@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Autonomy KeyView Excel File Parsing Buffer Overflow Vulnerability
• (2) HIGH: Google Chrome V8 JavaScript Engine Unauthorized Memory Read Vulnerability
• (3) MODERATE: Symantec Altiris Deployment Solution Multiple Vulnerabilities
• (4) MODERATE: Labtam ProFTP Vulnerability 'Welcome Message' Buffer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 09.35.1 - Microsoft Internet Explorer "li" Element Denial of Service

Third Party Windows Apps

• 09.35.2 - Acer LunchApp ActiveX Control Remote Code Execution
• 09.35.3 - Avast! Antivirus Professional File System Filter Driver Buffer Overflow
• 09.35.4 - Novell Client ActiveX Control "nwsetup.dll" Unspecified Remote Denial of Service
• 09.35.5 - Nokia Lotus Notes Connector "lnresobject.dll" Unspecified Remote Denial of Service

Linux

• 09.35.6 - Linux Kernel with SELinux "mmap_min_addr" Low Memory NULL Pointer Dereference
• 09.35.7 - Linux Kernel "cmp_ies()" Remote Null Pointer Dereference
• 09.35.8 - Linux Kernel "udp_sendmsg()" MSG_MORE Flag Local Privilege Escalation
• 09.35.9 - Linux Kernel "net/llc/af_llc.c" Local Information Disclosure

BSD

• 09.35.10 - FreeBSD "kevent()" Race Condition
• 09.35.11 - FreeBSD ftpd "setusercontext()" Remote Privilege Escalation

Solaris

• 09.35.12 - Sun Virtual Desktop Infrastructure (VDI) Secure LDAP
• 09.35.13 - Sun Solaris Filesystem and Virtual Memory Subsystems Local Denial of Service
• 09.35.14 - Sun Solaris sendfile(3EXT) and sendfilev(3EXT) Local Denial of Service
• 09.35.15 - Sun Solaris pollwakeup(9F) Local Denial of Service
• 09.35.16 - Sun Solaris Print Service (in.lpd(1M)) Remote Denial of Service

Cross Platform

• 09.35.17 - Blue Coat ProxySG Proxy Authentication Bypass
• 09.35.18 - Adobe JRun "logviewer.jsp" Directory Traversal
• 09.35.19 - Adobe JRun Multiple Unspecified Cross-Site Scripting Vulnerabilities
• 09.35.20 - Adobe ColdFusion Session Fixation
• 09.35.21 - IBM DB2 Multiple Security Vulnerabilities
• 09.35.22 - Cisco IOS XR Invalid Border Gateway Protocol (BGP) Update Denial of Service
• 09.35.23 - Pidgin "msn_slplink_process_msg()" NULL Pointer Dereference Remote Code Execution
• 09.35.24 - ntop HTTP Basic Authentication NULL Pointer Dereference Denial of Service
• 09.35.25 - Computer Associates Internet Security Suite "vetmonnt.sys" Denial of Service
• 09.35.26 - Computer Associates Host-Based Intrusion Prevention System Remote Denial of Service
• 09.35.27 - Neon "ne_xml*" expat XML Parsing Denial of Service
• 09.35.28 - "Compress::Raw::Bzip2" Perl Module Remote Code Execution
• 09.35.29 - Kaspersky Products URI Parsing Denial of Service
• 09.35.30 - Cisco Firewall Services Module ICMP Packet Remote Denial of Service
• 09.35.31 - Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service
• 09.35.32 - Cisco IOS XR Long Length Border Gateway Protocol (BGP) Update Denial of Service
• 09.35.33 - Cisco IOS XR Border Gateway Protocol (BGP) Update AS Prepend Denial of Service
• 09.35.34 - Adobe ColdFusion Double-Encoded NULL Character Information Disclosure
• 09.35.35 - Expat UTF-8 Character XML Parsing Remote Denial of Service
• 09.35.36 - Cisco Security Monitoring Analysis and Response System Password Information Disclosure
• 09.35.37 - IBM AFS Client Denial of Service
• 09.35.38 - ProFTP "Welcome Message" Remote Buffer Overflow
• 09.35.39 - Cerberus FTP Server "ALLO" Command Buffer Overflow
• 09.35.40 - Autonomy KeyView Module Excel Document Processing Buffer Overflow
• 09.35.41 - Lxlabs Kloxo Hosting Platform and HyperVM Local Information Disclosure
• 09.35.42 - Cisco Lightweight Access Point Over The Air Manipulation Denial of Service
• 09.35.43 - Google Chrome V8 JavaScript Engine Remote Code Execution

Web Application - Cross Site Scripting

• 09.35.44 - Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities
• 09.35.45 - Adobe ColdFusion Unspecified Cross-Site Scripting
• 09.35.46 - Computer Associates SiteMinder "%00" Cross-Site Scripting Protection Security Bypass
• 09.35.47 - Adobe Flex SDK "index.template.html" Cross-Site Scripting
• 09.35.48 - Computer Associates SiteMinder Unicode Cross-Site Scripting Protection Security Bypass
• 09.35.49 - Drupal Printer, e-mail and PDF versions Module Multiple Cross-Site Scripting Vulnerabilities
• 09.35.50 - Geeklog mycaljp Plugin Cross-Site Scripting
• 09.35.51 - FreeNAS Unspecified Cross-Site Scripting

Web Application - SQL Injection

• 09.35.52 - Discuz! "2fly_gift.php" SQL Injection
• 09.35.53 - IBM WebSphere Partner Gateway Console SQL Injection
• 09.35.54 - Joomla! "com_content" Component "ItemID" Parameter SQL Injection
• 09.35.55 - AJ Auction Pro OOPD "store.php" SQL Injection
• 09.35.56 - Dreamlevels Dreampics Builder "exhibition_id" Parameter SQL Injection
• 09.35.57 - Agares Media Arcadem Pro "index.php" SQL Injection
• 09.35.58 - Subdreamer CMS Multiple SQL Injection Vulnerabilities
• 09.35.59 - SugarCRM Unspecified SQL Injection
• 09.35.60 - Joomla! "com_ninjamonial" Component "testimID" Parameter SQL Injection
• 09.35.61 - Joomla! Siirler Bileseni Component "sid" Parameter SQL Injection
• 09.35.62 - Turnkey Arcade Script "id" Parameter Browse SQL Injection
• 09.35.63 - TYPO3 AIRware Lexicon Extension Unspecified SQL Injection
• 09.35.64 - TYPO3 Car Extension Unspecified SQL Injection
• 09.35.65 - TYPO3 AST ZipCodeSearch Extension Unspecified SQL Injection
• 09.35.66 - TYPO3 Event Registration Extension Unspecified SQL Injection
• 09.35.67 - TYPO3 Solidbase Bannermanagement Extension Unspecified SQL Injection Description: Solidbase Bannermanagement ("SBbanner") is an extension for the TYPO3 content manager. The extension is prone to an SQL injection vulnerability because it
• 09.35.68 - TYPO3 t3m_affiliate Extension Unspecified SQL Injection
• 09.35.69 - TYPO3 T3M E-Mail Marketing Tool Extension Unspecified SQL Injection
• 09.35.70 - TYPO3 AJAX Chat Extension Unspecified SQL Injection

Web Application

• 09.35.71 - Adobe ColdFusion Multiple HTML Injection Vulnerabilities
• 09.35.72 - DUWare DUgallery "admin/edit.asp" Authentication Bypass
• 09.35.73 - vtiger CRM Multiple Input Validation Vulnerabilities
• 09.35.74 - PHP-Lance Multiple Local File Include Vulnerabilities
• 09.35.75 - Drupal ImageCache Module Security Bypass and HTML Injection Vulnerabilities
• 09.35.76 - CuteFlow "pages/edituser.php" Security Bypass
• 09.35.77 - Feed Sidebar RSS Feed HTML Injection
• 09.35.78 - ScribeFire "<img>" tag HTML Injection
• 09.35.79 - Wizz RSS "<description>" tag HTML Injection
• 09.35.80 - Update Scanner "onerror" HTML Injection
• 09.35.81 - CoolPreviews Stack Preview Feature HTML Injection
• 09.35.82 - Joomla! jTips ("com_jtips") Component "season" Parameter SQL Injection
• 09.35.83 - Xerox WorkCentre LPD Requests Remote Denial of Service
• 09.35.84 - TYPO3 Commerce Extension Unspecified HTML Injection

Network Device

• 09.35.85 - 2Wire Routers "password_required.html" Password Reset Security Bypass
• 09.35.86 - NetGear WNR2000 Multiple Information Disclosure Vulnerabilities
• 09.35.87 - NetGear WNR2000 "upg_restore.cgi" Authentication Bypass

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 35, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7394 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 09.35.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer "li" Element Denial of Service
• Description: Microsoft Internet Explorer is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue that is triggered when script code sets the "value" attribute of an HTML "li" element that has not yet been added to the Document Object Model (DOM). Internet Explorer versions prior to 8 beta 2 are affected.
• Ref: http://www.webmasterworld.com/javascript/3244709.htm

• 09.35.2 - CVE: CVE-2009-2627
• Platform: Third Party Windows Apps
• Title: Acer LunchApp ActiveX Control Remote Code Execution
• Description: Acer LunchApp is an ActiveX control. The LunchApp control AcerCtrls.APlunch is exposed to a remote code execution issue because it fails to restrict access to an unsafe "Run()" method. An attacker can exploit this issue to execute arbitrary code in thecontext of the application using the vulnerable ActiveX control.
• Ref: http://www.kb.cert.org/vuls/id/485961

• 09.35.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Avast! Antivirus Professional File System Filter Driver Buffer Overflow
• Description: Avast! is an antivirus application for Microsoft Windows. Avast! Antivirus Professional is exposed to a buffer overflow issue because it fails to adequately sanitize user-supplied data. This issue affects the "File System Filter" driver. Avast! Antivirus Professional version 4.8.1335 is affected.
• Ref: http://www.securityfocus.com/bid/36115

• 09.35.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Novell Client ActiveX Control "nwsetup.dll" Unspecified Remote Denial of Service
• Description: Novell Client for Windows allows users to access Novell services from remote computers. The Novell Client ActiveX control is exposed to a remote denial of service issue because of an unspecified error. This issue affects the "nwsetup.dll" library file. Novell Client version 4.91.5.1 is affected.
• Ref: http://www.novell.com/products/clients/windows/xp2000/overview.html

• 09.35.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Nokia Lotus Notes Connector "lnresobject.dll" Unspecified Remote Denial of Service
• Description: The Nokia Lotus Notes Connector "lnresobject.dll" ActiveX control is exposed to a remote denial of service issue because of an unspecified error. This issue affects version 7.1.1.119 of the "lnresobject.dll" file. A successful attack allows the attacker to crash an application that is using the ActiveX control, denying further service to legitimate users.
• Ref: http://support.microsoft.com/kb/240797

• 09.35.6 - CVE: CVE-2009-2695
• Platform: Linux
• Title: Linux Kernel with SELinux "mmap_min_addr" Low Memory NULL Pointer Dereference
• Description: The Linux kernel is exposed to a local NULL pointer dereference issue. Local attackers may leverage this issue on computers that have SELinux enabled to map low memory areas, even if "mmap_min_addr" restrictions are enabled. This issue occurs because the "allow_unconfined_mmap_low" boolean is not properly applied to "unconfined_t" domains. Linux kernel version 2.6.23 is affected.
• Ref: http://kbase.redhat.com/faq/docs/DOC-18042

• 09.35.7 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "cmp_ies()" Remote Null Pointer Dereference
• Description: The Linux Kernel is exposed to a remote NULL pointer dereference issue affecting the "cmp_ies()" function of the "net/wireless/scan.c" source code file. This issue can be triggered if a vulnerable computer scans and receives a malformed 802.11 beacon packet which does not contain an SSID IE, and then receives a second packet which does contain an SSIS IE. Linux kernel versions from 2.6.30-rc1 through 2.6.30.4 are affected.
• Ref: http://www.openwall.com/lists/oss-security/2009/08/17/2

• 09.35.8 - CVE: CVE-2009-2698
• Platform: Linux
• Title: Linux Kernel "udp_sendmsg()" MSG_MORE Flag Local Privilege Escalation
• Description: The Linux kernel is exposed to a local privilege escalation issue. This issue occurs in the "udp_sendmsg()" function and arises when the "MSG_MORE" flag on UDP sockets is handled. An attacker can exploit this issue to execute arbitrary code with elevated privileges, resulting in a complete compromise of the affected computer.
• Ref: http://www.securityfocus.com/bid/36108

• 09.35.9 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "net/llc/af_llc.c" Local Information Disclosure
• Description: The Linux kernel is exposed to a local information disclosure issue in the "llc_ui_getname()" function of the "net/llc/af_llc.c" source file. Specifically, this issue occurs because the software fails to properly clear the "sllc" data structure. Successful exploits will disclose a certain amount of kernel stack memory.
• Ref: http://jon.oberheide.org/files/llc-getsockname-leak.c

• 09.35.10 - CVE: Not Available
• Platform: BSD
• Title: FreeBSD "kevent()" Race Condition
• Description: FreeBSD is exposed to a race condition issue in the "kevent()" system call resulting in a kernel mode NULL pointer dereference. Specifically, the issue can be exploited by spawning two threads, one thread with looping "open()" and "close()" system calls and the second thread with looping "kevent()" system call, to add an invalid file descriptor. FreeBSD 6.1 and prior are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/506010

• 09.35.11 - CVE: Not Available
• Platform: BSD
• Title: FreeBSD ftpd "setusercontext()" Remote Privilege Escalation
• Description: FreeBSD is a BSD based operating system. ftpd is a FTP server application. ftpd is exposed to a remote privilege escalation issue. Specifically, the server calls the "setusercontext()" function in an unsafe manner. An authenticated user able to upload or write to a ".login_conf" configuration file may exploit this issue to set limits on the server process. FreeBSD versions 5.0 and 7.0 are affected.
• Ref: http://isowarez.de/bsd-setusercontext.txt

• 09.35.12 - CVE: Not Available
• Platform: Solaris
• Title: Sun Virtual Desktop Infrastructure (VDI) Secure LDAP
• Description: Sun Virtual Desktop (VDI) Infrastructure Software is exposed to an issue that may allow attackers to obtain sensitive information. Attackers can exploit this issue to view client LDAP requests for VDI configuration data from insecure connections. Sun VDI 3.0 for SPARC and x86 platforms is affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1

• 09.35.13 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris Filesystem and Virtual Memory Subsystems Local Denial of Service
• Description: Sun Solaris is a UNIX based operating system. Solaris is exposed to a local denial of service issue that exists in the Solaris kernel and occurs when interacting with the filesystem and virtual memory subsystems. Solaris 8, 9, 10 and OpenSolaris based upon builds snv_01 through snv_102 are affected for Sparc and x86 platforms.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-257848-1

• 09.35.14 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris sendfile(3EXT) and sendfilev(3EXT) Local Denial of Service
• Description: Sun Solaris is exposed to a local denial of service issue that affects the sendfile(3EXT) and sendfilev(3EXT) extended library functions. Local attackers may exploit this issue to panic a system, denying service to legitimate users.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-258588-1

• 09.35.15 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris pollwakeup(9F) Local Denial of Service
• Description: Sun Solaris is exposed to a local denial of service issue that affects the "pollwakeup(9F)" function. Local attackers may exploit this issue to panic a system, denying service to legitimate users. Solaris 10 and OpenSolaris builds snv_01 through snv_50 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265248-1

• 09.35.16 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris Print Service (in.lpd(1M)) Remote Denial of Service
• Description: Sun Solaris is a UNIX-based operating system. Sun Solaris is exposed to a remote denial of service issue because of an error in the print service (in.lpd(1M)). Exploiting this issue allows attackers to cause the vulnerable system to become unresponsive, effectively denying service to legitimate users. Solaris 8 and 9 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-264608-1

• 09.35.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Blue Coat ProxySG Proxy Authentication Bypass
• Description: Blue Coat ProxySG is an enterprise proxy appliance. Blue Coat ProxySG is exposed to an authentication bypass vulnerability. Specifically using a white listed domain in the referrer header of an HTTP request may allow attackers to access resources that would otherwise require proxy authentication. Blue Coat ProxySG version 8100 is affected.
• Ref: http://www.securityfocus.com/bid/36045

• 09.35.18 - CVE: CVE-2009-1873
• Platform: Cross Platform
• Title: Adobe JRun "logviewer.jsp" Directory Traversal
• Description: Adobe JRun is a J2EE application server that is available for Microsoft Windows, UNIX, and Linux variants. The application is exposed to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input to the "logfile" parameter of the "logging/logviewer.jsp" script. Adobe JRun 4 Updater version 7 is affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

• 09.35.19 - CVE: CVE-2009-1874
• Platform: Cross Platform
• Title: Adobe JRun Multiple Unspecified Cross-Site Scripting Vulnerabilities
• Description: Adobe JRun is a J2EE application server that is available for Microsoft Windows, UNIX and Linux variants. JRun is exposed to multiple unspecified cross-site scripting issues because it fails to properly sanitize user-supplied input. JRun version 4.0 Updater 7 is affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

• 09.35.20 - CVE: CVE-2009-1878
• Platform: Cross Platform
• Title: Adobe ColdFusion Session Fixation
• Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. ColdFusion is exposed to a session fixation issue. Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application. ColdFusion versions 8.0.1 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

• 09.35.21 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM DB2 Multiple Security Vulnerabilities
• Description: IBM DB2 is a database manager. The application is exposed to multiple remote issues. Successful exploitation of these issues may allow an attacker to bypass certain security restrictions or cause denial of service conditions. IBM DB2 versions prior to 8 FixPak 18 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg24024075

• 09.35.22 - CVE: CVE-2009-2055
• Platform: Cross Platform
• Title: Cisco IOS XR Invalid Border Gateway Protocol (BGP) Update Denial of Service
• Description: Cisco IOS XR is exposed to a remote denial of service issue when receiving an invalid Border Gateway Protocol (BGP) update. An attacker can exploit this issue to cause an affected device to restart the peering session. The resulting peering session will flap until the sender ceases to send the invalid update. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

• 09.35.23 - CVE: CVE-2009-2694
• Platform: Cross Platform
• Title: Pidgin "msn_slplink_process_msg()" NULL Pointer Dereference Remote Code Execution
• Description: Pidgin is a multi-platform instant messaging client that supports multiple messaging protocols. Libpurple is a library used to provide instant-messaging functionality. The Libpurple library is exposed to a remote code execution issue caused by a NULL pointer dereference error. This issue occurs in the "msn_slplink_process_msg()" function when processing specially crafted SLP messages.
• Ref: http://www.coresecurity.com/content/libpurple-arbitrary-write

• 09.35.24 - CVE: CVE-2009-2732
• Platform: Cross Platform
• Title: ntop HTTP Basic Authentication NULL Pointer Dereference Denial of Service
• Description: ntop is a network traffic analysis tool available for a number of operating systems. ntop includes an embedded web server used for remote administration. The embedded web server is exposed to a denial of service issue caused by a NULL pointer dereference. This issue occurs when the web server is configured to support HTTP Basic Authentication. ntop version 3.3.10 is affected.
• Ref: http://www.securityfocus.com/archive/1/505876

• 09.35.25 - CVE: CVE-2009-0682
• Platform: Cross Platform
• Title: Computer Associates Internet Security Suite "vetmonnt.sys" Denial of Service
• Description: Computer Associates Internet Security Suite is an Internet security application. Internet Security Suite is exposed to a denial of service issue because the application fails to sufficiently sanitize user-supplied input to an IOCTL call before passing the data to the "vetmonnt.sys" driver.
• Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214673

• 09.35.26 - CVE: CVE-2009-2740
• Platform: Cross Platform
• Title: Computer Associates Host-Based Intrusion Prevention System Remote Denial of Service
• Description: Computer Associates Host-Based Intrusion Prevention System is a firewall and IDS security application. Host-Based Intrusion Prevention System is affected by a denial of service issue because the application fails to properly handle malformed user-supplied input. This issue occurs in the "kmxIds.sys" driver. Host-Based Intrusion Prevention System version 8.1 is affected.
• Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214665

• 09.35.27 - CVE: CVE-2009-2473
• Platform: Cross Platform
• Title: Neon "ne_xml*" expat XML Parsing Denial of Service
• Description: Neon is an HTTP and WebDAV client library. Neon is exposed to a denial of service issue. Specifically, the issue affects the expat XML parser in the "ne_xml_*" interface. An attacker may exploit the issue via a crafted XML document or a malicious webDAV server. Neon versions prior to 0.28.6 are affected.
• Ref: http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html

• 09.35.28 - CVE: CVE-2009-1884
• Platform: Cross Platform
• Title: "Compress::Raw::Bzip2" Perl Module Remote Code Execution
• Description: Perl is a multiplatform programming language. The "Compress::Raw::Bzip2" module provides a low level interface to the "bzip2" compression library. The "Compress::Raw::Bzip2" Perl module is exposed to a remote code execution issue that is triggered when the module is used to process compressed data. "Compress::Raw::Bzip2" versions prior to 2.019 are affected.
• Ref: http://bugs.gentoo.org/show_bug.cgi?id=281955

• 09.35.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Kaspersky Products URI Parsing Denial of Service
• Description: Kaspersky products are exposed to a denial of service issue. The issue presents itself when a vulnerable application parses a specially crafted URI containing excessive number of dots. Reportedly the issue will cause the application to consume all available CPU resources and become unresponsive.
• Ref: http://securityreason.com/achievement_securityalert/66

• 09.35.30 - CVE: CVE-2009-0638
• Platform: Cross Platform
• Title: Cisco Firewall Services Module ICMP Packet Remote Denial of Service
• Description: Cisco Firewall Services Module (FWSM) is a firewall module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. FWSM is exposed to a remote denial of service issue because it fails to handle malformed ICMP packets.
• Ref: http://www.securityfocus.com/archive/1/505926

• 09.35.31 - CVE: CVE-2009-2855
• Platform: Cross Platform
• Title: Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service
• Description: Squid is an open source proxy server available for a number of platforms. Squid is exposed to a remote denial of service issue because the proxy server fails to properly parse certain external authentication headers that contain comma delimiters. This issue occurs in the "strListGetItem()" function in the "src/HttpHeaderTools.c" source file. This issue requires that the "external_acl_type" configuration option defining a different delimiter than a comma is set.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=518182

• 09.35.32 - CVE: CVE-2009-1154
• Platform: Cross Platform
• Title: Cisco IOS XR Long Length Border Gateway Protocol (BGP) Update Denial of Service
• Description: Cisco IOS XR is exposed to a remote denial of service issue when sending an excessively large Border Gateway Protocol (BGP) update. An attacker can exploit this issue to cause the BGP process to crash, creating a denial of service condition. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

• 09.35.33 - CVE: CVE-2009-2056
• Platform: Cross Platform
• Title: Cisco IOS XR Border Gateway Protocol (BGP) Update AS Prepend Denial of Service
• Description: Cisco IOS XR is exposed to a remote denial of service issue when constructing a Border Gateway Protocol (BGP) update which includes a large number of AS (autonomous system) prepends. An attacker can exploit this issue to cause the BGP process to crash, creating a denial of service condition.
• Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.s
  html

• 09.35.34 - CVE: CVE-2009-1876
• Platform: Cross Platform
• Title: Adobe ColdFusion Double-Encoded NULL Character Information Disclosure
• Description: Adobe ColdFusion is an application for developing websites. ColdFusion is exposed to an information disclosure issue caused by a double-encoded NULL character. Attackers can exploit this issue to obtain sensitive information. ColdFusion versions 8.0.1 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

• 09.35.35 - CVE: Not Available
• Platform: Cross Platform
• Title: Expat UTF-8 Character XML Parsing Remote Denial of Service
• Description: Expat is a C library used for parsing XML documents. The Expat library is exposed to a denial of service issue because it fails to handle specially crafted XML data. Specifically, processing crafted XML documents containing UTF-8 characters may result in the parser entering an infinite loop. Expat version 2.0.1 is affected. Ref: http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html

• 09.35.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Cisco Security Monitoring Analysis and Response System Password Information Disclosure
• Description: Cisco Security Monitoring, Analysis, and Response System (MARS) is a security system that correlates and analyzes data in event logs received from various network devices. The application is exposed to a local information disclosure issue because log files created with the "pnlog" utility contain multiple instances of passwords that the application uses to connect to remote devices. Cisco Security MARS versions 6.0.4 and earlier are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/505995

• 09.35.37 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM AFS Client Denial of Service
• Description: IBM AFS client application for Linux is exposed to a remote denial of service issue due to an unspecified error. Attackers can exploit this issue to crash the application, denying service to legitimate users. IBM AFS versions prior to 3.6 Patch 19 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21396389

• 09.35.38 - CVE: Not Available
• Platform: Cross Platform
• Title: ProFTP "Welcome Message" Remote Buffer Overflow
• Description: ProFTP is an FTP client application. ProFTP is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling a specially crafted welcome message. ProFTP version 2.9 is affected.
• Ref: http://www.securityfocus.com/bid/36128

• 09.35.39 - CVE: Not Available
• Platform: Cross Platform
• Title: Cerberus FTP Server "ALLO" Command Buffer Overflow
• Description: Cerberus FTP Server is an FTP server application for Microsoft Windows platforms. The software is exposed to a buffer overflow issue caused by a boundary error within the "ALLO" command.
• Ref: http://www.securityfocus.com/bid/36134

• 09.35.40 - CVE: Not Available
• Platform: Cross Platform
• Title: Autonomy KeyView Module Excel Document Processing Buffer Overflow
• Description: Autonomy KeyView is a component used in multiple applications. It adds high-speed filtering, high-fidelity viewing, and exporting of documents to web-ready HTML or valid XML. The KeyView module is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. This issue occurs in the Keyview XLS file viewer ("xlssr.dll") when a user views a specially crafted Microsoft Excel Spreadsheet (XLS) file attachment. Multiple products using the KeyView module are affected.
• Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fi
  d=security_advisory&pvid=security_advisory&year=2009&suid=20090825_0
  0

• 09.35.41 - CVE: Not Available
• Platform: Cross Platform
• Title: Lxlabs Kloxo Hosting Platform and HyperVM Local Information Disclosure
• Description: Kloxo Hosting Platform (formerly known as Lxadmin) is an application for managing multiple websites, domains, and webservers. HyperVM is a virtualization management application. The applications are exposed to a local information disclosure issue that occurs because backup files created with the "Backup Home" feature are stored with world-readable permissions. Kloxo Hosting Platform version 5.75 is affected.
• Ref: http://www.securityfocus.com/archive/1/506085

• 09.35.42 - CVE: Not Available
• Platform: Cross Platform
• Title: Cisco Lightweight Access Point Over The Air Manipulation Denial of Service
• Description: Cisco Lightweight Access Point is a configuration management access point device. Cisco Lightweight Access Point is exposed to a remote denial of service issue due to insufficient protection during the wireless access point association sequence. Specifically the device can configure access points with a preferred controller list that will bypass the OTAP provisioning process.
• Ref: http://tools.cisco.com/security/center/viewAlert.x?alertId=18919

• 09.35.43 - CVE: CVE-2009-2935
• Platform: Cross Platform
• Title: Google Chrome V8 JavaScript Engine Remote Code Execution
• Description: Google Chrome is a web browser. Chrome is exposed to a remote code execution issue. Specifically, this issue arises when the V8 JavaScript engine handles malformed JavaScript code. Malicious JavaScript code may gain unauthorized access to memory allowing the attacker to gain access to sensitive information and execute arbitrary code in the Chrome sandbox. Chrome versions prior to 2.0.172.43 are affected.
• Ref: http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.ht
  ml

• 09.35.44 - CVE: CVE-2009-1875
• Platform: Web Application - Cross Site Scripting
• Title: Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities
• Description: Adobe ColdFusion is software for developing web applications. Since the application fails to sufficiently sanitize user-supplied input, it is exposed to multiple cross-site scripting issues. The attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

• 09.35.45 - CVE: CVE-2009-1877
• Platform: Web Application - Cross Site Scripting
• Title: Adobe ColdFusion Unspecified Cross-Site Scripting
• Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. ColdFusion versions 8.0.1 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

• 09.35.46 - CVE: CVE-2009-2704
• Platform: Web Application - Cross Site Scripting
• Title: Computer Associates SiteMinder "%00" Cross-Site Scripting Protection Security Bypass
• Description: Computer Associates SiteMinder (formerly Netegrity SiteMinder) is a web access management application. SiteMinder is exposed to a security bypass issue because it fails to properly validate user-supplied URIs.
• Ref: http://i8jesus.com/?p=55

• 09.35.47 - CVE: CVE-2009-1879
• Platform: Web Application - Cross Site Scripting
• Title: Adobe Flex SDK "index.template.html" Cross-Site Scripting
• Description: Adobe Flex SDK is a development framework for web applications. Flex SDK is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code in the context of a web application built using the SDK. Flex SDK versions prior to 3.4 are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-13.html

• 09.35.48 - CVE: CVE-2009-2705
• Platform: Web Application - Cross Site Scripting
• Title: Computer Associates SiteMinder Unicode Cross-Site Scripting Protection Security Bypass
• Description: Computer Associates SiteMinder (formerly Netegrity SiteMinder) is an application for managing access to web applications. SiteMinder is exposed to a security bypass issue because it fails to properly validate user-supplied URIs. Specifically, attackers can bypass cross-site scripting protections for J2EE applications with a request that substitutes blacklisted characters with noncanonical overlong Unicode characters.
• Ref: http://i8jesus.com/?p=55

• 09.35.49 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Drupal Printer, e-mail and PDF versions Module Multiple Cross-Site Scripting Vulnerabilities
• Description: Printer, e-mail and PDF versions is a Drupal module for generating printer friendly versions of any node. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data.
• Ref: http://drupal.org/node/554448

• 09.35.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Geeklog mycaljp Plugin Cross-Site Scripting
• Description: Geeklog is a web-based application. mycaljp is a plugin for Geeklog. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an unspecified parameter. mycaljp versions prior to 2.0.7 are affected.
• Ref: http://www.securityfocus.com/bid/36095

• 09.35.51 - CVE: CVE-2009-2739
• Platform: Web Application - Cross Site Scripting
• Title: FreeNAS Unspecified Cross-Site Scripting
• Description: FreeNAS is a network attached storage (NAS) server. FreeNAS is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. FreeNAS versions prior to 0.69.2 are affected.
• Ref: http://jvn.jp/en/jp/JVN89791790/index.html

• 09.35.52 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Discuz! "2fly_gift.php" SQL Injection
• Description: Discuz! is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gameid" parameter of the "2fly_gift.php" script before using it an SQL query. Discuz! version 6.0 is affected.
• Ref: http://www.securityfocus.com/bid/36044

• 09.35.53 - CVE: CVE-2009-2093
• Platform: Web Application - SQL Injection
• Title: IBM WebSphere Partner Gateway Console SQL Injection
• Description: IBM WebSphere Partner Gateway (WPG) is a business-to-business tool for use with WebSphere Application Server. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to an unspecified parameter of the console before using it an SQL query.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21382117

• 09.35.54 - CVE: CVE-2008-6923
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_content" Component "ItemID" Parameter SQL Injection
• Description: Joomla! is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemID" parameter of the "com_content" component before using it in an SQL query. Joomla! version 1.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/36064

• 09.35.55 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: AJ Auction Pro OOPD "store.php" SQL Injection
• Description: AJ Auction Pro OOPD is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "store.php" script before using it in an SQL query. AJ Auction Pro OOPD version 2.x is affected.
• Ref: http://www.securityfocus.com/bid/36066

• 09.35.56 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Dreamlevels Dreampics Builder "exhibition_id" Parameter SQL Injection
• Description: Dreampics Builder is a PHP-based content manager and photo/video gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "exhibition_id" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/36067

• 09.35.57 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Agares Media Arcadem Pro "index.php" SQL Injection
• Description: Arcadem Pro is an arcade script. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "article" parameter of the "index.php" script before using it in an SQL query. Arcadem Pro version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/36069

• 09.35.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Subdreamer CMS Multiple SQL Injection Vulnerabilities
• Description: Subdreamer CMS is a Web-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts: "includes/usersystems/phpbb3.php" and "includes/usersystems/ipb2.php". Subdreamer CMS versions prior to 2.5.3.3 are affected.
• Ref: http://www.securityfocus.com/archive/1/505979

• 09.35.59 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SugarCRM Unspecified SQL Injection
• Description: SugarCRM is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SugarCRM versions prior to 5.2.0h, 5.0.0l, and 4.5.1p are affected.
• Ref: http://www.sugarcrm.com/forums/showthread.php?t=50907

• 09.35.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_ninjamonial" Component "testimID" Parameter SQL Injection
• Description: The "com_ninjamonial" component facilitates managing testimonials from users for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "testimID" parameter of the "com_ninjamonial" component before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/36122

• 09.35.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! Siirler Bileseni Component "sid" Parameter SQL Injection
• Description: Siirler Bileseni is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "com_siirler" component before using it an SQL query. Siirler Bileseni version 1.2 RC is affected.
• Ref: http://www.securityfocus.com/bid/36127

• 09.35.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Turnkey Arcade Script "id" Parameter Browse SQL Injection
• Description: Turnkey Arcade Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "action" parameter is set to "browse" before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/36129

• 09.35.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 AIRware Lexicon Extension Unspecified SQL Injection
• Description: AIRware Lexicon extension ("air_lexicon") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. AIRware Lexicon version 0.0.1 is affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

• 09.35.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 Car Extension Unspecified SQL Injection
• Description: Car ("car") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Car versions prior to 0.1.1 are affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

• 09.35.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 AST ZipCodeSearch Extension Unspecified SQL Injection
• Description: AST ZipCodeSearch ("ast_addresszipsearch") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. AST ZipCodeSearch version 0.5.4 is affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

• 09.35.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 Event Registration Extension Unspecified SQL Injection
• Description: Event Registration ("event_registr") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Event Registration versions 1.0.0 and earlier are affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

• 09.35.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 Solidbase Bannermanagement Extension Unspecified SQL Injection Description: Solidbase Bannermanagement ("SBbanner") is an extension for the TYPO3 content manager. The extension is prone to an SQL injection vulnerability because it
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

• 09.35.68 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 t3m_affiliate Extension Unspecified SQL Injection
• Description: t3m_affiliate ("t3m_affiliate") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. t3m_affiliate versions 0.5.0 and earlier are affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

• 09.35.69 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 T3M E-Mail Marketing Tool Extension Unspecified SQL Injection
• Description: T3M E-Mail Marketing Tool extension ('t3m') is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. T3M E-Mail Marketing Tool versions 0.2.4 and earlier are affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012/

• 09.35.70 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TYPO3 AJAX Chat Extension Unspecified SQL Injection
• Description: AJAX Chat ("vjchat") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. AJAX Chat versions prior to 0.3.3 are affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

• 09.35.71 - CVE: CVE-2009-1872
• Platform: Web Application
• Title: Adobe ColdFusion Multiple HTML Injection Vulnerabilities
• Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Adobe ColdFusion version 8 is affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

• 09.35.72 - CVE: Not Available
• Platform: Web Application
• Title: DUWare DUgallery "admin/edit.asp" Authentication Bypass
• Description: DUgallery is a web-based image gallery application implemented in ASP. The application is exposed to an authentication bypass vulnerability. This issue occurs because the application fails to properly restrict access to the "Accessories/admin/edit.asp" script when the "iPic" parameter is set to arbitrary values. DUgallery version 3.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/505802

• 09.35.73 - CVE: Not Available
• Platform: Web Application
• Title: vtiger CRM Multiple Input Validation Vulnerabilities
• Description: vtiger CRM is a PHP-based Customer Relationship Management application. The application is exposed to multiple issues because it fails to sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions, compromise the affected application, steal cookie-based authentication credentials or obtain information that could aid in further attacks. vtiger CRM version 5.0.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/505834

• 09.35.74 - CVE: Not Available
• Platform: Web Application
• Title: PHP-Lance Multiple Local File Include Vulnerabilities
• Description: PHP-Lance is a PHP-based freelance application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. The attacker can exploit these issues to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks. PHP-Lance version 1.52 is affected.
• Ref: http://www.securityfocus.com/bid/36065

• 09.35.75 - CVE: Not Available
• Platform: Web Application
• Title: Drupal ImageCache Module Security Bypass and HTML Injection Vulnerabilities
• Description: ImageCache is a module for setting image processing presets for the Drupal content manager. The application is exposed to multiple issues because it fails to sanitize user-supplied input. ImageCache versions prior to 5.x-2.5 and 6.x-2.0-beta10 are affected.
• Ref: http://drupal.org/node/554084

• 09.35.76 - CVE: Not Available
• Platform: Web Application
• Title: CuteFlow "pages/edituser.php" Security Bypass
• Description: CuteFlow is a PHP-based web application. The application is exposed to a security bypass issue because it fails to restrict access to the "pages/edituser.php" script. CuteFlow version 2.10.3 is affected.
• Ref: http://www.securityfocus.com/archive/1/506000

• 09.35.77 - CVE: Not Available
• Platform: Web Application
• Title: Feed Sidebar RSS Feed HTML Injection
• Description: Feed Sidebar is a RSS feed reader extension for Mozilla Firefox. Feed Sidebar is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize the data in the "<description>" tags. Feed Sidebar versions prior to 3.2 are affected.
• Ref: http://www.securityfocus.com/archive/1/506029

• 09.35.78 - CVE: Not Available
• Platform: Web Application
• Title: ScribeFire "<img>" tag HTML Injection
• Description: ScribeFire is an extension for Mozilla Firefox used to post blogs. Feed Sidebar is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize the "onLoad" parameter in the "<img>" tag. ScribeFire versions prior to 3.4.2 are affected.
• Ref: http://www.securityfocus.com/archive/1/506030

• 09.35.79 - CVE: Not Available
• Platform: Web Application
• Title: Wizz RSS "<description>" tag HTML Injection
• Description: Wizz RSS is a feeds reader extension for Mozilla Firefox. Wizz RSS is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize the data in the "<description>" tag. Wizz RSS versions prior to 3.4.2 and Wizz RSS Lite version 3.0.0.9b is affected.
• Ref: http://www.securityfocus.com/archive/1/506033

• 09.35.80 - CVE: Not Available
• Platform: Web Application
• Title: Update Scanner "onerror" HTML Injection
• Description: Update Scanner is an extension for Mozilla Firefox that monitors web pages for updates. Update Scanner is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize the data in the "onerror" event handler. Update Scanner versions prior to 3.0.4 are affected.
• Ref: http://www.securityfocus.com/archive/1/506036

• 09.35.81 - CVE: Not Available
• Platform: Web Application
• Title: CoolPreviews Stack Preview Feature HTML Injection
• Description: CoolPreviews is an extension for Mozilla Firefox that previews links and images via mouseover. CoolPreviews is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, this issue affects the extension's "Stack Preview" feature. CoolPreviews versions prior to 2.7.4 are affected.
• Ref: http://www.securityfocus.com/archive/1/506015

• 09.35.82 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! jTips ("com_jtips") Component "season" Parameter SQL Injection
• Description: The jTips "com_jtips" component facilitates customized competitions for a site built with the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "season" parameter of the "com_jtips" component before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/36123

• 09.35.83 - CVE: Not Available
• Platform: Web Application
• Title: Xerox WorkCentre LPD Requests Remote Denial of Service
• Description: Xerox WorkCentre is a web-capable printer and photocopier. WorkCentre is exposed to a remote denial of service issue that occurs when the device handles LPD requests containing an excessively large queue name length. An attacker can exploit this issue to cause the affected device to stop responding, denying service to legitimate users.
• Ref: http://www.securityfocus.com/archive/1/506066

• 09.35.84 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 Commerce Extension Unspecified HTML Injection
• Description: Commerce is an e-commerce extension for the TYPO3 content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Commerce version 0.9.8 is affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/

• 09.35.85 - CVE: Not Available
• Platform: Network Device
• Title: 2Wire Routers "password_required.html" Password Reset Security Bypass
• Description: 2Wire routers are network devices designed for home and small-office setups. Multiple 2Wire routers are exposed to a security bypass issue because they fail to adequately authenticate users before performing certain actions. Specifically, attackers can change administrative passwords via the "setup/password_required.html" script.
• Ref: http://www.securityfocus.com/bid/36075

• 09.35.86 - CVE: Not Available
• Platform: Network Device
• Title: NetGear WNR2000 Multiple Information Disclosure Vulnerabilities
• Description: The NetGear WNR2000 is a wireless access point. The device is exposed to multiple remote information disclosure issues because it fails to restrict access to sensitive information. A remote attacker can exploit these issues to obtain sensitive information, possibly aiding in further attacks. The WNR2000 with firmware version 1.2.0.8 is affected.
• Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0229.html

• 09.35.87 - CVE: Not Available
• Platform: Network Device
• Title: NetGear WNR2000 "upg_restore.cgi" Authentication Bypass
• Description: The NetGear WNR2000 is a Wi-Fi networking router. The device is exposed to an authentication bypass issue because of a lack of authentication when users access the "upg_restore.cgi" CGI application. Specifically, remote attackers may use this script to upload a new configuration via an HTTP POST request. NetGear WNR2000 running firmware version 1.2.0.8 is affected.
• Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0229.html

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.