Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 37
September 10, 2009

SANS Newsletters Home

Big week! Six very important new vulnerabilities - four in Microsoft Windows including one in Wireless LAN, one in Apple QuickTime and one in Windows Jscript. Both the QuickTime problem and some of the Windows problems mean that systems can be compromised upon browsing to a malicious webpage without any user interaction. Remember, even if Windows is patched automatically, QuickTime (on Windows 7, Vista and XP SP3) may not be. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • -------------------------- -------------------------------------
    • Windows
    • 7 (#2, #3, #4, #6, #8)
    • Other Microsoft Products
    • 2 (#1)
    • Third Party Windows Apps
    • 7
    • Linux
    • 4
    • Novell
    • 4
    • Cross Platform
    • 39 (#5, #9, #10, #11)
    • Web Application - Cross Site Scripting
    • 3
    • Web Application - SQL Injection
    • 5
    • Web Application
    • 4
    • Network Device
    • 4

********************** Sponsored By Sourcefire, Inc. ********************

Do not miss SANS WhatWorks in Intrusion Detection and Prevention: Securing Servers for PCI Compliance with The White Company Webcast on September 11, 2009 Featuring: Alan Paller and Marc Harper PCI compliance concerns prompted a UK-based retailer to evaluate options for intrusion detection systems for its servers. Register now:

http://www.sans.org/info/48312

*************************************************************************

TRAINING UPDATE - - SANS Network Security, San Diego Sept. 14-22; the Fall's biggest security training conference, http://www.sans.org/ns2009 - - SCADA Security Summit, Stockholm, Oct. 27-30, http://www.sans.org/euscada09_summit/ - - SANS Chicago North Shore, Oct. 26-Nov. 2, http://www.sans.org/chicago09/ - - SANS San Francisco, November 9-14, http://www.sans.org/sanfrancisco09 - - SANS CDI, Washington DC, Dec. 11-18, http://www.sans.org/cyber-defense-initiative-2009 - - Looking for training in your own community? http://sans.org/community/ - - Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php - - For a list of all upcoming events, on-line and live: http:/www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Links: ****************************

1) Register Today and receive 10% off for SANS vLive course SEC542, Web App Penetration Testing and Ethical Hacking taking place November 2nd - November 9th. Please use the code @Risk542 when registering.

http://www.sans.org/info/48322

2) Don't miss the upcoming webcast: Staying Ahead of the Latest Endpoint Security Threats Featuring highlights from the IBM X-Force 2009 Mid-year Trend and Risk Report. REGISTER NOW

http://www.sans.org/info/48327

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Windows DHTML Editing Component ActiveX Control Code Execution Vulnerability (MS09-046)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems

  • Description: A vulnerability has been identified in Microsoft Windows that might allow an attacker to execute arbitrary code. The vulnerability is caused by to error in DHTML Editing Component ActiveX Control, a software bundle used to provide dynamic HTML editing capabilities and made available as an ActiveX control. Specially crafted web pages, when viewed with Internet Explorer, might instantiate this ActiveX control and exploit this vulnerability to allow an attacker to execute arbitrary code in the context of the application using the ActiveX control. The users will have to be tricked into visiting the website that hosts such a web page, typically by persuading them to click on the links in e-mail messages or Instant Messenger messages. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) CRITICAL: Microsoft JScript Scripting Engine Memory Corruption Vulnerability (MS09-045)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Microsoft Windows Vista , Vista Service Pack 1, Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition, Vista x64 Edition Service Pack 1, Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (32-bit) Service Pack 2
    • Microsoft Windows Server 2008 (x64)
    • Microsoft Windows Server 2008 (x64) Service Pack 2
    • Microsoft Windows Server 2008 (Itanium)
    • Microsoft Windows Server 2008 (Itanium) Service Pack 2

  • Description: A memory corruption vulnerability has been identified in Microsoft Windows. The vulnerability is caused by an error in the way JScript Scripting engine "JScript.dll" processes scripts in web pages. JScript is Microsoft's implementation of ECMAScript (commonly known as JavaScript), a scripting language that can run only in the presence of Internet Explorer, ASP, or Windows Script Host. The specific flaw is in JScript Scripting Engine's parsing the "arguments" keyword. A specially crafted web page when viewed with Internet Explorer can be used to trigger this vulnerability. Successful exploitation might allow an attacker to execute arbitrary code with the privileges of the logged on user. The users will have to be tricked into visiting the website that hosts such a web page, typically by persuading them to click on the links in e-mail messages or Instant Messenger messages. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Microsoft Windows Media Format Multiple Vulnerabilities (MS09-047)
  • Affected:
    • Microsoft Windows Media Services 9.1
    • Microsoft Windows Media Services 2008
    • Microsoft Windows Media Format 9.5 x64
    • Microsoft Windows Media Format 9.x
    • Microsoft Windows Media Format 11
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2, Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 SP2 (Itanium)
    • Windows Vista, Service Pack 1, Service Pack 2
    • Microsoft Windows Vista x64 Edition, Service Pack1, Service Pack2
    • Microsoft Windows Server 2008 (32-bit), Service Pack 2
    • Microsoft Windows Server 2008 (x64), Service Pack 2
    • Microsoft Windows Server 2008 (Itanium), Service Pack 2

  • Description: Microsoft Windows Media Format Runtime, a software package that helps applications, including Windows Media Player, to play Windows Media content, has been found to have two critical vulnerabilities. The first is an Invalid Free vulnerability caused by an error in the processing of Advanced Systems Format (ASF) files with malformed headers. A specially crafted ASF file or a web site that delivers specially crafted streaming content can be used to trigger this vulnerability. The second is a memory corruption vulnerability in the Windows component that handles MP3 files, caused by an error in the processing of MP3 meta-data. A specially crafted MP3 file or a web site that delivers a specially crafted streaming content can be used to trigger this vulnerability. Successful exploitation in both cases might allow an attacker to execute arbitrary code with the privileges of the logged on user. Some technical details are publicly available for some of the vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) CRITICAL: Microsoft Windows TCP/IP Implementation Multiple Vulnerabilities (MS09-048)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4*
    • Windows XP Service Pack 2 and Windows XP Service Pack 3*
    • Windows XP Professional x64 Edition Service Pack 2*
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

  • Description: Multiple Vulnerabilities have been identified in Microsoft Windows TCP/IP stack. The first is a denial of service vulnerability caused by improper handling of excessive numbers of established TCP connections. If an attacker could manipulate the size of the TCP receive window to a small or zero value the effects of the exploit would be greater. The second is a remote code execution vulnerability caused by Windows TCP/IP stack not cleaning up state information correctly thereby resulting in invalid reference of a field as a function pointer. The third issue is a denial of service vulnerability caused due to TCP/IP stack allowing the connections to hang indefinitely in the FIN-WAIT-1 or FIN-WAIT-2 state. Some technical details for some of these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: Apple QuickTime Multiple Vulnerabilities
  • Affected:
    • Apple QuickTime Player versions prior to 7.6.4

  • Description: Multiple vulnerabilities have been identified in Apple QuickTime, a widely used media player. The first issue is a memory corruption issue caused due to an error in handling H.264 movie files. A specially crafted H.264 movie file can be used to trigger this flaw. The second issue is a boundary error while handling MPEG-4 video files. A specially crafted MPEG-4 file can be used to trigger this flaw. The third issue is a heap-based buffer overflow caused due to errors in handling FlashPix files. A specially crafted FlashPix file may be used to trigger this vulnerability. The last issue is yet another heap-based buffer overflow caused due to improper handling of H.264 movie files. Note that systems using QuickTime as the default media player can be compromised upon browsing to a malicious webpage without any user interaction.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) CRITICAL: Microsoft Windows Wireless LAN Autoconfig Service Code Execution Vulnerability (MS09-049)
  • Affected:
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*

  • Description: Microsoft Windows Wireless LAN Autoconfig Service (Wlansvc), a service used to configure wireless connectivity settings and security, has been found to have a heap-based buffer overflow vulnerability. The issue is caused by inadequate validation of malformed frames received on a wireless network. A wireless transmitter that transmits specially crafted frame can be used to trigger this vulnerability provided the wireless network interface is enabled. Successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user. Technical details for this vulnerability are not available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) HIGH: Microsoft Windows SMB Header Processing Code Execution Vulnerability
  • Affected:
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

  • Description: A vulnerability has been identified in Microsoft's Server Message Block (SMB) implementation. The issue is an out-of-bounds indexing error caused due to the way "Smb2ValidateProviderCallback()" function within the SRV2.SYS kernel driver handles malformed SMB negotiation requests. A specially crafted SMB request with Negotiate Protocol Request might trigger this vulnerability. Successful exploitation might allow an attacker to execute arbitrary code while unsuccessful attempts might lead to denial-of-service condition. Full technical details for the vulnerability are publicly available along with proof-of-concept.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (9) HIGH: VMware Workstation Movie Decoder VMnc Codec Multiple Vulnerabilities
  • Affected:
    • VMWare Workstation 6.5.x
    • VMWare Player 2.5.x
    • VMWare Movie Decoder 6.5.3

  • Description: VMware Workstation is VMware's popular virtualization product. VMware Workstation movie decoder that is either installed by default or downloaded as a separate package contains VMnc media codec, used for the purpose of play back. Two heap-based buffer overflow vulnerabilities have been identified in VMnc codec which can be triggered by a specially crafted video file. The first issue is caused due to a boundary error in the VMnc codec (vmnc.dll) and a video file with mismatched dimensions can be used to exploit this vulnerability. The second issue is heap memory corruption and is caused due to an error in the way VMnc codec handles video content that has a height below eight pixels. Successful exploitation in both cases might allow an attacker to execute arbitrary code. An attacker will have to entice the user into opening a malformed video file; either by sending the malicious file as an e-mail attachment or by sending a link, which hosts such a malformed AVI file, in an e-mail message.

  • Status: Vendor confirmed, updates available.

  • References:
  • (10) HIGH: Adobe RoboHelp Server Code Execution Vulnerability
  • Affected:
    • Adobe RoboHelp Server 8

  • Description: Adobe RoboHelp Server is a popular help authoring tool, and is used for developing, managing and deploying online help systems for desktop and web applications. This application running Windows platform, has been identified with a vulnerability which might allow an attacker in uploading and executing arbitrary code. No authentication is required to carry out this exploit. No Technical details have been provided for the vulnerability. And no updates or workarounds have been provided by the vendor.

  • Status: Vendor confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 37, 2009

Vulnerabilities from Qualys (www.qualys.com <http://www.qualys.com> <http://www.qualys.com>) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7433 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.37.1 - CVE: Not Available
  • Platform: Windows
  • Title: MailSite "LDAP3A.exe" Multiple Remote Denial of Service Vulnerabilities
  • Description: MailSite is a program for providing access to email accounts on Microsoft Windows operating systems. MailSite is exposed to multiple denial of service issues that exist in the "LDAP3A.exe" process. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. MailSite version 8.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/36240
  • 09.37.2 - CVE: CVE-2009-2498
  • Platform: Windows
  • Title: Microsoft Windows Media Format ASF Header Invalid Free Memory Corruption
  • Description: Windows Media Format Runtime is a library for Microsoft Windows operating systems. ASF (Advanced System Format) is a file format used for multimedia data, commonly seen with ".ASF", ".WMV", or ".WMA" file extensions. Microsoft Windows is exposed to a remote memory corruption issue that presents itself when the Windows Media Format component handles an ASF file with crafted header data. This issue stems from an invalid-free error.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-047.mspx
  • 09.37.3 - CVE: CVE-2009-2499
  • Platform: Windows
  • Title: Microsoft Windows Media Format MP3 Metadata Remote Code Execution
  • Description: Microsoft Windows Media Format Runtime is a library for Microsoft Windows operating systems. MP3 (MPEG-1 Audio Layer 3) is a file format used for audio data. Windows is exposed to a remote code execution issue that presents itself when the Windows Media Format component handles an MP3 file containing crafted metadata.
  • Ref: http://www.securityfocus.com/bid/36228/references
  • 09.37.4 - CVE: CVE-2009-1132
  • Platform: Windows
  • Title: Microsoft Windows Wireless LAN AutoConfig Frame Parsing Remote Code Execution
  • Description: Microsoft Windows is exposed to a remote code execution issue because the Wireless LAN AutoConfig Service ("wlansvc") fails to properly validate certain network frames. This could result in a heap-based overflow condition. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. This issue affects computers with a wireless network card enabled.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-049.mspx
  • 09.37.5 - CVE: CVE-2009-1920
  • Platform: Windows
  • Title: Microsoft JScript Scripting Engine Remote Code Execution
  • Description: JScript is a scripting engine for Microsoft Windows. JScript is exposed to a remote code execution issue because it fails to adequately handle user-supplied input. Memory corruption may occur when the scripting engine decodes a specially crafted script when processing a malicious webpage.
  • Ref: http://www.securityfocus.com/archive/1/506302
  • 09.37.6 - CVE: CVE-2009-1925
  • Platform: Windows
  • Title: Microsoft Windows TCP/IP TimeStamps Remote Code Execution
  • Description: TCP/IP is the set of network protocols used for the Internet. The Microsoft Windows implementation of TCP/IP is exposed to a remote code execution issue that occurs because the Windows TCP/IP stack fails to clean up state information correctly. This will cause the TCP/IP stack to reference a field as a function pointer when it actually contains different information.
  • Ref: http://blogs.technet.com/srd/archive/2009/09/08/assessing-the-ris k-of-the-september-critical-security-bulletins.aspx
  • 09.37.7 - CVE: CVE-2009-1926
  • Platform: Windows
  • Title: Microsoft Windows TCP/IP Orphaned Connection Remote Denial of Service
  • Description: TCP/IP is the set of network protocols used for the Internet. The Microsoft Windows implementation of TCP/IP is exposed to a remote denial of service issue because the TCP/IP stack allows connections to hang indeterminately in the "FIN-WAIT-1" or "FIN-WAIT-2" state under certain circumstances. The attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
  • 09.37.8 - CVE: CVE-2009-2521
  • Platform: Other Microsoft Products
  • Title: Microsoft IIS FTPd Unspecified Remote Denial of Service
  • Description: Microsoft Internet Information Service (IIS) is a webserver available for Microsoft Windows. The application is exposed to an unspecified denial of service issue affecting the application's FTP server. IIS 5.0, 5.1, 6.0 and 7.0 are affected.
  • Ref: http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-securi ty-advisory-975191-released.aspx
  • 09.37.9 - CVE: CVE-2009-2519
  • Platform: Other Microsoft Products
  • Title: Microsoft DHTML Editing Component ActiveX Control Remote Code Execution
  • Description: The Microsoft DHTML Editing Component ActiveX control allows users to edit dynamic websites. The ActiveX control is exposed to a remote code execution issue that occurs when the ActiveX Control is instantiated in Internet Explorer. Successful exploits will allow the attacker to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer).
  • Ref: http://blogs.technet.com/srd/archive/2009/09/08/assessing-the-ris k-of-the-september-critical-security-bulletins.aspx
  • 09.37.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell iPrint Client ActiveX Control Unspecified Buffer Overflow
  • Description: Novell iPrint Client lets users access printers from remote locations. Novell iPrint Client ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. iPrint Client version 4.38 is affected.
  • Ref: http://www.securityfocus.com/bid/36231
  • 09.37.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PPStream "MList.ocx" ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: PPStream MList.ocx is a freely available ActiveX control for PPStream streaming-video software. PPStream MList.ocx ActiveX control is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. PPStream MList.ocx ActiveX control version 2.6.86.8900 is affected.
  • Ref: http://www.securityfocus.com/bid/36234
  • 09.37.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: freeSSHd Pre Authentication Error Remote Denial of Service
  • Description: freeSSHd is an SSH server for Microsoft Windows. freeSSHd is exposed to a remote denial of service issue due to an unspecified pre-authentication error in the application. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. freeSSHd version 1.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/36235
  • 09.37.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Deployment Solution Multiple Remote Vulnerabilities
  • Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location. It is available for Microsoft Windows. Symantec Altiris Deployment Solution is exposed to multiple remote issues. Symantec Altiris version 6.9 is affected.
  • Ref: http://www.securityfocus.com/bid/36247
  • 09.37.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ipswitch WhatsUp Gold "NMWebService.exe" Remote Denial of Service
  • Description: Ipswitch WhatsUp Gold is a network-monitoring/management application for the Microsoft Windows platform. The application is exposed to a remote denial of service issue because it fails to properly sanitize input to "NMWebService.exe". Ipswitch WhatsUp Gold version 12 is affected.
  • Ref: http://www.securityfocus.com/bid/36256
  • 09.37.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IBM Lotus Domino "nserver.exe" Denial of Service
  • Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. Domino Server supports email, scheduling, instant messaging, and data-driven applications. Domino Server is exposed to a denial of service issue that affects the "nserver.exe" process. Domino Server version 8.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36257
  • 09.37.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Advanced Software Engineering ChartDirector "cacheId" Parameter Directory Traversal
  • Description: Advanced Software Engineering ChartDirector is a chart component for windows and web applications. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "cacheId" parameter. ChartDirector version 5.0 is affected.
  • Ref: http://dokfleed.net/duh/modules.php?name=News&file=article&sid=48
  • 09.37.17 - CVE: CVE-2009-2946
  • Platform: Linux
  • Title: Debian devscripts "uscan" Input Validation
  • Description: devscripts is a Debian package containing package maintenance applications. "uscan" is an application in devscripts that checks for new source code versions. The application is exposed to an input validation issue because it runs Perl code from potentially untrusted sources.
  • Ref: http://www.securityfocus.com/bid/36227
  • 09.37.18 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "drivers/scsi/sg.c" NULL Pointer Dereference Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue that affects the "sg_build_indirect()" function in the "drivers/scsi/sg.c" source file. Specifically, this issue is caused by a NULL-pointer dereference in the error path for the affected function. The Linux kernel versions 2.6.28-rc1 through 2.6.31-rc8 are affected.
  • Ref: http://lkml.org/lkml/2009/9/3/107
  • 09.37.19 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
  • Description: The Linux kernel is exposed to multiple local information disclosure issues because it fails to properly clear certain structure members before sending them to user space. Successful exploits will disclose a certain amount of kernel stack memory. Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks.
  • Ref: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.g it;a=commitdiff;h=0f3f2328f63c521fe4b435f148687452f98b2349
  • 09.37.20 - CVE: Not Available
  • Platform: Linux
  • Title: Ubuntu PAM Authentication Security Bypass
  • Description: Ubuntu PAM is exposed to a security-bypass issue. Specifically the issue occurs under certain circumstances when "debconf" is used in a non-default configuration. If an administrator removes the default list of modules or does not chose a module when operating "debconf", PAM may allow an arbitrary user to gain unauthorized access to the resources. Attackers can exploit this issue to authenticate as a user with arbitrary privileges.
  • Ref: http://www.securityfocus.com/bid/36306
  • 09.37.21 - CVE: Not Available
  • Platform: Novell
  • Title: Novell ZENworks Asset Manager 7.5 Multiple Unspecified Vulnerabilities
  • Description: Novell ZENworks Asset Management is an application suite for IT managment and business process automation. ZENworks Asset Manager is exposed to multiple remote issues. An attacker can leverage these issues to execute arbitrary code within the context of the vulnerable application and obtain potentially sensitive information. ZENworks Asset Manager version 7.5 is affected.
  • Ref: http://www.novell.com/products/zenworks/assetmanagement/overview. html
  • 09.37.22 - CVE: Not Available
  • Platform: Novell
  • Title: Novell ZENworks Configuration Management Multiple Unspecified Vulnerabilities
  • Description: Novell ZENworks Configuration Management is an IT management application. ZENworks Configuration Management is exposed to multiple remote issues. An attacker can leverage these issues to execute arbitrary code within the context of the vulnerable application and obtain potentially sensitive information. ZENworks Configuration Management versions 10.1 through 10.1.2a are affected.
  • Ref: http://www.securityfocus.com/bid/36266
  • 09.37.23 - CVE: Not Available
  • Platform: Novell
  • Title: Novell eDirectory 8.7.3 Multiple Unspecified Vulnerabilities
  • Description: Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server that also implements NCP (NetWare Core Protocol). Novell eDirectory is exposed to multiple remote issues. An attacker can leverage these issues to execute arbitrary code within the context of the vulnerable application and obtain potentially sensitive information. Novell eDirectory versions 8.7.3 through 8.7.3 SP10b are affected.
  • Ref: http://www.securityfocus.com/bid/36270
  • 09.37.24 - CVE: Not Available
  • Platform: Novell
  • Title: Novell eDirectory HTTP GET Request Unicode Strings Denial of Service
  • Description: Novell eDirectory is a directory service that is used to centrally manage computer resources on a network. eDirectory is exposed to a denial of service issue when handling specially crafted GET requests containing unicode strings. Novell eDirectory version 8.8 SP5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/506295
  • 09.37.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JustSystems ATOK Screen Lock Local Privilege Escalation
  • Description: JustSystems ATOK is a language processing application. The application is exposed to a local privilege escalation issue due to an unspecified design error in the screen lock mechanism, which may allow attackers to bypass certain security restrictions.
  • Ref: http://www.securityfocus.com/bid/36220
  • 09.37.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Computer Associates Database Management Multiple Vulnerabilities
  • Description: Computer Associates Database Management is used to manage the performance of databases. Computer Associates Database Management is exposed to multiple buffer overflow and denial of service issues. Computer Associates Database Management version 11.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/36232
  • 09.37.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Computer Associates CleverPath Portal Unspecified
  • Description: Computer Associates CleverPath Portal is web-based portal application available for a variety of operating systems. The application is exposed to an unspecified issue.
  • Ref: http://www.securityfocus.com/bid/36233
  • 09.37.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL 5.x Unspecified Buffer Overflow
  • Description: MySQL is an open-source SQL database available for multiple operating systems. MySQL is exposed to a buffer overflow issue because if fails to perform adequate boundary checks on user-supplied data. MySQL 5.x versions are affected.
  • Ref: http://www.securityfocus.com/bid/36242
  • 09.37.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System ASP Server 4.0.3 Multiple Unspecified Remote Vulnerabilities
  • Description: Sun Java System ASP Server is an application server for hosting ASP-based applications with servers other than their native Microsoft IIS. Sun Java Active Server Pages is exposed to multiple remote issues. Attackers can exploit these issues to execute code within the context of the affected server. Sun Java System ASP Server version 4.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/36244
  • 09.37.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe RoboHelp Server Unspecified Security
  • Description: Adobe RoboHelp Server is an application used to create application help files in a number of formats. Adobe RoboHelp Server is exposed to an unspecified security issue. Adobe RoboHelp Server version 8.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36245
  • 09.37.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager Multiple Remote Vulnerabilities
  • Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. HP NNM is exposed to multiple remote issues, including: a remote command-injection issue, a stack-based buffer overflow issue, an arbitrary file overwrite issue, and an unspecified vulnerability.
  • Ref: http://www.securityfocus.com/bid/36248
  • 09.37.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Samba 3.x Multiple Unspecified Remote Vulnerabilities
  • Description: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows users to share files and printers between operating systems on Unix and Windows platforms. Samba is exposed to multiple unspecified remote issues, including: an error in "smbd" that can be exploited to cause a heap-based overflow, an error when Samba is compiled with "--enable-developer" can lead to a heap-based overflow, multiple unspecified stack overflows, and an unspecified heap-based buffer overflow.
  • Ref: http://www.securityfocus.com/bid/36250
  • 09.37.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mutt SSL Certificate Validation Security Bypass
  • Description: Mutt is a chat client available for multiple operating systems. The application is exposed to a security-bypass issue that occurs because it fails to properly validate SSL certificates when connecting to a mail server. Mutt versions prior to 1.5.20 are affected.
  • Ref: http://dev.mutt.org/trac/ticket/3087
  • 09.37.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SAP NetWeaver Multiple Unspecified Remote Vulnerabilities
  • Description: SAP NetWeaver is a platform for enterprise applications. SAP NetWeaver is exposed to multiple unspecified remote issues. Attackers can exploit these issues to execute code within the context of the affected server, cause denial of service conditions, and gain access to potentially sensitive information.
  • Ref: http://www.securityfocus.com/bid/36252
  • 09.37.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Operations Manager Unspecified Remote Security
  • Description: HP Operations Manager is an application for managing IT infrastructure. It is available for a number of platforms, including Microsoft Windows. Operations Manager is exposed to an unspecified remote security issue. Operations Manager version 8.1 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/36253
  • 09.37.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apache mod_proxy_ftp Remote Command Injection
  • Description: Apache mod_proxy_ftp is a module for the Apache web server to handle FTP proxy requests. The Apache mod_proxy_ftp module is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input data. Arbitrary FTP commands may be encoded as part of the "Authentication" header.
  • Ref: http://www.securityfocus.com/bid/36254
  • 09.37.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Performance Insight 5.3 Multiple Unspecified Vulnerabilities
  • Description: HP Performance Insight is an application for managing network data. Performance Insight is exposed to multiple remote issues. An attacker can leverage this issue to execute arbitrary code within the context of the vulnerable application and obtain potentially sensitive information. Performance Insight version 5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/36255
  • 09.37.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Operations Dashboard Portal Unspecified Remote Security
  • Description: HP Operations Dashboard is a management application available for a number of platforms, including Microsoft Windows. Operations Dashboard is exposed to an unspecified remote security issue that affects the Operations Dashboard Portal. Operations Dashboard version 2.1 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/36258
  • 09.37.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Directory Server "ibmdiradm" Denial of Service
  • Description: IBM Tivoli Directory Server is an LDAP-based identity management application. IBM Tivoli Directory Server is exposed to a denial of service issue due to a heap memory corruption. This issue occurs in the "ibmdiradm" process. IBM Tivoli Directory Server version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36259
  • 09.37.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Perforce Multiple Unspecified Remote Security Vulnerabilities
  • Description: Perforce Server is a revision control system. Perforce Server is exposed to multiple remote security issues. An attacker can exploit this issue to crash the affianced application, denying service to legitimate users. Perforce version 2008.1/160022 is affected.
  • Ref: http://www.securityfocus.com/bid/36261
  • 09.37.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FreeRADIUS Unspecified Denial of Service
  • Description: FreeRADIUS is an open-source implementation of the RADIUS protocol for authentication. FreeRadius is exposed to an unspecified denial of service issue that will cause the "radiusd" daemon to crash. FreeRADIUS version 1.1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/36263
  • 09.37.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apache mod_proxy_ftp Module NULL Pointer Dereference Denial of Service
  • Description: Apache "mod_proxy_ftp" is a module for the Apache web server to handle FTP proxy requests. The module is exposed to a denial of service issue because of a NULL-pointer dereference. A specially crafted EPSV response can cause an Apache child process to crash.
  • Ref: http://www.securityfocus.com/bid/36262
  • 09.37.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SAP Crystal Reports Server Multiple Unspecified Remote Vulnerabilities
  • Description: SAP Crystal Reports Server is an application for sharing, scheduling, and delivering interactive reports. Crystal Reports Server is expsoed to multiple unspecified remote issues. Attackers can exploit these issues to execute code within the context of the affected server and cause denial-of-service conditions.
  • Ref: http://www.securityfocus.com/bid/36267
  • 09.37.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities
  • Description: LiteSpeed Web Server is a scalable web server that is interchangeable with Apache. LiteSpeed Web Server is exposed to multiple unspecified remote security issues. Attackers can exploit these issues to execute code within the context of the affected server or to cause denial-of-service conditions. LiteSpeed Web Server version 3.3.19 is affected.
  • Ref: http://www.securityfocus.com/bid/36268
  • 09.37.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: McAfee Email and Web Security Appliance Unspecified Information Disclosure
  • Description: McAfee Email and Web Security Appliance is a security application. The application is exposed to an unspecified information disclosure issue that allows attackers to read arbitrary files. McAfee Email and Web Security Appliance version 5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/36272
  • 09.37.46 - CVE: CVE-2009-2346
  • Platform: Cross Platform
  • Title: Asterisk IAX2 Call Number Space Exhaustion Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. Asterisk is exposed to a remote denial of service issue because it fails to properly handle an excessive amount of call numbers. This issue affects the IAX2 protocol that uses a call number to associate messages with a call. The call number field in messages is defined as a fixed size 15 bit value.
  • Ref: http://downloads.asterisk.org/pub/security/AST-2009-006.html
  • 09.37.47 - CVE: CVE-2009-2703
  • Platform: Cross Platform
  • Title: Pidgin Libpurple Multiple Denial of Service Vulnerabilities
  • Description: Pidgin is a multiplatform instant-messaging client that supports multiple messaging protocols. Libpurple is a library used to provide instant-messaging functionality. The application is exposed to multiple denial of service issues. Pidgin Libpurple versions 2.6.1 and earlier are affected.
  • Ref: http://www.pidgin.im/news/security/index.php?id=40
  • 09.37.48 - CVE: CVE-2009-2701
  • Platform: Cross Platform
  • Title: Zope Object Database ZEO Server Remote Security Bypass
  • Description: Zope Object Database (ZODB) is a Python-based object database. Zope Enterprise Objects (ZEO) server is a content management system that uses ZODB for the back end. The application is exposed to a security bypass issue that attackers can leverage to execute certain actions. Zope Object Database versions 3.8 and fixed in 3.8.3.
  • Ref: https://mail.zope.org/pipermail/zope-announce/2009-September/0022 21.html
  • 09.37.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenOffice Multiple Unspecified Remote Security Vulnerabilities
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. OpenOffice is exposed to multiple unspecified remote security issues including a stack-based overflow issue and two unspecified issues. Attackers can exploit these issues to execute code within the context of the affected application.
  • Ref: http://www.securityfocus.com/bid/36285
  • 09.37.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Directory Server "ns-slapd" Denial of Service
  • Description: Sun Java System Directory Server is an LDAP (Lightweight Directory Access Protocol) server distributed with Sun Java System Directory Server 6.0 Enterprise Edition. Sun Java System Directory Server is exposed to a denial of service issue that affects the "ns-slapd" process. Sun Java System Directory Server version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36286
  • 09.37.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle TimesTen In-Memory Multiple Unspecified Vulnerabilities
  • Description: Oracle TimesTen In-Memory is a real-time data management application. Oracle TimesTen In-Memory is exposed to multiple remote issues. An attacker can leverage these issues to gain access to sensitive information or crash the affected application. Other attacks are also possible. Oracle TimesTen In-Memory version 7.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/36288
  • 09.37.52 - CVE: CVE-2009-0199, CVE-2009-2628
  • Platform: Cross Platform
  • Title: VMware Movie Decoder VMnc Codec Multiple Heap Overflow Vulnerabilities
  • Description: VMware Movie Decoder contains the VMnc media codec, which is required to play movies recorded with VMware Workstation, VMware Player and VMware ACE. The VMnc codec shipped with VMware Movie Decoder is exposed to multiple heap-overflow issues because it fails to perform boundary checks prior to copying user-supplied data into process buffers. Application versions prior to VMware Movie Decoder for Windows 6.5.3 Build 185404, VMware Workstation for Windows 6.5.3 build 185404, and VMware Player for Windows 2.5.3 build 185404 are affected.
  • Ref: http://www.securityfocus.com/archive/1/506292
  • 09.37.53 - CVE: CVE-2009-2139
  • Platform: Cross Platform
  • Title: OpenOffice EMF File Parser Remote Command Execution
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. The application is exposed to a remote command execution issue because the application fails to properly handle specially crafted files. The vulnerability occurs in the EMF file parser when processing a malicious document.
  • Ref: http://www.debian.org/security/2009/dsa-1880
  • 09.37.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ytnef Buffer Overflow and Directory Traversal Vulnerabilities
  • Description: ytnef is an application used to decode TNEF streams. ytnef is exposed to multiple issues. Exploiting these issues may allow remote attackers to execute arbitrary code or overwrite arbitrary files within the context of the affected application. ytnef version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/36295
  • 09.37.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cyrus IMAP Server SIEVE Script Local Buffer Overflow
  • Description: Cyrus IMAP Server is a mail server application for Linux and Unix platforms. Cyrus IMAP Server is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue is due to the improper use of the "sizeof()" function, which allows negative values to be passed to the "snprintf()" function. Cryus IMAP Server version 2.2.13 is affected.
  • Ref: http://www.securityfocus.com/bid/36296
  • 09.37.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ipswitch WS_FTP Professional HTTP Server Response Format String
  • Description: Ipswitch WS_FTP Professional is an FTP and HTTP client application. It is available for Microsoft Windows operating systems. Ipswitch WS_FTP Professional client is exposed to a format string issue it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Specifically, the issue presents itself when the client parses specially crafted responses for a malicious HTTP server. WS_FTP Professional version 12 is affected.
  • Ref: http://www.securityfocus.com/bid/36297
  • 09.37.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari JavaScript "eval()" Denial of Service
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a denial of service issue because it fails to properly sanitize user-supplied input. The issue can be triggered with specially crafted calls to the JavaScript "eval()" function that will exhaust stack memory. Safari version 3.2.3 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/36298
  • 09.37.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GlobalSCAPE Secure FTP Server and Enhanced File Transfer Server Unspecified Security
  • Description: GlobalSCAPE Secure FTP Server is an FTP server application for Microsoft Windows operating systems. Enhanced File Transfer server is a Secure FTP solution developed by GlobalSCAPE. GlobalSCAPE Secure FTP Server and Enhanced File Transfer Server are exposed to an unspecified security issue. Remote attackers can exploit this issue to completely compromise the confidentiality, integrity and availability of affected computers.
  • Ref: http://www.globalscape.com/support/srv.aspx
  • 09.37.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Lotus Notes RSS Reader Widget HTML Injection
  • Description: IBM Lotus Notes is a tool for email, calendar, scheduling, and collaboration tasks. Lotus Notes includes an optional RSS reader widget. The RSS reader widget is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Lotus Notes version 8.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/506296
  • 09.37.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi JP1/File Transmission Server/FTP Multiple Unspecified Vulnerabilities
  • Description: Hitachi JP1/File Transmission Server/FTP is an FTP server. It is available for Windows, HP-UX, IBM AIX, Sun Solaris, and Linux platforms. JP1/File Transmission Server/FTP is exposed to multiple unspecified remote issues that allow remote attackers to execute arbitrary commands which may lead to various attacks and allow the attackers to gain unauthorized access to an affected computer.
  • Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vul s/HS09-015/index.html
  • 09.37.61 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi Multiple Products GIF File Parsing Buffer Overflow
  • Description: Multiple Hitachi products including Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java are prone to a buffer overflow issue because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Specifically the issue occurs when processing crafted GIF files.
  • Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vul s/HS09-014/index.html
  • 09.37.62 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi Multiple Products GIF File Parsing Denial of Service
  • Description: Multiple Hitachi products are exposed to a denial of service issue due to an unspecified error. Attackers can exploit this issue to terminate the affected applications, causing a denial of service condition.
  • Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vul s/HS09-016/index.html
  • 09.37.63 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere MQ Multiple Vulnerabilities
  • Description: IBM WebSphere MQ is a commercially available messaging engine for enterprises. Database Management is exposed to multiple issues. Successful exploits may allow attackers to carry out denial of service and other attacks.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24024153
  • 09.37.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DotNetNuke Multiple Cross-Site Scripting Vulnerabilities
  • Description: DotNetNuke is an open-source framework for creating and deploying websites. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Specifically, these issues affect the ClientAPI and the Language skin object. DotNetNuke versions 3.0 to 4.9.4 inclusive as well as versions 5.0, 5.0.1, 5.1.0 and 5.1.1 are affected.
  • Ref: http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno2 8/tabid/1363/Default.aspx
  • 09.37.65 - CVE: CVE-2009-3009
  • Platform: Web Application - Cross Site Scripting
  • Title: Ruby on Rails Form Helpers Unicode String Handling Cross-Site Scripting
  • Description: Ruby on Rails is a web application framework available for multiple platforms. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue arises because Unicode strings can be injected into form helpers. Ruby on Rails 2.x.x versions prior to 2.3.4 and 2.2.3 are affected.
  • Ref: http://groups.google.com/group/rubyonrails-security/msg/7f57cd779 4e1d1b4?pli=1
  • 09.37.66 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Domino Web Access Cross-Site Scripting
  • Description: IBM Lotus Domino Web Access or iNotes facilitates web access to Domino-based mail, calendar, schedule, to-do lists, contact lists, and notebooks for Lotus Domino users. The application is exposed to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. IBM Lotus Domino Web Access (iNotes) version 8.0.1 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27016745
  • 09.37.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Discuz! JangHu Inn Plugin "forummission.php" SQL Injection
  • Description: JangHu Inn is a plugin for the Discuz! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "forummission.php" script before using it an SQL query. JangHu Inn version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/36222
  • 09.37.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Live! "deptid" Parameter SQL Injection
  • Description: PHP Live! is a customer support application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "deptid" parameter of the "message_box.php" script before using it an SQL query. PHP Live! version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/36226
  • 09.37.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo Zoom Component "catid" Parameter SQL Injection
  • Description: Zoom is a PHP-based component for the Mambo content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_zoom" component before using it in an SQL query. Zoom version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36281
  • 09.37.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DvBBS "boardrule.php" SQL Injection
  • Description: DvBBS is a PHP-based bulletin board application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "groupboardid" parameter of the "boardrule.php" script before using it an SQL query. DvBBS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/506258
  • 09.37.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! Joomlub Component "aid" Parameter SQL Injection
  • Description: Joomlub is a PHP-based auction component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "aid" parameter of the "com_joomlub" component before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/36287
  • 09.37.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Kaspersky Online Scanner Unspecified Security
  • Description: Kaspersky Online Scanner is a web-based antivirus application. Online Scanner is exposed to an unspecified security issue. Online Scanner version 7.0 is affected.
  • Ref: http://www.securityfocus.com/bid/36243
  • 09.37.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Zeroboard "now_connect()" Remote Code Execution
  • Description: Zeroboard is a PHP-based bulletin board application. The application is exposed to an issue that lets attackers execute arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input passed to the "now_connect()" function of the "get_connect.php" script. Zeroboard version 4.1 pl7 is affected.
  • Ref: http://www.securityfocus.com/bid/36284
  • 09.37.74 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Tivoli Identity Manager User Profile HTML Injection
  • Description: Tivoli Identity Manager is a policy-based solution used for managing user privileges across heterogeneous IT resources. The application is exposed to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. This issue arises when HTML and script code is supplied through the "last name" field of the user profile page. IBM Tivoli Identity Manager version 5.0.0.5 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747
  • 09.37.75 - CVE: Not Available
  • Platform: Web Application
  • Title: The Rat CMS "admin/add_album.php" Arbitrary File Upload
  • Description: The Rat CMS is a PHP-based web application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input before uploading files via the "admin/add_album.php" script. The Rat CMS Pre-Alpha version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/36295
  • 09.37.76 - CVE: Not Available
  • Platform: Network Device
  • Title: ASUS WL-500W Wireless Router Multiple Remote Vulnerabilities
  • Description: ASUS WL-500W is a wireless router. The router is exposed to multiple remote issues. Attackers can exploit these issues to completely compromise the vulnerable device; other attacks may also be possible.
  • Ref: http://www.securityfocus.com/bid/36236
  • 09.37.77 - CVE: Not Available
  • Platform: Network Device
  • Title: D-Link DIR-400 Unspecified Remote Buffer Overflow
  • Description: D-Link DIR-400 is a router. D-Link DIR-400 is exposed to an unspecified remote buffer overflow issue because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Exploiting this vulnerability may allow remote attackers to execute arbitrary code in the context of the affected device.
  • Ref: http://www.securityfocus.com/bid/36237
  • 09.37.78 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys WRT54GL Unspecified Remote Buffer Overflow
  • Description: Linksys WRT54GL is a wireless router. Linksys WRT54GL is exposed to an unspecified remote buffer overflow vulnerability because it fails to bounds check user-supplied input before copying it into an insufficiently sized memory buffer. Exploiting this vulnerability may allow remote attackers to execute arbitrary code in the context of the affected device.
  • Ref: http://www.securityfocus.com/bid/36262
  • 09.37.79 - CVE: CVE-2009-0627
  • Platform: Network Device
  • Title: Cisco Nexus 5000 TCP Packet Remote Denial of Service
  • Description: Cisco Nexus 5000 is a networking hardware device. Nexus is exposed to an unspecified denial of service issue when handling specially crafted TCP packets. Devices running versions prior to NX-OS 4.0(1a)N2(1) are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtm l

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/

It is clear that a great deal of time is spent in creating and maintaining these courses. Content is well presented, relevant and accurate. Delivery is meaningful and energetic.
-Sue Farrand, Edgewater Technology Associates

CISSP Get Certified Program

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP