Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 33
August 14, 2009

SANS Newsletters Home

Lots of critical problems with Microsoft software this week, but don't miss the critical Apple Safari vulnerability (#5). Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • -------------------------- -------------------------------------
    • Windows
    • 7 (#1, #4, #6, #7, #9)
    • Microsoft Office
    • 3 (#1)
    • Other Microsoft Products
    • 5 (#2, #3, 10)
    • Third Party Windows Apps
    • 1
    • Mac Os
    • 1
    • Linux
    • 3
    • HP-UX
    • 1
    • BSD
    • 1
    • Solaris
    • 2
    • Cross Platform
    • 27 (#5, #8, #11)
    • Web Application - Cross Site Scripting
    • 5
    • Web Application - SQL Injection
    • 5
    • Web Application
    • 8

********************** Sponsored By AccelOps ****************************

Be sure to register NOW for the Tool Talk Webcast: The Future of SIM and Log Management - Becoming a Part of the Mainstream, IT Operations and Service Delivery:

Enterprises seek to improve service reliability, drive down operational costs and reduce business risks. Are current log management and SIEM solutions potentially sidelining the security professional?

Wednesday, 9/2/09 at 1:00 PM EDT (1700 UTC/GMT) http://www.sans.org/info/47199

*************************************************************************

TRAINING UPDATE - - SANS Network Security, San Diego Sept. 14-22; the Fall's biggest security training conference-- 20 full length courses and 16 short courses plus a big exhibition http://www.sans.org/ns2009 - - SANS Virginia Beach August 28 - Sept. 4. 11 full-length courses plus short courses: http://www.sans.org/vabeach09/ - - The Virtualization and Cloud Security Summit on August 17-18 in Washington; courses in the following days http://www.sans.org/info/43118 Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php Plus Atlanta, Canberra, Cairo, Stockholm, Dubai, Dublin & Rome all in the next 90 days. For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
HP-UX
BSD
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

**************************** Sponsored Links: *************************

1) ***NEW*** SANS Free Vendor Audio Casts! Visit the SANS Reading Room http://www.sans.org/info/47204 and click on the Free Vendor Audio Casts link. 2) WEBCAST: How Browser Exploits Lead to Web 2.0 Hacking with keynote from IDC http://www.sans.org/info/47209

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Office Web Components ActiveX Control Multiple Vulnerabilities (MS09-043)
  • Affected:
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 3
    • Microsoft Office 2000 Web Components Service Pack 3
    • Microsoft Office XP Web Components Service Pack 3
    • Microsoft Office 2003 Web Components Service Pack 3
    • Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
    • Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
    • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
    • Microsoft Internet Security and Acceleration Server 2006 Standard Edition Service Pack 1
    • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition Service Pack 1
    • Microsoft BizTalk Server 2002
    • Microsoft Visual Studio .NET 2003 Service Pack 1
    • Microsoft Office Small Business Accounting 2006

  • Description: Microsoft Office Web Components, a collection of Component Object Model (COM) controls used for manipulating office documents, contains multiple vulnerabilities in them. A memory corruption error, heap corruption errors and a buffer overflow error have been reported in Microsoft Office Web Components. A malicious web page that instantiates the vulnerable component could trigger these vulnerabilities and execute arbitrary code with the privileges of the current user. The users will have to be tricked into visiting the website that hosts such a web page, typically by persuading them to click on the links in e-mail messages. Some technical details are publicly available for some of the vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) CRITICAL: Microsoft Active Template Library Multiple Vulnerabilities (MS09-037)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Vista
    • Microsoft Windows Vista Service Pack 1
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition
    • Microsoft Windows Vista x64 Edition Service Pack 1
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (32-bit) Service Pack 2
    • Microsoft Windows Server 2008 (x64)
    • Microsoft Windows Server 2008 (x64) Service Pack 2
    • Microsoft Windows Server 2008 (Itanium)
    • Microsoft Windows Server 2008 (Itanium) Service Pack 2
    • Microsoft Outlook Express 5.5
    • Microsoft Outlook Express 6
    • Microsoft Windows Media Player 10.x
    • Microsoft Windows Media Player 11.x
    • Microsoft Windows Media Player 9.x

  • Description: Active Template Library (ATL), a set of C++ classes developed by Microsoft to make programming of Component Object Model (COM) objects easier, has been identified with multiple vulnerabilities. The first issue is an error in the function "CComVariant::ReadFromStream", used in the ATL headers, since it does insufficient checks on the data that is read from a stream. This might result in data being read directly onto the stack thereby resulting in arbitrary code execution. The second issue is caused due to an error in the ATL Load method of the "IPersistStreamInit" interface, which might allow an attacker to execute arbitrary code. The third issue is an uninitialized vulnerability caused due to an error in ATL headers and this allows VariantClear to be called on a VARIANT that has not been initialized correctly. The fourth issue is errors in the ATL headers in the way they instantiate an object from data streams which might allow bypassing of security policies. The fifth issue is an error in the ATL headers caused due to insufficient checks on the variant read from a stream which might allow an attacker to control memory that might be freed unintentionally when the variant was deleted. Some technical details on these vulnerabilities are publicly available. Note that there is some overlap with MS09-035 which was released on July 28th but that addressed vulnerabilities in the Visual Studio Active Template Library (ATL) whereas MS09-037 addresses the ATL vulnerabilities in several Windows components.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Microsoft Windows Remote Desktop Multiple Vulnerabilities (MS09-044)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 SP2 (Itanium)
    • Windows Vista
    • Windows Vista Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Vista x64 Edition
    • Windows Vista x64 Edition Service Pack 1
    • Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 (32-bit)
    • Windows Server 2008 (32-bit) Service Pack 2
    • Windows Server 2008 (x64)
    • Windows Server 2008 (x64) Service Pack 2
    • Windows Server 2008 (Itanium)
    • Windows Server 2008 (Itanium) Service Pack 2

  • Description: Remote Desktop Protocol (RDP), a propriety protocol from Microsoft that helps create a virtual session with Windows based applications running on a server, has been identified with multiple vulnerabilities. The first issue is a flaw in Remote Desktop client within "mstscax.dll" while parsing specific parameters returned by the RDP server. This might result in heap overflow in the client and eventually code execution. The second issue is a heap-based buffer overflow in Remote Desktop Web Connection ActiveX control caused due to insufficient checks while processing malformed parameters. A malicious web page that instantiates the vulnerable ActiveX control could trigger this vulnerability and execute arbitrary code with the privileges of the current user. The users will have to be tricked into visiting the website that hosts such a web page, typically by persuading them to click on the links in e-mail messages.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) CRITICAL: Microsoft AVI Media File Handling Multiple Vulnerabilities (MS09-038)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

  • Description: Audio Video Interleave (AVI) is a multimedia container format for audio and video data and is used with applications that handle audio-video sequences. Two vulnerabilities have been reported in Microsoft Windows which can be triggered by processing a specially crafted AVI file. One of the vulnerability is caused due to improper handling of AVI files with malformed headers and the second vulnerability is caused due to an integer overflow error in the windows component that parses AVI files. Successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user. An attacker will have to entice the user into opening a malformed AVI file; either by sending the malicious file as an e-mail attachment or by sending a link, which hosts such a malformed AVI file, in an e-mail message.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: Apple Safari Multiple Vulnerabilities
  • Affected:
    • Apple Safari versions prior to 4.0.3

  • Description: Safari, Apple's web browser for Mac OS X and Microsoft Windows, contains multiple vulnerabilities in its handling of a variety of inputs. A specially crafted web page or URL could trigger one of these vulnerabilities, with a variety of consequences, including remote code execution with the privileges of the current user. The first issue is a heap-based buffer overflow in CoreGraphics in the way it handles long text strings. The second issue is a buffer overflow error in Apple ImageIO in the way it handles EXIF metadata. The third issue is an error in the Top Sites feature which can result in malicious websites promoting sites in the Top Sites view. The fourth issue is a buffer overflow error in WebKit in the way it handles floating point numbers. There is an information disclosure error in WebKit since it allows the "pluginspage" attribute of the "embed" element to reference file URL's. The last issue is an error in International Domain Name (IDN) support and Unicode fonts embedded in Safari which might allow an attacker to direct an unsuspecting user to a spoofed site. Some Technical details for some of these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) CRITICAL: Microsoft Windows Internet Name Service Name Service Multiple Vulnerabilities (MS09-039)
  • Affected:
    • Microsoft Windows 2000 Server Service Pack 4
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems

  • Description: Microsoft Windows Internet Name Service (WINS) is a protocol designed to support NetBIOS over TCP/IP and provide a mapping of host names to network addresses. Two vulnerabilities have been identified in WINS which can be triggered by a specially crafted WINS network packet. The first issue is a heap overflow vulnerability caused due to an error in the calculation of buffer length while processing WINS push packets. The second issue is integer overflow vulnerability in WINS caused due to inadequate checks on the data structures within WINS network packets. This vulnerability only affects Windows 2000 server. Note that WINS service is not installed by default on Windows 2000/2003 servers. Successful exploitation of these might allow an attacker to execute arbitrary code. Some technical details for these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) HIGH: Microsoft Windows Telnet Credential Reflection Vulnerability (MS09-042)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Vista
    • Microsoft Windows Vista Service Pack 1
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition
    • Microsoft Windows Vista x64 Edition Service Pack 1
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (32-bit) Service Pack 2
    • Microsoft Windows Server 2008 (x64)
    • Microsoft Windows Server 2008 (x64) Service Pack 2
    • Microsoft Windows Server 2008 (Itanium)
    • Microsoft Windows Server 2008 (Itanium) Service Pack 2

  • Description: Microsoft Telnet Service, a bidirectional communications facility that allows for remote access, has credential reflection vulnerability. The issue is in the way the Telnet service handles NTLM authentication, and more specifically it does not correctly opt in to NTLM credential-reflection protections. As a result of this user's credentials might be reflected back and might be used to gain unauthorized access into the system with the privileges of the user. An attacker will have to set up a crafted Telnet server and will have to entice a user to access the server usually by sending a link to the specially crafted Telnet server, in an e-mail message and convincing the user to click on the link.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) HIGH: Computer Associates Multiple Products Buffer Overflow Vulnerability
  • Affected:
    • CA Software Delivery r11.2 C1
    • CA Software Delivery r11.2 C2
    • CA Software Delivery r11.2 C3
    • CA Software Delivery r11.2 SP4
    • Unicenter Software Delivery 4.0 C3
    • CA Advantage Data Transport 3.0 C1
    • CA IT Client Manager r12

  • Description: Multiple Computer Associates products contain remotely-exploitable buffer overflows. The specific flaw is a boundary error in "dtscore.dll" library, which is a token searching routine that copies a user supplied data into a fixed length buffer. A specially crafted message sent to the multiple processes that use this functionality can trigger the vulnerability. Successful exploitation might allow an attacker to execute arbitrary code in the context of the user. An attacker doesn't need to be authenticated to exploit this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (9) MODERATE: Microsoft Windows Workstation Service Elevation of Privilege Vulnerability (MS09-041)
  • Affected:
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Vista, Windows Vista Service Pack 1
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition
    • Microsoft Windows Vista x64 Edition Service Pack 1
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (32-bit) Service Pack 2
    • Microsoft Windows Server 2008 (x64)
    • Microsoft Windows Server 2008 (x64) Service Pack 2
    • Microsoft Windows Server 2008 (Itanium)
    • Microsoft Windows Server 2008 (Itanium) Service Pack 21

  • Description: Microsoft Windows Workstation Service, a Windows component that supports inter-system communication (including file and printer sharing), contains an elevation of privilege vulnerability. A specially crafted RPC message can be used to trigger this vulnerability. The specific flaw is a "Double-Free" condition occurring in the Workstation Service while processing the arguments for the "NetrGetJoinInformation" function. Successful exploitation might lead to code execution with elevated privileges. An attacker must have valid user credentials to exploit this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (10) MODERATE: Microsoft ASP.NET Denial of Service Vulnerability (MS09-036)
  • Affected:
    • Microsoft .NET Framework 2.0 Service Pack 1
    • Microsoft .NET Framework 2.0 Service Pack 2
    • Microsoft .NET Framework 3.5
    • Microsoft .NET Framework 3.5 Service Pack 1

  • Description: ASP.NET is a web application framework within the Microsoft .NET framework that allows developers to build web applications and web services. ASP.NET has been identified with a vulnerability which can lead to a denial-of-service condition. A specially crafted HTTP request can be used to trigger this vulnerability. The specific error is an error in ASP.NET in the way it handles request scheduling. Note that only servers with ASP 2.0 hosted on Internet Information Services (IIS) 7.0 and configured in integrated mode are vulnerable to this attack. Some technical details for the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (11) MODERATE: EMC Replication Manager Remote Code Execution Vulnerability
  • Affected:
    • EMC Replication Manager Client 0

  • Description: EMC Replication Manager is used to manage EMC replication technologies through a centralized management console. Remote code execution vulnerability has been reported in EMC Replication Manager. The specific flaw resides in irccd.exe" process, which communicates over XML-based protocol and listens by default around TCP port 6700. By supplying a malicious "RunProgram" message to this service, which it accepts without adequate checks, an attacker can execute arbitrary code on the vulnerable system. Some technical details for the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 33, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7361 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.33.1 - CVE: CVE-2009-1923
  • Platform: Windows
  • Title: Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow
  • Description: WINS is a protocol that is designed to support NETBIOS over TCP/IP. The Microsoft Windows WINS Server is exposed to a remote heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling specially crafted WINS network packets.
  • Ref: http://www.securityfocus.com/archive/1/505677
  • 09.33.2 - CVE: CVE-2009-1924
  • Platform: Windows
  • Title: Microsoft Windows WINS Server Network Buffer Length Integer Overflow
  • Description: WINS is a protocol that is designed to support NETBIOS over TCP/IP. The Microsoft Windows WINS Server is exposed to a remote integer overflow issue because the application fails to restrict the size of a buffer before passing it to the heap.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-039.mspx
  • 09.33.3 - CVE: CVE-2009-1545
  • Platform: Windows
  • Title: Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution
  • Description: Audio Video Interleave (AVI) is a multimedia container format. AVI files can contain audio and video data. Microsoft Windows is exposed to a remote code execution issue. This issue presents itself when an unspecified Windows component handles a malicious AVI file. Specifically, the issue arises when the headers in the AVI file are parsed.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-038.mspx
  • 09.33.4 - CVE: CVE-2009-1546
  • Platform: Windows
  • Title: Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow
  • Description: Audio Video Interleave (AVI) is a multimedia container format. AVI files can contain audio and video data. Microsoft Windows is exposed to a remote integer overflow issue. This issue presents itself when an unspecified Windows component handles a malicious AVI file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-038.mspx
  • 09.33.5 - CVE: CVE-2009-1544
  • Platform: Windows
  • Title: Microsoft Windows Workstation Service Double Free Remote Code Execution
  • Description: Microsoft Windows Workstation service is a routing service used by the operating system to determine if file or print requests are local or remote in nature. Microsoft Windows is exposed to a remote code execution issue that affects the Windows Workstation Service. This issue stems from a double-free error that can be triggered with specially crafted Remote Procedure Call (RPC) requests to a vulnerable computer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-041.mspx
  • 09.33.6 - CVE: CVE-2009-1930
  • Platform: Windows
  • Title: Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass
  • Description: Telnet is a bidirectional communication protocol that allows command line remote administration over TCP. Microsoft Windows is exposed to an authentication bypass issue that exists in the Telnet protocol. Specifically the protocol fails to implement the NTLM credential reflection protection. This will allow credentials to be reflected back to an attacker and can be used against the victim user.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-042.mspx
  • 09.33.7 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service
  • Description: Embedded OpenType (EOT) fonts are designed for use on webpages. EOT fonts can also be embedded in documents. Microsoft Windows is exposed to a remotely exploitable denial of service issue which may affect 'OS' table records in Embedded OpenType fonts. Multiple issues may be present affecting an offset and a buffer length.
  • Ref: http://www.microsoft.com/typography/otspec/otff.htm
  • 09.33.8 - CVE: CVE-2009-0562
  • Platform: Microsoft Office
  • Title: Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution
  • Description: Microsoft Office Web Components are tools used to publish and view Office documents on Web pages. The application is exposed to a remote code execution issue that occurs because the application fails to properly allocate memory.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-055/
  • 09.33.9 - CVE: CVE-2009-2496
  • Platform: Microsoft Office
  • Title: Microsoft Office Web Components ActiveX Control Heap Corruption Remote Code Execution
  • Description: Microsoft Office Web Components are tools used to publish and view Office documents on Web pages. Microsoft Office Web Components is exposed to a remote code execution issue. Certain parameters are not adequately validated by control methods which may result in a heap corruption. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-056/
  • 09.33.10 - CVE: CVE-2009-1534
  • Platform: Microsoft Office
  • Title: Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution
  • Description: Microsoft Office Web Components are tools used to publish and view Office documents on Web pages. The application is exposed to a remote code execution issue that occurs because the application fails to properly bounds check user-supplied data before it is copied into a fixed-size memory buffer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-043.mspx
  • 09.33.11 - CVE: CVE-2009-1929
  • Platform: Other Microsoft Products
  • Title: Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow
  • Description: Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer overflow vulnerability. Attackers may exploit this issue by enticing an unsuspecting user into viewing a malicious Web page.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-044.mspx
  • 09.33.12 - CVE: CVE-2009-2494
  • Platform: Other Microsoft Products
  • Title: Microsoft Active Template Library Object Type Mismatch Remote Code Execution
  • Description: Microsoft Active Template Library (ATL) is a library used to construct Common Object Model (COM) interfaces. Components and controls created with the ATL are exposed to a remote code execution issue because of errors in the library headers that instantiate objects from data streams. Specifically, this issue can result in variant objects being instantiated with the wrong variant type when loaded from a stream. This may result in unintended areas of memory being freed when the object is deleted.
  • Ref: http://www.microsoft.com/technet/security/advisory/973882.mspx
  • 09.33.13 - CVE: CVE-2009-1536
  • Platform: Other Microsoft Products
  • Title: Microsoft ASP.NET Request Scheduling Denial Of Service
  • Description: Microsoft ASP.NET is a collection of technologies within the .NET Framework that allows attackers to develop web application and web services. Microsoft ASP.NET is exposed to a denial of service issue that occurs because the application incorrectly manages request scheduling.
  • Ref: http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net- denial-of-service-vulnerability.aspx
  • 09.33.14 - CVE: CVE-2009-1922
  • Platform: Other Microsoft Products
  • Title: Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation
  • Description: Microsoft Message Queuing (MSMQ) is a messaging protocol that allows applications running on disparate servers to communicate in a failsafe manner. The Microsoft Message Queuing service is exposed to a local privilege escalation issue because it fails to adequately handle user-supplied input from a specially crafted IOCTL request sent to the MSMQ service.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-040.mspx
  • 09.33.15 - CVE: CVE-2009-1133
  • Platform: Other Microsoft Products
  • Title: Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow
  • Description: Microsoft Remote Desktop Connection (formerly known as Terminal Services Client) uses Remote Desktop Protocol (RDP) to provide remote access to Microsoft operating systems. The Microsoft Remote Desktop Connection client is exposed to a heap-based buffer overflow issue when processing certain parameters returned by a malicious RDP server.
  • Ref: http://www.securityfocus.com/archive/1/505680
  • 09.33.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: UltraPlayer Malformed ".usk" Playlist File Buffer Overflow
  • Description: UltraPlayer is a multimedia player available for Microsoft Windows. UltraPlayer is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Specifically, the application fails to handle specially crafted ".usk" files. UltraPlayer version 2.112 is affected.
  • Ref: http://www.securityfocus.com/bid/35956
  • 09.33.17 - CVE: CVE-2009-1723, CVE-2009-1726, CVE-2009-1727,CVE-2009-0151, CVE-2009-1728, CVE-2009-2188, CVE-2009-2190,CVE-2009-2191, CVE-2009-2192, CVE-2009-2193, CVE-2009-2194
  • Platform: Mac Os
  • Title: Apple Mac OS X 2009-003 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues that have been addressed in Security Update 2009-003. Multiple issues have been addressed: A spoofing vulnerability affects CFNetwork when displaying SSL certificate warnings for a site accessed via a 302 Redirect HTTP response; A heap-buffer overflow affects ColorSync when handling images containing embedded ColorSync profiles; A vulnerability in CoreTypes may result in users not receiving adequate warning when opening potentially unsafe file types; An access validation vulnerability affects the Dock component when handling four finger Multi-Touch gestures, which may allow an attacker with physical access to a locked computer to manage applications or use Expose; A stack buffer overflow vulnerability affects Image RAW when handling Canon RAW images; A buffer overflow vulnerability affects ImageIO when handling EXIF metadata; A denial of service vulnerability affects the "launchd" process; A format string vulnerability affects the Login Window's handling of application names; and A logic error affects MobileMe when handling credential removal.
  • Ref: http://www.securityfocus.com/bid/35954
  • 09.33.18 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "posix-timers.c" NULL Pointer Dereference Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. This vulnerability stems from a potential NULL-pointer dereference error that can occur when the "do_nanosleep()" function is called with clockid CLOCK_MONOTONIC_RAW. This issue occurs in the "kernel/posix-timers.c" source file. Linux kernel version 2.6.28-rc1 is affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1979
  • 09.33.19 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel PA-RISC EEPROM Driver Memory Corruption
  • Description: Linux Kernel is exposed to a memory corruption issue that may allow attackers to trigger a denial of service condition. Specifically, this issue occurs in the "eisa_eeprom_read()" function of the "drivers/parisc/eisa_eeprom.c" source file of the PA-RISC EEPROM driver. By supplying a negative value to the "ppos" parameter of this function, attackers may poke unintended areas of kernel memory. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6b4dbcd86a9d464057fcc7abe4d0574093071fcc
  • 09.33.20 - CVE: CVE-2009-2691
  • Platform: Linux
  • Title: Linux Kernel "fs/proc/base.c" Local Information Disclosure
  • Description: The Linux kernel is exposed to a local information disclosure issue. This issue occurs in the "mm_for_maps()" function of the "fs/proc/base.c" file. Specifically, the "/proc/$pid/maps" and "smaps" files are readable by non-administrative users when a setuid process is launched. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d
  • 09.33.21 - CVE: CVE-2009-1427
  • Platform: HP-UX
  • Title: HP-UX "ttrace(2)" Unspecified Local Denial of Service
  • Description: HP-UX is exposed to a local denial of service issue that stems from an unspecified error in the "ttrace(2)" system call. HP-UX B.11.31 with patch PHKL_38114 installed is affected.
  • Ref: http://www.securityfocus.com/bid/36017
  • 09.33.22 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD SCTP Connections Local Denial of Service
  • Description: FreeBSD is a BSD-based operating system. FreeBSD is exposed to a local denial of service issue. Specifically, an unspecified problem occurs when handling multiple SCTP connections that can allow local users to panic the system, effectively denying service to legitimate users. FreeBSD version 7.2 is affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1979
  • 09.33.23 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris XScreenSaver Popup Windows Local Information Disclosure
  • Description: XScreenSaver is a screen saver for Linux and Unix systems running the X11 Windows System. XScreenSaver is exposed to a local information disclosure issue because popup windows may appear through the locked screen, disclosing potentially sensitive information. An attacker with local access could potentially exploit this issue to obtain restricted content. Solaris 8, 9 and 10 and OpenSolaris builds snv_01 through snv_119 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-258928-1
  • 09.33.24 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris XScreenSaver and Assistive Technology Support Security Bypass
  • Description: XScreenSaver is a screen saver for Linux and Unix systems running the X11 Window System. Sun Solaris is exposed to a security bypass issue that affects XScreenSaver and Assistive Technology Support. Specifically a local attacker may exploit the issue to unlock the X Display that has been locked using XScreenSaver. Solaris 10 and OpenSolaris builds snv_01 through snv_110 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259388-1
  • 09.33.25 - CVE: CVE-2009-2412
  • Platform: Cross Platform
  • Title: Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
  • Description: Apache APR (Apache Portable Runtime) are libraries for API development. "APR-util" is a library of utility functions used by several software applications, including the Apache HTTP server. Apache APR and "APR-util" are exposed to multiple integer overflow issues. Ref: http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markup
  • 09.33.26 - CVE: CVE-2009-2625
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment XML Parsing Denial of Service
  • Description: Sun Java Runtime Environment (JRE) is an enterprise development platform. JRE is exposed to a denial of service issue due to an unspecified error when parsing XML data. Attackers may exploit this issue to cause denial of service conditions in applications that use the vulnerable environment.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1
  • 09.33.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun VirtualBox Host Operating System Local Denial Of Service
  • Description: Sun VirtualBox is an open-source virtualization software. The application is exposed to a local denial of service issue due to an unspecified error. Local attackers inside a VirtualBox virtual machine may exploit this issue to restart the host operating system, denying service to legitimate users. Sun VirtualBox versions 3.0.0 and 3.0.2 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1
  • 09.33.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Access Manager CDCServlet Component Information Disclosure
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. It was formerly called Sun Java System Identity Server. It is available for Solaris, Windows, Linux, and HP-UX platforms. The application is exposed to a remote information disclosure issue. The problem arises in the CDCServlet component and may lead to policy advice being presented to the wrong client. Sun Java System Access Manager version 7.1 and Sun Java System Access Manager version 7 2005Q4 (7.0) is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1
  • 09.33.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Access Manager Debug Files Local Information Disclosure
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. It was formerly called Sun Java System Identity Server. It is available for Solaris, Windows, Linux, and HP-UX platforms. The application is exposed to a local information disclosure issue that occurs because the application may reveal passwords to local users. This issue presents itself because passwords associated with user identities which are managed by Sun Java System Access Manager are stored in clear text format in debug files when the debug flag is enabled.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1
  • 09.33.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption
  • Description: Sun OpenSSO Enterprise (formerly Sun Java System Access Manager and Sun Java System Identity Server) is an application for managing secure access to web applications. It is available for Solaris, Microsoft Windows, Linux, and HP-UX platforms. The application is exposed to a memory corruption issue because it fails to properly handle crafted XML documents.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
  • 09.33.31 - CVE: CVE-2009-2411
  • Platform: Cross Platform
  • Title: Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
  • Description: Subversion is an open-source version-control application that is available for numerous platforms including Microsoft Windows, UNIX, and UNIX-like operating systems. Subversion is exposed to multiple integer overflow issues. Specifically, the issues occur because the "libsvn_delta library" library fails to perform sufficient input validation on svndiff streams. Subversion clients and servers versions 1.5.6 and earlier and Subversion clients and servers versions 1.6.0 through 1.6.3 are affected.
  • Ref: http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
  • 09.33.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Computer Associates Multiple Products Data Transport Services Remote Buffer Overflow
  • Description: Multiple Computer Associates products are exposed to a remote buffer overflow issue because they fail to bounds check user-supplied data before copying it into an insufficiently sized buffer. The issue exists within Data Transport Services.
  • Ref: http://www.securityfocus.com/bid/35994
  • 09.33.33 - CVE: CVE-2009-1885
  • Platform: Cross Platform
  • Title: Xerces-C++ Nested DTD Structure XML Parsing Remote Denial of Service
  • Description: Xerces-C++ is a freely available XML parser implemented in C++. Xerces-C++ is exposed to a denial of service issue because it fails to handle specially crafted XML files containing nested Document Type Definition (DTD) structures. This issue occurs in the "validators/DTD/DTDScanner.cpp" source code file. Xerces-C++ version 3.0.1 is affected.
  • Ref: http://www.cert.fi/en/reports/2009/vulnerability2009085.html
  • 09.33.34 - CVE: CVE-2009-0668, CVE-2009-0669
  • Platform: Cross Platform
  • Title: Zope Object Database ZEO Network Protocol Multiple Security Vulnerabilities
  • Description: Zope Object Database (ZODB) is a Python-based object database. Zope Enterprise Objects (ZEO) is a network protocol used by Zope. Zope is a content management system that uses ZODB for the back end. Zope Object Database (ZODB) is exposed to multiple security issues. ZODB versions prior to 3.8.2 are affected. Ref: http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
  • 09.33.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Python Expat Wrapper Library Unspecified XML Parsing Remote Denial of Service
  • Description: Python is a programming language available for multiple platforms. Python includes a wrapper for the Expat XML parsing library. Python's Expat wrapper library is exposed to a denial of service issue because it fails to handle specially crafted XML data. Python version 2.6.2 is affected.
  • Ref: http://www.codenomicon.com/news/press-releases/2009-08-05.shtml
  • 09.33.36 - CVE: CVE-2009-2415
  • Platform: Cross Platform
  • Title: Memcached Multiple Heap-Based Buffer Overflow
  • Description: Memcached is a database caching applications available for multiple operating systems. Memcached is exposed to multiple heap-based buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied data. These issues are due to an integer conversion error when parsing certain length attributes.
  • Ref: http://www.securityfocus.com/bid/35989
  • 09.33.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple ASUS Products System Management Mode Multiple Local Privilege Escalation Vulnerabilities
  • Description: Multiple ASUS products and BIOS are prone to multiple privilege escalation issues. System Management Mode (SMM) is a privileged mode of execution in which all normal operations, including the operating system, are suspended. System Management Mode is generally used to handle low level hardware operations. Successfully exploiting these issues will allow programs running with administrative (ring 0) privileges to modify code running in System Management Mode.
  • Ref: http://www.securityfocus.com/archive/1/505590
  • 09.33.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EMC Replication Manager Client Control Service Remote Code Execution
  • Description: EMC Replication Manager Client is software for application data replication. The application's control service, "irccd.exe" listens by default on TCP port 6700 for an XML-based network protocol. By supplying a specially crafted payload along with 'RunProgram' commands, a remote attacker can execute arbitrary code.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-051/
  • 09.33.39 - CVE: CVE-2009-2660
  • Platform: Cross Platform
  • Title: CamlImages Image Parsing Multiple Heap Overflow Vulnerabilities
  • Description: CamlImages is an open source library for processing images. CamlImages is exposed to multiple heap overflow issues because it fails to properly validate user-supplied data when parsing GIF and JPEG images. Specifically, these issues arise in the "gifread.c" and "jpegread.c" source files, which contain functions that fail to properly validate the width and height of an image. CamlImages version 2.2 is affected.
  • Ref: http://www.openwall.com/lists/oss-security/2009/07/25/2
  • 09.33.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IsolSoft Support Center "lang" Parameter Multiple Input Validation Vulnerabilities
  • Description: IsolSoft Support Center is an automated help desk system. The application is exposed to multiple input validation issues. An attacker can exploit these issues to execute arbitrary local and remote files within the context of the web server, execute arbitrary script code, and steal cookie-based authentication credentials. Support Center version 2.5 is affected.
  • Ref: http://www.securityfocus.com/bid/35997
  • 09.33.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP "mail.log" Configuration Option "open_basedir" Restriction Bypass
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to an "open_basedir" restriction bypass issue. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. PHP version 5.3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/505639
  • 09.33.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SPIP Versions Prior to 2.0.9 Unspecified Security
  • Description: SPIP is exposed to an unspecified security issue. Attackers can exploit this issue to compromise the application and possibly the underlying web server. SPIP versions prior to 2.0.9 are affected.
  • Ref: http://www.spip-contrib.net/SPIP-Security-Alert-new-version
  • 09.33.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP "ini_restore()" Memory Information Disclosure
  • Description: PHP is a programming language commonly used for web applications. PHP is exposed to an information disclosure issue that occurs in its implementation of the "ini_restore()" function. Specifically, memory may be revealed when configuration variables set with the "ini_set()" function are unset with the affected function. This error occurs in the "zend_ini.c" source file.
  • Ref: http://securityreason.com/achievement_securityalert/65
  • 09.33.44 - CVE: CVE-2008-6895
  • Platform: Cross Platform
  • Title: 3CX Phone System Vulnerability Scan Remote Denial of Service
  • Description: 3CX Phone System is a software based IP PBX system. 3CX Phone System is exposed to a remote denial of service issue when performing vulnerability scans against the 3CX server. 3CX versions prior to 6.0.806.0 are affected.
  • Ref: http://marc.info/?l=full-disclosure&m=122868146707468&w=2
  • 09.33.45 - CVE: CVE-2009-2726
  • Platform: Cross Platform
  • Title: Asterisk SIP Channel Driver "scanf" Multiple Remote Denial of Service Vulnerabilities
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. Asterisk is exposed to multiple remote denial of service issues because it fails to adequately restrict user-supplied input before using it to allocate stack memory. Asterisk version 1.6.1 is affected.
  • Ref: http://downloads.asterisk.org/pub/security/AST-2009-005.html
  • 09.33.46 - CVE: CVE-2009-2663
  • Platform: Cross Platform
  • Title: libvorbis OGG Vorbis Processing Multiple Remote Memory Corruption Vulnerabilities
  • Description: The "libvorbis" library allows media applications to play OGG Vorbis files. Applications using the library are exposed to multiple remote memory corruption issues due to unspecified errors when processing OGG Vorbis files. libvorbis versions prior to 1.2.3 are affected.
  • Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-45.html
  • 09.33.47 - CVE: CVE-2009-2196
  • Platform: Cross Platform
  • Title: Apple Safari Top Site Feature Website Promotion Security
  • Description: Apple Safari is a web browser available for multiple platforms. Apple Safari is exposed to an issue that may aid in phishing style attacks. This issue occurs in the "at-a-glance view" included in the Top Site feature. Apple Safari versions prior to 4.0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/36022
  • 09.33.48 - CVE: CVE-2009-2195
  • Platform: Cross Platform
  • Title: WebKit Floating Point Number Remote Buffer Overflow
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote buffer overflow issue that occurs because the application fails to properly parse floating point numbers. Apple Safari versions prior to 4.0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/36023
  • 09.33.49 - CVE: CVE-2009-2200
  • Platform: Cross Platform
  • Title: WebKit "pluginspace" URI Scheme Remote Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue affecting the "pluginspace" attribute of the "embed" element in "file://" URIs.
  • Ref: http://www.securityfocus.com/bid/36024
  • 09.33.50 - CVE: CVE-2009-2188
  • Platform: Cross Platform
  • Title: Apple ImageIO EXIF Metadata Buffer Overflow
  • Description: Apple ImageIO is a framework for handling multiple image file formats. ImageIO is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data when handling EXIF metadata. Mac OS X versions 10.5 through 10.5.7, Mac OS X Server 10.5 through 10.5.7, and Apple Safari prior to 4.0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/36025
  • 09.33.51 - CVE: CVE-2009-2199
  • Platform: Cross Platform
  • Title: WebKit International Domain Name URI Spoofing
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit supports the display of international domain name (IDN) domains. The application is affected by a URI spoofing issue because it fails to adequately handle unspecified characters in IDN domains. Apple Safari versions prior to 4.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/36026
  • 09.33.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: signkorn guestbook "qc" Parameter Cross-Site Scripting
  • Description: signkorn guestbook is a website guestbook application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. Specifically, the issue affects the "qc" parameter of the "admin/admin.php" script. signkorn guestbook version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/35965
  • 09.33.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AJ Auction Pro "txtkeyword" Parameter Cross-Site Scripting
  • Description: AJ Auction Pro is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. Specifically, the issue affects the "txtkeyword" parameter of the "index.php" script when "do" is specified as "search". AJ Auction Pro version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/35968
  • 09.33.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SupportPRO SupportDesk "shownews.php" Cross-Site Scripting
  • Description: SupportPRO SupportDesk is a web-based helpdesk application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "shownews.php" script. SupportDesk version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36001
  • 09.33.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SQLiteManager "main.php" Cross-Site Scripting
  • Description: SQLiteManager is a PHP-based tool for managing SQLite databases. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. Specifically, the issue affects the "redirect" parameter of the "main.php" script. SQLiteManager version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/505636
  • 09.33.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ViArt CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: ViArt CMS is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. Attacker supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie based authentication credentials; other attacks are also possible.
  • Ref: http://www.securityfocus.com/bid/36003
  • 09.33.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Irokez CMS "id" Parameter SQL Injection
  • Description: Irokez CMS is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/35957
  • 09.33.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 "showUid" Parameter SQL Injection
  • Description: TYPO3 is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "showUid" parameter of the "index.php" script before using it in an SQL query. TYPO3 version 4.0 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/35975
  • 09.33.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Arab Portal Login SQL Injection
  • Description: Arab Portal is a Web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" field when logging into the affected application. Arab Portal version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/35994
  • 09.33.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mini-CMS "forum.php" SQL Injection
  • Description: Mini-CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "page.php" script before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/36011
  • 09.33.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Kunena ("com_kunena") Joomla! Component "func" Parameter SQL Injection
  • Description: The Kunena "com_kunena" component is a forum component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "func" parameter of the "com_kunena" component before using it in an SQL query. Kunena version 1.5.4 is affected.
  • Ref: http://www.securityfocus.com/bid/36020
  • 09.33.62 - CVE: Not Available
  • Platform: Web Application
  • Title: photokorn SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: photokorn is a PHP-based photo gallery application. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input to the "where[]", "sort", "order", and "Match" parameters of the "search.php" script before using it in an SQL query. photokorn versions 1.81 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/35966
  • 09.33.63 - CVE: Not Available
  • Platform: Web Application
  • Title: Alkacon OpenCms Multiple Input Validation Vulnerabilities
  • Description: OpenCms is a web-based application implemented using Java and XML. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. OpenCms version 7.5.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/505547
  • 09.33.64 - CVE: Not Available
  • Platform: Web Application
  • Title: PhotoPost PHP "cat" Parameter Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: PhotoPost PHP is a PHP-based photo gallery application. The application is exposed to an SQL injection issue and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Specifically, these issues affect the "cat" parameter of the "showgallery.php" script. PhotoPost PHP version 3.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/35996
  • 09.33.65 - CVE: Not Available
  • Platform: Web Application
  • Title: Debian Mantis Package "config_db.php" Insecure File Permissions
  • Description: Mantis is a web-based bug tracker. It is written in PHP and supported by a MySQL database. The Debian Mantis package is exposed to an insecure file permissions security issue. Specifically, this issue occurs because the application creates the "/etc/mantis/config_db.php" file with world-readable permissions.
  • Ref: http://www.securityfocus.com/bid/36000
  • 09.33.66 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Made Simple "modules/Printing/output.php" CMS Local File Include
  • Description: CMS Made Simple is a web-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "url" parameter of the "modules/Printing/output.php" script. CMS Made Simple 1.6.2 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/36005
  • 09.33.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Papoo Upload Images Arbitrary File Upload
  • Description: Papoo is a PHP-based content manager. Papoo is exposed to an issue that lets attackers upload arbitrary files because the application fails to adequately validate user-supplied input. Specifically, this issue affects the "lib/classes/image_core_class.php" source file.
  • Ref: http://www.securityfocus.com/archive/1/505639
  • 09.33.68 - CVE: CVE-2009-2414, CVE-2009-2416
  • Platform: Web Application
  • Title: libxml2 Multiple Memory Corruption Vulnerabilities
  • Description: The "libxml2" library is freely available, open source software designed to manipulate XML files. The library is exposed to multiple memory corruption issues. An attacker can exploit these issues by tricking a victim into opening a specially crafted XML file.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=515205
  • 09.33.69 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress "wp-login.php" Admin Password Reset Security Bypass
  • Description: WordPress is a web-based publishing application. The application is exposed to a security bypass issue related to the password-reset feature. This issue occurs because the application fails to properly validate user input in the form of activation keys that are arrays. WordPress version 2.8.3 is affected.
  • Ref: http://core.trac.wordpress.org/changeset/11798

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The quick pace is awesome! Moving forward and actively covering topics is invigorating!
-Steven Park, Boeing

vLive FOR508

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU