Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 5
January 29, 2009

SANS Newsletters Home

EMC's Autostart's critical vulnerability this week is a keen reminder that the attackers are focusing on back up and security and system management tools because, like the proverbial shoemaker's children, many system management and network security developers have very lax secure coding programs and standards. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 1
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 9 (#1, #2)
    • Linux
    • 2
    • Solaris
    • 5 (#4)
    • Cross Platform
    • 39 (#3)
    • Web Application - Cross Site Scripting
    • 6
    • Web Application - SQL Injection
    • 27
    • Web Application
    • 18
    • Network Device
    • 2

*************************************************************************

TRAINING UPDATE - - SANS 2009 in Orlando in early March - the largest security training conference and expo in the world. lots of evening sessions: http://www.sans.org/ - - Looking for training in your own Community? http://sans.org/community/ For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: EMC AutoStart Remote Code Execution
  • Affected:
    • EMC AutoStart versions prior to 5.3 SP2

  • Description: EMC AutoStart is a popular application failover and restart system for enterprises. It fails to validate certain data in input, and implicitly trusts certain user-suppilied values in requests. These values are treated as pointers to code; a specially chosen value could lead to arbitrary code execution with the privileges of the vulnerable process (SYSTEM). Technical details are available for this vulnerability.

  • Status: Vendor confirmed, updates available. Users are advised to block access to TCP port 8042 at the network perimeter, if possible.

  • References:
  • (2) HIGH: MW6 Barcode ActiveX Control Buffer OverflowAffected: MW6 Barcode ActiveX Control

  • Description: The MW6 Barcode ActiveX control is a popular control used to create barcodes in a variety of formats. It contains a buffer overflow in its handling of its "supplement" property. A specially crafted web page that instantiated this control and set this property could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "14D09688-CFA7-11D5-995A-005004CE563B".

  • References:
  • (3) MODERATE: FFmpeg 4X Handling Memory Corruption
  • Affected:
    • FFmpeg versions prior to SVN 16846

  • Description: FFmpeg is a popular media handling library used by a variety of projects and products. It contains an integer conversion vulnerability in its parsing of the 4X media format. A specially crafted 4X media file could trigger this vulnerability, leading to a variety of memory corruption vulnerabilities. These vulnerabilities could be exploited to execute arbitrary code with the privileges of the vulnerable process. Full technical details for this vulnerability are available via source code and patch analysis. The FFmpeg library is used by popular products such as the VLC Media Player, Mplayer, Xine, and others. All products using the library are potentially vulnerable. Note that, depending upon configuration, a malicious media file may be opened by the vulnerable application upon receipt, without first prompting the user.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 5, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.5.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows "RunAs" Password Length Local Information Disclosure
  • Description: Microsoft Windows is a commercial operating system. Windows includes a "RunAs" application that can be used to execute a second application as a different user, generally for performing privileged operations. RunAs is exposed to a local information disclosure issue. Specifically, the application will prompt the current user for the password of the specified user.
  • Ref: http://www.securityfocus.com/archive/1/500393
  • 09.5.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Unspecified Directory Traversal
  • Description: Microsoft Internet Explorer is a web browser for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to adequately sanitize user-supplied data. This issue may be related to the handling of "resource://" URIs or encoded characters of the form "%5C".
  • Ref: http://www.securityfocus.com/archive/1/500336
  • 09.5.3 - CVE: CVE-2008-5260
  • Platform: Third Party Windows Apps
  • Title: AXIS Camera Control ActiveX Control "image_pan_tilt" Buffer Overflow
  • Description: Axis Camera Control is an ActiveX control used to control Axis network cameras. The application is exposed to a buffer overflow issue. Specifically, this issue stems from a boundary condition in the "image_pan_tilt" property of the "AxisCamControl.ocx" ActiveX control. Axis Camera Control version 2.40.0.0 is affected.
  • Ref: http://secunia.com/secunia_research/2008-58/
  • 09.5.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EMC AutoStart "ftbackbone.exe" Remote Code Execution
  • Description: EMC AutoStart is an application that allows automatic application recovery within a short period of time. The application is exposed to a remote code execution issue. This issue exists in the "ftbackbone.exe" service listening on TCP port 8042 by default.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-009/
  • 09.5.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Merak Media Player ".m3u" File Remote Buffer Overflow
  • Description: Merak Media Player is a multimedia player application available for Microsoft Windows. Merak Media Player is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially-crafted ".m3u" playlist file. Merak Media Player version 3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33419
  • 09.5.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MediaMonkey ".m3u" File Remote Buffer Overflow
  • Description: MediaMonkey is a multimedia player application available for Microsoft Windows. MediaMonkey is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially-crafted ".m3u" playlist file. MediaMonkey version 3.0.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500381
  • 09.5.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
  • Description: WFTPD Pro is an FTP server available for Microsoft Windows. WFTPD Pro is exposed to multiple remote denial of service issues because the application fails to handle specially-crafted FTP commands in a proper manner. WFTPD Pro version 3.30.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33426
  • 09.5.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service
  • Description: Nokia Multimedia Player is a media player available for Microsoft Windows platforms. Nokia Multimedia Player is exposed to a remote denial of service issue that may cause the application to crash with a NULL-pointer dereference when loading a specially-crafted AVI movie file. Nokia Multimedia Player version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500386
  • 09.5.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MW6 Technologies Barcode ActiveX Control "Supplement" Heap Buffer Overflow
  • Description: MW6 Technologies Barcode ActiveX is an ActiveX control used for creating device-independent barcodes. Barcode ActiveX is exposed to a heap-based buffer overflow issue that stems from a boundary condition in the "Supplement" property of the "Barcode.dll" ActiveX control.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.5.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FlexCell Grid Control (ActiveX) Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: FlexCell Grid Control (ActiveX) is an application for working with spreadsheet data. The application is exposed to two issues that allow attackers to overwrite files with arbitrary, attacker-supplied content. Specifically, the "SaveFile()" and "ExportToXML()" methods of the Grid Control ActiveX control will overwrite files in an insecure manner. FlexCell Grid Control (ActiveX) version 5.6.9 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.5.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NCTSoft NCTVideoStudio ActiveX Control "CreateFile()" Heap Buffer Overflow
  • Description: NCTSoft NCTVideoStudio is a collection of ActiveX controls for building multimedia applications. One included control is "NCTAudioFile2.dll". The ActiveX control is exposed to a heap-based buffer overflow issue. Specifically, this issue stems from a boundary condition in the "CreateFile()" function of the "NCTAudioFile2.dll" ActiveX control. NCTVideoStudio version 1.6 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 09.5.12 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "readlink" Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs in the "ecryptfs_printk()" function of the "fs/ecryptfs/inode.c" source file. Linux kernel versions prior to 2.6.24.1 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1
  • 09.5.13 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "dell_rbu" Local Denial of Service Vulnerabilities
  • Description: Linux Kernel is exposed to two denial of service issues because of errors that affect the "read_rbu_image_type()" and "read_rbu_packet_size()" functions of the "drivers/firmware/dell_rbu.c" source file. kernel versions prior to 2.6.27.13 and 2.6.28.2 are affected.
  • Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.13
  • 09.5.14 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris UltraSPARC T2 And UltraSPARC T2+ Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Solaris "sun4v" kernel for Sun UltraSPARC T2 and UltraSPARC T2+ systems is exposed to a local denial of service issue caused by unspecified errors. OpenSolaris for Sun UltraSPARC T2 and UltraSPARC T2+ systems are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-250066-1
  • 09.5.15 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Pseudo-terminal Driver (pty(7D)) Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a local denial of service issue that occurs due to a race condition error and affects the Solaris pseudo-terminal driver (pty(7D)) module.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249586-1
  • 09.5.16 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "in.iked(1M)" IKE Packet Handling Remote Denial of Service
  • Description: Sun Solaris "in.iked(1M)" is a daemon that uses the "libike" library to process Internet Key Exchange (IKE) packets. The application is exposed to a denial of service issue when handling specially-crafted IKE packets. Remote attackers can deny service to legitimate users by crashing the "in.iked(1M)" daemon.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247406-1
  • 09.5.17 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris IPv6 "ipsec_needs_processing_v6()" Remote Denial of Service
  • Description: Sun Solaris is prone to a remote denial of service issue. The issue occurs when the kernel processes specially crafted IPv6 packets in the "ipsec_needs_processing_v6()" function. Solaris 11 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/33435
  • 09.5.18 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "autofs" Kernel Module Local Code Execution
  • Description: Sun Solaris is exposed to a local code execution issue because of an error in the "autofs" kernel module. Attackers can exploit this issue to cause a denial of service condition. In certain circumstances, attackers may be able to execute arbitrary code with the privileges of the "root" user.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249966-1
  • 09.5.19 - CVE: CVE-2009-0057
  • Platform: Cross Platform
  • Title: Cisco Unified Communications Manager CAPF Service Denial of Service
  • Description: Cisco Unified Communications Manager (CUCM) is a software-based call-processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. CUCM is exposed to a denial of service issue when handling malformed input. This issue occurs in the Certificate Authority Proxy Function (CAPF) service listening on TCP Port 3804. Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090121-cucmcapf.shtml
  • 09.5.20 - CVE: CVE-2008-3820
  • Platform: Cross Platform
  • Title: Cisco Security Manager IPS Event Viewer Remote Unauthorized TCP Port Access
  • Description: Cisco Security Manager is a management application used to configure security services. This issue occurs when IPS Event Viewer is launched, resulting in open TCP ports on both the Security Manager server and IPS Event Viewer client. Security Manager versions 3.0 up to 3.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/500249
  • 09.5.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Axis 70U Network Document Server Multiple Input Validation Vulnerabilities
  • Description: The Axis 70U Network Document Server is a document server device which includes a web-based administration interface. The administration interface is exposed to multiple issues because it fails to properly sanitize user-supplied input. The Axis 70U Network Document Server firmware version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500248
  • 09.5.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenOffice ".doc" File Remote Denial of Service
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. OpenOffice is exposed to a remote denial of service issue when handling a specially-crafted ".doc" file. The problem occurs when converting Word 97 format files for use in OpenOffice Word Processor.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1410
  • 09.5.23 - CVE: CVE-2009-0002
  • Platform: Cross Platform
  • Title: Apple QuickTime QTVR Movie Remote Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs when handling "THKD" atoms in a malicious QTVR (QuickTime Virtual Reality) movie file. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-005/
  • 09.5.24 - CVE: CVE-2009-0001
  • Platform: Cross Platform
  • Title: Apple QuickTime RTSP URL Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. Apple QuickTime is exposed to a remote heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling malformed RTSP URLs. Apple QuickTime versions prior to 7.6 are affected.
  • Ref: http://www.securityfocus.com/bid/33385
  • 09.5.25 - CVE: CVE-2009-0005
  • Platform: Cross Platform
  • Title: Apple QuickTime H.263 Encoded Movie Remote Memory Corruption
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a memory corruption issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs when handling a malicious H.263 Encoded movie file. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP3, and Mac OS X is affected.
  • Ref: http://support.apple.com/kb/HT3403
  • 09.5.26 - CVE: CVE-2009-0003
  • Platform: Cross Platform
  • Title: Apple QuickTime AVI Movie Remote Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs when handling AVI movie files. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-006/
  • 09.5.27 - CVE: CVE-2009-0006
  • Platform: Cross Platform
  • Title: Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs when handling a malicious Cinepak encoded movie file. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP3, and Mac OS X is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-007/
  • 09.5.28 - CVE: CVE-2009-0004
  • Platform: Cross Platform
  • Title: Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs when handling MPEG-2 video files with MP3 audio content. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2 and SP3, and Mac OS X is affected.
  • Ref: http://support.apple.com/kb/HT3403
  • 09.5.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple QuickTime "jpeg" Atoms Movie File Remote Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs when handling "jpeg" atoms in a malicious movie file. Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2 and SP3, and Mac OS X is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-007/
  • 09.5.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fujitsu Systemcast Wizard Lite TFTP Directory Traversal
  • Description: Fujitsu Systemcast Wizard Lite is a support application for Fujitsu PRIMEQUEST servers. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to unspecified Trivial File Transfer Protocol (TFTP) requests. Systemcast Wizard Lite versions 2.0A and earlier are affected. Ref: http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html
  • 09.5.31 - CVE: CVE-2009-0008
  • Platform: Cross Platform
  • Title: Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption
  • Description: Apple QuickTime is a media player that supports multiple file formats. The component is exposed to a memory corruption issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs when handling malformed MPEG-2 video files. Apple QuickTime MPEG-2 Playback Component running on Microsoft Windows Vista and Microsoft Windows XP SP2 and SP3 is affected.
  • Ref: http://support.apple.com/kb/HT3381
  • 09.5.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun OpenSolaris "txzonemgr" Insecure Temporary File Handling
  • Description: The "txzonemgr" script provides an interface for managing labeled zones for the OpenSolaris operating system. The script handles temporary files in an insecure manner.
  • Ref: http://opensolaris.org/os/bug_reports/request_sponsor/
  • 09.5.33 - CVE: CVE-2008-5909
  • Platform: Cross Platform
  • Title: Sun OpenSolaris "conv_lpd" Insecure Temporary File Handling
  • Description: Sun OpenSolaris is a UNIX-based operating system. OpenSolaris handles temporary files in an insecure manner. This issue affects "conv_lpd". An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
  • Ref: http://opensolaris.org/os/bug_reports/request_sponsor/
  • 09.5.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Application Server Information Disclosure
  • Description: Sun Java System Application Server is an enterprise application server. It is available for Solaris, Windows, and Linux platforms. The application is exposed to a remote information disclosure issue because it may reveal configuration files in WEB-INF and META-INF directories to remote unprivileged users.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1
  • 09.5.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Tor Unspecified Remote Memory Corruption
  • Description: Tor is an implementation of second-generation Onion Routing, a connection-oriented anonymizing communication service. The application is exposed to a heap corruption issue because of unspecified errors. Tor versions prior to 0.2.0.33 are affected.
  • Ref: http://archives.seul.org/or/announce/Jan-2009/msg00000.html
  • 09.5.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FTPShell server ".key" File Buffer Overflow
  • Description: FTPShell Server is an FTP server application available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data. This issue can occur when a specially-crafted ".key" file containing 8000 or more bytes of data. FTPShell Server version 4.3 is affected.
  • Ref: http://www.securityfocus.com/bid/33403
  • 09.5.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
  • Description: GStreamer is a library for constructing graphs of media-handling components. GStreamer is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks when parsing "stts", "stss", and "ctts" Atoms on user-supplied QuickTime media files. These issues occur in the "gst-plugins-good/gst/qtdemux/qtdemux.c" source file. GStreamer "gst-plugins-good" versions prior to 0.10.12 are affected.
  • Ref: http://www.securityfocus.com/archive/1/500317
  • 09.5.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Futomi's CGI Cafe Search CGI Password Reset Security Bypass
  • Description: Futomi's CGI Cafe Search CGI is a CGI-based application. The application is exposed to a security bypass issue related to the password-reset feature. This issue is the result of a failure to restrict access to the "PasswdChange()" function of the "admin.cgi" script when the parameter "a" is set to "pass_new". Futomi's CGI Cafe Search CGI versions up to and including 1.1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/33409
  • 09.5.39 - CVE: CVE-2008-2955
  • Platform: Cross Platform
  • Title: Pidgin "msn_slplink_process_msg()" Denial of Service
  • Description: Pidgin is a multiplatform instant-messaging client that supports multiple messaging protocols. Pidgin is exposed to a denial of service issue because it fails to properly sanitize user-supplied input. Pidgin version 2.4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493682
  • 09.5.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Systrace 64 Bit Aware Linux Kernel Privilege Escalation
  • Description: Systrace is an application used to provide access control restrictions on system calls. Systrace is available for Linux, BSD and Mac OS X. Systrace is exposed to a local privilege escalation issue when running on a 64-bit aware Linux kernel. Systrace versions prior to 1.6f are affected.
  • Ref: http://scary.beasts.org/security/CESA-2009-001.html
  • 09.5.41 - CVE: CVE-2009-0032
  • Platform: Cross Platform
  • Title: CUPS "/tmp/pdf.log" Insecure Temporary File Creation
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS creates temporary files in an insecure manner. The issue occurs because the application script creates the "/tmp/pdf.log" file in an insecure manner. CUPS 1.3.9 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/33418
  • 09.5.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gnumeric "PySys_SetArgv" Remote Command Execution
  • Description: Gnumeric is an open-source spreadsheet application for the GNOME desktop environment. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python interface ("gnumeric-N.V.R/plugins/python-loader/gnm-py-interpreter.c") calls "PySys_SetArgv" with a parameter that doesn't resolve to a filename.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481572
  • 09.5.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Epiphany "PySys_SetArgv" Remote Command Execution
  • Description: Epiphany is a web browser available for the GNOME desktop. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python interface ("epiphany-N.V.R/src/ephy-python.c") calls "PySys_SetArgv" with a parameter that doesn't resolve to a filename.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363
  • 09.5.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Nautilus "PySys_SetArgv" Remote Command Execution
  • Description: Nautilus is a file management application for the GNOME desktop. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python interface calls "PySys_SetArgv" with a parameter that doesn't resolve to a filename.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481570
  • 09.5.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: eog "PySys_SetArgv" Remote Command Execution
  • Description: eog (Eye of GNOME) is an open-source image viewer for the GNOME desktop environment. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python interface "PySys_SetArgv" in the "eog-python-module.c" source file doesn't resolve to a filename.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481553
  • 09.5.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XChat "PySys_SetArgv" Remote Command Execution
  • Description: XChat is an open-source Internet Relay Chat (IRC) client available for multiple platforms. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python module calls "PySys_SetArgv" with a parameter that doesn't resolve to a filename.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481560
  • 09.5.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: gedit "PySys_SetArgv" Remote Command Execution
  • Description: gedit is an open-source text editor application for the GNOME desktop environment. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python interface "PySys_SetArgv()" doesn't resolve to a filename.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=481556
  • 09.5.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Csound "PySys_SetArgv" Remote Command Execution
  • Description: Csound is a sound design, music synthesis, and signal processing application. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python interface ("frontends/CsoundVST/ScoreGeneratorVst.cpp") calls "PySys_SetArgv" with a parameter that doesn't resolve to a filename.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359
  • 09.5.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Vim "PySys_SetArgv" Remote Command Execution
  • Description: Vim is an open-source text editor application. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python interface calls "PySys_SetArgv" with a parameter that doesn't resolve to a filename. Vim versions prior to 7.2.045 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937
  • 09.5.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Dia "PySys_SetArgv" Remote Command Execution
  • Description: Dia is a GTK+ based diagram creation application available for Linux, Unix and Windows. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application's Python interface (dia-0.96.1.orig/plug-ins/python/python.c') calls "PySys_SetArgv" with a parameter that doesn't resolve to a filename.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251
  • 09.5.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Win FTP Server "LIST" FTP Command Remote Buffer Overflow
  • Description: Win FTP Server is a multithreaded FTP server for Microsoft Windows platform. Win FTP Server is exposed to a remote buffer overflow issue. Specifically, the issue occurs when an overly large string with first character as asterisk is provided to the "LIST" FTP command. Win FTP Server version 2.3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33454
  • 09.5.52 - CVE: CVE-2009-0042
  • Platform: Cross Platform
  • Title: Computer Associates Anti-Virus Engine "arclib.dll" Multiple Scan Evasion Vulnerabilities
  • Description: Computer Associates Anti-Virus engine is anti-virus scan engine included in various Computer Associates products. Computer Associates Anti-Virus engine is exposed to an issue that may allow certain compressed archives to bypass the scan engine. Products with "arclib.dll" prior to version 7.3.0.15 are affected.
  • Ref: http://www.securityfocus.com/archive/1/500417
  • 09.5.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: winetricks "x_showmenu.txt" Insecure Temporary File Creation
  • Description: winetricks is a script used to manage runtime libraries for Wine. The script creates a temporary file in an insecure manner. An attacker with local access could perform symbolic-link attacks, overwriting a temporary file in the context of the affected application. winetricks versions prior to 20081223 are affected.
  • Ref: http://www.securityfocus.com/bid/33474
  • 09.5.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari Malformed URI Remote Denial Of Service
  • Description: Apple Safari is a web browser available for multiple operating platforms. The browser is exposed to a denial of service issue because it fails to adequately sanitize user-supplied input. This issue occurs when handling malformed HTTP URIs. Apple Safari for Windows version 3.2.1 is affected. Ref: http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html
  • 09.5.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Zinf Multiple PlayList Files Buffer Overflow
  • Description: Zinf is a media player application available for Linux and Microsoft Windows. Zinf is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when handling specially-crafted ".gqmpeg" or ".m3u" playlist files. Zinf version 2.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33482
  • 09.5.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Access Manager Username Enumeration Weakness
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. The application is exposed to a username enumeration weakness because of a design error in the application when verifying user-supplied input.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1
  • 09.5.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GraphicsMagick Multiple Remote Denial of Service Vulnerabilities
  • Description: GraphicsMagick is an image processing application available for multiple platforms. It was originally derived from ImageMagick version 5.5.2. The application is exposed to multiple denial of service issues because of unspecified errors in the components responsible for processing bitmap (BMP) and device-independent bitmap (DIB) files. GraphicsMagick versions prior to 1.3.5 are affected.
  • Ref: http://www.graphicsmagick.org/Changelog.html
  • 09.5.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BBSXP "error.asp" Cross-Site Scripting
  • Description: BBSXP is a BBS application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "message" parameter in the "error.asp" script. BBSXP versions 5.13 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/500336
  • 09.5.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OBLOG "err.asp" Cross-Site Scripting
  • Description: OBLOG is a web-log application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "message" parameter in the "err.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/500349
  • 09.5.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MacsDesign Studio Web Help Desk Cross-Site Scripting
  • Description: Web Help Desk is an online help desk application. It is implemented as a Java servlet. Web Help Desk is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. This issue arises when an attacker supplies script code through "Helpdesk.woa" in a URL. Web Help Desk versions prior to 9.1.18 are affected. Ref: http://updates.webhelpdesk.com/weblog/updates/StableReleases/2009/01/23/911812309.html
  • 09.5.61 - CVE: CVE-2008-3358
  • Platform: Web Application - Cross Site Scripting
  • Title: SAP NetWeaver and Web Dynpro Portal Cross-Site Scripting
  • Description: SAP NetWeaver is a platform for enterprise applications; Web Dynpro is the development environment within SAP NetWeaver. SAP NetWeaver and Web Dynpro Java are exposed to a cross-site scripting issue because the software fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/500415
  • 09.5.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MoinMoin "antispam.py" Cross-Site Scripting
  • Description: MoinMoin is a freely available, open-source wiki written in Python. It is available for Unix and Linux platforms. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "security/antispam.py" source file. MoinMoin versions 1.7.3 and 1.8.1 are affected.
  • Ref: http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad
  • 09.5.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GameScript "games.php" Cross-Site Scripting
  • Description: GameScript is a PHP-based gaming content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "search" parameter in the "games.php" script. GameScript version 4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/33487
  • 09.5.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo SOBI2 Component "bid" Parameter SQL Injection
  • Description: SOBI2 (Sigsiu Online Business Index 2) is a component for Joomla! and Mambo that lets users create and manage business catalogs. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bid" parameter of the "com_sobi2" component before using it in an SQL query. SOBI2 RC version 2.8.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33378
  • 09.5.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! BazaarBuilder Component "cid" Parameter SQL Injection
  • Description: BazaarBuilder component is an ecommerce module for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/33380
  • 09.5.66 - CVE: CVE-2008-2384
  • Platform: Web Application - SQL Injection
  • Title: Debian "libapache2-mod-auth-mysql" Package Multibyte Character Encoding SQL Injection
  • Description: The "libapache2-mod-auth-mysql" package is an Apache module for MySQL database authentication. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before being used in an SQL query. This issue occurs when using multibyte character encoding.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1411
  • 09.5.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Prince Clan Chess Club "com_pcchess" Component "game_id" Parameter SQL Injection
  • Description: The "com_pcchess" component is a chess module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "game_id" parameter of the "com_pcchess" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33394
  • 09.5.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OwnRS "autor.php" SQL Injection
  • Description: OwnRS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "autor.php" script. OwnRS version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33402
  • 09.5.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pardal CMS "comentar.php" SQL Injection
  • Description: Pardal CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "comentar.php" script. Pardal CMS version 0.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33404
  • 09.5.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Downloads Module
  • Description: Downloads is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "url" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/500335
  • 09.5.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Flaxweb Article Manager "category.php" Parameter SQL Injection
  • Description: Flaxweb Article Manager is used to manage news sites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "category.php" script before using it in an SQL query. Flaxweb Article Manager version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33422
  • 09.5.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ewebb Web-Calendar Lite Multiple SQL Injection Vulnerabilities
  • Description: Ewebb Web-Calendar Lite is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Login" and "Password" fields. Ewebb Web-Calendar Lite version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33423
  • 09.5.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KEEP Toolkit "lib/patUser.php" SQL Injection
  • Description: KEEP Toolkit is used to manage and publish educational content. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lib/patUser.php" script before using it in an SQL query. KEEP Toolkit versions prior to 2.5.1 are affected.
  • Ref: http://www.securityfocus.com/bid/33425
  • 09.5.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo "com_sim" Component "character_ID" Parameter SQL Injection
  • Description: "com_sim" is a component for Mambo content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "character_ID" parameter before using it in an SQL query. "com_sim" component version 0.8 is affected.
  • Ref: http://www.milw0rm.com/exploits/7860
  • 09.5.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LDF "login.asp" SQL Injection
  • Description: LDF is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "login.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/500387
  • 09.5.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Lootan "login.asp" SQL Injection
  • Description: Lootan is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "login.asp" script.
  • Ref: http://www.securityfocus.com/bid/33439
  • 09.5.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ITLPoll "index.php" SQL Injection
  • Description: ITLPoll is a web-based polling and survey application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script. ITLPoll version 2.7 Stable 2 is affected.
  • Ref: http://www.securityfocus.com/bid/33452
  • 09.5.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ElearningForce Flash Magazine Deluxe Joomla! Component SQL Injection
  • Description: Flash Magazine Deluxe is a content publishing module for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mag_id" parameter before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/33455
  • 09.5.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Groone GLinks "cat" Parameter SQL Injection
  • Description: Groone GLinks is a PHP-based links manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/33460
  • 09.5.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Wazzum Dating Software "userid" Parameter SQL Injection
  • Description: Wazzum Dating Software is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "userid" parameter of the "profile_view.php" script before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/33461
  • 09.5.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Script Toko Online "cat_id" Parameter SQL Injection
  • Description: Script Toko Online is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "shop_display_products.php" script before using it an SQL query. Script Toko Online version 5.01 is affected.
  • Ref: http://www.securityfocus.com/bid/33462
  • 09.5.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ShopSystem eSystem Multiple SQL Injection Vulnerabilities
  • Description: eSystem is an ASP-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/33463
  • 09.5.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Max.Blog "show_post.php" SQL Injection
  • Description: Max.Blog is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "show_post.php" script before using it an SQL query. Max.Blog version 1.0.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500418
  • 09.5.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Php Scripts CMS "browsecats.php" SQL Injection
  • Description: E-Php Scripts CMS is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "browsecats.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33470
  • 09.5.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Shop-inet "show_cat2.php" SQL Injection
  • Description: Shop-inet is a PHP-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "grid" parameter of the "show_cat2.php" script before using it an SQL query. Shop-inet version 4 is affected.
  • Ref: http://www.securityfocus.com/bid/33471
  • 09.5.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-CMS Project "login.php" SQL Injection
  • Description: PHP-CMS Project is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "admin/login.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33473
  • 09.5.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GLPI Prior to 0.71.4 Unspecified SQL Injection
  • Description: GLPI is an information management application. The application is exposed to an unspecified SQL injection issue because it fails to properly sanitize user-supplied input to before using it in an SQL query. GLPI versions prior to 0.71.4 are affected. Ref: http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
  • 09.5.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Max.Blog "submit_post.php" SQL Injection
  • Description: Max.Blog is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "draft" parameter of the "submit_post.php" script before using it an SQL query. Max.Blog version 1.0.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500438
  • 09.5.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Community CMS "index.php" SQL Injection
  • Description: Community CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Community CMS versions 0.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33484
  • 09.5.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GameScript "page.php" SQL Injection
  • Description: GameScript is a PHP-based gaming content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "page.php" script before using it in an SQL query. GameScript version 4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/33486
  • 09.5.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_beamospetition" Component SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: "com_beamospetition" is a component for the Joomla! content manager. The application is exposed to multiple input validation issues. "com_beamospetition" version 1.0.12 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500250
  • 09.5.92 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP Project Management Cookie Authentication Bypass
  • Description: ASP Project Management is an ASP-based project management application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. ASP Project Management version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33401
  • 09.5.93 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenGoo "upgrade/index.php" Local File Include
  • Description: OpenGoo is a web-based office suite. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "form_data[script_class]" parameter of the "upgrade/index.php" script. OpenGoo version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33421
  • 09.5.94 - CVE: Not Available
  • Platform: Web Application
  • Title: MemHT Portal Avatar Upload Arbitrary File Upload
  • Description: MemHT Portal is a content manager. The application is exposed to an issue that lets attackers upload arbitrary files. The problem occurs because the avatar upload component fails to properly validate contents of an uploaded file. MemHT Portal versions 4.0.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33424
  • 09.5.95 - CVE: Not Available
  • Platform: Web Application
  • Title: WB News "config[installdir]" Parameter Multiple Remote File Include Vulnerabilities
  • Description: WB News is a web-based news script. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. WB News version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33434
  • 09.5.96 - CVE: Not Available
  • Platform: Web Application
  • Title: ConPresso CMS Multiple 4.07 Multiple Remote Vulnerabilities
  • Description: ConPresso CMS is a PHP-based content manager. The application is exposed to mulitple remote issues. An attacker may exploit these issues to execute arbitrary script code within the context of the affected browser and within the context of another frame, steal cookie-based authentication credentials, hijack a user's session and gain unauthorized access to the affected application. ConPresso CMS version 4.07 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500379
  • 09.5.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Machine Forum Package Upload Multiple HTML Injection Vulnerabilities
  • Description: Simple Machines Forum (SMF) is an open-source web forum that is written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. These issues occur in the "Sources/PackageGet.php" script. Simple Machine Forum version 1.1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/33450
  • 09.5.98 - CVE: Not Available
  • Platform: Web Application
  • Title: SiteXS CMS "type" Parameter Local File Include
  • Description: SiteXS CMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "type" parameter of the "post.php" script. SiteXS CMS version 0.1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33457
  • 09.5.99 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenX "MAX_type" Parameter Local File Include
  • Description: OpenX is a web-based ad server implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "MAX_type" parameter of the "www/delivery/fc.php" script. OpenX version 2.6.3 is affected.
  • Ref: http://secunia.com/secunia_research/2009-4/
  • 09.5.100 - CVE: Not Available
  • Platform: Web Application
  • Title: NewsCMSLite Insecure Cookie Authentication Bypass
  • Description: NewsCMSLite is a web-based content management system implemented in ASP. The application is exposed to an authentication bypass issue because it uses a hard-coded value for comparison in cookie-based authentication.
  • Ref: http://www.securityfocus.com/archive/1/500407
  • 09.5.101 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenX 2.6.3 Multiple Input Validation Vulnerabilities
  • Description: OpenX is a web-based ad server implemented in PHP. The application is exposed to multiple input validation issues. OpenX version 2.6.3 is affected.
  • Ref: http://secunia.com/secunia_research/2009-4/
  • 09.5.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Pixie CMS Multiple Local File Include Vulnerabilities
  • Description: Pixie CMS is PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. Pixie CMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33475
  • 09.5.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Flaxweb Article Manager Avatar Arbitrary File Upload
  • Description: Flaxweb Article Manager is a content manager application. The application is exposed to an issue that lets attackers upload arbitrary files. The problem occurs because the avatar upload component fails to properly validate contents of an uploaded file. Flaxweb Article Manager version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33476
  • 09.5.104 - CVE: Not Available
  • Platform: Web Application
  • Title: VirtueMart Prior to 1.1.3 Multiple Security Vulnerabilities
  • Description: VirtueMart is a web-based shopping application. The application is exposed to multiple security issues. Attackers can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and execute arbitrary commands in the context of the webserver process.
  • Ref: http://www.waraxe.us/advisory-71.html
  • 09.5.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Anantasoft Gazelle CMS Local File Include
  • Description: Gazelle CMS is a web-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "template" parameter.
  • Ref: http://www.securityfocus.com/bid/33483
  • 09.5.106 - CVE: Not Available
  • Platform: Web Application
  • Title: GameScript "page.php" Local File Include
  • Description: GameScript is a PHP-based gaming content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "page.php" script. GameScript version 4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/33488
  • 09.5.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Products Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: Horde products are exposed to the multiple issues because they fail to properly sanitize user-supplied input. Horde versions prior to 3.2.4 and 3.3.3 and Horde Groupware versions prior to 1.1.5 are affected.
  • Ref: http://lists.horde.org/archives/announce/2009/000486.html
  • 09.5.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde IMP Webmail Client Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: IMP is a set of PHP scripts designed to implement a web-based IMAP email interface. Horde IMP Webmail Client is exposed to multiple cross-site scripting and HTML injection issues because it fails to sufficiently sanitize user-supplied data. IMP versions prior to 4.2.2 and 4.3.3 are affected.
  • Ref: http://lists.horde.org/archives/announce/2009/000484.html
  • 09.5.109 - CVE: Not Available
  • Platform: Network Device
  • Title: Sony Ericsson Multiple Phone Models WAP Push Remote Denial of Service
  • Description: Sony Ericsson provides various mobile phones and other devices. Multiple Sony Ericsson phones are exposed to a denial of service issue because they fail to handle specially crafted network traffic. This issue can occur when the device receives WAP Push packets via SMS, or via UDP port 2948.
  • Ref: http://www.securityfocus.com/archive/1/500382
  • 09.5.110 - CVE: Not Available
  • Platform: Network Device
  • Title: Siemens SL2-141 ADSL Router Cross-Site Request Forgery
  • Description: The Siemens SL2-141 ADSL router is a network device designed for home use. The router is exposed to a cross-site request forgery issue. Although the device requires authenticated requests include a generated token, attackers may enumerate all possible values for this token.
  • Ref: http://www.securityfocus.com/bid/33437

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This instructor had an impressive, solid background and does an excellent job presenting the material in a way that geek wannabes can understand
-Julie Stroud, U.S. Department of Energy

CISSP Get Certified Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage