenHTTPD is a webserver application. RaidenHTTPD is exposed to multiple input validation issues that affect the WebAdmin component. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. RaidenHTTPD version 2.0 build 26 and earlier are affected.
• Ref: http://raidenhttpd.com/changelog.txt

• 09.31.71 - CVE: Not Available
• Platform: Web Application
• Title: e107 my_gallery Plugin "file" Parameter Directory Traversal
• Description: e107 my_gallery plugin is an image gallery plugin for the e107 content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "image.php" script.
• Ref: http://www.securityfocus.com/bid/35782

• 09.31.72 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! "com_joomloads" Component "packageId" Parameter SQL Injection
• Description: "com_joomloads" is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "packageId" parameter of the "com_joomloads" component before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/35784

• 09.31.73 - CVE: Not Available
• Platform: Web Application
• Title: Multiple Drupal Modules Date Wizard HTML Injection
• Description: Date, Calendar and Views are modules for the Drupal content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input when creating a new content type using the Date wizard. The following modules and corresponding versions are affected: Date 6.x-2.2, Calendar 6.x-2 and Views 6.x-2.6.
• Ref: http://www.securityfocus.com/bid/35790/info

• 09.31.74 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! UIajaxIM Component Arbitrary Script Injection
• Description: UIajaxIM is a chat tool for the Joomla! content manager. The application is exposed to an arbitrary script injection issue because it fails to properly sanitize user-supplied input. Authenticated attackers can inject arbitrary JavaScript code to the chat input textbox. UIajaxIM version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/35798

• 09.31.75 - CVE: Not Available
• Platform: Web Application
• Title: Scripteen Free Image Hosting Script Insecure Cookie Authentication Bypass
• Description: Scripteen Free Image Hosting Script is PHP-based image hosting script. The application is exposed to an authentication bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. Specifically, attackers can gain administrative access to the application by setting the "usernamed" cookie parameter to 1. Scripteen Free Image Hosting Script version 2.3 is affected.
• Ref: http://www.securityfocus.com/bid/35801

• 09.31.76 - CVE: Not Available
• Platform: Web Application
• Title: Pixaria Gallery "file" Parameter Directory Traversal
• Description: Pixaria Gallery is a web-based picture gallery application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "pixaria.image.php" script. Pixaria Gallery version 2.3.5 is affected.
• Ref: http://www.securityfocus.com/bid/35802

• 09.31.77 - CVE: Not Available
• Platform: Web Application
• Title: AIOCP "cp_html2txt.php" Remote File Include
• Description: AIOCP (All In One Control Panel) is a content management system implemented in PHP and MySQL. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "code/cp_html2txt.php" script. AIOCP version 1.4.001 is affected.
• Ref: http://www.securityfocus.com/archive/1/505250

• 09.31.78 - CVE: Not Available
• Platform: Web Application
• Title: SkaDate Multiple Input Validation Vulnerabilities
• Description: SkaDate is a web-based dating application. SkaDate is exposed to multiple input validation issues. An attacker can exploit these issues to execute arbitrary local and remote files within the context of the webserver, execute arbitrary script code and steal cookie-based authentication credentials.
• Ref: http://www.securityfocus.com/bid/35813

• 09.31.79 - CVE: Not Available
• Platform: Web Application
• Title: Almond Classifieds Component for Joomla! Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: Almond Classifieds Component for Joomla! is a plugin for the Joomla! content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied data to the "addr" parameter of the "components/com_aclassf/gmap.php" script. The application is also exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "replid" parameter of the "com_aclassf" component before using it in an SQL query. Almond Classifieds Component for Joomla! version 7.5 is affected.
• Ref: http://www.securityfocus.com/bid/35815

• 09.31.80 - CVE: Not Available
• Platform: Web Application
• Title: AlmondSoft Almond Classifieds SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: Almond Classifieds is Web software for displaying user-supplied classified ads. It is implemented in PHP utilizing a MySQL backend. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "replid" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/35816

• 09.31.81 - CVE: Not Available
• Platform: Web Application
• Title: CELEPAR Xoops Celepar Module Multiple SQL Injection and Cross- Site Scripting Vulnerabilities
• Description: CELEPAR Xoops Celepar Module is a web-based application for the Xoops content manager. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/35820

• 09.31.82 - CVE: Not Available
• Platform: Web Application
• Title: MODx Context Policy Loading Unspecified
• Description: MODx is a PHP-based content manager. The application is exposed to an unspecified issue affecting the "modAccessibleObject" and Content Policy loading. MODx version 2.0 beta1 and 2.0 beta2 are affected. Ref: http://modxcms.com/forums/index.php/topic,37961.msg229068.html#msg229068

• 09.31.83 - CVE: Not Available
• Platform: Web Application
• Title: Automatic Image Upload with Thumbnails for PunBB "uploadimg.php" Arbitrary File Delete
• Description: Automatic Image Upload with Thumbnails is a PHP-based module for the PunBB content manager. The application is exposed to an issue that lets attackers delete arbitrary files on the affected computer in the context of the web server. This issue affects the "uploadimg.php" script. Automatic Image Upload with Thumbnails for PunBB version 1.3.5 is affected.
• Ref: http://www.securityfocus.com/bid/35825

• 09.31.84 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! "com_user" Component "view" Parameter URI Redirection
• Description: "com_user" is a module for the Joomla! content manager. The module is exposed to a remote URI-redirection issue because it fails to properly sanitize user-supplied input to the "view" parameter. An attacker can leverage this issue by constructing a URI that includes a malicious site redirection.
• Ref: http://www.securityfocus.com/bid/35836

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.