LAST CHANCE to Get a MacBook Air with Online Courses

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 35
August 27, 2009

Lotus Notes users and users of Symantec's Mail Security, Brightmail and DLP all need to patch, but for everyone else, it is the second quiet week in a row.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • -------------------------- -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 4
    • Linux
    • 4
    • BSD
    • 2
    • Solaris
    • 5
    • Cross Platform
    • 27 (#1, #2, #3, #4)
    • Web Application - Cross Site Scripting
    • 8
    • Web Application - SQL Injection
    • 19
    • Web Application
    • 14
    • Network Device
    • 3

********************* Sponsored By HP (SPI Dynamics) ********************

Today's security challenges: Hundreds of applications. Few security experts. Looming compliance deadlines. Tight budgets. Join HP & security experts from around the world for a virtual conference on Sept. 29-30. We'll discuss these challenges in the context of emerging Web 2.0 & Cloud technologies. "HP Functionality, Performance & Security Testing in today's application realities." Register Now. http://www.sans.org/info/47773

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
BSD
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*********************** SPONSORED LINKS: ******************************

1) Register today for SANS vLive course, Audit 423: SANS(r) +S(tm) Training for the CISA(r) Certification Exam and receive 10% discount. http://www.sans.org/info/47778

2) In case you missed it...SANS Analyst Webcast: Top Ten Virtualization Security Mistakes and How to Avoid Them. http://www.sans.org/info/47783

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Autonomy KeyView Excel File Parsing Buffer Overflow Vulnerability
  • Affected:
    • Autonomy KeyView Viewer SDK 10.x
    • Autonomy KeyView Filter SDK 10.x
    • Autonomy KeyView Export SDK 10.x
    • IBM Lotus Notes 8.5.x
    • IBM Lotus Notes 7.0.x
    • IBM Lotus Notes 6.5.x
    • IBM Lotus Notes 6.0.x
    • IBM Lotus Notes 5.0.x
    • Symantec Mail Security for SMTP 5.0.x
    • Symantec Mail Security for Microsoft Exchange 6.0.x
    • Symantec Mail Security for Microsoft Exchange 5.0.x
    • Symantec Mail Security for Domino 7.5.x
    • Symantec Mail Security for Domino 8.0
    • Symantec Mail Security Appliance 5.0.x
    • Symantec Data Loss Prevention Endpoint Agents 9.0.x
    • Symantec Data Loss Prevention Endpoint Agents 8.1.1
    • Symantec Data Loss Prevention Detection Servers for Windows 9.0.1
    • Symantec Data Loss Prevention Detection Servers for Windows 8.1.1
    • Symantec Data Loss Prevention Detection Servers for Linux 9.0.1
    • Symantec Data Loss Prevention Detection Servers for Linux 8.1.1
    • Symantec Data Loss Prevention Detection Servers 7.2
    • Symantec BrightMail Appliance 8.0.x
    • Symantec BrightMail Appliance 5.0
  • Description: Autonomy KeyView Software Developer's Kit (SDK) is a collection of many file parsing libraries and is used by many popular vendors such as Lotus Notes and Symantec. This SDK is used to automatically parse and display different document formats, one of them is Microsoft Excel 97 format. Heap overflow vulnerability has been identified in Autonomy KeyView SDK while parsing a "Shared String Table (SST)" record within an Excel file. A specially crafted Excel file when processed by an application using the vulnerable Autonomy KeyView SDK will trigger the vulnerability. The specific flaw is caused due to an integer overflow error within the KeyView XLS viewer "xlssr.dll". Successful exploitation might allow an attacker to execute arbitrary code execution with different privileges depending on the application that is using the vulnerable Autonomy KeyView SDK. In some products the attack vector will be via an email attachment with the user having to view the malicious file; however in some cases file processing will take place automatically. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) HIGH: Google Chrome V8 JavaScript Engine Unauthorized Memory Read Vulnerability
  • Affected:
    • Google Chrome versions prior to 2.0.172.143
  • Description: Google Chrome, a web browser developed by Google, is the fourth most popular web browser with 2.59% usage share among all the web browsers. A vulnerability has been identified in Google Chrome, which can be triggered while parsing a specially crafted web page. The specific flaw is in the V8 JavaScript engine, Google's open source JavaScript engine, which might allow a specially crafted web page with JavaScript to bypass security checks and read restricted memory. Successful exploitation of this vulnerability might allow an attacker to disclose sensitive data or execute arbitrary code within the Google Chrome sandbox. Full technical details publicly available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) MODERATE: Labtam ProFTP Vulnerability 'Welcome Message' Buffer Overflow Vulnerability
  • Affected:
    • LabTam ProFTP 2.9
  • Description: LabTam ProFTP is a software tool consisting of client implementations of File Transfer Protocol (FTP) program and Trivial File Transfer Protocol (TFTP) program among other features. A buffer overflow vulnerability has been identified in Labtam ProFTP which could be triggered by a specially crafted message sent from a malicious FTP server. The specific flaw is a boundary error while processing long greeting messages sent by a server. Successful exploitation might allow an attacker to execute arbitrary code or cause a denial-of-service condition. The victim user will have to be tricked into connecting to the specially crafted FTP server. Full technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 35, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7394 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________


  • 09.35.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer "li" Element Denial of Service
  • Description: Microsoft Internet Explorer is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue that is triggered when script code sets the "value" attribute of an HTML "li" element that has not yet been added to the Document Object Model (DOM). Internet Explorer versions prior to 8 beta 2 are affected.
  • Ref: http://www.webmasterworld.com/javascript/3244709.htm

  • 09.35.2 - CVE: CVE-2009-2627
  • Platform: Third Party Windows Apps
  • Title: Acer LunchApp ActiveX Control Remote Code Execution
  • Description: Acer LunchApp is an ActiveX control. The LunchApp control AcerCtrls.APlunch is exposed to a remote code execution issue because it fails to restrict access to an unsafe "Run()" method. An attacker can exploit this issue to execute arbitrary code in thecontext of the application using the vulnerable ActiveX control.
  • Ref: http://www.kb.cert.org/vuls/id/485961

  • 09.35.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avast! Antivirus Professional File System Filter Driver Buffer Overflow
  • Description: Avast! is an antivirus application for Microsoft Windows. Avast! Antivirus Professional is exposed to a buffer overflow issue because it fails to adequately sanitize user-supplied data. This issue affects the "File System Filter" driver. Avast! Antivirus Professional version 4.8.1335 is affected.
  • Ref: http://www.securityfocus.com/bid/36115

  • 09.35.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell Client ActiveX Control "nwsetup.dll" Unspecified Remote Denial of Service
  • Description: Novell Client for Windows allows users to access Novell services from remote computers. The Novell Client ActiveX control is exposed to a remote denial of service issue because of an unspecified error. This issue affects the "nwsetup.dll" library file. Novell Client version 4.91.5.1 is affected.
  • Ref: http://www.novell.com/products/clients/windows/xp2000/overview.html

  • 09.35.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nokia Lotus Notes Connector "lnresobject.dll" Unspecified Remote Denial of Service
  • Description: The Nokia Lotus Notes Connector "lnresobject.dll" ActiveX control is exposed to a remote denial of service issue because of an unspecified error. This issue affects version 7.1.1.119 of the "lnresobject.dll" file. A successful attack allows the attacker to crash an application that is using the ActiveX control, denying further service to legitimate users.
  • Ref: http://support.microsoft.com/kb/240797

  • 09.35.6 - CVE: CVE-2009-2695
  • Platform: Linux
  • Title: Linux Kernel with SELinux "mmap_min_addr" Low Memory NULL Pointer Dereference
  • Description: The Linux kernel is exposed to a local NULL pointer dereference issue. Local attackers may leverage this issue on computers that have SELinux enabled to map low memory areas, even if "mmap_min_addr" restrictions are enabled. This issue occurs because the "allow_unconfined_mmap_low" boolean is not properly applied to "unconfined_t" domains. Linux kernel version 2.6.23 is affected.
  • Ref: http://kbase.redhat.com/faq/docs/DOC-18042

  • 09.35.7 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "cmp_ies()" Remote Null Pointer Dereference
  • Description: The Linux Kernel is exposed to a remote NULL pointer dereference issue affecting the "cmp_ies()" function of the "net/wireless/scan.c" source code file. This issue can be triggered if a vulnerable computer scans and receives a malformed 802.11 beacon packet which does not contain an SSID IE, and then receives a second packet which does contain an SSIS IE. Linux kernel versions from 2.6.30-rc1 through 2.6.30.4 are affected.
  • Ref: http://www.openwall.com/lists/oss-security/2009/08/17/2

  • 09.35.8 - CVE: CVE-2009-2698
  • Platform: Linux
  • Title: Linux Kernel "udp_sendmsg()" MSG_MORE Flag Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue. This issue occurs in the "udp_sendmsg()" function and arises when the "MSG_MORE" flag on UDP sockets is handled. An attacker can exploit this issue to execute arbitrary code with elevated privileges, resulting in a complete compromise of the affected computer.
  • Ref: http://www.securityfocus.com/bid/36108

  • 09.35.9 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "net/llc/af_llc.c" Local Information Disclosure
  • Description: The Linux kernel is exposed to a local information disclosure issue in the "llc_ui_getname()" function of the "net/llc/af_llc.c" source file. Specifically, this issue occurs because the software fails to properly clear the "sllc" data structure. Successful exploits will disclose a certain amount of kernel stack memory.
  • Ref: http://jon.oberheide.org/files/llc-getsockname-leak.c

  • 09.35.10 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD "kevent()" Race Condition
  • Description: FreeBSD is exposed to a race condition issue in the "kevent()" system call resulting in a kernel mode NULL pointer dereference. Specifically, the issue can be exploited by spawning two threads, one thread with looping "open()" and "close()" system calls and the second thread with looping "kevent()" system call, to add an invalid file descriptor. FreeBSD 6.1 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/506010

  • 09.35.11 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD ftpd "setusercontext()" Remote Privilege Escalation
  • Description: FreeBSD is a BSD based operating system. ftpd is a FTP server application. ftpd is exposed to a remote privilege escalation issue. Specifically, the server calls the "setusercontext()" function in an unsafe manner. An authenticated user able to upload or write to a ".login_conf" configuration file may exploit this issue to set limits on the server process. FreeBSD versions 5.0 and 7.0 are affected.
  • Ref: http://isowarez.de/bsd-setusercontext.txt

  • 09.35.12 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Virtual Desktop Infrastructure (VDI) Secure LDAP
  • Description: Sun Virtual Desktop (VDI) Infrastructure Software is exposed to an issue that may allow attackers to obtain sensitive information. Attackers can exploit this issue to view client LDAP requests for VDI configuration data from insecure connections. Sun VDI 3.0 for SPARC and x86 platforms is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1

  • 09.35.13 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Filesystem and Virtual Memory Subsystems Local Denial of Service
  • Description: Sun Solaris is a UNIX based operating system. Solaris is exposed to a local denial of service issue that exists in the Solaris kernel and occurs when interacting with the filesystem and virtual memory subsystems. Solaris 8, 9, 10 and OpenSolaris based upon builds snv_01 through snv_102 are affected for Sparc and x86 platforms.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-257848-1

  • 09.35.14 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris sendfile(3EXT) and sendfilev(3EXT) Local Denial of Service
  • Description: Sun Solaris is exposed to a local denial of service issue that affects the sendfile(3EXT) and sendfilev(3EXT) extended library functions. Local attackers may exploit this issue to panic a system, denying service to legitimate users.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-258588-1

  • 09.35.15 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris pollwakeup(9F) Local Denial of Service
  • Description: Sun Solaris is exposed to a local denial of service issue that affects the "pollwakeup(9F)" function. Local attackers may exploit this issue to panic a system, denying service to legitimate users. Solaris 10 and OpenSolaris builds snv_01 through snv_50 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265248-1

  • 09.35.16 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Print Service (in.lpd(1M)) Remote Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Sun Solaris is exposed to a remote denial of service issue because of an error in the print service (in.lpd(1M)). Exploiting this issue allows attackers to cause the vulnerable system to become unresponsive, effectively denying service to legitimate users. Solaris 8 and 9 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-264608-1

  • 09.35.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Blue Coat ProxySG Proxy Authentication Bypass
  • Description: Blue Coat ProxySG is an enterprise proxy appliance. Blue Coat ProxySG is exposed to an authentication bypass vulnerability. Specifically using a white listed domain in the referrer header of an HTTP request may allow attackers to access resources that would otherwise require proxy authentication. Blue Coat ProxySG version 8100 is affected.
  • Ref: http://www.securityfocus.com/bid/36045

  • 09.35.18 - CVE: CVE-2009-1873
  • Platform: Cross Platform
  • Title: Adobe JRun "logviewer.jsp" Directory Traversal
  • Description: Adobe JRun is a J2EE application server that is available for Microsoft Windows, UNIX, and Linux variants. The application is exposed to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input to the "logfile" parameter of the "logging/logviewer.jsp" script. Adobe JRun 4 Updater version 7 is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

  • 09.35.19 - CVE: CVE-2009-1874
  • Platform: Cross Platform
  • Title: Adobe JRun Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Adobe JRun is a J2EE application server that is available for Microsoft Windows, UNIX and Linux variants. JRun is exposed to multiple unspecified cross-site scripting issues because it fails to properly sanitize user-supplied input. JRun version 4.0 Updater 7 is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

  • 09.35.20 - CVE: CVE-2009-1878
  • Platform: Cross Platform
  • Title: Adobe ColdFusion Session Fixation
  • Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. ColdFusion is exposed to a session fixation issue. Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application. ColdFusion versions 8.0.1 and earlier are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

  • 09.35.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Multiple Security Vulnerabilities
  • Description: IBM DB2 is a database manager. The application is exposed to multiple remote issues. Successful exploitation of these issues may allow an attacker to bypass certain security restrictions or cause denial of service conditions. IBM DB2 versions prior to 8 FixPak 18 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg24024075

  • 09.35.22 - CVE: CVE-2009-2055
  • Platform: Cross Platform
  • Title: Cisco IOS XR Invalid Border Gateway Protocol (BGP) Update Denial of Service
  • Description: Cisco IOS XR is exposed to a remote denial of service issue when receiving an invalid Border Gateway Protocol (BGP) update. An attacker can exploit this issue to cause an affected device to restart the peering session. The resulting peering session will flap until the sender ceases to send the invalid update. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

  • 09.35.23 - CVE: CVE-2009-2694
  • Platform: Cross Platform
  • Title: Pidgin "msn_slplink_process_msg()" NULL Pointer Dereference Remote Code Execution
  • Description: Pidgin is a multi-platform instant messaging client that supports multiple messaging protocols. Libpurple is a library used to provide instant-messaging functionality. The Libpurple library is exposed to a remote code execution issue caused by a NULL pointer dereference error. This issue occurs in the "msn_slplink_process_msg()" function when processing specially crafted SLP messages.
  • Ref: http://www.coresecurity.com/content/libpurple-arbitrary-write

  • 09.35.24 - CVE: CVE-2009-2732
  • Platform: Cross Platform
  • Title: ntop HTTP Basic Authentication NULL Pointer Dereference Denial of Service
  • Description: ntop is a network traffic analysis tool available for a number of operating systems. ntop includes an embedded web server used for remote administration. The embedded web server is exposed to a denial of service issue caused by a NULL pointer dereference. This issue occurs when the web server is configured to support HTTP Basic Authentication. ntop version 3.3.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/505876

  • 09.35.25 - CVE: CVE-2009-0682
  • Platform: Cross Platform
  • Title: Computer Associates Internet Security Suite "vetmonnt.sys" Denial of Service
  • Description: Computer Associates Internet Security Suite is an Internet security application. Internet Security Suite is exposed to a denial of service issue because the application fails to sufficiently sanitize user-supplied input to an IOCTL call before passing the data to the "vetmonnt.sys" driver.
  • Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214673

  • 09.35.26 - CVE: CVE-2009-2740
  • Platform: Cross Platform
  • Title: Computer Associates Host-Based Intrusion Prevention System Remote Denial of Service
  • Description: Computer Associates Host-Based Intrusion Prevention System is a firewall and IDS security application. Host-Based Intrusion Prevention System is affected by a denial of service issue because the application fails to properly handle malformed user-supplied input. This issue occurs in the "kmxIds.sys" driver. Host-Based Intrusion Prevention System version 8.1 is affected.
  • Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214665

  • 09.35.27 - CVE: CVE-2009-2473
  • Platform: Cross Platform
  • Title: Neon "ne_xml*" expat XML Parsing Denial of Service
  • Description: Neon is an HTTP and WebDAV client library. Neon is exposed to a denial of service issue. Specifically, the issue affects the expat XML parser in the "ne_xml_*" interface. An attacker may exploit the issue via a crafted XML document or a malicious webDAV server. Neon versions prior to 0.28.6 are affected.
  • Ref: http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html

  • 09.35.28 - CVE: CVE-2009-1884
  • Platform: Cross Platform
  • Title: "Compress::Raw::Bzip2" Perl Module Remote Code Execution
  • Description: Perl is a multiplatform programming language. The "Compress::Raw::Bzip2" module provides a low level interface to the "bzip2" compression library. The "Compress::Raw::Bzip2" Perl module is exposed to a remote code execution issue that is triggered when the module is used to process compressed data. "Compress::Raw::Bzip2" versions prior to 2.019 are affected.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?id=281955

  • 09.35.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kaspersky Products URI Parsing Denial of Service
  • Description: Kaspersky products are exposed to a denial of service issue. The issue presents itself when a vulnerable application parses a specially crafted URI containing excessive number of dots. Reportedly the issue will cause the application to consume all available CPU resources and become unresponsive.
  • Ref: http://securityreason.com/achievement_securityalert/66

  • 09.35.30 - CVE: CVE-2009-0638
  • Platform: Cross Platform
  • Title: Cisco Firewall Services Module ICMP Packet Remote Denial of Service
  • Description: Cisco Firewall Services Module (FWSM) is a firewall module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. FWSM is exposed to a remote denial of service issue because it fails to handle malformed ICMP packets.
  • Ref: http://www.securityfocus.com/archive/1/505926

  • 09.35.31 - CVE: CVE-2009-2855
  • Platform: Cross Platform
  • Title: Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service
  • Description: Squid is an open source proxy server available for a number of platforms. Squid is exposed to a remote denial of service issue because the proxy server fails to properly parse certain external authentication headers that contain comma delimiters. This issue occurs in the "strListGetItem()" function in the "src/HttpHeaderTools.c" source file. This issue requires that the "external_acl_type" configuration option defining a different delimiter than a comma is set.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=518182

  • 09.35.32 - CVE: CVE-2009-1154
  • Platform: Cross Platform
  • Title: Cisco IOS XR Long Length Border Gateway Protocol (BGP) Update Denial of Service
  • Description: Cisco IOS XR is exposed to a remote denial of service issue when sending an excessively large Border Gateway Protocol (BGP) update. An attacker can exploit this issue to cause the BGP process to crash, creating a denial of service condition. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

  • 09.35.33 - CVE: CVE-2009-2056
  • Platform: Cross Platform
  • Title: Cisco IOS XR Border Gateway Protocol (BGP) Update AS Prepend Denial of Service
  • Description: Cisco IOS XR is exposed to a remote denial of service issue when constructing a Border Gateway Protocol (BGP) update which includes a large number of AS (autonomous system) prepends. An attacker can exploit this issue to cause the BGP process to crash, creating a denial of service condition.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.s
    html

  • 09.35.34 - CVE: CVE-2009-1876
  • Platform: Cross Platform
  • Title: Adobe ColdFusion Double-Encoded NULL Character Information Disclosure
  • Description: Adobe ColdFusion is an application for developing websites. ColdFusion is exposed to an information disclosure issue caused by a double-encoded NULL character. Attackers can exploit this issue to obtain sensitive information. ColdFusion versions 8.0.1 and earlier are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

  • 09.35.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Expat UTF-8 Character XML Parsing Remote Denial of Service
  • Description: Expat is a C library used for parsing XML documents. The Expat library is exposed to a denial of service issue because it fails to handle specially crafted XML data. Specifically, processing crafted XML documents containing UTF-8 characters may result in the parser entering an infinite loop. Expat version 2.0.1 is affected. Ref: http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html

  • 09.35.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Security Monitoring Analysis and Response System Password Information Disclosure
  • Description: Cisco Security Monitoring, Analysis, and Response System (MARS) is a security system that correlates and analyzes data in event logs received from various network devices. The application is exposed to a local information disclosure issue because log files created with the "pnlog" utility contain multiple instances of passwords that the application uses to connect to remote devices. Cisco Security MARS versions 6.0.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/505995

  • 09.35.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM AFS Client Denial of Service
  • Description: IBM AFS client application for Linux is exposed to a remote denial of service issue due to an unspecified error. Attackers can exploit this issue to crash the application, denying service to legitimate users. IBM AFS versions prior to 3.6 Patch 19 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21396389

  • 09.35.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ProFTP "Welcome Message" Remote Buffer Overflow
  • Description: ProFTP is an FTP client application. ProFTP is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling a specially crafted welcome message. ProFTP version 2.9 is affected.
  • Ref: http://www.securityfocus.com/bid/36128

  • 09.35.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cerberus FTP Server "ALLO" Command Buffer Overflow
  • Description: Cerberus FTP Server is an FTP server application for Microsoft Windows platforms. The software is exposed to a buffer overflow issue caused by a boundary error within the "ALLO" command.
  • Ref: http://www.securityfocus.com/bid/36134

  • 09.35.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Autonomy KeyView Module Excel Document Processing Buffer Overflow
  • Description: Autonomy KeyView is a component used in multiple applications. It adds high-speed filtering, high-fidelity viewing, and exporting of documents to web-ready HTML or valid XML. The KeyView module is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. This issue occurs in the Keyview XLS file viewer ("xlssr.dll") when a user views a specially crafted Microsoft Excel Spreadsheet (XLS) file attachment. Multiple products using the KeyView module are affected.
  • Ref: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fi
    d=security_advisory&pvid=security_advisory&year=2009&suid=20090825_0
    0

  • 09.35.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Lxlabs Kloxo Hosting Platform and HyperVM Local Information Disclosure
  • Description: Kloxo Hosting Platform (formerly known as Lxadmin) is an application for managing multiple websites, domains, and webservers. HyperVM is a virtualization management application. The applications are exposed to a local information disclosure issue that occurs because backup files created with the "Backup Home" feature are stored with world-readable permissions. Kloxo Hosting Platform version 5.75 is affected.
  • Ref: http://www.securityfocus.com/archive/1/506085

  • 09.35.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Lightweight Access Point Over The Air Manipulation Denial of Service
  • Description: Cisco Lightweight Access Point is a configuration management access point device. Cisco Lightweight Access Point is exposed to a remote denial of service issue due to insufficient protection during the wireless access point association sequence. Specifically the device can configure access points with a preferred controller list that will bypass the OTAP provisioning process.
  • Ref: http://tools.cisco.com/security/center/viewAlert.x?alertId=18919

  • 09.35.43 - CVE: CVE-2009-2935
  • Platform: Cross Platform
  • Title: Google Chrome V8 JavaScript Engine Remote Code Execution
  • Description: Google Chrome is a web browser. Chrome is exposed to a remote code execution issue. Specifically, this issue arises when the V8 JavaScript engine handles malformed JavaScript code. Malicious JavaScript code may gain unauthorized access to memory allowing the attacker to gain access to sensitive information and execute arbitrary code in the Chrome sandbox. Chrome versions prior to 2.0.172.43 are affected.
  • Ref: http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.ht
    ml

  • 09.35.44 - CVE: CVE-2009-1875
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities
  • Description: Adobe ColdFusion is software for developing web applications. Since the application fails to sufficiently sanitize user-supplied input, it is exposed to multiple cross-site scripting issues. The attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

  • 09.35.45 - CVE: CVE-2009-1877
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe ColdFusion Unspecified Cross-Site Scripting
  • Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. ColdFusion versions 8.0.1 and earlier are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

  • 09.35.46 - CVE: CVE-2009-2704
  • Platform: Web Application - Cross Site Scripting
  • Title: Computer Associates SiteMinder "%00" Cross-Site Scripting Protection Security Bypass
  • Description: Computer Associates SiteMinder (formerly Netegrity SiteMinder) is a web access management application. SiteMinder is exposed to a security bypass issue because it fails to properly validate user-supplied URIs.
  • Ref: http://i8jesus.com/?p=55

  • 09.35.47 - CVE: CVE-2009-1879
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe Flex SDK "index.template.html" Cross-Site Scripting
  • Description: Adobe Flex SDK is a development framework for web applications. Flex SDK is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code in the context of a web application built using the SDK. Flex SDK versions prior to 3.4 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-13.html

  • 09.35.48 - CVE: CVE-2009-2705
  • Platform: Web Application - Cross Site Scripting
  • Title: Computer Associates SiteMinder Unicode Cross-Site Scripting Protection Security Bypass
  • Description: Computer Associates SiteMinder (formerly Netegrity SiteMinder) is an application for managing access to web applications. SiteMinder is exposed to a security bypass issue because it fails to properly validate user-supplied URIs. Specifically, attackers can bypass cross-site scripting protections for J2EE applications with a request that substitutes blacklisted characters with noncanonical overlong Unicode characters.
  • Ref: http://i8jesus.com/?p=55

  • 09.35.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Printer, e-mail and PDF versions Module Multiple Cross-Site Scripting Vulnerabilities
  • Description: Printer, e-mail and PDF versions is a Drupal module for generating printer friendly versions of any node. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://drupal.org/node/554448

  • 09.35.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Geeklog mycaljp Plugin Cross-Site Scripting
  • Description: Geeklog is a web-based application. mycaljp is a plugin for Geeklog. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an unspecified parameter. mycaljp versions prior to 2.0.7 are affected.
  • Ref: http://www.securityfocus.com/bid/36095

  • 09.35.51 - CVE: CVE-2009-2739
  • Platform: Web Application - Cross Site Scripting
  • Title: FreeNAS Unspecified Cross-Site Scripting
  • Description: FreeNAS is a network attached storage (NAS) server. FreeNAS is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. FreeNAS versions prior to 0.69.2 are affected.
  • Ref: http://jvn.jp/en/jp/JVN89791790/index.html

  • 09.35.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Discuz! "2fly_gift.php" SQL Injection
  • Description: Discuz! is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gameid" parameter of the "2fly_gift.php" script before using it an SQL query. Discuz! version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36044

  • 09.35.53 - CVE: CVE-2009-2093
  • Platform: Web Application - SQL Injection
  • Title: IBM WebSphere Partner Gateway Console SQL Injection
  • Description: IBM WebSphere Partner Gateway (WPG) is a business-to-business tool for use with WebSphere Application Server. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to an unspecified parameter of the console before using it an SQL query.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21382117

  • 09.35.54 - CVE: CVE-2008-6923
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_content" Component "ItemID" Parameter SQL Injection
  • Description: Joomla! is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemID" parameter of the "com_content" component before using it in an SQL query. Joomla! version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36064

  • 09.35.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Auction Pro OOPD "store.php" SQL Injection
  • Description: AJ Auction Pro OOPD is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "store.php" script before using it in an SQL query. AJ Auction Pro OOPD version 2.x is affected.
  • Ref: http://www.securityfocus.com/bid/36066

  • 09.35.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dreamlevels Dreampics Builder "exhibition_id" Parameter SQL Injection
  • Description: Dreampics Builder is a PHP-based content manager and photo/video gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "exhibition_id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/36067

  • 09.35.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Agares Media Arcadem Pro "index.php" SQL Injection
  • Description: Arcadem Pro is an arcade script. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "article" parameter of the "index.php" script before using it in an SQL query. Arcadem Pro version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36069

  • 09.35.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Subdreamer CMS Multiple SQL Injection Vulnerabilities
  • Description: Subdreamer CMS is a Web-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts: "includes/usersystems/phpbb3.php" and "includes/usersystems/ipb2.php". Subdreamer CMS versions prior to 2.5.3.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/505979

  • 09.35.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SugarCRM Unspecified SQL Injection
  • Description: SugarCRM is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SugarCRM versions prior to 5.2.0h, 5.0.0l, and 4.5.1p are affected.
  • Ref: http://www.sugarcrm.com/forums/showthread.php?t=50907

  • 09.35.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_ninjamonial" Component "testimID" Parameter SQL Injection
  • Description: The "com_ninjamonial" component facilitates managing testimonials from users for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "testimID" parameter of the "com_ninjamonial" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/36122

  • 09.35.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! Siirler Bileseni Component "sid" Parameter SQL Injection
  • Description: Siirler Bileseni is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "com_siirler" component before using it an SQL query. Siirler Bileseni version 1.2 RC is affected.
  • Ref: http://www.securityfocus.com/bid/36127

  • 09.35.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Turnkey Arcade Script "id" Parameter Browse SQL Injection
  • Description: Turnkey Arcade Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "action" parameter is set to "browse" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/36129

  • 09.35.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 AIRware Lexicon Extension Unspecified SQL Injection
  • Description: AIRware Lexicon extension ("air_lexicon") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. AIRware Lexicon version 0.0.1 is affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

  • 09.35.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Car Extension Unspecified SQL Injection
  • Description: Car ("car") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Car versions prior to 0.1.1 are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

  • 09.35.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 AST ZipCodeSearch Extension Unspecified SQL Injection
  • Description: AST ZipCodeSearch ("ast_addresszipsearch") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. AST ZipCodeSearch version 0.5.4 is affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

  • 09.35.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Event Registration Extension Unspecified SQL Injection
  • Description: Event Registration ("event_registr") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Event Registration versions 1.0.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

  • 09.35.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Solidbase Bannermanagement Extension Unspecified SQL Injection Description: Solidbase Bannermanagement ("SBbanner") is an extension for the TYPO3 content manager. The extension is prone to an SQL injection vulnerability because it
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

  • 09.35.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 t3m_affiliate Extension Unspecified SQL Injection
  • Description: t3m_affiliate ("t3m_affiliate") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. t3m_affiliate versions 0.5.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

  • 09.35.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 T3M E-Mail Marketing Tool Extension Unspecified SQL Injection
  • Description: T3M E-Mail Marketing Tool extension ('t3m') is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. T3M E-Mail Marketing Tool versions 0.2.4 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012/

  • 09.35.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 AJAX Chat Extension Unspecified SQL Injection
  • Description: AJAX Chat ("vjchat") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. AJAX Chat versions prior to 0.3.3 are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/

  • 09.35.71 - CVE: CVE-2009-1872
  • Platform: Web Application
  • Title: Adobe ColdFusion Multiple HTML Injection Vulnerabilities
  • Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Adobe ColdFusion version 8 is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-12.html

  • 09.35.72 - CVE: Not Available
  • Platform: Web Application
  • Title: DUWare DUgallery "admin/edit.asp" Authentication Bypass
  • Description: DUgallery is a web-based image gallery application implemented in ASP. The application is exposed to an authentication bypass vulnerability. This issue occurs because the application fails to properly restrict access to the "Accessories/admin/edit.asp" script when the "iPic" parameter is set to arbitrary values. DUgallery version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/505802

  • 09.35.73 - CVE: Not Available
  • Platform: Web Application
  • Title: vtiger CRM Multiple Input Validation Vulnerabilities
  • Description: vtiger CRM is a PHP-based Customer Relationship Management application. The application is exposed to multiple issues because it fails to sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions, compromise the affected application, steal cookie-based authentication credentials or obtain information that could aid in further attacks. vtiger CRM version 5.0.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/505834

  • 09.35.74 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Lance Multiple Local File Include Vulnerabilities
  • Description: PHP-Lance is a PHP-based freelance application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. The attacker can exploit these issues to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks. PHP-Lance version 1.52 is affected.
  • Ref: http://www.securityfocus.com/bid/36065

  • 09.35.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal ImageCache Module Security Bypass and HTML Injection Vulnerabilities
  • Description: ImageCache is a module for setting image processing presets for the Drupal content manager. The application is exposed to multiple issues because it fails to sanitize user-supplied input. ImageCache versions prior to 5.x-2.5 and 6.x-2.0-beta10 are affected.
  • Ref: http://drupal.org/node/554084

  • 09.35.76 - CVE: Not Available
  • Platform: Web Application
  • Title: CuteFlow "pages/edituser.php" Security Bypass
  • Description: CuteFlow is a PHP-based web application. The application is exposed to a security bypass issue because it fails to restrict access to the "pages/edituser.php" script. CuteFlow version 2.10.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/506000

  • 09.35.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Feed Sidebar RSS Feed HTML Injection
  • Description: Feed Sidebar is a RSS feed reader extension for Mozilla Firefox. Feed Sidebar is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize the data in the "<description>" tags. Feed Sidebar versions prior to 3.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/506029

  • 09.35.78 - CVE: Not Available
  • Platform: Web Application
  • Title: ScribeFire "<img>" tag HTML Injection
  • Description: ScribeFire is an extension for Mozilla Firefox used to post blogs. Feed Sidebar is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize the "onLoad" parameter in the "<img>" tag. ScribeFire versions prior to 3.4.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/506030

  • 09.35.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Wizz RSS "<description>" tag HTML Injection
  • Description: Wizz RSS is a feeds reader extension for Mozilla Firefox. Wizz RSS is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize the data in the "<description>" tag. Wizz RSS versions prior to 3.4.2 and Wizz RSS Lite version 3.0.0.9b is affected.
  • Ref: http://www.securityfocus.com/archive/1/506033

  • 09.35.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Update Scanner "onerror" HTML Injection
  • Description: Update Scanner is an extension for Mozilla Firefox that monitors web pages for updates. Update Scanner is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, it fails to properly sanitize the data in the "onerror" event handler. Update Scanner versions prior to 3.0.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/506036

  • 09.35.81 - CVE: Not Available
  • Platform: Web Application
  • Title: CoolPreviews Stack Preview Feature HTML Injection
  • Description: CoolPreviews is an extension for Mozilla Firefox that previews links and images via mouseover. CoolPreviews is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, this issue affects the extension's "Stack Preview" feature. CoolPreviews versions prior to 2.7.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/506015

  • 09.35.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! jTips ("com_jtips") Component "season" Parameter SQL Injection
  • Description: The jTips "com_jtips" component facilitates customized competitions for a site built with the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "season" parameter of the "com_jtips" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/36123

  • 09.35.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Xerox WorkCentre LPD Requests Remote Denial of Service
  • Description: Xerox WorkCentre is a web-capable printer and photocopier. WorkCentre is exposed to a remote denial of service issue that occurs when the device handles LPD requests containing an excessively large queue name length. An attacker can exploit this issue to cause the affected device to stop responding, denying service to legitimate users.
  • Ref: http://www.securityfocus.com/archive/1/506066

  • 09.35.84 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Commerce Extension Unspecified HTML Injection
  • Description: Commerce is an e-commerce extension for the TYPO3 content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Commerce version 0.9.8 is affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/

  • 09.35.85 - CVE: Not Available
  • Platform: Network Device
  • Title: 2Wire Routers "password_required.html" Password Reset Security Bypass
  • Description: 2Wire routers are network devices designed for home and small-office setups. Multiple 2Wire routers are exposed to a security bypass issue because they fail to adequately authenticate users before performing certain actions. Specifically, attackers can change administrative passwords via the "setup/password_required.html" script.
  • Ref: http://www.securityfocus.com/bid/36075

  • 09.35.86 - CVE: Not Available
  • Platform: Network Device
  • Title: NetGear WNR2000 Multiple Information Disclosure Vulnerabilities
  • Description: The NetGear WNR2000 is a wireless access point. The device is exposed to multiple remote information disclosure issues because it fails to restrict access to sensitive information. A remote attacker can exploit these issues to obtain sensitive information, possibly aiding in further attacks. The WNR2000 with firmware version 1.2.0.8 is affected.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0229.html

  • 09.35.87 - CVE: Not Available
  • Platform: Network Device
  • Title: NetGear WNR2000 "upg_restore.cgi" Authentication Bypass
  • Description: The NetGear WNR2000 is a Wi-Fi networking router. The device is exposed to an authentication bypass issue because of a lack of authentication when users access the "upg_restore.cgi" CGI application. Specifically, remote attackers may use this script to upload a new configuration via an HTTP POST request. NetGear WNR2000 running firmware version 1.2.0.8 is affected.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0229.html

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.