The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 4
January 22, 2009

SANS Newsletters Home

Apple's QuickTime is ubiquitous - on both Windows and Macs -- installed automatically with LOTS of programs. And attackers think of programs like QuickTime as the "sweet spot" for easy penetration. So the critical vulnerabilities announced in QuickTime really matter. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 1
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 12 (#2, #3)
    • Linux
    • 2
    • Solaris
    • 2
    • Unix
    • 1
    • Cross Platform
    • 25 (#1, #4)
    • Web Application - Cross Site Scripting
    • 4
    • Web Application - SQL Injection
    • 23
    • Web Application
    • 30
    • Network Device
    • 7

******************** Sponsored By Sourcefire, Inc. *********************

SANS Real-time Adaptive Security White Paper

Real-time Adaptive Security is the next step beyond an IPS implementation. It gives you full network visibility, provides context around events so you know which ones to investigate first, reduces your false positives dramatically, offers automated impact assessment, introduces automated IPS tuning, and more. Let SANS tell you how. http://www.sans.org/ info/37493"> http://www.sans.org/ info/37493

*************************************************************************

TRAINING UPDATE - - SANS 2009 in Orlando in early March - the largest security training conference and expo in the world. lots of evening sessions: http://www.sans.org/ - - Looking for training in your own Community? http://sans.org/community/ For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************ SPONSORED LINKS ******************************

1) Take part in the SANS 5th Annual Log Management Survey: A Leading Source for Actionable Data on Key Issues and Trends. http://www.sans.org/info/37498

2) Visit the SANS Vendor Demo resource page to see the latest INFOSEC products & solutions in action! http://www.sans.org/info/37503

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Symantec AppStream Client ActiveX Control Multiple Vulnerabilities
  • Affected:
    • Symantec AppStream Client versions prior to 5.2.2 SP3 MP1

  • Description: AppStream is a popular enterprise application and data streaming application from Symantec. Part of its functionality is provided by an ActiveX control. This control contains multiple vulnerabilities in its handling of a variety of methods. A specially crafted web page that instantiated this control could exploit one of these vulnerabilities to execute arbitrary code with the privileges of the current user. Some technical details for these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "3356DB7C-58A7-11D4-AA5C-006097314BF8". Note that this could affect normal application functionality.

  • References:
  • (3) HIGH: Fujitsu Systemcast Wizard Lite Buffer Overflow
  • Affected:
    • Fujitsu Systemcast Wizard Lite versions prior to 2.0

  • Description: Fujitsu Systemcast Wizard Lite is a software setup component and part of the PRIMEQUEST software suite from Fujitsu. It contains a buffer overflow vulnerability in its handling of Pre-Execution Environment (PXE) requests. A specially crafted request could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable application (often SYSTEM). Full technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) MODERATE: Ralink Multiple Wireless Interfaces Remote Code Execution
  • Affected:
    • Ralink multiple wireless network interface devices

  • Description: Ralink is a popular manufacturer of wireless network interface devices and chipsets. Several of its drivers, for multiple platforms, are reported to be vulnerable to integer overflows in their processing of wireless network data. A specially crafted 802.11 (WiFi) network frame could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with kernel-level privileges. The attacker need not be a member of the same wireless network as the victim, but merely needs to be within wireless networking range. Some technical details are publicly available for this vulnerability. Note that this vulnerability has not yet been confirmed.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 4, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.4.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Mobile OBEX FTP Service Directory Traversal
  • Description: OBEX FTP service is a file transfer protocol service available for mobile devices running Microsoft Windows Mobile. This service is implemented in the Microsoft Bluetooth stack. Windows Mobile is exposed to a directory traversal issue in the OBEX FTP service because the application fails to sufficiently sanitize user-supplied data to the "-c" command-line parameter. Windows Mobile versions 5.0 and 6.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/500199
  • 09.4.2 - CVE: CVE-2003-1567
  • Platform: Other Microsoft Products
  • Title: Microsoft IIS HTTP TRACK Method Information Disclosure
  • Description: Microsoft Internet Information Service (IIS) is a webserver available for Microsoft Windows. IIS is exposed to an information disclosure issue because the undocumented TRACK method echoes the contents of HTTP requests in its responses to clients. IIS version 5.0 is vulnerable.
  • Ref: http://www.kb.cert.org/vuls/id/288308
  • 09.4.3 - CVE: CVE-2008-4770
  • Platform: Third Party Windows Apps
  • Title: RealVNC 4.1.2 "vncviewer.exe" RFB Protocol Remote Code Execution
  • Description: RealVNC (Virtual Network Computing) allows users to access remote computers for administration purposes. RealVNC Viewer is exposed to a remote code execution issue because it fails to properly validate server-supplied RFB protocol data. RealVNC version 4.1.2 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248526-1
  • 09.4.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Easy Grid ActiveX Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: Easy Grid ActiveX is a spreadsheet ActiveX control. Easy Grid ActiveX control is exposed to multiple issues that allow attackers to overwrite files with arbitrary, attacker-supplied content. Easy Grid ActiveX version 3.51 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.4.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TFTPUtil GUI TFTP GET Request Directory Traversal
  • Description: TFTPUtil GUI is a TFTP application available for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to TFTP GET requests. TFTPUtil GUI 1.2.0 and 1.3.0 are vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/archive/1/500106
  • 09.4.6 - CVE: CVE-2008-4388
  • Platform: Third Party Windows Apps
  • Title: Symantec AppStream Client "LaunchObj" ActiveX Control Arbitrary File Download
  • Description: Symantec AppStream Client is an application that allows users to deploy and manage application licenses. AppStream Client is exposed to an issue that can allow malicious files to be downloaded and saved to arbitrary locations on an affected computer. This issue occurs because the application fails to validate user-supplied data.
  • Ref: http://www.symantec.com/avcenter/security/Content/2009.01.15.html
  • 09.4.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TFTPUtil GUI Malformed Packet Remote Denial of Service
  • Description: TFTPUtil GUI is a TFTP server application available for Microsoft Windows. The application is exposed to a remote denial of service issue that occurs when handling TFTP server requests containing an excessively large filename. TFTPUtil GUI versions 1.2.0 and 1.3.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/500107
  • 09.4.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TimeTools NTP Time Server Syslog Monitor Remote Denial of Service
  • Description: TimeTools NTP Time Server Syslog Monitor is an application for Windows platforms for managing syslog entries. The application is exposed to a remote denial of service issue because it fails to handle user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/500108
  • 09.4.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MetaProducts MetaTreeX ActiveX Control "SaveToBMP()" Arbitrary File Overwrite
  • Description: MetaTreeX is an ActiveX control for displaying information in graphs on a web page. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. MetaTreeX ActiveX control version 1.5.100 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.4.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Excel Viewer OCX ActiveX "open()" Buffer Overflow
  • Description: Excel Viewer OCX is an ActiveX control that allows users to view and interact with Microsoft Excel documents in Win Forms or webpages. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. Excel Viewer OCX versions 3.1 and 3.2 are affected.
  • Ref: http://www.securityfocus.com/bid/33327
  • 09.4.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JamDTA ActiveX Control "SaveToFile()" Arbitrary File Overwrite
  • Description: JamDTA is ActiveX control that allows users to create DTA/DTAUS files that contain information about money transfers. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. JamDTA version 4.0.4 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.4.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SmartVMD ActiveX Control "SaveMaskToFile()" Arbitrary File Overwrite
  • Description: SmartVMD ActiveX control is a video motion detection control. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. SmartVMD version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33348
  • 09.4.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SmartVMD ActiveX Control "StartVideoSaving()" Method Arbitrary File Delete
  • Description: SmartVMD is an application for video motion detection. The ActiveX control is exposed to an issue that lets attackers delete arbitrary files on the affected computer. SmartVMD version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33346
  • 09.4.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
  • Description: easyHDR Pro is an image processing application available for Microsoft Windows. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. easyHDR Pro version 1.60.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500192
  • 09.4.15 - CVE: CVE-2009-0029
  • Platform: Linux
  • Title: Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation
  • Description: The Linux Kernel is exposed to a local privilege escalation issue because the software fails to properly validate userland arguments to 64-bit Application Binary Interface (ABI) system calls. Linux version 2.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=479969
  • 09.4.16 - CVE: CVE-2009-0031
  • Platform: Linux
  • Title: Linux Kernel "keyctl_join_session_keyring()" Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue because it fails to manage memory in a proper manner. This issue occurs because of a memory leak in the "keyctl_join_session_keyring()" function of the "security/keys/keyctl.c" source file. Linux kernel 2.6.x versions are affected. Ref: http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d54ee1c7850a954026deec4cd4885f331da35cc
  • 09.4.17 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun OpenSolaris "posix_fallocate(3C)" System Call Local Denial of Service
  • Description: Sun OpenSolaris is a UNIX-based operating system. OpenSolaris is exposed to a local denial of service issue. Specifically, an unspecified problem occurs in the "posix_fallocate(3C)" system call that can allow local users to panic the system, effectively denying service to legitimate users.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239188-1
  • 09.4.18 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "lpadmin" and "ppdmgr" Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a local denial of service issue. Specifically, an unspecified problem exists in the "lpadmin(1M)" and "ppdmgr(1M)" print utilities in certain unspecified circumstances.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249306-1
  • 09.4.19 - CVE: CVE-2008-2367, CVE-2008-2368
  • Platform: Unix
  • Title: Red Hat Certificate System Multiple Local Information Disclosure Vulnerabilities
  • Description: Red Hat Certificate System (RHCS) is an enterprise-level Public Key Infrastructure (PKI) deployment manager. The application is exposed to multiple information disclosure issues because of insecure storage of authentication credentials.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=452000
  • 09.4.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Remote Denial of Service Vulnerabilities
  • Description: IBM DB2 is a Database Management System. The application is exposed to multiple remote denial of service issues. Specifically, the issues occur when processing a malformed "CONNECT" data stream or other unspecified malformed data streams. IBM DB2 versions prior to 9.1 FP6a and 9.5 FP3a are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21363936
  • 09.4.21 - CVE: CVE-2008-3821
  • Platform: Cross Platform
  • Title: Cisco IOS HTTP Server Multiple Cross-Site Scripting Vulnerabilities
  • Description: Cisco IOS HTTP Server is a webserver for the Cisco IOS operating system. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
  • 09.4.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Access Manager Information Disclosure
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. It was formerly called Sun Java System Identity Server. The application is exposed to a remote information disclosure issue because the application may reveal passwords to remote users who have privileges to access the administration console.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242166-1
  • 09.4.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Access Manager "sub-realm" Privilege Escalation
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. It was formerly called Sun Java System Identity Server. Sun Java System Access Manager is exposed to a privilege escalation issue. Successfully exploiting this issue may result in the complete compromise of affected applications.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249106-1
  • 09.4.24 - CVE: CVE-2009-0053, CVE-2009-0054, CVE-2009-0055,CVE-2009-0056
  • Platform: Cross Platform
  • Title: Cisco IronPort Encryption Appliance and PostX Multiple Remote Vulnerabilities
  • Description: Cisco IronPort Encryption Appliance and PostX are email encryption applications for use with IronPort appliances. The applications are exposed to multiple issues. Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml
  • 09.4.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Browsers JavaScript Engine Cross Domain Information Disclosure
  • Description: Multiple web browsers are exposed to a cross-domain information disclosure issue because the applications fail to properly enforce the same-origin policy. This issue occurs in an unspecified JavaScript function, and allows malicious JavaScript from one site to determine all sites the browser is currently logged into.
  • Ref: http://www.securityfocus.com/bid/33276
  • 09.4.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NetSurf Multiple Memory Corruption Vulnerabilities
  • Description: NetSurf is a web browser for RISC and UNIX-like operating systems. NetSurf is exposed to multiple memory corruption issues. Successful exploits allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely crash the application. NetSurf version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33279
  • 09.4.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun SPARC Enterprise Server Authentication Bypass
  • Description: Sun SPARC Enterprise Server is part of a new generation of mid-range data center-class systems. The server is exposed to an authentication bypass issue due to a default configuration error. This error undermines the security of the root password.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249126-1
  • 09.4.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Avira AntiVir Products "CreateProcess()" Local Privilege Escalation
  • Description: Avira develops antivirus products for various operating systems. The applications are exposed to a local privilege escalation issue because they insecurely make a "CreateProcess()" function call.
  • Ref: http://www.securityfocus.com/archive/1/500124
  • 09.4.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: "nfs-utils" Package for Fedora 9 and 10 TCP Wrappers Security Bypass
  • Description: The "nfs-utils" package provides a daemon for the kernel NFS server and related tools. The application is exposed to a security bypass issue because it was not properly built with TCP Wrappers support.
  • Ref: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-0266
  • 09.4.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ganglia gmetad "process_path()" Remote Stack Buffer Overflow
  • Description: Ganglia is a distributed monitoring system for high-performance computing systems. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.mail-archive.com/ganglia-developers@lists.sourceforge. net/msg04929.html
  • 09.4.31 - CVE: CVE-2008-5516
  • Platform: Cross Platform
  • Title: Git Snapshot Generation and Pickaxe Search Arbitrary Command Injection
  • Description: Git is an open source version control application. The application is exposed to an issue that lets attackers inject arbitrary commands. The issue occurs because the application fails to sufficiently sanitize user-supplied input. The issue occurs in the snapshot generation and pickaxe search functionality.
  • Ref: http://www.securityfocus.com/bid/33355
  • 09.4.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PDFjam Multiple Unspecified Security Vulnerabilities
  • Description: PDFjam is a collection of scripts that are used to add new functionality to pdfLaTeX. The application is exposed to multiple issues due to unspecified errors. PDFjam versions prior to 1.21 are affected. Ref: http://freshmeat.net/projects/pdfjam/?branch_id=50084&release_id=292496
  • 09.4.33 - CVE: CVE-2008-3864, CVE-2008-3865, CVE-2008-3866
  • Platform: Cross Platform
  • Title: Trend Micro Multiple Products Network Security Component Modules Multiple Vulnerabilities
  • Description: Multiple products from Trend Micro are exposed to multiple security issues that affect the Network Security Component modules. Successful exploits may allow attackers to crash the application, execute arbitrary code with SYSTEM privileges, or bypass security. Ref: http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt
  • 09.4.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ICEsoft Technologies ICEbrowser Remote Denial of Service
  • Description: ICEsoft Technologies ICEbrowser is a Java development browser that renders web content in Java enterprise applications. ICEbrowser is exposed to a remote denial of service issue when handling specially crafted web pages. The issue arises when a user visits a site that supplies a large amount of string values to the application using the JavaScript "decodeURI()" function. ICEsoft Technologies ICEbrowser version 6.1.2 running on Novell NetWare 6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/33307
  • 09.4.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FFmpeg File Parsing Multiple Buffer Overflow Vulnerabilities
  • Description: FFmpeg is an application used to record, convert and stream audio and video. Since it fails to perform adequate checks on user-supplied input, the application is exposed to multiple buffer overflow issues. FFmpeg version 0.4.9 is affected.
  • Ref: http://www.securityfocus.com/bid/33308
  • 09.4.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Syslserve Remote Denial of Service
  • Description: Syslserve is an application for managing syslog entries for distributed environments. The application is exposed to a remote denial of service issue because it fails to handle user-supplied input. Syslserve version 1.058 is affected. Ref: http://www.princeofnigeria.org/blogs/index.php/2009/01/15/syslserve-1-058-denial-of-service-vulner
  • 09.4.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sophos TAO/Remote Management System (RMS) GIOP Message Remote Denial of Service
  • Description: Sophos Remote Management System (RMS) is an application within Anti-Virus. TAO is a third-party Object Request Broker used within RMS. TAO/RMS is exposed to a remote denial of service issue because it fails to handle very large or corrupt GIOP messages. Remote Management System versions prior to 3.0.9 are affected. Ref: http://www.sophos.com/support/knowledgebase/article/51420.html?_log_from=rss
  • 09.4.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: dkim-milter "p" flag Remote Denial of Service
  • Description: dkim-milter is a package that consists of two parts: a plugin for Sendmail and a library for creating DKIM-compliant applications. The application is exposed to a remote denial of service issue. An attacker can exploit the issue by sending messages that contain a key record with an empty "p" flag value. dkim-milter versions prior to 2.8.1 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=654247
  • 09.4.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fujitsu Systemcast Wizard Lite PXE Request Remote Buffer Overflow
  • Description: Fujitsu Systemcast Wizard Lite is a support application for Fujitsu PRIMEQUEST servers. Systemcast Wizard Lite is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Systemcast Wizard Lite versions 2.0A and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/500172
  • 09.4.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: QNX RTOS Malformed ELF Binary File Local Denial Of Service
  • Description: QNX RTOS is a realtime operating system available for various embedded processors. QNX RTOS is exposed to a local denial of service issue when handling malformed ELF binary files. QNX RTOS version 6.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33352
  • 09.4.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Application Server Oracle Containers for J2EE Directory Traversal
  • Description: Oracle Containers for J2EE is the Java runtime component of Oracle Application Server. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Oracle Application Server 10g version 10.1.3.1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500201
  • 09.4.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenSG "OSGHDRImageFileType.cpp" Radiance RGBE File Stack Buffer Overflow
  • Description: OpenSG is a portable scenegraph system used to create realtime graphics programs for virtual reality applications. OpenSG is exposed to a stack-based buffer overflow issue because it fails to properly bounds check user-supplied data. OpenSG version 1.8.0 is affected.
  • Ref: http://secunia.com/secunia_research/2008-60/
  • 09.4.43 - CVE: CVE-2008-5903
  • Platform: Cross Platform
  • Title: xrdp "xrdp_bitmap_def_proc()" Memory Corruption
  • Description: The "xrdp" program is a remote desktop protocol (RDP) server. The application is exposed to a memory corruption issue because it fails to perform adequate checks on user-supplied data. xrdp versions 0.4.1 and earlier are affected.
  • Ref: http://openwall.com/lists/oss-security/2009/01/12/3
  • 09.4.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Total Video Player "DefaultSkin.ini" Remote Buffer Overflow
  • Description: Total Video Player is a media player. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Total Video Player version 1.31 is affected.
  • Ref: http://www.securityfocus.com/bid/33373
  • 09.4.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: 53KF Web IM "msg" Parameter Cross-Site Scripting
  • Description: 53KF Web IM is an instant messenger application for use within a browser. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "msg" parameter in the "sendmsg()" function.
  • Ref: http://www.securityfocus.com/archive/1/500169
  • 09.4.46 - CVE: CVE-2009-0026
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Jackrabbit "q" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: Apache Jackrabbit is an implementation of the Content Repository for Java Technology API (JCR). The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "q" parameter of the "search.jsp" and "swr.jsp" scripts. Apache Jackrabbit versions prior to 1.5.2 are affected.
  • Ref: https://issues.apache.org/jira/browse/JCR-1925
  • 09.4.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MoinMoin "AttachFile.py" Cross-Site Scripting
  • Description: MoinMoin is a freely available, open-source wiki written in Python. It is available for UNIX and Linux platforms. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "rename" parameter in the "action/AttachFile.py" source file. MoinMoin versions prior to 1.8.1 are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/500197
  • 09.4.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Horde XSS Filter Cross-Site Scripting
  • Description: Horde is a suite of applications. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. The issue occurs in the cross-site scripting filter and only affects Horde running on Internet Explorer. Horde versions prior to 3.2.3 and 3.3.1 are affected.
  • Ref: http://lists.horde.org/archives/announce/2008/000472.html
  • 09.4.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Netvolution CMS "default.asp" SQL Injection
  • Description: Netvolution is an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bpe_nid" parameter of the "default.asp" script. Netvolution CMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33259
  • 09.4.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dark Age CMS "login.php" SQL Injection
  • Description: Dark Age CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "Login" and "Pass" textboxes of the "login.php" script when logging in to the affected application. Dark Age CMS version 0.2c beta is affected.
  • Ref: http://www.securityfocus.com/bid/33271
  • 09.4.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Syzygy CMS "login.php" SQL Injection
  • Description: Syzygy CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "Login" and "Pass" textboxes of the "login.php" script when logging in to the affected application. Syzygy CMS version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/33274
  • 09.4.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Eventing Component for Joomla! "com_eventing" SQL Injection
  • Description: The "com_eventing" component is a plugin for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33296
  • 09.4.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! RD-Autos Component SQL Injection
  • Description: The RD-Autos component is a plugin for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_rdautos" component before using it an SQL query. RD-Autos version 1.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33297/references
  • 09.4.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Free Bible Search "readbible.php" SQL Injection
  • Description: Free Bible Search is a PHP-based application for searching text contained in the bible. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "version" parameter of the "readbible.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33301
  • 09.4.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Blue Eye CMS "clanek" Parameter SQL Injection
  • Description: Blue Eye CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "clanek" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33303
  • 09.4.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LinksPro "OrderDirection" Parameter SQL Injection
  • Description: LinksPro is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "OrderDirection" parameter of the "default.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33305
  • 09.4.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Masir Camp "SearchKeywords" Parameter SQL Injection
  • Description: Masir Camp is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "SearchKeywords" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33309
  • 09.4.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: w3bcms "admin/index.php" SQL Injection
  • Description: w3bcms is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "action" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/33310
  • 09.4.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eFAQ Login SQL Injection
  • Description: eFAQ is an ASP-based frequently asked question (FAQ) script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "username" and "password" textboxes when logging in to the affected application.
  • Ref: http://www.securityfocus.com/bid/33316
  • 09.4.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WarHound Walking Club "login.aspx" Multiple SQL Injection Vulnerabilities
  • Description: WarHound Walking Club is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "login.aspx" script.
  • Ref: http://www.securityfocus.com/bid/33317
  • 09.4.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WarHound Ping IP "admin.aspx" Multiple SQL Injection Vulnerabilities
  • Description: WarHound Ping IP is a tool for maintaining a database of IP addresses for pinging. It is implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "ping/admin.aspx" script.
  • Ref: http://www.securityfocus.com/bid/33319
  • 09.4.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eReservations Login SQL Injection
  • Description: eReservations is a web-based reservation application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "username" and "password" textboxes when logging in to the affected application.
  • Ref: http://www.securityfocus.com/bid/33321
  • 09.4.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActionCalendar "admin.asp" Multiple SQL Injection Vulnerabilities
  • Description: ActionCalendar is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "user" and "pass" parameters of the "admin.asp" script. ActionCalendar version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/33326
  • 09.4.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BibCiter Multiple SQL Injection Vulnerabilities
  • Description: BibCiter is a PHP-based content manager for bibliographic references. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. BibCiter version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/33329
  • 09.4.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo gigCalendar Component "id" Parameter SQL Injection
  • Description: gigCalendar is a PHP-based component for the Joomla! and Mambo content managers. gigCalendar is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_gigcal" component before using it in an SQL query. gigCalendar version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33332
  • 09.4.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AV Book Library Multiple SQL Injection Vulnerabilities
  • Description: AV Book Library is a PHP-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. AV Book Library versions prior to 1.1 are affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=2219743&group_id=209711&atid=1010816
  • 09.4.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_pccookbook" Component "recipe_id" Parameter SQL Injection
  • Description: The "com_pccookbook" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "recipe_id" parameter of the "com_pccookbook" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33346
  • 09.4.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_news" Component "id" Parameter SQL Injection
  • Description: The "com_news" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_news" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33350
  • 09.4.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! WATicketSystem Component "catid" SQL Injection
  • Description: WATicketSystem is a ticket system component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_waticketsystem" script.
  • Ref: http://www.securityfocus.com/bid/33353
  • 09.4.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Auction Pro OOPD "id" Parameter SQL Injection
  • Description: AJ Auction Pro OOPD is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "do" parameter is set to "search" before using it in an SQL query. AJ Auction Pro OOPD version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/33366
  • 09.4.71 - CVE: CVE-2009-0121
  • Platform: Web Application - SQL Injection
  • Title: Goople CMS "password" Parameter SQL Injection
  • Description: Goople CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" parameter of the "frontpage.php" script before using it in an SQL query. Goople CMS version 1.8.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33370
  • 09.4.72 - CVE: Not Available
  • Platform: Web Application
  • Title: phpList "admin/index.php" Local File Include
  • Description: phpList is a newsletter manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "_SERVER[ConfigFile]" of the "admin/index.php" script. phpList version 2.10.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500057
  • 09.4.73 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Photo Album "preview" Parameter Local File Include
  • Description: PHP Photo Album is a web-based photo gallery application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "preview" parameter of the "index.php" script. PHP Photo Album version 0.8 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/33277
  • 09.4.74 - CVE: Not Available
  • Platform: Web Application
  • Title: DMXReady SDK Arbitrary File Download
  • Description: DMXReady SDK a web-based application implemented in ASP. The applciation is exposed to an arbitrary file download issue because it fails to sufficiently sanitize user-supplied input to the "filelocation" parameter of the "download_link.asp" script before returning the requested file. DMXReady SDK versions 1.1 and earlier are affected. Ref: http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12
  • 09.4.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Notify Module Security Bypass
  • Description: The Drupal Notify module is used to subscribe to email notifications from web sites. The Drupal Notify module is affected by a security bypass issue. This issue may allow authenticated users to gain access to the resources with the privileges of another user. Drupal versions 5.x prior to 5.x-1.2 are affected.
  • Ref: http://drupal.org/node/359144
  • 09.4.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Internationalizaion Module Security Bypass
  • Description: The Drupal Internationalizaion module gives sites the ability to localize content. The module is exposed to a security bypass issue that may allow attackers to gain access to sensitive areas of the application without the appropriate privileges. Drupal Internationalizaion Module versions prior to 5.x-2.5 are affected.
  • Ref: http://drupal.org/node/358958
  • 09.4.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Security Bypass Vulnerability and SQL Injection Weakness
  • Description: Drupal is a PHP-based content manager. Drupal is exposed to a security bypass issue and a weakness that can be used to perform SQL injection attacks. The security bypass issue stems from an issue in the Content Translation module. Drupal versions prior to 5.15 and 6.9 are affected.
  • Ref: http://drupal.org/node/358957
  • 09.4.78 - CVE: Not Available
  • Platform: Web Application
  • Title: AN Guestbook "country" Parameter HTML Injection
  • Description: AN Guestbook is a guest book application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. AN Guestbook versions prior to 0.7.7 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=653720
  • 09.4.79 - CVE: Not Available
  • Platform: Web Application
  • Title: DMXReady Billboard Manager "upload_document.asp" Arbitrary File Upload
  • Description: DMXReady Billboard Manager is a web-based bulletin board application implemented in ASP. The application is exposed to an issue that lets attackers upload arbitrary files. The problem occurs because the "upload_document.asp" script only validates the extension of an uploaded file, not the contents. DMXReady Billboard Manager version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33295
  • 09.4.80 - CVE: Not Available
  • Platform: Web Application
  • Title: MKPortal Multiple Security Vulnerabilities
  • Description: MKPortal is a PHP-based content manager. The application is exposed to multiple security issues. MKPortal version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33300
  • 09.4.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Red Hat Squirrelmail Package Session Management
  • Description: SquirrelMail is a web-based email client. The Red Hat "squirrelmail" package is exposed to an authentication bypass issue because of a session-handling error introduced by patches provided by Red Hat Security Advisory RHSA-2009:0010.
  • Ref: http://www.securityfocus.com/bid/33354
  • 09.4.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Ninja Blog Comments HTML Injection
  • Description: Ninja Blog is a PHP-based weblog application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Ninja Blog version 4.8 is affected.
  • Ref: http://www.securityfocus.com/bid/33356
  • 09.4.83 - CVE: Not Available
  • Platform: Web Application
  • Title: GNUBoard "common.php" Remote File Include
  • Description: GNUBoard is a PHP-based bulletin board application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "g4_path" parameter of the "common.php" script. GNUBoard version 4.31.03 is affected.
  • Ref: http://www.securityfocus.com/bid/33304
  • 09.4.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Active Auction "search" Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Active Auction is a web-based application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Active Auction House and Active Auction Pro are affected.
  • Ref: http://www.securityfocus.com/bid/33306
  • 09.4.85 - CVE: Not Available
  • Platform: Web Application
  • Title: DMXReady Blog Manager "inc_weblogmanager.asp" Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: DMXReady Blog Manager is ASP-based blog application. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "ItemID" parameter of the "inc_webblogmanager.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/500146
  • 09.4.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Active Bids Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Active Bids is a web-based auction script implemented in ASP. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Active Bids version 3.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500144
  • 09.4.87 - CVE: Not Available
  • Platform: Web Application
  • Title: RankEm "rankup.asp" Cookie Manipulation and Cross-Site Scripting Vulnerabilities
  • Description: RankEm is a ASP-based content manager. RankEm is exposed to a cookie manipulation issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "siteID" parameter of the "rankup.asp" script.
  • Ref: http://www.securityfocus.com/bid/33324
  • 09.4.88 - CVE: Not Available
  • Platform: Web Application
  • Title: BlogIt! "index.asp" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: BlogIt! is a web-based blog application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/33325
  • 09.4.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple PHP Newsletter "olang" Parameter Multiple Local File Include Vulnerabilities
  • Description: Simple PHP Newsletter is a mailing list manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "olang" parameter of the "mail.php" and "mailbar.php" scripts. Simple PHP Newsletter version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/33327
  • 09.4.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple AJ Classifieds Scripts "index.php" Arbitrary File Upload
  • Description: AJ Classifieds Personals, Real Estate and For Sale are PHP-based classifieds applications. The applications are exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files via the "index.php" script when the "do" parameter is set to "postad".
  • Ref: http://www.securityfocus.com/bid/33328
  • 09.4.91 - CVE: Not Available
  • Platform: Web Application
  • Title: WSS-PRO SCMS "index.php" Local File Include
  • Description: SCMS (Simple Content Management System) is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "p" parameter of the "index.php" script. SCMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33330
  • 09.4.92 - CVE: Not Available
  • Platform: Web Application
  • Title: FhImage "g_desc" Parameter Remote Command Execution
  • Description: FhImage is a PHP-based image gallery script. FhImage is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "g_desc" parameter of the "imgconfig/index.php" script when the "mod" parameter is set to "write". FhImage version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33334
  • 09.4.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Enhanced Simple PHP Gallery Directory Traversal
  • Description: Enhanced Simple PHP Gallery is a PHP-based photo gallery based on Simple PHP Gallery by Paul Griffin. Enhanced Simple PHP Gallery is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "comment.php" script. Enhanced Simple PHP Gallery version 1.72 is affected.
  • Ref: http://www.securityfocus.com/bid/33335
  • 09.4.94 - CVE: Not Available
  • Platform: Web Application
  • Title: WebSVN Known Path Access Restriction Security Bypass
  • Description: WebSVN is an online SVN repository viewer. The application is exposed to a security bypass issue because it fails to properly implement access control mechanisms. WebSVN versions prior to 2.1 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1390
  • 09.4.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Ninja Blog "cat" Parameter Directory Traversal
  • Description: Ninja Blog is a PHP-based content management application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "cat" parameter of the "index.php" script. Ninja Blog version 4.8 is affected.
  • Ref: http://www.push55.co.uk/index.php?s=ad&id=6
  • 09.4.96 - CVE: Not Available
  • Platform: Web Application
  • Title: streber Prior to 0.09 Multiple Unspecified Security Vulnerabilities
  • Description: streber is a PHP-based project management application. The application is exposed to multiple remote security issues caused by unspecified errors. streber versions prior to 0.09 are affected.
  • Ref: http://www.securityfocus.com/bid/33364
  • 09.4.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Max.Blog "delete.php" Delete Post Authentication Bypass
  • Description: Max.Blog is a web application. Max.Blog is exposed to an authentication bypass issue because it fails to properly enforce privilege requirements when deleting blog posts. This issue affects the "delete.php" script. Max.Blog version 1.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/33368
  • 09.4.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Dodo's Quiz Script "dodosquiz.php" Local File Include
  • Description: Dodo's Quiz Script is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "n" parameter of the "dodosquiz.php" script. Dodo's Quiz Script version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33369
  • 09.4.99 - CVE: CVE-2008-5734
  • Platform: Web Application
  • Title: RoundCube Webmail Background Attributes Email Message HTML Injection
  • Description: RoundCube Webmail is a web-based IMAP email client. The application is exposed to an HTML injection issue because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. RoundCube Webmail version 0.2-stable is affected.
  • Ref: http://www.securityfocus.com/bid/33372
  • 09.4.100 - CVE: Not Available
  • Platform: Web Application
  • Title: LinPHA Photo Gallery "lib/lang/language.php" Remote Command Execution
  • Description: LinPHA Photo Gallery is a PHP-based photo gallery application. The application is exposed to an issue that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately validate user-supplied input passed to the "/lib/lang/language.php" script. LinPHA Photo Gallery version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33375
  • 09.4.101 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Multiple Remote Vulnerabilities
  • Description: TYPO3 is a web-based content manager. The application is exposed to multiple issues. TYPO3 versions prior to 4.0.10, 4.1.8 or 4.2.4 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
  • 09.4.102 - CVE: CVE-2008-3818
  • Platform: Network Device
  • Title: Cisco ONS Control Card Remote Denial of Service
  • Description: Cisco ONS is a storage device developed by Cisco. The device is exposed to a denial of service issue when handling specially crafted TCP traffic sent to the control cards contained on a node. This issue will cause packets to be dropped only when transmitting data through a synchronize channel.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090114-ons.shtml
  • 09.4.103 - CVE: CVE-2008-4444
  • Platform: Network Device
  • Title: Cisco Unified IP Phone 7960G and 7940G RTP Remote Denial of Service
  • Description: Cisco Unified IP 7960G and 7940G are voice over IP (VoIP) phones. Cisco Unified IP 7960G and 7940G are exposed to a remote denial of service issue that resides in phones configured to use SIP.
  • Ref: http://www.securityfocus.com/archive/1/500059
  • 09.4.104 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple Avira Products RAR Handling Remote Denial of Service
  • Description: Multiple Avira products are exposed to a remote denial of service issue. This issue occurs because the applications fail to handle certain fields in malformed RAR files.
  • Ref: http://www.securityfocus.com/archive/1/500116
  • 09.4.105 - CVE: Not Available
  • Platform: Network Device
  • Title: WowWee Rovio Access Control Multiple Unauthorized Access Vulnerabilities
  • Description: WowWee Rovio a WI-FI enabled web camera. The device is exposed to multiple unauthorized access issues that occur because the device's firmware fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/500056
  • 09.4.106 - CVE: Not Available
  • Platform: Network Device
  • Title: IBM Hardware Management Console (HMC) Unspecified
  • Description: IBM Hardware Management Console (HMC) enables an administrator to manage the configuration and operation of partitions in a computer and to monitor the computer for hardware problems. The application is exposed to an unspecified issue that affects HMC version 7R3.2.0 Service Pack 1. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4521
  • 09.4.107 - CVE: Not Available
  • Platform: Network Device
  • Title: Sagem F@st 2404 Router "restoreinfo.cgi" Unauthorized Access
  • Description: Sagem F@st 2404 is a high-speed wireless router. Sagem F@st 2404 is exposed to an unauthorized access issue because it fails to properly restrict access to the "restoreinfo.cgi" script.
  • Ref: http://www.securityfocus.com/archive/1/500150
  • 09.4.108 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple Ralinktech Wireless Drivers MAC/BSS/SSID Integer Overflow
  • Description: Ralink USB Wireless Adapter (RT73) is a wireless network adapter. Multiple Ralinktech wireless drivers are exposed to an integer overflow issue because they fail to ensure that integer values are not overrun. Ralink USB Wireless Adapter (RT73) version 3.08 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500168

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS courses bring the best of the best to one place to learn cutting edge information.
-Jeremy Baca, LMIT at Sandia National Labs

SANS 2010-sky-c

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT