@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Adobe Reader and Acrobat 'newplayer()' Remote Code Execution Vulnerability
• (2) CRITICAL: Multiple Mozilla Products Multiple Vulnerabilities
• (3) HIGH: HP OpenView Network Node Manager Multiple Vulnerabilities
• (4) HIGH: Symantec Multiple Products Remote Code Execution Vulnerability
• (5) MEDIUM: Sun Ray Server Software Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Third Party Windows Apps

• 09.51.1 - Intellicom "NetBiterConfig.exe" "Hostname" Data Remote Stack Buffer Overflow
• 09.51.2 - HP OpenView Network Node Manager "OvWebHelp.exe" Remote Heap Buffer Overflow
• 09.51.3 - HP OpenView Network Node Manager "webappmon.exe" Remote Buffer Overflow
• 09.51.4 - HP OpenView Network Node Manager "ovwebsnmpsrv.exe" Remote Stack Buffer Overflow
• 09.51.5 - HP OpenView Network Node Manager "snmpviewer.exe" Remote Code Execution

Linux

• 09.51.6 - Linux Kernel Ext4 "move extents" ioctl Local Privilege Escalation
• 09.51.7 - GNOME NetworkManager Applet SSL Certificate Validation Security Bypass
• 09.51.8 - Linux Kernel "drivers/firewire/ohci.c" NULL Pointer Dereference Denial of Service

Cross Platform

• 09.51.9 - NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service
• 09.51.10 - GNU Coreutils Insecure Temporary File Creation
• 09.51.11 - HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
• 09.51.12 - libsamplerate "src_sinc.c" Buffer Overflow
• 1.5.2 - Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow
• 09.51.14 - Adobe Flash Player and AIR "exception_count" Integer Overflow
• 09.51.15 - Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
• 09.51.16 - Adobe Flash Player and AIR Data Injection Remote Code Execution
• 09.51.17 - Adobe Flash Player ActiveX Control Information Disclosure
• 09.51.18 - Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption
• 09.51.19 - Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory Corruption
• 09.51.20 - JBoss Enterprise Application Platform Multiple Vulnerabilities
• 09.51.21 - Ruby "rb_str_justify()" Heap Based Buffer Overflow
• 09.51.22 - Kiwi Syslog Server Information Disclosure
• 09.51.23 - Sun Ray Server Authentication Manager Remote Code Execution
• 09.51.24 - Sun Ray Server Firmware Insecure Key Generation
• 09.51.25 - SAP Kernel "sapstartsrv" Denial Of Service
• 09.51.26 - HP OpenView Network Node Manager Unspecified Stack Buffer Overflow
• 09.51.27 - HP OpenView Network Node Manager "ovlogin.exe" Multiple Remote Code Execution Vulnerabilities
• 09.51.28 - HP OpenView Network Node Manager "nnmRptConfig.exe" Remote Code Execution
• 09.51.29 - MySQL Multiple Remote Denial of Service Vulnerabilities
• 09.51.30 - HP OpenView Network Node Manager "nnmRptConfig.exe" "strcat()" Remote Code Execution
• 09.51.31 - HP OpenView Network Node Manager "Oid" Parameter Remote Buffer Overflow
• 09.51.32 - HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution
• 09.51.33 - Codesighs "sscanf()" Remote Buffer Overflow
• 09.51.34 - Oracle E-Business Suite Multiple Remote Vulnerabilities
• 09.51.35 - ZABBIX "NET_TCP_LISTEN()" Security Bypass
• 09.51.36 - Monkey HTTP Daemon Invalid HTTP "Connection" Header Denial of Service
• 09.51.37 - ZABBIX "process_trap()" NULL Pointer Dereference Denial of Service
• 09.51.38 - Docutils "rst.el" Insecure Temporary File Creation
• 09.51.39 - Sun Ray Server Software Desktop Session Handling Local Security Bypass
• 09.51.40 - Ruby on Rails "protect_from_forgery" Cross-Site Request Forgery
• 09.51.41 - Google Chrome DNS Pre Fetching Proxy Cache Information Disclosure
• 09.51.42 - HP OpenView Network Node Manager "ovsessionmgr.exe" Remote Heap Buffer Overflow
• 09.51.43 - Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution
• 09.51.44 - IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
• 09.51.45 - PostgreSQL Index Function Session State Modification Local Privilege Escalation
• 09.51.46 - HP OpenView Network Node Manager Unspecified Remote Code Execution
• 09.51.47 - HP OpenView Network Node Manager "ovalarm.exe" Remote Buffer Overflow
• 09.51.48 - Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• 09.51.49 - Xpdf "FoFiType1::parse" Buffer Overflow

Web Application - Cross Site Scripting

• 09.51.50 - Webmin and Usermin Unspecified Cross-Site Scripting
• 09.51.51 - Joomla! You!Hostit! Template Cross-Site Scripting
• 09.51.52 - Invision Power Board ".txt" File MIME-Type Cross-Site Scripting
• 09.51.53 - Zeeways ZeeJobsite "basic_search_result.php" Cross-Site Scripting
• 09.51.54 - Invision Power Board Multiple File MIME-Type Cross-Site Scripting
• 09.51.55 - Ez Cart "sid" Parameter Cross-Site Scripting
• 09.51.56 - Million Pixel "pa" Parameter Cross-Site Scripting
• 09.51.57 - Zeeways ZeeLyrics "searchresults_main.php" Cross-Site Scripting
• 09.51.58 - Arctic Issue Tracker Search Cross-Site Scripting
• 09.51.59 - phpFaber CMS "module.php" Cross-Site Scripting
• 09.51.60 - Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.51.61 - ManageEngine Password Manager Pro Cross-Site Scripting
• 09.51.62 - TYPO3 ListMan Extension Cross-Site Scripting
• 09.51.63 - APC Switched Rack PDU "login1" Cross-Site Scripting
• 09.51.64 - WebWorks Help Multiple Cross-Site Scripting Vulnerabilities
• 09.51.65 - Horde Application Framework Administration Interface Cross-Site Scripting

Web Application - SQL Injection

• 09.51.66 - Joomla! "com_job" Component "id" Parameter SQL Injection
• 09.51.67 - NetArt Media Real Estate Portal "Username" Field SQL Injection
• 09.51.68 - TestLink Cross-Site Scripting and SQL Injection Vulnerabilities
• 09.51.69 - Joomla! "com_jphoto" Component "id" Parameter SQL Injection
• 09.51.70 - Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
• 09.51.71 - ManageEngine OpManager "overview.do" SQL Injection
• 09.51.72 - Digital Scribe Multiple SQL Injection Vulnerabilities
• 09.51.73 - VirtueMart "product_id" Parameter SQL Injection

Web Application

• 09.51.74 - Drupal Randomizer Module HTML Injection
• 09.51.75 - Joomla! Mamboleto Component "mamboleto.php" Remote File Include
• 09.51.76 - Zen Cart "extras/curltest.php" Information Disclosure
• 09.51.77 - ZABBIX Denial of Service and SQL Injection Vulnerabilities
• 09.51.78 - Piwik "unserialize()" PHP Code Execution
• 09.51.79 - Open Flash Chart "ofc_upload_image.php" Remote PHP Code Execution
• 09.51.80 - DigitalHive "base.php" Arbitrary File Upload
• 09.51.81 - Smart PHP Subscriber Multiple Information Disclosure Vulnerabilities
• 09.51.82 - phpldapadmin "cmd.php" Local File Include
• 09.51.83 - TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure

Network Device

• 09.51.84 - SEIL/B1 PPP Access Concentrator Authentication Bypass
• 09.51.85 - IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems.

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 51, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7764 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 09.51.1 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Intellicom "NetBiterConfig.exe" "Hostname" Data Remote Stack Buffer Overflow
• Description: Intellicom "NetBiterConfig.exe" is an application used to configure Intellicom NetBiter SCADA devices. It is available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling UDP packets containing excessive data in the "Hostname" field.
• Ref: http://www.securityfocus.com/archive/1/508449

• 09.51.2 - CVE: CVE-2009-4178
• Platform: Third Party Windows Apps
• Title: HP OpenView Network Node Manager "OvWebHelp.exe" Remote Heap Buffer Overflow
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a remote heap-based buffer overflow issue in the "OvWebHelp.exe" CGI process. Specifically, the application fails to perform adequate boundary checks on a "Topic" POST parameter before copying it into a 1024-byte heap buffer.
• Ref: http://www.securityfocus.com/archive/1/508354

• 09.51.3 - CVE: CVE-2009-4177
• Platform: Third Party Windows Apps
• Title: HP OpenView Network Node Manager "webappmon.exe" Remote Buffer Overflow
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a remote stack-based buffer overflow issue in the "webappmon.exe" CGI process. This issue occurs because the host header from an HTTP request is copied into a static buffer located in the ".DATA" section via a "strcat()" function call.
• Ref: http://www.securityfocus.com/archive/1/508353

• 09.51.4 - CVE: CVE-2009-4181
• Platform: Third Party Windows Apps
• Title: HP OpenView Network Node Manager "ovwebsnmpsrv.exe" Remote Stack Buffer Overflow
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a stack-based buffer overflow issue because the "ovwebsnmpsrv.exe" CGI application fails to sufficiently sanitize the "sel" and "arg" parameters. This issue can be triggered when a request is made for "jovgraph.exe" through the vulnerable CGI application.
• Ref: http://www.securityfocus.com/archive/1/508357

• 09.51.5 - CVE: CVE-2009-4180
• Platform: Third Party Windows Apps
• Title: HP OpenView Network Node Manager "snmpviewer.exe" Remote Code Execution
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a remote stack-based buffer overflow issue because the "snmpviewer.exe" CGI process fails to sufficiently sanitize the "Host" HTTP header when it is copied into a fixed-size buffer via a "strcat()" call.
• Ref: http://www.securityfocus.com/archive/1/508356

• 09.51.6 - CVE: CVE-2009-4131
• Platform: Linux
• Title: Linux Kernel Ext4 "move extents" ioctl Local Privilege Escalation
• Description: Linux kernel is exposed to a local privilege escalation issue that is caused by a failure to verify access permissions. This issue affects the Ext4 "move extents" ioctl. Local attackers can exploit this issue to modify and overwrite arbitrary files.
• Ref: http://www.securityfocus.com/bid/37277

• 09.51.7 - CVE: Not Available
• Platform: Linux
• Title: GNOME NetworkManager Applet SSL Certificate Validation Security Bypass
• Description: GNOME NetworkManager Applet is a tool for configuring network connections. The application is exposed to a security bypass issue because it fails to properly validate SSL certificates when connecting to certain wireless networks. Specifically, if a WPA2 Enterprise connection was created and verified with a CA certificate that was later removed, the application will connect without a certificate for future attempts. NetworkManager Applet versions 0.7.2 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067

• 09.51.8 - CVE: CVE-2009-4138
• Platform: Linux
• Title: Linux Kernel "drivers/firewire/ohci.c" NULL Pointer Dereference Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue that affects the "ohci_queue_iso_receive_packet_per_buffer()" function in the "drivers/firewire/ohci.c" source file. A local attacker able to open "/dev/fw*" files can trigger this issue.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2426

• 09.51.9 - CVE: CVE-2009-3563
• Platform: Cross Platform
• Title: NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service
• Description: NTP (Network Time Protocol) is a package of network tools and daemons, including "ntpd", used by client computers to synchronize date and time with a reference server. NTP's daemon component ("ntpd") is exposed to a remote denial of service issue because it fails to properly handle certain incoming network packets. Specifically, mode 7 packets (MODE_PRIVATE) with spoofed source IP address and port data, can trigger a packet reply loop between two ntpd servers.
• Ref: http://www.kb.cert.org/vuls/id/568372

• 09.51.10 - CVE: CVE-2009-4135
• Platform: Cross Platform
• Title: GNU Coreutils Insecure Temporary File Creation
• Description: GNU Coreutils are file, shell and text manipulation utilities. The application uses temporary files in an insecure manner. An attacker with local access could obtain sensitive information or perform symbolic link attacks to overwrite arbitrary files in the context of the affected application. GNU Coreutils versions 5.2.1 through 8.1 are affected.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2405

• 09.51.11 - CVE: CVE-2009-0898, CVE-2009-3845, CVE-2009-3846,CVE-2009-3849, CVE-2009-3848, CVE-2009-4176, CVE-2009-4177,CVE-2009-4178, CVE-2009-4179, CVE-2009-4180, CVE-2009-4181,CVE-2009-3847
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to multiple remote command execution issues. An attacker can exploit these issues to execute arbitrary code with SYSTEM level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial of service.
• Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-09-08

• 09.51.12 - CVE: Not Available
• Platform: Cross Platform
• Title: libsamplerate "src_sinc.c" Buffer Overflow
• Description: The "libsamplerate" program (aka Secret Rabbit Code) is a sample rate converter library. The library is exposed to a buffer overflow that occurs when handling low conversion ratios. This issue affects the "src_sinc.c" source file.
• Ref: https://qa.mandriva.com/show_bug.cgi?id=47888

• 1.5.2 - CVE: CVE-2009-379410.0.32.18 and AIR are affected.
• Platform: Cross Platform
• Title: Adobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing internet applications on the desktop. Flash Player and AIR are exposed to a heap-based buffer overflow issue that occurs because the applications fail to properly validate the frame size included in a JPEG file. Flash Player
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html

• 09.51.14 - CVE: CVE-2009-3799
• Platform: Cross Platform
• Title: Adobe Flash Player and AIR "exception_count" Integer Overflow
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing internet applications on the desktop. Flash Player and AIR are exposed to an integer overflow issue. Specifically, the issue affects the "exception_count" parameter of the "Verifier::parseExceptionHandlers()" function. Adobe Flash Player versions 10.0.32.18 and Adobe AIR 1.5.2 and earlier are affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-093/

• 09.51.15 - CVE: CVE-2009-3800
• Platform: Cross Platform
• Title: Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing internet applications on the desktop. The applications are exposed to multiple unspecified remote code execution issues. Adobe Flash Player versions 10.0.32.18 and Adobe AIR 1.5.2 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html

• 09.51.16 - CVE: CVE-2009-3796
• Platform: Cross Platform
• Title: Adobe Flash Player and AIR Data Injection Remote Code Execution
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing internet applications on the desktop. Flash Player and AIR are exposed to a remote code execution issue due to a data injection issue. Flash Player version 10.0.32.18 and AIR version 1.5.2 is affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html

• 09.51.17 - CVE: CVE-2009-3951
• Platform: Cross Platform
• Title: Adobe Flash Player ActiveX Control Information Disclosure
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe Flash Player ActiveX control is exposed to an information disclosure issue that occurs on Microsoft Windows systems only, and can result in the disclosure of a local file name.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html

• 09.51.18 - CVE: CVE-2009-3797
• Platform: Cross Platform
• Title: Adobe Flash Player and AIR (CVE-2009-3797) Unspecified Memory Corruption
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Flash Player and AIR are exposed to an unspecified memory corruption issue. Attackers can exploit this issue to execute arbitrary code in the context of the application. Adobe Flash Player 10.0.32.18 and Adobe AIR 1.5.2 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html

• 09.51.19 - CVE: CVE-2009-3798
• Platform: Cross Platform
• Title: Adobe Flash Player and AIR (CVE-2009-3798) Unspecified Memory Corruption
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing internet applications on the desktop. Flash Player and AIR are exposed to an unspecified memory corruption issue. Adobe Flash Player versions 10.0.32.18 and Adobe AIR 1.5.2 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-19.html

• 09.51.20 - CVE: CVE-2009-1380, CVE-2009-2405, CVE-2009-3554
• Platform: Cross Platform
• Title: JBoss Enterprise Application Platform Multiple Vulnerabilities
• Description: JBoss Enterprise Application Platform is a tool for developing Web 2.0 applications on a pure Java platform. JBoss Enterprise Application Platform is exposed to multiple issues. Attackers can exploit these issues to gain access to sensitive information, or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.securityfocus.com/bid/37276

• 09.51.21 - CVE: CVE-2009-4124
• Platform: Cross Platform
• Title: Ruby "rb_str_justify()" Heap Based Buffer Overflow
• Description: Ruby is exposed to a buffer overflow issue because it fails to properly sanitize user-supplied data. Specifically the issue affects the "rb_str_justify()" function in the "string.c" file and can be exploited through "String#ljust", "String#center" and "String#rjust" to cause a heap-based buffer overflow. Ruby versions 1.9.1 prior to 1.9.1-p376 are affected.
• Ref: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/

• 09.51.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Kiwi Syslog Server Information Disclosure
• Description: Kiwi Syslog Server is an application for managing syslog messages from network devices. The application is exposed to multiple security issues. An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks. Kiwi Syslog Server version 9.0.3 is affected.
• Ref: http://www.securityfocus.com/bid/37282

• 09.51.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Ray Server Authentication Manager Remote Code Execution
• Description: Sun Ray Server is a proxy server developed by Sun Microsystems. The software is exposed to a remote code execution issue that the Authentication Manager.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-267548-1

• 09.51.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Ray Server Firmware Insecure Key Generation
• Description: Sun Ray Server is a proxy server developed by Sun Microsystems. Sun Ray Server is exposed to a security isse that may allow insecure firmware keys to be generated. Sun Ray Server versions 4.0 and 4.1 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1

• 09.51.25 - CVE: Not Available
• Platform: Cross Platform
• Title: SAP Kernel "sapstartsrv" Denial Of Service
• Description: The "sapstartsrv" service provides a Web SAP Management Console interface for remote administrator interface. SAP Kernel is exposed to a remote denial of service issue. This issue occurs when the "sapstartsrv" service fails to handle specially crafted requests. SAP Kernel versions 6.40, 7.00, 7.01, 7.10, 7.11 and 7.20 are affected.
• Ref: http://www.securityfocus.com/bid/37286

• 09.51.26 - CVE: CVE-2009-0898
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager Unspecified Stack Buffer Overflow
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. The application is exposed to a stack-based buffer overflow issue caused by an unspecified error. NNM versions 7.01, 7.51, and 7.53 are affected.
• Ref: http://www.iss.net/threats/357.html

• 09.51.27 - CVE: CVE-2009-3846
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager "ovlogin.exe" Multiple Remote Code Execution Vulnerabilities
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to multiple remote heap-based buffer overflow issues because the "ovlogin.exe" CGI process fails to sufficiently sanitize the "userid" and "passwd" parameters.
• Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-09-08

• 09.51.28 - CVE: CVE-2009-3848
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager "nnmRptConfig.exe" Remote Code Execution
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a remote stack-based buffer overflow issue because the "nnmRptConfig.exe" CGI process fails to sufficiently sanitize the "Template" parameter when it is copied into a fixed size buffer via a "vsprintf()" call.
• Ref: http://www.securityfocus.com/archive/1/508346

• 09.51.29 - CVE: CVE-2009-4019
• Platform: Cross Platform
• Title: MySQL Multiple Remote Denial of Service Vulnerabilities
• Description: MySQL is an open source SQL database available for multiple operating systems. MySQL is exposed to multiple remote denial of service issues. An attacker can exploit these issues to crash the application, denying access to legitimate users. MySQL versions prior to 5.0.88 and 5.1.41 are affected.
• Ref: http://bugs.mysql.com/bug.php?id=48291

• 09.51.30 - CVE: CVE-2009-3849
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager "nnmRptConfig.exe" "strcat()" Remote Code Execution
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a remote stack-based buffer overflow issue because the "nnmRptConfig.exe" CGI process fails to sufficiently sanitize the "Template" parameter when it is copied into a fixed size buffer via a "strcat()" call.
• Ref: http://www.securityfocus.com/archive/1/508348

• 09.51.31 - CVE: CVE-2009-3849
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager "Oid" Parameter Remote Buffer Overflow
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a remote stack-based buffer overflow issue that occurs because the "snmp.exe" CGI process fails to sufficiently sanitize the "Oid" parameter.
• Ref: http://www.securityfocus.com/archive/1/508349

• 09.51.32 - CVE: CVE-2009-3845
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. The application is exposed to a remote code execution issue that occurs in several Perl CGI executables distributed with NNM. Specifically these scripts fail to sanitize the hostname HTTP variable when requests are made to the applications HTTP server which listens on TCP port 3443 by default. NNM versions 7.01, 7.51, and 7.53 are affected.
• Ref: http://www.securityfocus.com/archive/1/503024

• 09.51.33 - CVE: Not Available
• Platform: Cross Platform
• Title: Codesighs "sscanf()" Remote Buffer Overflow
• Description: Codesighs is a Firefox plugin that helps users determine the code and data size of shared libraries and executables. Codesighs is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs because the application fails to pass a width specifier to a "sscanf()" function call triggering a buffer overflow in five different locations of the affected code.
• Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=533647

• 09.51.34 - CVE: Not Available
• Platform: Cross Platform
• Title: Oracle E-Business Suite Multiple Remote Vulnerabilities
• Description: Oracle E-Business Suite is exposed to multiple issues. Attackers could exploit these issues to steal cookie-based authentication credentials, perform unauthorized actions, or bypass certain security restrictions. Other attacks are also possible. Oracle E-Business Suite versions 10 and 11 are affected.
• Ref: http://www.securityfocus.com/archive/1/508432

• 09.51.35 - CVE: Not Available
• Platform: Cross Platform
• Title: ZABBIX "NET_TCP_LISTEN()" Security Bypass
• Description: ZABBIX is a network monitoring tool available for UNIX, Linux, and other UNIX like operating systems. The application is exposed to a security bypass issue that occurs in the "NET_TCP_LISTEN()" function of the "libs/zbxsysinfo/(freebsd|solaris)/net.c" source file. Specifically the "NET.TCP.LISTEN" function allows users to define their own variables and execute arbitrary commands. ZABBIX versions prior to 1.6.7 are affected.
• Ref: http://www.securityfocus.com/archive/1/508439

• 09.51.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Monkey HTTP Daemon Invalid HTTP "Connection" Header Denial of Service
• Description: Monkey HTTP Daemon is an HTTP server for the Linux platform. Monkey HTTP Daemon is exposed to a denial of service issue when handling specially crafted GET requests containing an invalid "Connection" header. Specifically, processing malformed HTTP requests can result in an integer overflow error, which in turn results in the application crashing. This issue is the result of an error in the "Request_Find_Variable()" function in the "request.c" source code file. Monkey HTTP Daemon versions prior to 0.9.3 are affected.
• Ref: http://www.securityfocus.com/archive/1/508442

• 09.51.37 - CVE: Not Available
• Platform: Cross Platform
• Title: ZABBIX "process_trap()" NULL Pointer Dereference Denial of Service
• Description: ZABBIX is an IT monitoring system available for multiple operating platforms. ZABBIX is exposed to a denial of service issue because of a NULL pointer dereference. This issue affects "process_trap()" of the "zabbix_server/trapper/trapper.c" source file. Specifically when the application invokes the "strtok()" on the "s" string a NULL pointer dereference can occur. ZABBIX versions prior to 1.6.6 are affected.
• Ref: http://www.securityfocus.com/bid/37308

• 09.51.38 - CVE: Not Available
• Platform: Cross Platform
• Title: Docutils "rst.el" Insecure Temporary File Creation
• Description: Docutils is a package of utilities for working with document files. The software creates temporary files in an insecure manner. An attacker with local access could obtain sensitive information or perform symbolic link attacks to overwrite arbitrary files in the context of the affected application. Specifically, this issue affects the emacs mode "reStructuredText" "rst.el" file. Docutils versions 0.5 and 0.6 are affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755

• 09.51.39 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Ray Server Software Desktop Session Handling Local Security Bypass
• Description: Sun Ray Server is a proxy server developed by Sun Microsystems. The software is exposed to a security bypass issue due to a failure to properly log out local users. This issue occurs when "Automatic Multi-Group Hotdesking" is enabled and either "Non Smartcard Mobility" is not configured or smartcards are used to access sessions. Sun Ray Server Software version 4.1 running on Solaris is affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-268228-1

• 09.51.40 - CVE: Not Available
• Platform: Cross Platform
• Title: Ruby on Rails "protect_from_forgery" Cross-Site Request Forgery
• Description: Ruby On Rails is a framework for developing web applications; it is available for multiple platforms. The application is exposed to a cross-site request forgery issue. Specifically, this issue occurs due to an error in the "protect_from_forgery" function.
• Ref: http://www.securityfocus.com/bid/37322

• 09.51.41 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome DNS Pre Fetching Proxy Cache Information Disclosure
• Description: Google Chrome is a web browser. Chrome is exposed to a remote information disclosure issue. Specifically, the issue occurs when using a proxy server. DNS query data is sent to the local DNS cache instead of the proxy server. This issue may occur regardless of whether DNS prefetching is enabled or may be irrelevant only if using a SOCKS proxy. Chrome version 3.0.195.33 is affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0324.html

• 09.51.42 - CVE: CVE-2009-4176
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager "ovsessionmgr.exe" Remote Heap Buffer Overflow
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a remote heap-based buffer overflow issue that occurs because the application fails to perform adequate boundary checks on user-supplied data. Specifically the application fails to check the length of the "userid" and "passwd" parameters before copying it to a static 256 byte buffer via a "sprintf()" function call.
• Ref: http://www.securityfocus.com/archive/1/508352

• 09.51.43 - CVE: CVE-2009-4324
• Platform: Cross Platform
• Title: Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution
• Description: Adobe Reader and Acrobat are applications for handling PDF files. The software is exposed to a remote code execution issue when handling specially crafted PDF files. Adobe Reader and Acrobat versions 9.2 and earlier are affected.
• Ref: http://www.kb.cert.org/vuls/id/508357

• 09.51.44 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
• Description: IBM DB2 is a database manager. The application is exposed to multiple issues.The impact of these issues is currently unknown. IBM DB2 versions 9.5 prior to FP5 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21412902

• 09.51.45 - CVE: CVE-2009-4136
• Platform: Cross Platform
• Title: PostgreSQL Index Function Session State Modification Local Privilege Escalation
• Description: PostgreSQL is an open source database for Windows, Unix, and Linux. PostgreSQL is exposed to a local privilege escalation issue that arises when session state is modified in an index function. Exploiting this issue allows local attackers to gain elevated privileges. PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27 are affected.
• Ref: http://www.postgresql.org/about/news.1170

• 09.51.46 - CVE: CVE-2009-3847
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager Unspecified Remote Code Execution
• Description: HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks. NNM is exposed to a remote code execution issue. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Ref: https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-15-119^1155_4000_100

• 09.51.47 - CVE: CVE-2009-4179
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager "ovalarm.exe" Remote Buffer Overflow
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to a remote stack-based buffer overflow issue in the "ovalarm.exe" CGI process. This issue occurs because the "Accept-Language" HTTP header is copied into a fixed length stack buffer, when the "OVABverbose" POST variable is set.
• Ref: http://www.securityfocus.com/archive/1/508355

• 09.51.48 - CVE: CVE-2009-3987, CVE-2009-3986, CVE-2009-3984,CVE-2009-3985, CVE-2009-3983, CVE-2009-3389, CVE-2009-3388,CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982
• Platform: Cross Platform
• Title: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• Description: The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox and SeaMonkey. These issues affect Firefox versions prior to 3.5.6 for the 3.5.x branch and Firefox versions prior to 3.0.16 for the 3.0.x branch. Versions of SeaMonkey prior to 2.0.1 are also affected.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-65.html

• 09.51.49 - CVE: CVE-2009-4035
• Platform: Cross Platform
• Title: Xpdf "FoFiType1::parse" Buffer Overflow
• Description: Xpdf is a PDF rendering library. Xpdf is exposed to a buffer overflow issue because if fails to properly sanitize user supplied input. The issue affects the "FoFiType1::parse()" function in the "FoFiType1.cc" file.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=541614

• 09.51.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Webmin and Usermin Unspecified Cross-Site Scripting
• Description: Webmin is a web-based application for system administration of UNIX-based computers. Usermin is a web-based application for administering user-configurable applications. The applications are exposed to an unspecified cross-site scripting issue because they fail to sanitize user-supplied input. Webmin versions prior to 1.500 and Usermin versions 1.430 are affected.
• Ref: http://www.securityfocus.com/bid/37259

• 09.51.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Joomla! You!Hostit! Template Cross-Site Scripting
• Description: You!Hostit! template is a component for the Joomla! content manager. The component is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "created_by_alias" parameter of the "index.php" script. You!Hostit! template version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/37260

• 09.51.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Invision Power Board ".txt" File MIME-Type Cross-Site Scripting
• Description: Invision Power Board is a PHP-based bulletin board. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. The issue occurs when handling a ".txt" file attachment. Specifically in Invision Power Board 2.x the application fails to validate the MIME-type of the file allowing the application to bypass the filtering mechanism used by the application. Invision Power Board version 2.0 to 3.0.4 are affected. Ref: http://community.invisionpower.com/topic/300051-invision-power-board-305-released/

• 09.51.53 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Zeeways ZeeJobsite "basic_search_result.php" Cross-Site Scripting
• Description: ZeeJobsite is a web-based application. ZeeJobsite is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "title" parameter of the "basic_search_result.php" script. ZeeJobsite version 3x is affected.
• Ref: http://www.securityfocus.com/bid/37290

• 09.51.54 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Invision Power Board Multiple File MIME-Type Cross-Site Scripting
• Description: Invision Power Board is a PHP-based bulletin board. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. The issue occurs when handling a ".php", ".rtf", or ".xml" file attachment. Specifically, Invision Power Board fails to validate the MIME type of the file, allowing the application to bypass the filtering mechanism used by the application. Invision Power Board versions 1.3 and 2.2.2 are affected.
• Ref: http://www.securityfocus.com/archive/1/508440

• 09.51.55 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Ez Cart "sid" Parameter Cross-Site Scripting
• Description: Ez Cart is a shopping cart application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter when the "action" parameter is set to "showcat".
• Ref: http://www.securityfocus.com/bid/37311

• 09.51.56 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Million Pixel "pa" Parameter Cross-Site Scripting
• Description: Million Pixel is a web-based application for selling pixels to advertisers. Million Pixel is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "pa" parameter of the "index.php" script. Million Pixel Script versions 3, 3 Pro and 3 Pro Lotto are affected.
• Ref: http://www.securityfocus.com/bid/37315

• 09.51.57 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Zeeways ZeeLyrics "searchresults_main.php" Cross-Site Scripting
• Description: ZeeLyrics is a web-based application. ZeeLyrics is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "keyword" parameter of the "searchresults_main.php" script.
• Ref: http://www.securityfocus.com/bid/37319

• 09.51.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Arctic Issue Tracker Search Cross-Site Scripting
• Description: Arctic Issue Tracker is a web-based application for tracking tasks. Arctic Issue Tracker is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input when performing a search. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.securityfocus.com/bid/37323

• 09.51.59 - CVE: CVE-2009-4176
• Platform: Web Application - Cross Site Scripting
• Title: phpFaber CMS "module.php" Cross-Site Scripting
• Description: phpFaber CMS is a content manager. phpFaber CMS is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "mod" parameter of the "module.php" script.
• Ref: http://www.securityfocus.com/bid/37329/references

• 09.51.60 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: Webmatic is an application that allows users to develop web sites. The application is exposed to multiple unspecified cross-site scripting and SQL injection issues because it fails to sufficiently sanitize user-supplied data. Webmatic versions prior to 3.0.3 are affected.
• Ref: http://www.valarsoft.com/index.php?stage=0&section=5&newsID=165&acti
  on=6

• 09.51.61 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ManageEngine Password Manager Pro Cross-Site Scripting
• Description: ManageEngine Password Manager Pro is a web-based centralized password management and storage application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. The issue occurs when handling the "searchtext" parameter. Password Manager Pro version 6.1 is affected.
• Ref: http://forums.manageengine.com/#Topic/49000003740390

• 09.51.62 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TYPO3 ListMan Extension Cross-Site Scripting
• Description: ListMan is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. ListMan versions prior to 1.2.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

• 09.51.63 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: APC Switched Rack PDU "login1" Cross-Site Scripting
• Description: APC Switched Rack Power Distribution Units (PDU) is a power control rack. The device's web interface is prone to a cross-site scripting issue because it fails to sanitize user-supplied input to the "login_username" parameter of the "login1" script. APC Switched Rack PDU AP7932 is affected.
• Ref: http://www.securityfocus.com/bid/37338

• 09.51.64 - CVE: CVE-2009-3731
• Platform: Web Application - Cross Site Scripting
• Title: WebWorks Help Multiple Cross-Site Scripting Vulnerabilities
• Description: Webworks Help in an output format that allows online help to be delivered to users on multiple platforms and browsers. Webworks Help is exposed to multiple cross-site scripting issues because the application fails to sufficiently sanitize user-supplied input.
• Ref: http://www.securityfocus.com/archive/1/508484

• 09.51.65 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Horde Application Framework Administration Interface Cross-Site Scripting
• Description: Horde Application Framework is a PHP-based application framework used with other Horde Project products. Horde Application Framework is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the administration interface. Horde Framework versions prior to 3.3.6 are affected.
• Ref: http://marc.info/?l=horde-announce&m=126090147727568&w=2

• 09.51.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_job" Component "id" Parameter SQL Injection
• Description: "com_job" is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/37254

• 09.51.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: NetArt Media Real Estate Portal "Username" Field SQL Injection
• Description: Real Estate Portal is a web-based application implemented in PHP. It is used to publish real-estate listings. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to "Username" field when logging into the affected application.
• Ref: http://www.securityfocus.com/bid/37265

• 09.51.68 - CVE: CVE-2009-4237, CVE-2009-4238
• Platform: Web Application - SQL Injection
• Title: TestLink Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: TestLink is a PHP-based testing suite. The application is exposed to multiple input validation issues. TestLink versions prior to 1.8.5 are affected. Ref: http://www.coresecurity.com/content/testlink-multiple-injection-vulnerabilities

• 09.51.69 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_jphoto" Component "id" Parameter SQL Injection
• Description: "com_jphoto" is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_jphoto" component before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/37279

• 09.51.70 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
• Description: The JS Jobs component is a PHP-based application for the Joomla! content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "oi" and "md" parameters of the "com_jsjobs" component before using it in an SQL query. JS Jobs version 1.0.5.6 is affected.
• Ref: http://www.securityfocus.com/bid/37281

• 09.51.71 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ManageEngine OpManager "overview.do" SQL Injection
• Description: ManageEngine OpManager is an application for monitoring and managing networks. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, the application fails to sanitize data supplied to the "requestType" parameter of the "overview.do" script.
• Ref: http://www.securityfocus.com/bid/37289

• 09.51.72 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Digital Scribe Multiple SQL Injection Vulnerabilities
• Description: Digital Scribe is PHP-based content manager for teachers. The application is exposed to multiple SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" parameter of the "stuworkdisplay.php" script before using the data in an SQL query. Digital Scribe version 1.4.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/508410

• 09.51.73 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: VirtueMart "product_id" Parameter SQL Injection
• Description: VirtueMart is a web-based shopping application. VirtueMart is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. This issue affects the "product_id" parameter when the "flypage" parameter is set to "shop.flypage" and "page" parameter is set to "shop.product_details". Virtuemart version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/37317

• 09.51.74 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Randomizer Module HTML Injection
• Description: Randomizer is a random number generation module for the Drupal content manager. The Randomizer module for Drupal is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Randomizer versions 5.x-1.0 and 6.x-1.0 are affected.
• Ref: http://drupal.org/node/655668

• 09.51.75 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! Mamboleto Component "mamboleto.php" Remote File Include
• Description: Mamboleto is a component for the Joomla! content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "mamboleto.php" script. Mamboleto version 2.0.RC3 is affected.
• Ref: http://www.securityfocus.com/bid/37280

• 09.51.76 - CVE: Not Available
• Platform: Web Application
• Title: Zen Cart "extras/curltest.php" Information Disclosure
• Description: Zen Cart is a content manager. The application is exposed to an information disclosure issue because it fails to sufficiently sanitize user-supplied input to the "url" parameter of the "extras/curltest.php" script before passing it to the "curl" application. This can be used in conjunction with the "file://" protocol to access local files.
• Ref: http://www.zen-cart.com/forum/showthread.php?t=142784

• 09.51.77 - CVE: Not Available
• Platform: Web Application
• Title: ZABBIX Denial of Service and SQL Injection Vulnerabilities
• Description: ZABBIX is an IT monitoring system available for multiple operating platforms. ZABBIX is exposed to multiple remote issues. Successful exploits may allow remote attackers to cause the affected application to crash, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ZABBIX versions prior to 1.6.6 are affected.
• Ref: http://www.securityfocus.com/bid/37309

• 09.51.78 - CVE: Not Available
• Platform: Web Application
• Title: Piwik "unserialize()" PHP Code Execution
• Description: Piwik is a PHP-based wiki application. Piwik is exposed to an issue that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. This issue affects the "unserailze()" function of the "core/Cookie.php" script. Piwik versions prior to 0.5 are affected. Ref: http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html

• 09.51.79 - CVE: Not Available
• Platform: Web Application
• Title: Open Flash Chart "ofc_upload_image.php" Remote PHP Code Execution
• Description: Open Flash Chart is a PHP-based chart application. Open Flash Chart is exposed to a remote code execution issue because the application fails to sanitize users-supplied input to the "name" and "HTTP_RAW_POST_DATA" parameters in "ofc_upload_image.php" script when verifying file extensions. This issue can be exploited to create arbitrary files and execute arbitrary PHP code. Open Flash Chart 2 Beta 1 and Open Flash Chart 2 are affected. Ref: http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/

• 09.51.80 - CVE: Not Available
• Platform: Web Application
• Title: DigitalHive "base.php" Arbitrary File Upload
• Description: DigitalHive is a PHP-based forum software. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files to the webserver via the "base.php" script.
• Ref: http://www.securityfocus.com/bid/37320

• 09.51.81 - CVE: Not Available
• Platform: Web Application
• Title: Smart PHP Subscriber Multiple Information Disclosure Vulnerabilities
• Description: Smart PHP Subscriber is a PHP-based mailing list manager. The application is exposed to multiple information disclosure issues. An attacker can exploit these issues to gain access to sensitive information. Information obtained may lead to other attacks.
• Ref: http://www.securityfocus.com/bid/37324

• 09.51.82 - CVE: Not Available
• Platform: Web Application
• Title: phpldapadmin "cmd.php" Local File Include
• Description: phpldapadmin is a web-based application for administering LDAP servers. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "cmd" parameter of the "cmd.php" script. phpldapadmin version 1.1.0.5 is affected.
• Ref: http://www.securityfocus.com/bid/37327

• 09.51.83 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure
• Description: TYPO3 Watchdog (aba_watchdog) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified information disclosure issue. Attackers can exploit this issue to harvest sensitive information that may lead to further attacks. Watchdog versions prior to 2.0.3 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

• 09.51.84 - CVE: Not Available
• Platform: Network Device
• Title: SEIL/B1 PPP Access Concentrator Authentication Bypass
• Description: SEIL/B1 is a network router. SEIL/B1 includes a PPP Access Concentrator function, which supports the CHAP and MS-CHAP-V2 authentication protocols. The device is exposed to an authentication bypass issue affecting CHAP and MS-CHAP-V2 authentication. Specifically, the same challenge is used for all authentication requests. This may allow attackers to perform a replay attack against the device and gain access to the network. SEIL/B1 versions prior to 2.60 are affected.
• Ref: http://jvn.jp/en/jp/JVN49602378/index.html

• 09.51.85 - CVE: Not Available
• Platform: Network Device
• Title: IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
• Description: IntelliCom NetBiter webSCADA devices are web gateway hardware devices. IntelliCom NetBiter webSCADA devices are exposed to multiple security bypass issues due to hardcoded default passwords. These passwords may be obtained by downloading and analyzing the device firmware images, which are "gzip" files with an additional header.
• Ref: http://www.securityfocus.com/archive/1/508449

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.