@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Oracle Products Multiple Vulnerabilities (CPU October 2009)
• (2) HIGH: Mozilla Firefox and SeaMonkey Multiple Vulnerabilities
• (3) HIGH: Opera Multiple Vulnerabilities
• (4) HIGH: Sun Java System Web Server Buffer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 09.44.1 - Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure

Third Party Windows Apps

• 09.44.2 - DWebPro "file" Parameter Remote Command Execution
• 09.44.3 - EMC Documentum ApplicationXtender Admin Agent Multiple Vulnerabilities
• 09.44.4 - EMC RepliStor Server "rep_serv.exe" Remote Denial of Service
• 09.44.5 - Websense Email Security and Email Manager "STEMWADM.EXE" Remote Denial of Service
• 09.44.6 - Avast! Insecure Program File Permissions Local Privilege Escalation
• 09.44.7 - Pegasus Mail POP3 Response Remote Buffer Overflow
• 09.44.8 - Gpg4win Remote Denial of Service
• 09.44.9 - Cherokee Web Server Malformed Packet Remote Denial of Service
• 09.44.10 - Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation
• 09.44.11 - AOL AIM "sipXtapi.dll" Multiple Buffer Overflow Vulnerabilities

Linux

• 09.44.12 - Linux Kernel "/drivers/net/r8169.c" Out-of-IOMMU Error Local Denial of Service
• 09.44.13 - Linux Kernel "unix_stream_connect()" Local Denial of Service
• 09.44.14 - SystemTap Unprivileged Mode Multiple Denial of Service
• 09.44.15 - Linux Kernel "get_random_int" Random Number Generation Weakness
• 09.44.16 - Linux Kernel Keyring "refcount" Local Denial of Service
• 09.44.17 - Linux Kernel NFSV4 CallbackClient NULL Pointer Dereference Local Denial of Service
• 09.44.18 - Linux Kernel KVM "kvm_dev_ioctl_get_supported_cpuid()" Integer Overflow
• 09.44.19 - Linux Kernel KVM "update_cr8_intercept()" Local Denial of Service
• 09.44.20 - Linux Kernel "proc" World Writeable File Security Bypass
• 09.44.21 - Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service
• 09.44.22 - Linux Kernel 2.4 and 2.6 Local Information Disclosure
• 09.44.23 - Linux Kernel Netlink Packets Security Bypass

Solaris

• 09.44.24 - Sun Solaris ZFS Filesystem Security Bypass
• 09.44.25 - Sun OpenSolaris Unspecified Local Security
• 09.44.26 - Sun OpenSolaris Kernel Panic Remote Denial of Service Vulnerability
• 09.44.27 - Sun Solaris Trusted Extensions Policy Configuration Remote Privilege Escalation Weakness

Unix

• 09.44.28 - Adobe Reader and Acrobat for Unix Debug Mode Remote Code Execution
• 09.44.29 - Bftpd Unspecified Remote Denial of Service Vulnerability

Cross Platform

• 09.44.30 - Adobe Reader and Acrobat Compact Font Format Heap Memory Corruption
• 09.44.31 - Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution
• 09.44.32 - Adobe Acrobat Reader Firefox Plugin Memory Corruption Remote Code Execution
• 09.44.33 - Adobe Reader and Acrobat U3D File Pointer Overwrite Remote
• 09.44.34 - Adobe Reader and Acrobat "AcroPDF.dll" ActiveX Control Denial of Service
• 09.44.35 - Adobe Reader and Acrobat "annots.api" Denial of Service
• 09.44.36 - Adobe Reader and Acrobat JavaScript Memory Corruption
• 09.44.37 - Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service
• 09.44.38 - Adobe Reader and Acrobat Unspecified Integer Overflow Memory Corruption
• 09.44.39 - Adobe Reader and Acrobat Buffer Overflow
• 09.44.40 - Adobe Acrobat Image Decoder Remote Code Execution
• 09.44.41 - Adobe Reader and Acrobat Trust Manager Remote Security Bypass
• 09.44.42 - Adobe Acrobat Integer Overflow Denial Of Service Vulnerability
• 09.44.43 - Adobe Reader and Acrobat ActiveX Control Denial of Service
• 09.44.44 - GD Graphics Library "_gdGetColors" Remote Buffer Overflow
• 09.44.45 - CamlImages JPEG Handling Remote Buffer Overflow
• 09.44.46 - QEMU VNC Client Disconnect Use After Free Remote Code Execution
• 09.44.47 - Poppler "create_surface_from_thumbnail_data()" Integer Overflow Memory Corruption
• 09.44.48 - McKesson Horizon Clinical Infrastructure (HCI) Password Disclosure
• 09.44.49 - Adobe Reader and Acrobat Certificate Modification
• 09.44.50 - Adobe Reader and Acrobat File Extension Controls Remote Security Bypass
• 09.44.51 - Kleopatra Malformed Certificate Remote Denial of Service
• 09.44.52 - squidGuard Multiple Security Bypass Vulnerabilities
• 09.44.53 - MapServer HTTP Request Processing Integer Overflow
• 09.44.54 - HTML-Parser Invalid HTML Entity Remote Denial of Service
• 09.44.55 - Perl UTF-8 Regular Expression Processing Remote Denial of Service
• 09.44.56 - Sun Java System Web Server Unspecified Remote Buffer Overflow
• 09.44.57 - Novell eDirectory "/dhost/modules?L:" Buffer Overflow Vulnerability
• 09.44.58 - Asterisk Missing ACL Check Remote Security Bypass
• 09.44.59 - python-markdown2 Multiple Security Vulnerabilities
• 09.44.60 - nginx "ngx_http_process_request_headers()" Remote Buffer Overflow
• 09.44.61 - VMware Products Page Fault Exception Local Privilege Escalation
• 09.44.62 - VMware Products Directory Traversal
• 09.44.63 - OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass
• 09.44.64 - Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
• 09.44.65 - McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
• 09.44.66 - Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities

Web Application - Cross Site Scripting

• 09.44.67 - Eclipse BIRT "run?__report" Parameter Cross-Site Scripting
• 09.44.68 - bloofoxCMS "search" Parameter Cross-Site Scripting
• 09.44.69 - Zainu "searchSongKeyword" Parameter Cross-Site Scripting
• 09.44.70 - Cybozu Multiple Products Unspecified Cross-Site Scripting Vulnerabilities
• 09.44.71 - Snitz Forums 2000 Cross-Site Scripting and HTML Injection Vulnerabilities
• 09.44.72 - IBM Rational RequisitePro ReqWebHelp Multiple Cross-Site Scripting Vulnerabilities
• 09.44.73 - TBmnetCMS "content" Parameter Cross-Site Scripting
• 09.44.74 - IBM Rational AppScan Help Pages Unspecified Cross-Site Scripting
• 09.44.75 - Websense Email Security Cross-Site Scripting and HTML Injection Vulnerabilities
• 09.44.76 - Drupal Flag Content Module HTML Injection
• 09.44.77 - Drupal vCard Module Cross-Site Scripting
• 09.44.78 - Drupal Abuse Module Cross-Site Scripting

Web Application - SQL Injection

• 09.44.79 - Dream Poll Cross-Site Scripting and SQL Injection
• 09.44.80 - OpenDocMan Cross-Site Scripting and SQL Injection
• 09.44.81 - Drupal Moodle Course List Module Unspecified SQL Injection
• 09.44.82 - Joomla! "com_jshop" Component "pid" Parameter SQL Injection
• 09.44.83 - Joomla! "com_photoblog" Component "category" Parameter SQL Injection
• 09.44.84 - RunCMS "forum" Parameter SQL Injection
• 09.44.85 - RunCMS "pid" Parameter SQL Injection

Web Application

• 09.44.86 - Pentaho BI Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities
• 09.44.87 - Drupal Organic Groups Vocabulary Module Unauthorized Access
• 09.44.88 - Drupal Printer, e-mail and PDF version Module Security Bypass and HTML Injection Vulnerabilities
• 09.44.89 - Drupal Webform Module HTML Injection and Information Disclosure Vulnerabilities
• 09.44.90 - Joomla! JD-WordPress Component "wp-feed.php" Remote File Include
• 09.44.91 - Joomla! Ajax Chat Component "ajcuser.php" Remote File Include
• 09.44.92 - Joomla! com_booklibrary Component "releasenote.php" Remote File Include
• 09.44.93 - TYPO3 freeCap CAPTCHA Module Unspecified Unauthorized Access Vulnerability
• 09.44.94 - Vivvo CMS "files.php" Directory Traversal
• 09.44.95 - Drupal Userpoints Module "userpoint" Information Disclosure
• 09.44.96 - Drupal Simplenews Statistics Module Multiple Vulnerabilities
• 09.44.97 - Drupal FileField Module Information Disclosure
• 09.44.98 - DM Albums Multiple File Deletion Vulnerabilities
• 09.44.99 - TYPO3 Core Multiple Security Vulnerabilities
• 09.44.100 - Achievo "debugger.php" Remote File Include
• 09.44.101 - Sahana "mod" Parameter Local File Disclosure
• 09.44.102 - IBM Lotus Connections Mobile Activities Pages Cross-Site Scripting
• 09.44.103 - TFTgallery "album" Parameter Cross-Site Scripting Vulnerability

Network Device

• 09.44.104 - Cisco Unified Presence TimesTenD Process Denial of Service
• 09.44.105 - Cisco Unified Presence Track Network Connection Denial of Service
• 09.44.106 - Intel BIOS Version Reversion Local Privilege Escalation
• 09.44.107 - 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Multiple Remote Vulnerabilities
• 09.44.108 - Overland Storage Snap Server 410
• 09.44.109 - Aruba Mobility Controller 802.11 Association Request Frame Remote Denial of Service
• 09.44.110 - Multiple Vendors IPv6 Implementation Remote Denial of Service

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 44, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7553 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.44.1 - CVE: Not Available
• Platform: Windows
• Title: Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure
• Description: Microsoft SharePoint is an integrated server application providing content management and search capabilities. The application is exposed to an information disclosure issue that lets attackers access certain files that contain source code. SharePoint version 2007 is affected by this issue.
• Ref: http://support.microsoft.com/kb/976829

• 09.44.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DWebPro "file" Parameter Remote Command Execution
• Description: DWebPro is web server available for flash devices and CD/DVD. The application is exposed to an arbitrary command execution because it fails to adequately sanitize user-supplied input to the "file" parameter in the "dwebpro/start" script.
• Ref: http://www.securityfocus.com/archive/1/507241

• 09.44.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: EMC Documentum ApplicationXtender Admin Agent Multiple Vulnerabilities
• Description: EMC Documentum ApplicationXtender is a content manager. The application is exposed to an arbitrary file upload issue and a heap based memory corruption issue which occurs in the Admin Agent service "aws_tmxn.exe" of the Workflow Server that may allow attackers to overwrite arbitrary files with SYSTEM level privileges or cause denial-of-service conditions. EMC Documentum ApplicationXtender versions earlier than 5.40 SP1 are affected by this issue.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-095/ http://www.zerodayinitiative.com/advisories/ZDI-08-096/

• 09.44.4 - CVE: CVE-2009-3744
• Platform: Third Party Windows Apps
• Title: EMC RepliStor Server "rep_serv.exe" Remote Denial of Service
• Description: EMC RepliStor Server is a file server. The application is exposed to a remote denial of service issue because the application fails to handle an excessive amount of data sent to the "rep_serv.exe" service. EMC RepliStor Server version 6.3.1.3 is affected by this issue.
• Ref: http://www.securityfocus.com/archive/1/507322

• 09.44.5 - CVE: CVE-2009-3749
• Platform: Third Party Windows Apps
• Title: Websense Email Security and Email Manager "STEMWADM.EXE" Remote Denial of Service
• Description: Websense Email Security and Email Manager are security applications. The applications are exposed to a remote denial of service vulnerability in the the Web Administrator frontend service "STEMWADM.EXE" listening on TCP port 8181 by default because it fails to handle specially crafted HTTP GET requests. Websense Email Security versions earlier than 7.1 Hotfix 4 and Websense Personal Email Manager versions earlier than 7.1 Hotfix 4 are affected by this issue.
• Ref: http://sotiriu.de/adv/NSOADV-2009-002.txt

• 09.44.6 - CVE: CVE-2009-3524
• Platform: Third Party Windows Apps
• Title: Avast! Insecure Program File Permissions Local Privilege Escalation
• Description: Avast! Antivirus is an application that provides virus protection. The application is exposed to a local privilege escalation issue because it installs the "avast4.ini" file in the data folder "%Program Files%Alwil SoftwareAvast4Data" with "Full Control" permissions for the "Everyone" group. Avast! Professional Edition version 4.8.1351 and earlier and Avast! Home are affected. Edition version 4.8.1351 and earlier are affected by this issue.
• Ref: http://www.avast.com/eng/avast-4-home_pro-revision-history.html

• 09.44.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Pegasus Mail POP3 Response Remote Buffer Overflow
• Description: Pegasus Mail is an email client for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to properly sanitize user-supplied input, specifically when handling excessive amounts of data in an "-ERR" response from a POP3 mail server. Pegasus Mail version 4.51 affected by this issue.
• Ref: http://www.securityfocus.com/bid/36797

• 09.44.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Gpg4win Remote Denial of Service
• Description: Gpg4win is an email and file encryption application. The application is exposed to a remote denial of service issue specifically when a crafted input is supplied to the application clipboard for verification.
• Ref: http://www.securityfocus.com/bid/36811

• 09.44.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Cherokee Web Server Malformed Packet Remote Denial of Service
• Description: Cherokee Web Server is a webserver available for Microsoft Windows. The application is exposed to a remote denial of service issue because it fails to handle specially crafted "AUX" network packets. Cherokee Web Server version 0.5.4 is affected by this issue.
• Ref: http://www.securityfocus.com/bid/36814/references

• 09.44.10 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation
• Description: Rising Antivirus, Rising Internet Security and Rising Personal Firewall are security products available for Microsoft Windows. The applications are exposed to a local privilege escalation issue because they install program files with "Full Control" permissions. Rising Antivirus 2009, Rising Internet Security 2009 and Rising Personal Firewall 2009 are affected by this issue.
• Ref: http://seclists.org/bugtraq/2009/Oct/247

• 09.44.11 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: AOL AIM "sipXtapi.dll" Multiple Buffer Overflow Vulnerabilities
• Description: AOL AIM is a instant-messaging client. The application is exposed to two heap based buffer overflow issues in the SIP protocol implementation library, "sipXtapi.dll" that occurs due to a signedness error when a crafted RTCP sender report packet is sent to the application and when a crafted RTP header "Extension Length" is sent to the application, because it fails to perform adequate boundary checks on user-supplied data. AOL AIM versions earlier than 6.8.7.7 are affected by this issue.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-097/ http://www.zerodayinitiative.com/advisories/ZDI-08-098/

• 09.44.12 - CVE: CVE-2009-3613
• Platform: Linux
• Title: Linux Kernel "/drivers/net/r8169.c" Out-of-IOMMU Error Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue. It is exposed to this issue because it fails to properly handle large packet frames with certain hardware and the issue resides in the "drivers/net/r8169.c" source file and an out-of-IOMMU error can be triggered with a Maximum Transmission Unit (MTU) larger than 1500. Linux kernel version earlier than 2.6.26.4 are affected by this issue.
• Ref: http://bugzilla.redhat.com/show_bug.cgi?id=529137#c0 http://www.openwall.com/lists/oss-security/2009/10/15/4

• 09.44.13 - CVE: CVE-2009-3621
• Platform: Linux
• Title: Linux Kernel "unix_stream_connect()" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue because of a deadlock that occurs in the "unix_stream_connect()" function of the "net/unix/af_unix.c" source file. Successful exploitation of this issue can cause the affected kernel to stop responding, denying service to legitimate users. Linux kernel version 2.6.31.4 is affected by this issue.
• Ref: http://bugzilla.redhat.com/show_bug.cgi?id=529626 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=77238f2b9
  42b38ab4e7f3aced44084493e4a8675 http://patchwork.kernel.org/patch/54678/

• 09.44.14 - CVE: CVE-2009-2911
• Platform: Linux
• Title: SystemTap Unprivileged Mode Multiple Denial of Service
• Description: SystemTap is an application that includes a command-line interface and scripting language for analyzing a running Linux kernel. SystemTap is prone to denial of service vulnerabilities because an overly large number of parameters provided to the "print*()" function can trigger a kernel stack overflow, specially crafted DWARF information can trigger a kernel stack frame overflow or an infinite loop caused due to missing upper bound checks on the size of the unwind table and the size of each of the CIE/CFI records. SystemTap version 1.0 is affected by this issue.
• Ref: http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2911

• 09.44.15 - CVE: CVE-2009-3238
• Platform: Linux
• Title: Linux Kernel "get_random_int" Random Number Generation Weakness
• Description: Linux Kernel is exposed to a weakness that may cause weak random numbers to be generated. It is exposed to this issue because the "get_random_int" function in "drivers/char/random.c" may cause the function to produce insufficiently random return values.Linux kernel version earlier then 2.6.30 are affected by this issue.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a
  9bd4db63bc45e3017bedeafbd88d0eb84d02

• 09.44.16 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel Keyring "refcount" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue. It is exposed to this issue when the "keyctl_instantiate_key()" and "keyctl_negate_key()" functions call "request_key()", the function fails to increment the "ref_count" value in the "request_key_auth" structure eventually causing a denial of service condition when the keyring runs out of references and gets destroyed. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8bbf4976

• 09.44.17 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel NFSV4 CallbackClient NULL Pointer Dereference Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue. It is exposed to this issue because when the "rpcauth_lookup_credcache()" function is called, it assumes that the given authentication flavor has a credential cache. When attempting to mount an nfsv4 filesystem and using the "auth_null" authentication flavor, a NULL-pointer dereference can occur. Linux Kernel version Linux kernel 2.6.31 -rc1 is affected by this issue.
• Ref: http://www.securityfocus.com/bid/36794

• 09.44.18 - CVE: CVE-2009-3638
• Platform: Linux
• Title: Linux Kernel KVM "kvm_dev_ioctl_get_supported_cpuid()" Integer Overflow
• Description: The Linux kernel is exposed to an integer overflow issue that affects the Kernel based Virtual Machine (KVM). This issue occurs in the "kvm_dev_ioctl_get_supported_cpuid()" function of the "kvn/x86.c" source file specifically when the number of "cpu_id" entries multiplied by the entry size can trigger an integer overflow on a 32-bit system. Linux kernel versions prior than 2.6.32-rc4 are affected by this issue.
• Ref: http://bugzilla.redhat.com/show_bug.cgi?id=530515

• 09.44.19 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel KVM "update_cr8_intercept()" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue that affects the Kernel based Virtual Machine (KVM). Specifically, "update_cr8_intercept()" can be triggered from userspace when no apic is present resulting in a NULL pointer dereference. Linux Kernel versions earlier than 2.6.32-rc1 are affected by this issue. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af

• 09.44.20 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "proc" World Writeable File Security Bypass
• Description: The Linux kernel is exposed to a security bypass issue. Specifically, a local attacker can use the "/proc" utility to write to world writable files that are located in directories that the attacker isn't supposed to access. Successfully exploiting this issue may lead to other attacks.
• Ref: http://www.securityfocus.com/archive/1/507386

• 09.44.21 - CVE: CVE-2009-3620
• Platform: Linux
• Title: Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue. It is exposed to this issue because of a NULL pointer dereference exception in IOCTL implementations within the r128 (ATI Rage 128) driver which driver does not properly verify Concurrent Command Engine (CCE) initialization via the "r128_do_init_cce()" function. Linux kernel version 2.6.31-git11 is affected by this issue.
• Ref: http://bugzilla.redhat.com/show_bug.cgi?id=529597

• 09.44.22 - CVE: CVE-2009-3612
• Platform: Linux
• Title: Linux Kernel 2.4 and 2.6 Local Information Disclosure
• Description: The Linux kernel is exposed to a local information disclosure issue because it fails to properly initialize certain structure members before sending them to user space. Specifically, the "tcf_fill_node" function in "net/sched/cls_api.c" in the netlink subsystem does not initialize the "tcm__pad2" member of a certain structure. Successfully exploiting this issue will disclose a certain amount of kernel memory. Ref: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5 http://www.openwall.com/lists/oss-security/2009/10/15/1

• 09.44.23 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel Netlink Packets Security Bypass
• Description: The Linux kernel is exposed to a security bypass issue that occurs when crafted netlink packets are sent to certain subsystems via a connector. Successfully exploiting this issue may allow local attackers to bypass certain security restrictions and perform unauthorized actions such as changing certain configurations. Linux kernel versions earlier than 2.6.31.5 are affected by this issue.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5

• 09.44.24 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris ZFS Filesystem Security Bypass
• Description: Sun Solaris is exposed to a security bypass issue that affects the ZFS filesystem. A local attacker with "file_chown_self" privileges can exploit this issue to gain ownership of other user's files resulting in privilege escalation and other attacks. Solaris 10 and OpenSolaris builds snv_100 through snv_117 are affected by this issue.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265908-1

• 09.44.25 - CVE: Not Available
• Platform: Solaris
• Title: Sun OpenSolaris Unspecified Local Security
• Description: Sun OpenSolaris is a Unix-based operating system. OpenSolaris is exposed to an unspecified local security issue. Successfully exploiting this issue can result in the complete compromise of an affected computer. Sun OpenSolaris with builds earlier than snv_99 are affected by this issue.
• Ref: http://www.securityfocus.com/bid/36818/

• 09.44.26 - CVE: Not Available
• Platform: Solaris
• Title: Sun OpenSolaris Kernel Panic Remote Denial of Service Vulnerability
• Description: Sun OpenSolaris is a Unix-based operating system. OpenSolaris is exposed to a remote denial of service issue. Successfully exploiting this issue may allow a remote attacker to cause kernel panic, denying service to legitimate users. OpenSolaris version 2009.6 is affected by this issue.
• Ref: http://www.securityfocus.com/bid/36819

• 09.44.27 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris Trusted Extensions Policy Configuration Remote Privilege Escalation Weakness
• Description: Sun Solaris is exposed to a security weakness that may allow attackers to gain elevated privileges on the affected computer. The issue occurs in the Solaris Trusted Extensions Policy configuration file which may allow a remote unprivileged user who has authorized or unauthorized access to the X server. Sun Solaris 10 and OpenSolaris builds snv_37 through snv_125 are affected by this issue.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270969-1

• 09.44.28 - CVE: CVE-2009-3462
• Platform: Unix
• Title: Adobe Reader and Acrobat for Unix Debug Mode Remote Code Execution
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue caused by a format bug. This issue affects Reader and Acrobat on Unix platforms when "debug mode" is used. Adobe Reader and Acrobat versions earlier than 7.1.4, 8.1.7, and 9.2 on Unix platforms are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.29 - CVE: Not Available
• Platform: Unix
• Title: Bftpd Unspecified Remote Denial of Service Vulnerability
• Description: Bftpd is an FTP server available for Unix operating systems. The application is exposed to an unspecified remote denial of service issue. Bftpd versions earlier than 2.4 are affected by this issue.
• Ref: http://bftpd.sourceforge.net/news.html#032130

• 09.44.30 - CVE: CVE-2009-2985
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat Compact Font Format Heap Memory Corruption
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a heap based memory corruption issue that occurs when handling PDF files containing a malformed Compact Font Format stream when using a trusted 16-bit value to index into an array. Adobe Reader and Acrobat versions earlier than 7.1.4, 8.1.7, and 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.31 - CVE: CVE-2009-2983
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution vulnerability because they fail to properly handle certain COM objects.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.32 - CVE: CVE-2009-2991
• Platform: Cross Platform
• Title: Adobe Acrobat Reader Firefox Plugin Memory Corruption Remote Code Execution
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue because they fail to properly free memory resources.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=826 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.33 - CVE: CVE-2009-3458
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat U3D File Pointer Overwrite Remote
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue because it fails to properly validate user-supplied input when parsing "U3D" data embedded in a PDF file.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.34 - CVE: CVE-2009-2987
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat "AcroPDF.dll" ActiveX Control Denial of Service
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The application is exposed to a denial of service issue in the "AcroPDF.dll" ActiveX control. Successfully exploiting this issue may allow the attacker to crash the affected application that uses the ActiveX control (typically Internet explorer), denying service to legitimate users. Adobe Reader and Acrobat versions earlier than 7.1.4, 8.1.7, and 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.35 - CVE: CVE-2009-2988
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat "annots.api" Denial of Service
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a denial of service issue because of an input validation error in the "annots.api" library. Adobe Reader and Acrobat versions prior to 7.1.4, 8.1.7, and 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.36 - CVE: CVE-2009-3460
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat JavaScript Memory Corruption
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a memory corruption vulnerability related to the handling of unspecified JavaScript objects.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.37 - CVE: CVE-2009-2979
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a denial of service issue because of an XMP-XML entity expansion issue when handling malformed PDF documents.Adobe Reader and Acrobat versions earlier than 8.1.7, and 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html

• 09.44.38 - CVE: CVE-2009-2980
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat Unspecified Integer Overflow Memory Corruption
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a memory corruption issue related to an unspecified integer overflow error.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.39 - CVE: CVE-2009-2994, CVE-2009-2986
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat Buffer Overflow
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a buffer overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. Adobe Reader and Acrobat versions earlier than 7.1.4, 8.1.7, and 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.40 - CVE: CVE-2009-2984
• Platform: Cross Platform
• Title: Adobe Acrobat Image Decoder Remote Code Execution
• Description: Adobe Acrobat is an application for handling PDF files. The application is exposed to a remote code execution issue in the image decoder when handling specially crafted PDF files. Adobe Acrobat versions earlier than 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html

• 09.44.41 - CVE: CVE-2009-2981
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat Trust Manager Remote Security Bypass
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The application is exposed to a remote security bypass issue because of an unspecified input validation error that affects the "Trust Manager" used to restrict the actions of script content contained within a PDF file.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html

• 09.44.42 - CVE: CVE-2009-2995
• Platform: Cross Platform
• Title: Adobe Acrobat Integer Overflow Denial Of Service Vulnerability
• Description: Adobe Acrobat is an application for handling PDF files. The application is exposed to remote denial of service issue caused by an integer overflow when handling specially crafted PDF files. Adobe Acrobat versions earlier than 7.1.4, 8.1.7, and 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html

• 09.44.43 - CVE: CVE-2009-2992
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat ActiveX Control Denial of Service
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a denial of service issue in their ActiveX control because the software fails to sufficiently validate input. Adobe Reader and Acrobat versions earlier than 8.1.7 and 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html

• 09.44.44 - CVE: CVE-2009-3546
• Platform: Cross Platform
• Title: GD Graphics Library "_gdGetColors" Remote Buffer Overflow
• Description: GD Graphics Library (gdlib) is an open-source graphics library available for multiple platforms, including UNIX variants and Microsoft Windows. The library is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue stems from an error in the "_gdGetColors()" function of the "gd_gd.c" source file.
• Ref: http://seclists.org/oss-sec/2009/q4/41

• 09.44.45 - CVE: CVE-2009-3296
• Platform: Cross Platform
• Title: CamlImages JPEG Handling Remote Buffer Overflow
• Description: CamlImages is an open source library for processing images. The library is exposed to a remote buffer overflow issue that occurs because it fails to perform adequate boundary checks on user supplied data. Successfully exploiting this issue may allow attackers to execute arbitrary code with the privileges of the user running an application. CamlImages version 2.2 is affected by this issue.
• Ref: http://www.securityfocus.com/bid/36713

• 09.44.46 - CVE: Not Available
• Platform: Cross Platform
• Title: QEMU VNC Client Disconnect Use After Free Remote Code Execution
• Description: QEMU is a processor emulator that is available for various platforms. The applications is exposed to a remote code execution issue because of a use-after-free error in VNC client applications that arises when memory is referenced after it has already been freed.
• Ref: http://bugzilla.redhat.com/show_bug.cgi?id=505641 http://bugzilla.redhat.com/show_bug.cgi?id=501131

• 09.44.47 - CVE: CVE-2009-3607
• Platform: Cross Platform
• Title: Poppler "create_surface_from_thumbnail_data()" Integer Overflow Memory Corruption
• Description: Poppler is an application for handling PDF files. Poppler is exposed to a memory corruption issue because of an integer overflow error in "create_surface_from_thumbnail_data()" function in the "poppler-page.cc" source file. Successfully exploiting this issue may allow the attacker to execute arbitrary code within the context of affected applications.
• Ref: http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3607

• 09.44.48 - CVE: Not Available
• Platform: Cross Platform
• Title: McKesson Horizon Clinical Infrastructure (HCI) Password Disclosure
• Description: McKesson Horizon Clinical Infrastructure (HCI) is a patient record datastore application for multiple McKesson applications. The application is exposed to a local information disclosure issue because database passwords are hardcoded within the application. The "CCDBA" account, which has Oracle "sysdba" privileges, is stored in plain text in multiple binaries and scripts. HCI versions 7.6, 7.8, 10.0, and 10.1 are affected by this issue.
• Ref: http://www.securityfocus.com/archive/1/507267

• 09.44.49 - CVE: CVE-2009-2982
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat Certificate Modification
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to an issue that may allow an attacker to modify a certificate aiding in social engineering attacks. Adobe Acrobat and Reader versions earlier than 8.1.4 and 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1

• 09.44.50 - CVE: CVE-2009-3461
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat File Extension Controls Remote Security Bypass
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The application is exposed to a remote security bypass issue that affects security controls for file extensions. Successfully exploiting this issue may allow an attacker to bypass intended security restrictions. Adobe Acrobat versions 9.x earlier than 9.2 are affected by this issue.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-15.html

• 09.44.51 - CVE: Not Available
• Platform: Cross Platform
• Title: Kleopatra Malformed Certificate Remote Denial of Service
• Description: Kleopatra is a GNU Privacy Guard (GPG) certificate manager. Kleopatra is commonly found with GPG4Win. The application is exposed to a remote denial of service vulnerability that occurs when handling a malformed certificate containing an excessive amount of data. Kleopatra version 2.0.11 is affected by this issue.
• Ref: http://www.securityfocus.com/bid/36781

• 09.44.52 - CVE: CVE-2009-3700
• Platform: Cross Platform
• Title: squidGuard Multiple Security Bypass Vulnerabilities
• Description: squidGuard is a URL redirector for using blacklists with the proxy software Squid. The application is exposed to multiple vulnerabilities including a buffer overflow issue in the "sgLog.c" file that may let the application to go into unprotected emergency mode specifically when an overly long URL with multiple "" characters is provided and two security bypass issues occur when an attacker provides URL requests of length close to the value defined by "MAX_BUF" or "MAX_URL". squidGuard version 1.3 and 1.4 are affected by this issue. Ref: http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015 http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019

• 09.44.53 - CVE: CVE-2009-0840
• Platform: Cross Platform
• Title: MapServer HTTP Request Processing Integer Overflow
• Description: MapServer is a development environment for building spatially enabled internet applications.The application is exposed to a remote integer overflow issue because it fails to restrict the size of a buffer before passing it to the heap, specifically when the application handles large HTTP requests or requests that contain crafted "Content-Length" values. MapServer version 4.10.x is affected by this issue.
• Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36802.html

• 09.44.54 - CVE: CVE-2009-3627
• Platform: Cross Platform
• Title: HTML-Parser Invalid HTML Entity Remote Denial of Service
• Description: HTML-Parser is a Perl module that parses and extracts information from HTML documents. The application is exposed to a remote denial of service issue because the module fails to properly handle invalid HTML entities.HTML-Parser versions earlier than 3.63 are affected by this issue.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2237

• 09.44.55 - CVE: Not Available
• Platform: Cross Platform
• Title: Perl UTF-8 Regular Expression Processing Remote Denial of Service
• Description: Perl is a programming language available for multiple platforms. The application is exposed to a remote denial of service issue specifically in "regexec.c" file when certain UTF-8 strings are processed in regular expressions. Perl version 5.10.1 is affected by this issue.
• Ref: http://rt.perl.org/rt3//Public/Bug/Display.html?id=69973

• 09.44.56 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java System Web Server Unspecified Remote Buffer Overflow
• Description: Sun Java System Web Server is an HTTP server. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Sun Java System Web Server 7.0 Update 6 is affected by this issue.
• Ref: http://www.vupen.com/english/advisories/2009/3024 http://intevydis.com/vd-list.shtml

• 09.44.57 - CVE: Not Available
• Platform: Cross Platform
• Title: Novell eDirectory "/dhost/modules?L:" Buffer Overflow Vulnerability
• Description: Novell eDirectory is software for identity management and security. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data specifically when a malformed HTTP request to "/dhost/modules?L:" is processed. Novell eDirectory version 8.8 SP5 is affected by this issue.
• Ref: http://tcc.hellcode.net/sploitz/novelbof.txt

• 09.44.58 - CVE: Not Available
• Platform: Cross Platform
• Title: Asterisk Missing ACL Check Remote Security Bypass
• Description: Asterisk is an open source PBX application available for multiple operating platforms. The application is exposed to security bypass issue because it is missing access control list (ACL) check when handling SIP invites allowing attackers to bypass the security restriction defined in the "sip.conf" configuration file. Asterisk 1.6.1 versions earlier than 1.6.1.8 are affected by this issue.
• Ref: http://downloads.asterisk.org/pub/security/AST-2009-007.html

• 09.44.59 - CVE: Not Available
• Platform: Cross Platform
• Title: python-markdown2 Multiple Security Vulnerabilities
• Description: Markdown is a text-to-HTML filtering application. python-markdown2 is a python-based implementation of Markdown. The application is prone to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input that exploited via crafted image reference and an unspecified security issue exists in the application that affects the md5-hashing scheme for handling HTML chunks. python-markdown2 verisons 1.0.1.14 and earlier are affected by this issue. Ref: http://code.google.com/p/python-markdown2/source/browse/trunk/CHANGES.txt

• 09.44.60 - CVE: Not Available
• Platform: Cross Platform
• Title: nginx "ngx_http_process_request_headers()" Remote Buffer Overflow
• Description: The "nginx" program is an HTTP server and mail proxy server. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data in the "ngx_http_process_request_headers()" function of the "src/http/ngx_http_request.c" source file when handling certain HTTP requests.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035

• 09.44.61 - CVE: CVE-2009-2267
• Platform: Cross Platform
• Title: VMware Products Page Fault Exception Local Privilege Escalation
• Description: VMware is an OS emulation application. Multiple VMware products are exposed to a privilege escalation issue because they fail to properly handle certain page faults in "Virtual-8086" mode. Successfully exploiting this issue can allow an attacker to run arbitrary code with superuser privileges. Ref: http://lists.vmware.com/pipermail/security-announce/2009/000069.html

• 09.44.62 - CVE: CVE-2009-3733
• Platform: Cross Platform
• Title: VMware Products Directory Traversal
• Description: VMware is an OS emulation application. Multiple VMware products are exposed to a directory traversal issue because they fail to sufficiently sanitize user-supplied input. Ref: http://lists.vmware.com/pipermail/security-announce/2009/000069.html

• 09.44.63 - CVE: Not Available
• Platform: Cross Platform
• Title: OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass
• Description: OpenLDAP is an implementation of the Lightweight Directory Access Protocol (LDAP). OpenLDAP is exposed to a security bypass issue caused by a design error in the TLS library when certificates containing a NULL byte in the Common Name field of an X.509 certificate. Successfully exploiting this issue allows attackers to perform man in the middle attacks or impersonate trusted servers.
• Ref: http://marc.info/?l=oss-security&m=125198917018936&w=2 http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&a
  mp;r2=1.11&f=h http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_g.c.diff?r1=1.13&
  amp;r2=1.14&f=h http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&a
  mp;r2=1.11&f=h

• 09.44.64 - CVE: CVE-2009-3551,CVE-2009-3549,CVE-2009-3550,CVE-2009-2560
• Platform: Cross Platform
• Title: Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic available for Microsoft Windows and for Unix-like operating systems. The application is exposed to multiple vulnerabilities when handling certain types of packets and protocols in varying conditions. Wireshark versions earlier than 1.2.2 and 1.0.9 are affected by this issue.
• Ref: http://www.wireshark.org/security/wnpa-sec-2009-07.html http://www.wireshark.org/security/wnpa-sec-2009-08.html

• 09.44.65 - CVE: CVE-2009-1348
• Platform: Cross Platform
• Title: McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
• Description: McAfee develops antivirus, antispyware, and firewalling products. Multiple McAfee products are exposed to vulnerabilities that may allow certain files to bypass the scan engine. The issue occurs because the software fails to properly inspect specially crafted "TAR" and "PDF" files.
• Ref: http://kc.mcafee.com/corporate/index?page=content&id=SB10003 http://www.g-sec.lu/mcafee-pdf-bypass.html

• 09.44.66 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities
• Description: Opera Web Browser is a browser that runs on multiple operating systems. The application is prone to a remote code execution issue due to memory corruption when handling crafted domain names. Also security issue related to Web fonts that may allow an attacker to display arbitrary domain names in the address field. Opera versions earlier than 10.01 are affected by this issue.
• Ref: http://www.opera.com/support/kb/view/938/ http://www.opera.com/support/kb/view/939/ http://www.opera.com/support/kb/view/940/

• 09.44.67 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Eclipse BIRT "run?__report" Parameter Cross-Site Scripting
• Description: Eclipse BIRT (Business Intelligence and Reporting Tools) is a report plugin for the Eclipse IDE. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "run?__report" parameter. Eclipse BIRT verison 2.2.1 is affected by this issue.
• Ref: http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss/ http://bugs.eclipse.org/bugs/show_bug.cgi?id=259127

• 09.44.68 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: bloofoxCMS "search" Parameter Cross-Site Scripting
• Description: bloofoxCMS is a web-based content manager implemented in PHP. bloofoxCMS is exposed to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input for the "search" parameter of the "search.5.html" script. bloofoxCMS version 0.3.5 is affected by this issue.
• Ref: http://packetstormsecurity.org/0910-exploits/bloofoxcms-xss.txt

• 09.44.69 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Zainu "searchSongKeyword" Parameter Cross-Site Scripting
• Description: Zainu is a PHP-based application for creating music video sites. Zainu is exposed to a cross site scripting issue because the application fails to sufficiently sanitize user-supplied input for the "searchSongKeyword" parameter. Zainu version 1.0 is affected by this issue.
• Ref: http://www.securityfocus.com/bid/36701

• 09.44.70 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Cybozu Multiple Products Unspecified Cross-Site Scripting Vulnerabilities
• Description: Multiple Cybozu products are exposed to multiple cross-site scripting issues because they fail to sufficiently sanitize user-supplied input. Successfully exploiting this issues can allow to execute arbitrary HTML and script code in user`s browser session in context of an affected site. Cybozu Office version 7, Cubozu Dezie version 6 and Cybozu Mailwise 3 is affected by this issue.
• Ref: http://jvn.jp/en/jp/JVN23108985/index.html

• 09.44.71 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Snitz Forums 2000 Cross-Site Scripting and HTML Injection Vulnerabilities
• Description: Snitz Forums 2000 is an ASP-based forum application. The application is exposed to a cross-site scripting issue that affects the "url" parameter of the "forum/pop_send_to_friend.asp" script and a HTML injection issue that affects the "sound" tag because of improper input validation. Snitz Forums 2000 version 3.4.07 is affected by this issue.
• Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36710.html

• 09.44.72 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: IBM Rational RequisitePro ReqWebHelp Multiple Cross-Site Scripting Vulnerabilities
• Description: IBM Rational RequisitePro is a requirements-management tool. The application is exposed to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. IBM Rational RequisitePro version 7.10 is affected by this issue.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK83895

• 09.44.73 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TBmnetCMS "content" Parameter Cross-Site Scripting
• Description: TBmnetCMS is a PHP-based content manager. TBmnetCMS is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input, specifically the "content" parameter of the "tbmnet.php" script. TBmnetCMS version 1.0 is affected by this issue.
• Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36733.html

• 09.44.74 - CVE: CVE-2009-3745
• Platform: Web Application - Cross Site Scripting
• Title: IBM Rational AppScan Help Pages Unspecified Cross-Site Scripting
• Description: IBM Rational AppScan is a web-based tool for scanning and reporting vulnerabilities. The application is exposed to a cross site scripting issue because it fails to properly sanitize user-supplied input. IBM Rational AppScan Tester version 5.5.0.2; IBM Rational AppScan Reporting Console version 5.5.0.2 and IBM Rational AppScan Enterprise version 5.5.0.2 are affected by this issue.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24024704

• 09.44.75 - CVE: CVE-2009-3748
• Platform: Web Application - Cross Site Scripting
• Title: Websense Email Security Cross-Site Scripting and HTML Injection Vulnerabilities
• Description: Websense Email Security and Personal Email Manager are email security applications. Both applications use the Websense Email Security Web Administrator tool for online administration. The applications are exposed to cross-site scripting vulnerabilities and a HTML injection issue which affects the email "subject" header when it is held in a queue. Websense Email Security versions earlier than 7.1 Hotfix 4 and Websense Personal Email Manager versions earlier than 7.1 Hotfix 4 are affected by this issue.
• Ref: http://sotiriu.de/adv/NSOADV-2009-003.txt http://kb.websense.com/display/4n/kb/article.aspx?aid=4786&searchstring=&
  ;n=&tab=browse&bt=4n&s=

• 09.44.76 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Drupal Flag Content Module HTML Injection
• Description: Flag Content is a PHP-based module for the Drupal content manager. The application is exposed to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input to the "Reason" field before displaying it in a user's browser. Flag Content versions earlier than 5.x-2.10 are affected by this issue.
• Ref: http://drupal.org/node/610818

• 09.44.77 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Drupal vCard Module Cross-Site Scripting
• Description: vCard is a PHP-based module for the Drupal content manager. The vCard module is exposed to a cross site scripting issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. The issue occurs when the "theme_vcard()" function is added to a theme and default content from the vCard module is output. vCard versions 6.x earlier to 6.x-1.3 and vCard versions 5.x earlier to 5.x-1.4 are affected by this issue.
• Ref: http://drupal.org/node/610996

• 09.44.78 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Drupal Abuse Module Cross-Site Scripting
• Description: Abuse is a PHP-based module for the Drupal content manager. The Abuse module is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Abuse versions 6.x earlier than 6.x-1.1-alpha1 and Abuse versions 5.x earlier than 5.x-2.1 are affected by this issue.
• Ref: http://drupal.org/node/611078

• 09.44.79 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Dream Poll Cross-Site Scripting and SQL Injection
• Description: Dream Poll is PHP-based software for managing user voting. The application is exposed to SQL injection issues and a cross-site scripting issue because it fails to validate user-supplied input. Dream Poll version 3.1 affected by this issue.
• Ref: http://www.securityfocus.com/bid/36663

• 09.44.80 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: OpenDocMan Cross-Site Scripting and SQL Injection
• Description: OpenDocMan is a PHP-based open-source document manager. The application is exposed to multiple cross-site scripting issues and an SQL injection issue that affects the "Username" parameter when logging in to the application because of insufficient input validation. OpenDocMan versions 1.2.5 is affected by these issues.
• Ref: http://securityreason.com/wlb_show/WLB-2009100041

• 09.44.81 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Drupal Moodle Course List Module Unspecified SQL Injection
• Description: Moodle Course List is a module for the Drupal content manager. The application is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data. Moodle Course List versions earlier than 6.x-1.2 are affected by this issue.
• Ref: http://drupal.org/node/610986

• 09.44.82 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_jshop" Component "pid" Parameter SQL Injection
• Description: "com_jshop" is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "com_jshop" component before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/36808

• 09.44.83 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_photoblog" Component "category" Parameter SQL Injection
• Description: "com_photoblog" is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "com_photoblog" component before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/36809

• 09.44.84 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: RunCMS "forum" Parameter SQL Injection
• Description: RunCMS is a PHP-based content manager. The application is exposed to a SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forum" parameter of the "modules/forum/post.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/36816

• 09.44.85 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: RunCMS "pid" Parameter SQL Injection
• Description: RunCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter in the "store()" function of the "modules/forum/class/class.forumposts.php" script before using it in an SQL query. RunCMS version 2m1 is affected by this issue.
• Ref: http://retrogod.altervista.org/9sg_runcms_store_sql.html http://retrogod.altervista.org/9sg_runcms_forum_sql.html

• 09.44.86 - CVE: Not Available
• Platform: Web Application
• Title: Pentaho BI Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities
• Description: Pentaho BI is a web-based business intelligence (BI) application. The application is exposed to multiple cross-site scripting issues in the "/pentaho/ViewAction" servlet and an information disclosure issue that allows attackers to obtain sensitive session data from the "JSESSIONID" token because of insufficient input validation. Pentaho BI version 1.7.0.1062 is affected by this issue.
• Ref: http://www.securityfocus.com/archive/1/507168

• 09.44.87 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Organic Groups Vocabulary Module Unauthorized Access
• Description: Organic Groups Vocabulary is a module for the Drupal content manager. The application is exposed to an unauthorized access issue because it fails to adequately enforce access permissions. Organic Groups Vocabulary versions earlier than 6.x-1.0 are affected by this issue.
• Ref: http://drupal.org/node/604514

• 09.44.88 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Printer, e-mail and PDF version Module Security Bypass and HTML Injection Vulnerabilities
• Description: "Printer, e-mail and PDF version" is a module for the Drupal content manager. The application is exposed to a HTML injection issue in the "print" sub-module because the application fails to sufficiently sanitize user-supplied input. Drupal Printer, e-mail and PDF versions 6.x-1.8 and 5.x-4.8 are affected by this issue.
• Ref: http://drupal.org/node/604808 http://drupal.org/node/604804 http://drupal.org/node/604806

• 09.44.89 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Webform Module HTML Injection and Information Disclosure Vulnerabilities
• Description: Drupal is a web-based content manager. Webform is a Drupal module that is used to create questionnaires, contact forms, surveys, and other forms. The application is exposed to an HTML injection issue because the application fails to sufficiently sanitize user-supplied input passed through field labels, and an information disclosure issue because the application use token placeholders for a default value in a page cache. Webform version 6.x-2.8 and 5.x-2.8 are affected by this issue.
• Ref: http://drupal.org/node/604942

• 09.44.90 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! JD-WordPress Component "wp-feed.php" Remote File Include
• Description: JD-WordPress is a blogging component for the Joomla! content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "wp-feed.php" script. JD-WordPress version 2.0 RC2 is affected by this issue.
• Ref: http://www.securityfocus.com/bid/36730

• 09.44.91 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! Ajax Chat Component "ajcuser.php" Remote File Include
• Description: The Ajax Chat module is a component for the Joomla! content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GLOBALS[mosConfig_absolute_path]" parameter of the "ajcuser.php" script. Ajax Chat version 1.0 is affected by this issue.
• Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36731.html

• 09.44.92 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! com_booklibrary Component "releasenote.php" Remote File Include
• Description: The "com_booklibrary" module manages book libraries for the Joomla! content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "releasenote.php" script. The com_booklibrary version 1.0 is affected by this issue.
• Ref: http://www.juniper.net/security/auto/vulnerabilities/vuln36732.html

• 09.44.93 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 freeCap CAPTCHA Module Unspecified Unauthorized Access Vulnerability
• Description: The "freeCap CAPTCHA" module (sr_freecap) is an extension for the TYPO3 content manager. The module is exposed to an unspecified unauthorized access issue that occurs in its session handling functionality. Successfully exploiting this issue could allow attackers to gain unauthorized access to the affected application. freeCap CAPTCHA versions earlier than 1.2.2. are affected by this issue. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/

• 09.44.94 - CVE: Not Available
• Platform: Web Application
• Title: Vivvo CMS "files.php" Directory Traversal
• Description: Vivvo CMS is a web-based content manager implemented in PHP. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "files.php" script. Vivvo CMS version 4.1.5.1 is affected by this issue.
• Ref: http://www.waraxe.us/advisory-75.html

• 09.44.95 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Userpoints Module "userpoint" Information Disclosure
• Description: Userpoints is a module for the Drupal content manager. The application is exposed to an information disclosure issue because it fails to restrict access to certain portions of the affected application. Specifically, users with "View own userpoints" permissions are allowed to access any userpoint data of any other user.Userpoints versions earlier than 6.x-1.1 are affected by this issue.
• Ref: http://drupal.org/node/610818

• 09.44.96 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Simplenews Statistics Module Multiple Vulnerabilities
• Description: Simplenews Statistics is a Drupal module to provide newsletter statistics. The application is exposed to cross-site scripting, cross-site request forgery, and URI redirection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Simplenews Statistics versions earlier than 6.x-2.0 are affected by these issues.
• Ref: http://drupal.org/node/611002

• 09.44.97 - CVE: Not Available
• Platform: Web Application
• Title: Drupal FileField Module Information Disclosure
• Description: FileField is a module for the Drupal content manager. The application is exposed to an information disclosure issue because it fails to restrict access to certain resources. Specifically, the module fails to restrict access to files based on node access permissions when using Drupal core's private filesystem. FileField version 6.x-3.1 is affected by this issue.
• Ref: http://drupal.org/node/611128

• 09.44.98 - CVE: Not Available
• Platform: Web Application
• Title: DM Albums Multiple File Deletion Vulnerabilities
• Description: DM Albums is a PHP-based image gallery plugin for WordPress. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. DM Albums version 2.1 and earlier are affected by this issue. Ref: http://blog.ndarkness.com/blog/225/wordpress-dm-albums-version-2-0-critical-vulnerability/

• 09.44.99 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 Core Multiple Security Vulnerabilities
• Description: TYPO3 is a web-based content manager. The application is exposed to multiple vulnerabilities including an information disclosure issue in the "tt_content" form element which may allow an attacker to recalculate encryption keys and attack the TYPO3 mechanisms. TYPO3 versions earlier than 4.0.13, 4.1.12, 4.2.9 and 4.3.0beta1 are affected by this issue. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

• 09.44.100 - CVE: Not Available
• Platform: Web Application
• Title: Achievo "debugger.php" Remote File Include
• Description: Achievo is a web-based resource-management tool implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "config_atkroot" parameter of the "debugger.php" script. Successfully exploiting this issue may allow an attacker to execute malicious PHP code in the context of the webserver process. Achievo versions earlier than 1.4.0 are affected by this issue.
• Ref: http://www.securityfocus.com/bid/36822/

• 09.44.101 - CVE: CVE-2009-3625
• Platform: Web Application
• Title: Sahana "mod" Parameter Local File Disclosure
• Description: Sahana is a web-based disaster management application. The application is exposed to a local file disclosure issue because it fails to adequately validate user-supplied input in the "mod" parameter of the "index.php" script. Successfully exploiting this issue may allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. Sahana version 0.6.2.2 is affected by this issue.
• Ref: http://bugzilla.redhat.com/show_bug.cgi?id=530255 http://sourceforge.net/mailarchive/forum.php?thread_name=5d9043b70910191044l4bb0
  178fs563a5128a0f5db01%40mail.gmail.com&forum_name=sahana-maindev

• 09.44.102 - CVE: Not Available
• Platform: Web Application
• Title: IBM Lotus Connections Mobile Activities Pages Cross-Site Scripting
• Description: IBM Lotus Connections is a web-based application used for sharing information between coworkers, partners and customers. The application is exposed to a cross site scripting issue because it fails to sufficiently sanitize user-supplied input. IBM Lotus Connections version 2.5 is affected is affected by this issue.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24024303

• 09.44.103 - CVE: Not Available
• Platform: Web Application
• Title: TFTgallery "album" Parameter Cross-Site Scripting Vulnerability
• Description: TFTgallery is a PHP-based application. TFTgallery is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user supplied input specifically the "album" parameter of the "index.php" script. TFTgallery version 0.13 is affected by this issue.
• Ref: http://packetstormsecurity.org/0910-exploits/tftgallery-xss.txt

• 09.44.104 - CVE: CVE-2009-2874
• Platform: Network Device
• Title: Cisco Unified Presence TimesTenD Process Denial of Service
• Description: Cisco Unified Presence collects information about user availability for use with the Cisco Unified Communications system. The application is exposed to a denial of service issue that occurs in the TimesTenD process. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml

• 09.44.105 - CVE: CVE-2009-2052
• Platform: Network Device
• Title: Cisco Unified Presence Track Network Connection Denial of Service
• Description: Cisco Unified Presence collects information about user availability for use with the Cisco Unified Communications system. The application is exposed to a denial of service issue that occurs when handling a flood of TCP requests. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml

• 09.44.106 - CVE: Not Available
• Platform: Network Device
• Title: Intel BIOS Version Reversion Local Privilege Escalation
• Description: Intel BIOS is exposed to a privilege escalation issue. Successfully exploiting this issue will allow local users to flash vulnerable products to an earlier BIOS version, which may aid in other attacks. Ref: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00019&languageid=en-fr

• 09.44.107 - CVE: Not Available
• Platform: Network Device
• Title: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Multiple Remote Vulnerabilities
• Description: 3Com OfficeConnect ADSL Wireless 11g Firewall Router is a Wi-Fi networking router. The device is exposed to a remote command execution issue which affects the "IP" parameter of the "utility.cgi" script, and an authentication bypass issue which occurs because the device allows unauthorized users to gain access to its configuration file. 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3.0 is affected by these issues.
• Ref: http://www.securityfocus.com/archive/1/507263

• 09.44.108 - CVE: Not Available
• Platform: Network Device
• Title: Overland Storage Snap Server 410
• Description: Overland Storage Snap Server 410 is a network storage device. Snap Server 410 runs the GuardianOS operating system. The application is exposed to a local privilege escalation issue because the "less" utility can execute arbitrary shell commands through the "!" function and these commands are run with root privileges. Snap Server version 410 running GuardianOS 5.1.041 is affected by this issue.
• Ref: http://www.securityfocus.com/bid/36739

• 09.44.109 - CVE: Not Available
• Platform: Network Device
• Title: Aruba Mobility Controller 802.11 Association Request Frame Remote Denial of Service
• Description: Aruba Mobility Controller is a network device for wireless and wired communication. Aruba Mobility Controller is exposed to a remote denial of service issue if a crafted 802.11 Association Request frame packet is sent to the device. ArubaOS versions 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x and 3.3.2.x-FIPS in the Aruba Mobility Controller are affected by this issue.
• Ref: http://www.arubanetworks.com/support/alerts/aid-102609.asc

• 09.44.110 - CVE: Not Available
• Platform: Network Device
• Title: Multiple Vendors IPv6 Implementation Remote Denial of Service
• Description: Products from multiple vendors are prone to a remote denial of service issue. The issue occurs in the IPv6 implemented when handling packets related to Network Discovery Protocol. Products from THE FURUKAWA ELECTRIC CO., LTD., Internet Initiative Japan Inc. and Yamaha Corporation are affected by this issue.
• Ref: http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/75368899.html http://jvn.jp/en/jp/JVN75368899/index.html http://www.furukawa.co.jp/fitelnet/topic/vulnera_20091026.html

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.