Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 44
October 29, 2009

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • -------------------------- -------------------------------------
    • Windows
    • 1
    • Third Party Windows Apps
    • 10
    • Linux
    • 12
    • Solaris
    • 4
    • Unix
    • 2
    • Cross Platform
    • 37 (#1, #2, #3, #4, #5)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 7
    • Web Application
    • 18
    • Network Device
    • 7

************************** Sponsored By Oracle **************************

UPCOMING WEBCAST: Making Database Security an IT Security Priority WHEN: Wednesday, November 4, 2009 at 1:00 PM EST (1800 UTC/GMT) FEATURING: Oracle expert, Tanya Baccam, and Oracle Senior Director, Roxana Bradescu.

https://www.sans.org/info/50099

Sponsored By: Oracle http://www.oracle.com/index.html

Those who sign up to participate in this webcast will be the first to read a new, comprehensive whitepaper on this subject.

*************************************************************************

TRAINING UPDATE

- -- SANS Middle East, October 31-November 11 https://www.sans.org/middleeast09/

- -- SANS San Francisco, November 9-14 https://www.sans.org/sanfrancisco09

- -- SANS Sydney, November 9-14 https://sans.org/sydney09/

- -- SANS Hong Kong, November 9-14 https://www.sans.org/hong-kong-forensics-2009/

- -- SANS Vancouver, November 14-19 https://www.sans.org/vancouver09/

- -- SANS London, UK, November 28-December 9 https://sans.org/london09/

- -- SANS CDI, Washington DC, December 11-18, https://www.sans.org/cyber-defense-initiative-2009

- -- SANS Security East 2010, New Orleans, January 10-18, 2010 19 courses, bonus evening presentations https://www.sans.org/security-east-2010/

Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at http://www.sans.org /ondemand/"> http://www.sans.org /ondemand/

For a list of all upcoming events, on-line and live: http://www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

**************************** Sponsored Link: ***************************

1) What open source tools are the best-kept secrets? Find out - the Incident Detection Summit December 9-10.

http://www.sans.org/info/50104

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Oracle Products Multiple Vulnerabilities (CPU October 2009)
  • Affected:
    • Oracle Database 11g, version 11.1.0.7
    • Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
    • Oracle Database 10g, version 10.1.0.5
    • Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
    • Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.4.0, 10.1.3.5.0
    • Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0
    • Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.0, 10.1.3.4.1
    • Oracle E-Business Suite Release 12, versions 12.0.6, 12.1
    • Oracle E-Business Suite Release 11i, version 11.5.10.2
    • AutoVue, version 19.3
    • Agile Engineering Data Management (EDM), version 6.1
    • PeopleSoft PeopleTools & Enterprise Portal, version 8.49
    • PeopleSoft Enterprise HCM (TAM), version 9.0
    • JDEdward Tools, version 8.98
    • Oracle WebLogic Server 10.0 through MP1 and 10.3
    • Oracle WebLogic Server 9.0 GA, 9.1 GA and 9.2 through 9.2 MP3
    • Oracle WebLogic Server 8.1 through 8.1 SP5
    • Oracle WebLogic Server 7.0 through 7.0 SP6
    • Oracle WebLogic Portal, versions 8.1 through 8.1 SP6, 9.2 through 9.2
    • MP3, 10.0 through 10.0MP1, 10.2 through 10.2MP1 and 10.3 through 10.3.1
    • Oracle JRockit R27.6.4 and earlier (JDK/JRE 6, 5, 1.4.2)
    • Oracle Communications Order and Service Management, versions 2.8.0, 6.2.0, 6.3.0 and 6.3.1

  • Description: Oracle has released a cumulative security patch for a wide range of its products on October 15, 2009. This Critical Patch Update contains 38 new security fixes across different products. Flaws addressed in this update include remote command execution vulnerabilities, denial of service issues, information disclosure vulnerabilities, SQL injection vulnerabilities, security restrictions bypass issues, and certain data manipulation. Authenticated users are required to exploit most of these vulnerabilities. Some technical details for some of these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) HIGH: Opera Multiple Vulnerabilities
  • Affected:
    • Opera versions prior to 10.01

  • Description: Opera is a popular cross-platform Web browser developed by Opera Software company. Multiple vulnerabilities have been identified in Opera that might lead to information disclosure, security bypass, or compromise of the affected system. The first issue is a memory corruption error in Opera, caused by specially crafted domain names. Successful exploitation of this vulnerability might allow an attacker to execute arbitrary code. The second issue is that Opera allows scripts to be run on the feed subscription page, which might be lead to automatic subscription of feeds or reading other feeds. The third issue is caused by Opera incorrectly using the Web fonts which might be used to conduct spoofing attacks. Some technical details for these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) HIGH: Sun Java System Web Server Buffer Overflow Vulnerability
  • Affected:
    • Sun Java System Web Server 7.x

  • Description: Sun Java System Web server is a cross-platform web server developed by Sun Microsystems designed mainly for medium and large business applications. An buffer overflow vulnerability has been reported in Sun Java System Web Server. The vulnerability is caused by an unspecified error resulting from inadequate boundary checks on the user supplied inputs. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Technical details for this vulnerability are not publicly available.

  • Status: Vendor not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 44, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7553 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.44.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure
  • Description: Microsoft SharePoint is an integrated server application providing content management and search capabilities. The application is exposed to an information disclosure issue that lets attackers access certain files that contain source code. SharePoint version 2007 is affected by this issue.
  • Ref: http://support.microsoft.com/kb/976829
  • 09.44.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DWebPro "file" Parameter Remote Command Execution
  • Description: DWebPro is web server available for flash devices and CD/DVD. The application is exposed to an arbitrary command execution because it fails to adequately sanitize user-supplied input to the "file" parameter in the "dwebpro/start" script.
  • Ref: http://www.securityfocus.com/archive/1/507241
  • 09.44.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EMC Documentum ApplicationXtender Admin Agent Multiple Vulnerabilities
  • Description: EMC Documentum ApplicationXtender is a content manager. The application is exposed to an arbitrary file upload issue and a heap based memory corruption issue which occurs in the Admin Agent service "aws_tmxn.exe" of the Workflow Server that may allow attackers to overwrite arbitrary files with SYSTEM level privileges or cause denial-of-service conditions. EMC Documentum ApplicationXtender versions earlier than 5.40 SP1 are affected by this issue.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-095/ http://www.zerodayinitiative.com/advisories/ZDI-08-096/
  • 09.44.4 - CVE: CVE-2009-3744
  • Platform: Third Party Windows Apps
  • Title: EMC RepliStor Server "rep_serv.exe" Remote Denial of Service
  • Description: EMC RepliStor Server is a file server. The application is exposed to a remote denial of service issue because the application fails to handle an excessive amount of data sent to the "rep_serv.exe" service. EMC RepliStor Server version 6.3.1.3 is affected by this issue.
  • Ref: http://www.securityfocus.com/archive/1/507322
  • 09.44.5 - CVE: CVE-2009-3749
  • Platform: Third Party Windows Apps
  • Title: Websense Email Security and Email Manager "STEMWADM.EXE" Remote Denial of Service
  • Description: Websense Email Security and Email Manager are security applications. The applications are exposed to a remote denial of service vulnerability in the the Web Administrator frontend service "STEMWADM.EXE" listening on TCP port 8181 by default because it fails to handle specially crafted HTTP GET requests. Websense Email Security versions earlier than 7.1 Hotfix 4 and Websense Personal Email Manager versions earlier than 7.1 Hotfix 4 are affected by this issue.
  • Ref: http://sotiriu.de/adv/NSOADV-2009-002.txt
  • 09.44.6 - CVE: CVE-2009-3524
  • Platform: Third Party Windows Apps
  • Title: Avast! Insecure Program File Permissions Local Privilege Escalation
  • Description: Avast! Antivirus is an application that provides virus protection. The application is exposed to a local privilege escalation issue because it installs the "avast4.ini" file in the data folder "%Program Files%Alwil SoftwareAvast4Data" with "Full Control" permissions for the "Everyone" group. Avast! Professional Edition version 4.8.1351 and earlier and Avast! Home are affected. Edition version 4.8.1351 and earlier are affected by this issue.
  • Ref: http://www.avast.com/eng/avast-4-home_pro-revision-history.html
  • 09.44.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Pegasus Mail POP3 Response Remote Buffer Overflow
  • Description: Pegasus Mail is an email client for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to properly sanitize user-supplied input, specifically when handling excessive amounts of data in an "-ERR" response from a POP3 mail server. Pegasus Mail version 4.51 affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36797
  • 09.44.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Gpg4win Remote Denial of Service
  • Description: Gpg4win is an email and file encryption application. The application is exposed to a remote denial of service issue specifically when a crafted input is supplied to the application clipboard for verification.
  • Ref: http://www.securityfocus.com/bid/36811
  • 09.44.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cherokee Web Server Malformed Packet Remote Denial of Service
  • Description: Cherokee Web Server is a webserver available for Microsoft Windows. The application is exposed to a remote denial of service issue because it fails to handle specially crafted "AUX" network packets. Cherokee Web Server version 0.5.4 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36814/references
  • 09.44.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation
  • Description: Rising Antivirus, Rising Internet Security and Rising Personal Firewall are security products available for Microsoft Windows. The applications are exposed to a local privilege escalation issue because they install program files with "Full Control" permissions. Rising Antivirus 2009, Rising Internet Security 2009 and Rising Personal Firewall 2009 are affected by this issue.
  • Ref: http://seclists.org/bugtraq/2009/Oct/247
  • 09.44.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AOL AIM "sipXtapi.dll" Multiple Buffer Overflow Vulnerabilities
  • Description: AOL AIM is a instant-messaging client. The application is exposed to two heap based buffer overflow issues in the SIP protocol implementation library, "sipXtapi.dll" that occurs due to a signedness error when a crafted RTCP sender report packet is sent to the application and when a crafted RTP header "Extension Length" is sent to the application, because it fails to perform adequate boundary checks on user-supplied data. AOL AIM versions earlier than 6.8.7.7 are affected by this issue.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-097/ http://www.zerodayinitiative.com/advisories/ZDI-08-098/
  • 09.44.12 - CVE: CVE-2009-3613
  • Platform: Linux
  • Title: Linux Kernel "/drivers/net/r8169.c" Out-of-IOMMU Error Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. It is exposed to this issue because it fails to properly handle large packet frames with certain hardware and the issue resides in the "drivers/net/r8169.c" source file and an out-of-IOMMU error can be triggered with a Maximum Transmission Unit (MTU) larger than 1500. Linux kernel version earlier than 2.6.26.4 are affected by this issue.
  • Ref: http://bugzilla.redhat.com/show_bug.cgi?id=529137#c0 http://www.openwall.com/lists/oss-security/2009/10/15/4
  • 09.44.14 - CVE: CVE-2009-2911
  • Platform: Linux
  • Title: SystemTap Unprivileged Mode Multiple Denial of Service
  • Description: SystemTap is an application that includes a command-line interface and scripting language for analyzing a running Linux kernel. SystemTap is prone to denial of service vulnerabilities because an overly large number of parameters provided to the "print*()" function can trigger a kernel stack overflow, specially crafted DWARF information can trigger a kernel stack frame overflow or an infinite loop caused due to missing upper bound checks on the size of the unwind table and the size of each of the CIE/CFI records. SystemTap version 1.0 is affected by this issue.
  • Ref: http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2911
  • 09.44.16 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Keyring "refcount" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. It is exposed to this issue when the "keyctl_instantiate_key()" and "keyctl_negate_key()" functions call "request_key()", the function fails to increment the "ref_count" value in the "request_key_auth" structure eventually causing a denial of service condition when the keyring runs out of references and gets destroyed. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8bbf4976
  • 09.44.17 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel NFSV4 CallbackClient NULL Pointer Dereference Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. It is exposed to this issue because when the "rpcauth_lookup_credcache()" function is called, it assumes that the given authentication flavor has a credential cache. When attempting to mount an nfsv4 filesystem and using the "auth_null" authentication flavor, a NULL-pointer dereference can occur. Linux Kernel version Linux kernel 2.6.31 -rc1 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36794
  • 09.44.18 - CVE: CVE-2009-3638
  • Platform: Linux
  • Title: Linux Kernel KVM "kvm_dev_ioctl_get_supported_cpuid()" Integer Overflow
  • Description: The Linux kernel is exposed to an integer overflow issue that affects the Kernel based Virtual Machine (KVM). This issue occurs in the "kvm_dev_ioctl_get_supported_cpuid()" function of the "kvn/x86.c" source file specifically when the number of "cpu_id" entries multiplied by the entry size can trigger an integer overflow on a 32-bit system. Linux kernel versions prior than 2.6.32-rc4 are affected by this issue.
  • Ref: http://bugzilla.redhat.com/show_bug.cgi?id=530515
  • 09.44.19 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel KVM "update_cr8_intercept()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue that affects the Kernel based Virtual Machine (KVM). Specifically, "update_cr8_intercept()" can be triggered from userspace when no apic is present resulting in a NULL pointer dereference. Linux Kernel versions earlier than 2.6.32-rc1 are affected by this issue. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af
  • 09.44.20 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "proc" World Writeable File Security Bypass
  • Description: The Linux kernel is exposed to a security bypass issue. Specifically, a local attacker can use the "/proc" utility to write to world writable files that are located in directories that the attacker isn't supposed to access. Successfully exploiting this issue may lead to other attacks.
  • Ref: http://www.securityfocus.com/archive/1/507386
  • 09.44.21 - CVE: CVE-2009-3620
  • Platform: Linux
  • Title: Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. It is exposed to this issue because of a NULL pointer dereference exception in IOCTL implementations within the r128 (ATI Rage 128) driver which driver does not properly verify Concurrent Command Engine (CCE) initialization via the "r128_do_init_cce()" function. Linux kernel version 2.6.31-git11 is affected by this issue.
  • Ref: http://bugzilla.redhat.com/show_bug.cgi?id=529597
  • 09.44.22 - CVE: CVE-2009-3612
  • Platform: Linux
  • Title: Linux Kernel 2.4 and 2.6 Local Information Disclosure
  • Description: The Linux kernel is exposed to a local information disclosure issue because it fails to properly initialize certain structure members before sending them to user space. Specifically, the "tcf_fill_node" function in "net/sched/cls_api.c" in the netlink subsystem does not initialize the "tcm__pad2" member of a certain structure. Successfully exploiting this issue will disclose a certain amount of kernel memory. Ref: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5 http://www.openwall.com/lists/oss-security/2009/10/15/1
  • 09.44.23 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Netlink Packets Security Bypass
  • Description: The Linux kernel is exposed to a security bypass issue that occurs when crafted netlink packets are sent to certain subsystems via a connector. Successfully exploiting this issue may allow local attackers to bypass certain security restrictions and perform unauthorized actions such as changing certain configurations. Linux kernel versions earlier than 2.6.31.5 are affected by this issue.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
  • 09.44.24 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris ZFS Filesystem Security Bypass
  • Description: Sun Solaris is exposed to a security bypass issue that affects the ZFS filesystem. A local attacker with "file_chown_self" privileges can exploit this issue to gain ownership of other user's files resulting in privilege escalation and other attacks. Solaris 10 and OpenSolaris builds snv_100 through snv_117 are affected by this issue.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265908-1
  • 09.44.25 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun OpenSolaris Unspecified Local Security
  • Description: Sun OpenSolaris is a Unix-based operating system. OpenSolaris is exposed to an unspecified local security issue. Successfully exploiting this issue can result in the complete compromise of an affected computer. Sun OpenSolaris with builds earlier than snv_99 are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36818/
  • 09.44.26 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun OpenSolaris Kernel Panic Remote Denial of Service Vulnerability
  • Description: Sun OpenSolaris is a Unix-based operating system. OpenSolaris is exposed to a remote denial of service issue. Successfully exploiting this issue may allow a remote attacker to cause kernel panic, denying service to legitimate users. OpenSolaris version 2009.6 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36819
  • 09.44.27 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Trusted Extensions Policy Configuration Remote Privilege Escalation Weakness
  • Description: Sun Solaris is exposed to a security weakness that may allow attackers to gain elevated privileges on the affected computer. The issue occurs in the Solaris Trusted Extensions Policy configuration file which may allow a remote unprivileged user who has authorized or unauthorized access to the X server. Sun Solaris 10 and OpenSolaris builds snv_37 through snv_125 are affected by this issue.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270969-1
  • 09.44.29 - CVE: Not Available
  • Platform: Unix
  • Title: Bftpd Unspecified Remote Denial of Service Vulnerability
  • Description: Bftpd is an FTP server available for Unix operating systems. The application is exposed to an unspecified remote denial of service issue. Bftpd versions earlier than 2.4 are affected by this issue.
  • Ref: http://bftpd.sourceforge.net/news.html#032130
  • 09.44.30 - CVE: CVE-2009-2985
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat Compact Font Format Heap Memory Corruption
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a heap based memory corruption issue that occurs when handling PDF files containing a malformed Compact Font Format stream when using a trusted 16-bit value to index into an array. Adobe Reader and Acrobat versions earlier than 7.1.4, 8.1.7, and 9.2 are affected by this issue.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1
  • 09.44.34 - CVE: CVE-2009-2987
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat "AcroPDF.dll" ActiveX Control Denial of Service
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The application is exposed to a denial of service issue in the "AcroPDF.dll" ActiveX control. Successfully exploiting this issue may allow the attacker to crash the affected application that uses the ActiveX control (typically Internet explorer), denying service to legitimate users. Adobe Reader and Acrobat versions earlier than 7.1.4, 8.1.7, and 9.2 are affected by this issue.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1
  • 09.44.37 - CVE: CVE-2009-2979
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a denial of service issue because of an XMP-XML entity expansion issue when handling malformed PDF documents.Adobe Reader and Acrobat versions earlier than 8.1.7, and 9.2 are affected by this issue.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html
  • 09.44.40 - CVE: CVE-2009-2984
  • Platform: Cross Platform
  • Title: Adobe Acrobat Image Decoder Remote Code Execution
  • Description: Adobe Acrobat is an application for handling PDF files. The application is exposed to a remote code execution issue in the image decoder when handling specially crafted PDF files. Adobe Acrobat versions earlier than 9.2 are affected by this issue.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html
  • 09.44.41 - CVE: CVE-2009-2981
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat Trust Manager Remote Security Bypass
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The application is exposed to a remote security bypass issue because of an unspecified input validation error that affects the "Trust Manager" used to restrict the actions of script content contained within a PDF file.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html
  • 09.44.42 - CVE: CVE-2009-2995
  • Platform: Cross Platform
  • Title: Adobe Acrobat Integer Overflow Denial Of Service Vulnerability
  • Description: Adobe Acrobat is an application for handling PDF files. The application is exposed to remote denial of service issue caused by an integer overflow when handling specially crafted PDF files. Adobe Acrobat versions earlier than 7.1.4, 8.1.7, and 9.2 are affected by this issue.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html
  • 09.44.43 - CVE: CVE-2009-2992
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat ActiveX Control Denial of Service
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a denial of service issue in their ActiveX control because the software fails to sufficiently validate input. Adobe Reader and Acrobat versions earlier than 8.1.7 and 9.2 are affected by this issue.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html
  • 09.44.44 - CVE: CVE-2009-3546
  • Platform: Cross Platform
  • Title: GD Graphics Library "_gdGetColors" Remote Buffer Overflow
  • Description: GD Graphics Library (gdlib) is an open-source graphics library available for multiple platforms, including UNIX variants and Microsoft Windows. The library is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue stems from an error in the "_gdGetColors()" function of the "gd_gd.c" source file.
  • Ref: http://seclists.org/oss-sec/2009/q4/41
  • 09.44.45 - CVE: CVE-2009-3296
  • Platform: Cross Platform
  • Title: CamlImages JPEG Handling Remote Buffer Overflow
  • Description: CamlImages is an open source library for processing images. The library is exposed to a remote buffer overflow issue that occurs because it fails to perform adequate boundary checks on user supplied data. Successfully exploiting this issue may allow attackers to execute arbitrary code with the privileges of the user running an application. CamlImages version 2.2 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36713
  • 09.44.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: QEMU VNC Client Disconnect Use After Free Remote Code Execution
  • Description: QEMU is a processor emulator that is available for various platforms. The applications is exposed to a remote code execution issue because of a use-after-free error in VNC client applications that arises when memory is referenced after it has already been freed.
  • Ref: http://bugzilla.redhat.com/show_bug.cgi?id=505641 http://bugzilla.redhat.com/show_bug.cgi?id=501131
  • 09.44.47 - CVE: CVE-2009-3607
  • Platform: Cross Platform
  • Title: Poppler "create_surface_from_thumbnail_data()" Integer Overflow Memory Corruption
  • Description: Poppler is an application for handling PDF files. Poppler is exposed to a memory corruption issue because of an integer overflow error in "create_surface_from_thumbnail_data()" function in the "poppler-page.cc" source file. Successfully exploiting this issue may allow the attacker to execute arbitrary code within the context of affected applications.
  • Ref: http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3607
  • 09.44.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: McKesson Horizon Clinical Infrastructure (HCI) Password Disclosure
  • Description: McKesson Horizon Clinical Infrastructure (HCI) is a patient record datastore application for multiple McKesson applications. The application is exposed to a local information disclosure issue because database passwords are hardcoded within the application. The "CCDBA" account, which has Oracle "sysdba" privileges, is stored in plain text in multiple binaries and scripts. HCI versions 7.6, 7.8, 10.0, and 10.1 are affected by this issue.
  • Ref: http://www.securityfocus.com/archive/1/507267
  • 09.44.50 - CVE: CVE-2009-3461
  • Platform: Cross Platform
  • Title: Adobe Reader and Acrobat File Extension Controls Remote Security Bypass
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The application is exposed to a remote security bypass issue that affects security controls for file extensions. Successfully exploiting this issue may allow an attacker to bypass intended security restrictions. Adobe Acrobat versions 9.x earlier than 9.2 are affected by this issue.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html
  • 09.44.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kleopatra Malformed Certificate Remote Denial of Service
  • Description: Kleopatra is a GNU Privacy Guard (GPG) certificate manager. Kleopatra is commonly found with GPG4Win. The application is exposed to a remote denial of service vulnerability that occurs when handling a malformed certificate containing an excessive amount of data. Kleopatra version 2.0.11 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36781
  • 09.44.52 - CVE: CVE-2009-3700
  • Platform: Cross Platform
  • Title: squidGuard Multiple Security Bypass Vulnerabilities
  • Description: squidGuard is a URL redirector for using blacklists with the proxy software Squid. The application is exposed to multiple vulnerabilities including a buffer overflow issue in the "sgLog.c" file that may let the application to go into unprotected emergency mode specifically when an overly long URL with multiple "" characters is provided and two security bypass issues occur when an attacker provides URL requests of length close to the value defined by "MAX_BUF" or "MAX_URL". squidGuard version 1.3 and 1.4 are affected by this issue. Ref: http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015 http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019
  • 09.44.53 - CVE: CVE-2009-0840
  • Platform: Cross Platform
  • Title: MapServer HTTP Request Processing Integer Overflow
  • Description: MapServer is a development environment for building spatially enabled internet applications.The application is exposed to a remote integer overflow issue because it fails to restrict the size of a buffer before passing it to the heap, specifically when the application handles large HTTP requests or requests that contain crafted "Content-Length" values. MapServer version 4.10.x is affected by this issue.
  • Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36802.html
  • 09.44.54 - CVE: CVE-2009-3627
  • Platform: Cross Platform
  • Title: HTML-Parser Invalid HTML Entity Remote Denial of Service
  • Description: HTML-Parser is a Perl module that parses and extracts information from HTML documents. The application is exposed to a remote denial of service issue because the module fails to properly handle invalid HTML entities.HTML-Parser versions earlier than 3.63 are affected by this issue.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2237
  • 09.44.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Perl UTF-8 Regular Expression Processing Remote Denial of Service
  • Description: Perl is a programming language available for multiple platforms. The application is exposed to a remote denial of service issue specifically in "regexec.c" file when certain UTF-8 strings are processed in regular expressions. Perl version 5.10.1 is affected by this issue.
  • Ref: http://rt.perl.org/rt3//Public/Bug/Display.html?id=69973
  • 09.44.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Server Unspecified Remote Buffer Overflow
  • Description: Sun Java System Web Server is an HTTP server. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Sun Java System Web Server 7.0 Update 6 is affected by this issue.
  • Ref: http://www.vupen.com/english/advisories/2009/3024 http://intevydis.com/vd-list.shtml
  • 09.44.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Novell eDirectory "/dhost/modules?L:" Buffer Overflow Vulnerability
  • Description: Novell eDirectory is software for identity management and security. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data specifically when a malformed HTTP request to "/dhost/modules?L:" is processed. Novell eDirectory version 8.8 SP5 is affected by this issue.
  • Ref: http://tcc.hellcode.net/sploitz/novelbof.txt
  • 09.44.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Asterisk Missing ACL Check Remote Security Bypass
  • Description: Asterisk is an open source PBX application available for multiple operating platforms. The application is exposed to security bypass issue because it is missing access control list (ACL) check when handling SIP invites allowing attackers to bypass the security restriction defined in the "sip.conf" configuration file. Asterisk 1.6.1 versions earlier than 1.6.1.8 are affected by this issue.
  • Ref: http://downloads.asterisk.org/pub/security/AST-2009-007.html
  • 09.44.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: python-markdown2 Multiple Security Vulnerabilities
  • Description: Markdown is a text-to-HTML filtering application. python-markdown2 is a python-based implementation of Markdown. The application is prone to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input that exploited via crafted image reference and an unspecified security issue exists in the application that affects the md5-hashing scheme for handling HTML chunks. python-markdown2 verisons 1.0.1.14 and earlier are affected by this issue. Ref: http://code.google.com/p/python-markdown2/source/browse/trunk/CHANGES.txt
  • 09.44.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: nginx "ngx_http_process_request_headers()" Remote Buffer Overflow
  • Description: The "nginx" program is an HTTP server and mail proxy server. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data in the "ngx_http_process_request_headers()" function of the "src/http/ngx_http_request.c" source file when handling certain HTTP requests.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035
  • 09.44.61 - CVE: CVE-2009-2267
  • Platform: Cross Platform
  • Title: VMware Products Page Fault Exception Local Privilege Escalation
  • Description: VMware is an OS emulation application. Multiple VMware products are exposed to a privilege escalation issue because they fail to properly handle certain page faults in "Virtual-8086" mode. Successfully exploiting this issue can allow an attacker to run arbitrary code with superuser privileges. Ref: http://lists.vmware.com/pipermail/security-announce/2009/000069.html
  • 09.44.62 - CVE: CVE-2009-3733
  • Platform: Cross Platform
  • Title: VMware Products Directory Traversal
  • Description: VMware is an OS emulation application. Multiple VMware products are exposed to a directory traversal issue because they fail to sufficiently sanitize user-supplied input. Ref: http://lists.vmware.com/pipermail/security-announce/2009/000069.html
  • 09.44.64 - CVE: CVE-2009-3551,CVE-2009-3549,CVE-2009-3550,CVE-2009-2560
  • Platform: Cross Platform
  • Title: Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
  • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic available for Microsoft Windows and for Unix-like operating systems. The application is exposed to multiple vulnerabilities when handling certain types of packets and protocols in varying conditions. Wireshark versions earlier than 1.2.2 and 1.0.9 are affected by this issue.
  • Ref: http://www.wireshark.org/security/wnpa-sec-2009-07.html http://www.wireshark.org/security/wnpa-sec-2009-08.html
  • 09.44.65 - CVE: CVE-2009-1348
  • Platform: Cross Platform
  • Title: McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
  • Description: McAfee develops antivirus, antispyware, and firewalling products. Multiple McAfee products are exposed to vulnerabilities that may allow certain files to bypass the scan engine. The issue occurs because the software fails to properly inspect specially crafted "TAR" and "PDF" files.
  • Ref: http://kc.mcafee.com/corporate/index?page=content&id=SB10003 http://www.g-sec.lu/mcafee-pdf-bypass.html
  • 09.44.66 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. The application is prone to a remote code execution issue due to memory corruption when handling crafted domain names. Also security issue related to Web fonts that may allow an attacker to display arbitrary domain names in the address field. Opera versions earlier than 10.01 are affected by this issue.
  • Ref: http://www.opera.com/support/kb/view/938/ http://www.opera.com/support/kb/view/939/ http://www.opera.com/support/kb/view/940/
  • 09.44.67 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Eclipse BIRT "run?__report" Parameter Cross-Site Scripting
  • Description: Eclipse BIRT (Business Intelligence and Reporting Tools) is a report plugin for the Eclipse IDE. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "run?__report" parameter. Eclipse BIRT verison 2.2.1 is affected by this issue.
  • Ref: http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss/ http://bugs.eclipse.org/bugs/show_bug.cgi?id=259127
  • 09.44.68 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: bloofoxCMS "search" Parameter Cross-Site Scripting
  • Description: bloofoxCMS is a web-based content manager implemented in PHP. bloofoxCMS is exposed to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input for the "search" parameter of the "search.5.html" script. bloofoxCMS version 0.3.5 is affected by this issue.
  • Ref: http://packetstormsecurity.org/0910-exploits/bloofoxcms-xss.txt
  • 09.44.69 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Zainu "searchSongKeyword" Parameter Cross-Site Scripting
  • Description: Zainu is a PHP-based application for creating music video sites. Zainu is exposed to a cross site scripting issue because the application fails to sufficiently sanitize user-supplied input for the "searchSongKeyword" parameter. Zainu version 1.0 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36701
  • 09.44.70 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cybozu Multiple Products Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Multiple Cybozu products are exposed to multiple cross-site scripting issues because they fail to sufficiently sanitize user-supplied input. Successfully exploiting this issues can allow to execute arbitrary HTML and script code in user`s browser session in context of an affected site. Cybozu Office version 7, Cubozu Dezie version 6 and Cybozu Mailwise 3 is affected by this issue.
  • Ref: http://jvn.jp/en/jp/JVN23108985/index.html
  • 09.44.71 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Snitz Forums 2000 Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: Snitz Forums 2000 is an ASP-based forum application. The application is exposed to a cross-site scripting issue that affects the "url" parameter of the "forum/pop_send_to_friend.asp" script and a HTML injection issue that affects the "sound" tag because of improper input validation. Snitz Forums 2000 version 3.4.07 is affected by this issue.
  • Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36710.html
  • 09.44.72 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Rational RequisitePro ReqWebHelp Multiple Cross-Site Scripting Vulnerabilities
  • Description: IBM Rational RequisitePro is a requirements-management tool. The application is exposed to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. IBM Rational RequisitePro version 7.10 is affected by this issue.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK83895
  • 09.44.73 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TBmnetCMS "content" Parameter Cross-Site Scripting
  • Description: TBmnetCMS is a PHP-based content manager. TBmnetCMS is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input, specifically the "content" parameter of the "tbmnet.php" script. TBmnetCMS version 1.0 is affected by this issue.
  • Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36733.html
  • 09.44.74 - CVE: CVE-2009-3745
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Rational AppScan Help Pages Unspecified Cross-Site Scripting
  • Description: IBM Rational AppScan is a web-based tool for scanning and reporting vulnerabilities. The application is exposed to a cross site scripting issue because it fails to properly sanitize user-supplied input. IBM Rational AppScan Tester version 5.5.0.2; IBM Rational AppScan Reporting Console version 5.5.0.2 and IBM Rational AppScan Enterprise version 5.5.0.2 are affected by this issue.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24024704
  • 09.44.75 - CVE: CVE-2009-3748
  • Platform: Web Application - Cross Site Scripting
  • Title: Websense Email Security Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: Websense Email Security and Personal Email Manager are email security applications. Both applications use the Websense Email Security Web Administrator tool for online administration. The applications are exposed to cross-site scripting vulnerabilities and a HTML injection issue which affects the email "subject" header when it is held in a queue. Websense Email Security versions earlier than 7.1 Hotfix 4 and Websense Personal Email Manager versions earlier than 7.1 Hotfix 4 are affected by this issue.
  • Ref: http://sotiriu.de/adv/NSOADV-2009-003.txt http://kb.websense.com/display/4n/kb/article.aspx?aid=4786&searchstring=&
    ;n=&tab=browse&bt=4n&s=
  • 09.44.76 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Flag Content Module HTML Injection
  • Description: Flag Content is a PHP-based module for the Drupal content manager. The application is exposed to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input to the "Reason" field before displaying it in a user's browser. Flag Content versions earlier than 5.x-2.10 are affected by this issue.
  • Ref: http://drupal.org/node/610818
  • 09.44.77 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal vCard Module Cross-Site Scripting
  • Description: vCard is a PHP-based module for the Drupal content manager. The vCard module is exposed to a cross site scripting issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. The issue occurs when the "theme_vcard()" function is added to a theme and default content from the vCard module is output. vCard versions 6.x earlier to 6.x-1.3 and vCard versions 5.x earlier to 5.x-1.4 are affected by this issue.
  • Ref: http://drupal.org/node/610996
  • 09.44.78 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Abuse Module Cross-Site Scripting
  • Description: Abuse is a PHP-based module for the Drupal content manager. The Abuse module is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Abuse versions 6.x earlier than 6.x-1.1-alpha1 and Abuse versions 5.x earlier than 5.x-2.1 are affected by this issue.
  • Ref: http://drupal.org/node/611078
  • 09.44.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dream Poll Cross-Site Scripting and SQL Injection
  • Description: Dream Poll is PHP-based software for managing user voting. The application is exposed to SQL injection issues and a cross-site scripting issue because it fails to validate user-supplied input. Dream Poll version 3.1 affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36663
  • 09.44.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OpenDocMan Cross-Site Scripting and SQL Injection
  • Description: OpenDocMan is a PHP-based open-source document manager. The application is exposed to multiple cross-site scripting issues and an SQL injection issue that affects the "Username" parameter when logging in to the application because of insufficient input validation. OpenDocMan versions 1.2.5 is affected by these issues.
  • Ref: http://securityreason.com/wlb_show/WLB-2009100041
  • 09.44.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Drupal Moodle Course List Module Unspecified SQL Injection
  • Description: Moodle Course List is a module for the Drupal content manager. The application is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data. Moodle Course List versions earlier than 6.x-1.2 are affected by this issue.
  • Ref: http://drupal.org/node/610986
  • 09.44.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_jshop" Component "pid" Parameter SQL Injection
  • Description: "com_jshop" is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "com_jshop" component before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/36808
  • 09.44.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_photoblog" Component "category" Parameter SQL Injection
  • Description: "com_photoblog" is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "com_photoblog" component before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/36809
  • 09.44.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RunCMS "forum" Parameter SQL Injection
  • Description: RunCMS is a PHP-based content manager. The application is exposed to a SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forum" parameter of the "modules/forum/post.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/36816
  • 09.44.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RunCMS "pid" Parameter SQL Injection
  • Description: RunCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter in the "store()" function of the "modules/forum/class/class.forumposts.php" script before using it in an SQL query. RunCMS version 2m1 is affected by this issue.
  • Ref: http://retrogod.altervista.org/9sg_runcms_store_sql.html http://retrogod.altervista.org/9sg_runcms_forum_sql.html
  • 09.44.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Pentaho BI Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities
  • Description: Pentaho BI is a web-based business intelligence (BI) application. The application is exposed to multiple cross-site scripting issues in the "/pentaho/ViewAction" servlet and an information disclosure issue that allows attackers to obtain sensitive session data from the "JSESSIONID" token because of insufficient input validation. Pentaho BI version 1.7.0.1062 is affected by this issue.
  • Ref: http://www.securityfocus.com/archive/1/507168
  • 09.44.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Organic Groups Vocabulary Module Unauthorized Access
  • Description: Organic Groups Vocabulary is a module for the Drupal content manager. The application is exposed to an unauthorized access issue because it fails to adequately enforce access permissions. Organic Groups Vocabulary versions earlier than 6.x-1.0 are affected by this issue.
  • Ref: http://drupal.org/node/604514
  • 09.44.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Printer, e-mail and PDF version Module Security Bypass and HTML Injection Vulnerabilities
  • Description: "Printer, e-mail and PDF version" is a module for the Drupal content manager. The application is exposed to a HTML injection issue in the "print" sub-module because the application fails to sufficiently sanitize user-supplied input. Drupal Printer, e-mail and PDF versions 6.x-1.8 and 5.x-4.8 are affected by this issue.
  • Ref: http://drupal.org/node/604808 http://drupal.org/node/604804 http://drupal.org/node/604806
  • 09.44.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Webform Module HTML Injection and Information Disclosure Vulnerabilities
  • Description: Drupal is a web-based content manager. Webform is a Drupal module that is used to create questionnaires, contact forms, surveys, and other forms. The application is exposed to an HTML injection issue because the application fails to sufficiently sanitize user-supplied input passed through field labels, and an information disclosure issue because the application use token placeholders for a default value in a page cache. Webform version 6.x-2.8 and 5.x-2.8 are affected by this issue.
  • Ref: http://drupal.org/node/604942
  • 09.44.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! JD-WordPress Component "wp-feed.php" Remote File Include
  • Description: JD-WordPress is a blogging component for the Joomla! content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "wp-feed.php" script. JD-WordPress version 2.0 RC2 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36730
  • 09.44.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Ajax Chat Component "ajcuser.php" Remote File Include
  • Description: The Ajax Chat module is a component for the Joomla! content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GLOBALS[mosConfig_absolute_path]" parameter of the "ajcuser.php" script. Ajax Chat version 1.0 is affected by this issue.
  • Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36731.html
  • 09.44.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! com_booklibrary Component "releasenote.php" Remote File Include
  • Description: The "com_booklibrary" module manages book libraries for the Joomla! content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "releasenote.php" script. The com_booklibrary version 1.0 is affected by this issue.
  • Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36732.html
  • 09.44.93 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 freeCap CAPTCHA Module Unspecified Unauthorized Access Vulnerability
  • Description: The "freeCap CAPTCHA" module (sr_freecap) is an extension for the TYPO3 content manager. The module is exposed to an unspecified unauthorized access issue that occurs in its session handling functionality. Successfully exploiting this issue could allow attackers to gain unauthorized access to the affected application. freeCap CAPTCHA versions earlier than 1.2.2. are affected by this issue. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/
  • 09.44.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Vivvo CMS "files.php" Directory Traversal
  • Description: Vivvo CMS is a web-based content manager implemented in PHP. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "files.php" script. Vivvo CMS version 4.1.5.1 is affected by this issue.
  • Ref: http://www.waraxe.us/advisory-75.html
  • 09.44.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Userpoints Module "userpoint" Information Disclosure
  • Description: Userpoints is a module for the Drupal content manager. The application is exposed to an information disclosure issue because it fails to restrict access to certain portions of the affected application. Specifically, users with "View own userpoints" permissions are allowed to access any userpoint data of any other user.Userpoints versions earlier than 6.x-1.1 are affected by this issue.
  • Ref: http://drupal.org/node/610818
  • 09.44.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Simplenews Statistics Module Multiple Vulnerabilities
  • Description: Simplenews Statistics is a Drupal module to provide newsletter statistics. The application is exposed to cross-site scripting, cross-site request forgery, and URI redirection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Simplenews Statistics versions earlier than 6.x-2.0 are affected by these issues.
  • Ref: http://drupal.org/node/611002
  • 09.44.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal FileField Module Information Disclosure
  • Description: FileField is a module for the Drupal content manager. The application is exposed to an information disclosure issue because it fails to restrict access to certain resources. Specifically, the module fails to restrict access to files based on node access permissions when using Drupal core's private filesystem. FileField version 6.x-3.1 is affected by this issue.
  • Ref: http://drupal.org/node/611128
  • 09.44.98 - CVE: Not Available
  • Platform: Web Application
  • Title: DM Albums Multiple File Deletion Vulnerabilities
  • Description: DM Albums is a PHP-based image gallery plugin for WordPress. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. DM Albums version 2.1 and earlier are affected by this issue. Ref: http://blog.ndarkness.com/blog/225/wordpress-dm-albums-version-2-0-critical-vulnerability/
  • 09.44.99 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Core Multiple Security Vulnerabilities
  • Description: TYPO3 is a web-based content manager. The application is exposed to multiple vulnerabilities including an information disclosure issue in the "tt_content" form element which may allow an attacker to recalculate encryption keys and attack the TYPO3 mechanisms. TYPO3 versions earlier than 4.0.13, 4.1.12, 4.2.9 and 4.3.0beta1 are affected by this issue. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
  • 09.44.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Achievo "debugger.php" Remote File Include
  • Description: Achievo is a web-based resource-management tool implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "config_atkroot" parameter of the "debugger.php" script. Successfully exploiting this issue may allow an attacker to execute malicious PHP code in the context of the webserver process. Achievo versions earlier than 1.4.0 are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36822/
  • 09.44.102 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Lotus Connections Mobile Activities Pages Cross-Site Scripting
  • Description: IBM Lotus Connections is a web-based application used for sharing information between coworkers, partners and customers. The application is exposed to a cross site scripting issue because it fails to sufficiently sanitize user-supplied input. IBM Lotus Connections version 2.5 is affected is affected by this issue.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24024303
  • 09.44.103 - CVE: Not Available
  • Platform: Web Application
  • Title: TFTgallery "album" Parameter Cross-Site Scripting Vulnerability
  • Description: TFTgallery is a PHP-based application. TFTgallery is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user supplied input specifically the "album" parameter of the "index.php" script. TFTgallery version 0.13 is affected by this issue.
  • Ref: http://packetstormsecurity.org/0910-exploits/tftgallery-xss.txt
  • 09.44.104 - CVE: CVE-2009-2874
  • Platform: Network Device
  • Title: Cisco Unified Presence TimesTenD Process Denial of Service
  • Description: Cisco Unified Presence collects information about user availability for use with the Cisco Unified Communications system. The application is exposed to a denial of service issue that occurs in the TimesTenD process. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml
  • 09.44.105 - CVE: CVE-2009-2052
  • Platform: Network Device
  • Title: Cisco Unified Presence Track Network Connection Denial of Service
  • Description: Cisco Unified Presence collects information about user availability for use with the Cisco Unified Communications system. The application is exposed to a denial of service issue that occurs when handling a flood of TCP requests. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml
  • 09.44.106 - CVE: Not Available
  • Platform: Network Device
  • Title: Intel BIOS Version Reversion Local Privilege Escalation
  • Description: Intel BIOS is exposed to a privilege escalation issue. Successfully exploiting this issue will allow local users to flash vulnerable products to an earlier BIOS version, which may aid in other attacks. Ref: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00019&languageid=en-fr
  • 09.44.107 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Multiple Remote Vulnerabilities
  • Description: 3Com OfficeConnect ADSL Wireless 11g Firewall Router is a Wi-Fi networking router. The device is exposed to a remote command execution issue which affects the "IP" parameter of the "utility.cgi" script, and an authentication bypass issue which occurs because the device allows unauthorized users to gain access to its configuration file. 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3.0 is affected by these issues.
  • Ref: http://www.securityfocus.com/archive/1/507263
  • 09.44.108 - CVE: Not Available
  • Platform: Network Device
  • Title: Overland Storage Snap Server 410
  • Description: Overland Storage Snap Server 410 is a network storage device. Snap Server 410 runs the GuardianOS operating system. The application is exposed to a local privilege escalation issue because the "less" utility can execute arbitrary shell commands through the "!" function and these commands are run with root privileges. Snap Server version 410 running GuardianOS 5.1.041 is affected by this issue.
  • Ref: http://www.securityfocus.com/bid/36739
  • 09.44.109 - CVE: Not Available
  • Platform: Network Device
  • Title: Aruba Mobility Controller 802.11 Association Request Frame Remote Denial of Service
  • Description: Aruba Mobility Controller is a network device for wireless and wired communication. Aruba Mobility Controller is exposed to a remote denial of service issue if a crafted 802.11 Association Request frame packet is sent to the device. ArubaOS versions 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x and 3.3.2.x-FIPS in the Aruba Mobility Controller are affected by this issue.
  • Ref: http://www.arubanetworks.com/support/alerts/aid-102609.asc

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The perfect balance of theory and hands on experience.
-James d. Perry II, University of Tennessee

GIAC GMOB Certification

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage