@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) HIGH: NullSoft Winamp Multiple Vulnerabilities
• (2) HIGH: Cisco WebEx WRF Player Multiple Vulnerabilities
• (3) HIGH: HP OpenView Storage Data Protector Multiple Vulnerabilities
• (4) MODERATE: Ghostscript PDF Handling Remote Buffer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

• 7787 -

Third Party Windows Apps

• 09.52.1 - Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 09.52.2 - Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities

Linux

• 09.52.3 - Ganeti Arbitrary Command Execution

Aix

• 09.52.4 - IBM AIX "qosmod" Local Buffer Overflow
• 09.52.5 - IBM AIX "qoslist" Local Buffer Overflow

Unix

• 09.52.6 - GNU Automake Insecure Directory Permissions

Cross Platform

• 09.52.7 - Cisco WebEx WRF File Handling Multiple Buffer Overflow Vulnerabilities
• 09.52.8 - Kaspersky Products "Every One" Group Insecure Permissions Local Privilege Escalation
• 09.52.9 - IBM WebSphere Application Server JNDI Remote Information Disclosure
• 09.52.10 - Quick Heal Antivirus Insecure Program File Permissions Local Privilege Escalation
• 09.52.11 - Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration
• 09.52.12 - Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
• 09.52.13 - Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
• 09.52.14 - Mozilla Firefox CVE-2009-3981 Remote Memory Corruption
• 09.52.15 - Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 09.52.16 - Mozilla Firefox "window.opener" Property Chrome Privilege Escalation
• 09.52.17 - Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass
• 09.52.18 - Mozilla Firefox and SeaMonkey Insecure Protocol Location Bar Spoofing
• 09.52.19 - Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow
• 09.52.20 - Mozilla Firefox and SeaMonkey Content Injection Spoofing
• 09.52.21 - Mozilla Firefox and SeaMonkey "liboggplay" Media Library Remote Memory Corruption Vulnerabilities
• 09.52.22 - OSSIM "uniqueid" Parameter Multiple Remote Command Execution Vulnerabilities
• 09.52.23 - IBM Rational ClearQuest CQWeb Interface Password Information Disclosure
• 09.52.24 - HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities
• 09.52.25 - PHP "session.save_path()" Arbitrary Code Execution
• 09.52.26 - QuiXplorer "lang" Parameter Local File Include
• 09.52.27 - IBM WebSphere Application Server Feature Pack for CEA Spoofing
• 09.52.28 - HP OpenView Storage Data Protector Stack Buffer Overflow
• 09.52.29 - Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
• 09.52.30 - GTK+ "gdk/gdkwindow.c" Security Bypass
• 09.52.31 - Serv-U File Server User Directory Information Disclosure
• 09.52.32 - Adobe Flash Media Server Resource Exhaustion Remote Denial of Service
• 09.52.33 - Ruby on Rails Message Digest Verification Security Weakness
• 09.52.34 - Intel BIOS SINIT Authenticated Code Module Local Privilege Escalation
• 09.52.35 - SQL-Ledger Multiple Remote Vulnerabilities
• 09.52.36 - Trac Alternate Formats Policy Check Bypass Information Disclosure
• 09.52.37 - Condor Job Submission Security Bypass
• 09.52.38 - Hitachi Multiple Storage Command Suite Products "StartTLS" Information Disclosure

Web Application - Cross Site Scripting

• 09.52.39 - iDevSpot iSupport Multiple Cross-Site Scripting Vulnerabilities
• 09.52.40 - Pluxml-Blog "core/admin/auth.php" Cross-Site Scripting
• 09.52.41 - PHP "htmlspecialcharacters()" Malformed Multibyte Character Cross-Site Scripting
• 09.52.42 - cPanel "fileop" Parameter Multiple Cross-Site Scripting Vulnerabilities
• 09.52.43 - JBC Explorer "arbre.php" Cross-Site Scripting
• 09.52.44 - Kasseler CMS Multiple Cross-Site Scripting Vulnerabilities
• 09.52.45 - ClarkConnect Linux "proxy.php" Cross-Site Scripting
• 09.52.46 - webMathematica "MSP" Script Cross-Site Scripting

Web Application - SQL Injection

• 09.52.47 - Article Directory "login.php" SQL Injection Vulnerabilities
• 09.52.48 - WP-Forum Wordpress Plugin Multiple SQL Injection Vulnerabilities
• 09.52.49 - Digiappz Freekot "login.asp" SQL Injection Vulnerabilities
• 09.52.50 - WHMCS "weblink_cat_list.php" SQL Injection
• 09.52.51 - Active Photo Gallery "account.asp" SQL Injection Vulnerabilities
• 09.52.52 - Pre Job Board "preview.php" SQL Injection Vulnerabilities
• 09.52.53 - Active Auction House Multiple SQL Injection Vulnerabilities
• 09.52.54 - eWebquiz "QuizID" Parameter Multiple SQL Injection Vulnerabilities
• 09.52.55 - Joomla! "com_joomportfolio" Component "secid" Parameter SQL Injection
• 09.52.56 - Joomla! "com_personel" Component "id" Parameter SQL Injection
• 09.52.57 - Pyrmont V2 WordPress Theme "id" Parameter SQL Injection
• 09.52.58 - Ampache "login.php" Multiple SQL Injection Vulnerabilities
• 09.52.59 - Joomla Event Manager Component "id" Parameter SQL Injection
• 09.52.60 - 4homepages 4images "search_user" Parameter SQL Injection
• 09.52.61 - Joomla! DigiStore Component Multiple SQL Injection Vulnerabilities
• 09.52.62 - Joomla HotBrackets Tournament Brackets Component "id" Parameter SQL Injection
• 09.52.63 - Joomla! JEEMA Article Collection Component "catid" Parameter SQL Injection

Web Application

• 09.52.64 - Digital Scribe Cross-Site Scripting and SQL Injection Vulnerabilities
• 09.52.65 - Recipe Script Multiple Input Validation Vulnerabilities
• 09.52.66 - Drupal Sections Module HTML Injection
• 09.52.67 - Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 09.52.68 - OSSIM "repository_attachment.php" Arbitrary File Upload
• 09.52.69 - Family Connections Multiple Input Validation Vulnerabilities
• 09.52.70 - IDevSpot PhpLinkExchange "Your Email Address" Field HTML Injection
• 09.52.71 - IDevSpot PhpLinkExchange "add_images.php" Arbitrary File Upload
• 09.52.72 - Centreon Authentication Mechanism Security Bypass
• 09.52.73 - Sitecore CMS Staging Service "api.asmx" Authentication Bypass
• 09.52.74 - ReVou Comment Field HTML Injection
• 09.52.75 - PEAR Sendmail "Recipient" Parameter Arbitrary Argument Injection
• 09.52.76 - Zen Cart Insecure File and Programs Information Disclosure and Database Deletion
• 09.52.77 - Celerondude Uploader "index.php" Arbitrary File Upload
• 09.52.78 - F3Site "GLOBALS[nlang]" Parameter Multiple Local File Include Vulnerabilities
• 09.52.79 - Ghostscript "errprintf()" Function PDF Handling Remote Buffer Overflow
• 09.52.80 - fence "fence_manual" Insecure Temporary File Creation
• 09.52.81 - Simplicity oF Upload "upload.php" Arbitrary File Upload
• 09.52.82 - Redmine Issue Title HTML Injection
• 09.52.83 - Barracuda Web Application Firewall 660 "cgi-mod/index.cgi" Multiple HTML Injection Vulnerabilities
• 09.52.84 - Simple PHP Blog "blog_language1" Parameter Local File Include
• 09.52.85 - PHPPhotoalbum "upload.php" Arbitrary File Upload
• 09.52.86 - Joomla! JCal Pro Component "mosConfig_absolute_path" Parameter Remote File Include
• 09.52.87 - Joomla! "com_mediaslide" Component Directory Traversal
• 09.52.88 - paFileDB URI Field HTML Injection
• 09.52.89 - PHPOpenChat Multiple HTML Injection Vulnerabilities
• 09.52.90 - DeluxeBB Multiple Vulnerabilities
• 09.52.91 - PHP-Calendar Multiple Remote and Local File Include Vulnerabilities

Network Device

• 09.52.92 - D-Link DIR-615 "apply.cgi" Security Bypass
• 09.52.93 - 3Com OfficeConnect ADSL Wireless 11g Firewall Router Denial of Service
• 09.52.94 - F5 BIG-IP ASM and PSM Remote Buffer Overflow

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 52, 2009

• 7787 - Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities09.52.2 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities-- Linux09.52.3 Ganeti Arbitrary Command Execution-- Aix09.52.4 IBM AIX Local Buffer Overflow09.52.5 IBM AIX Local Bu

• 09.52.1 - CVE: CVE-2009-3995, CVE-2009-3996, CVE-2009-3997
• Platform: Third Party Windows Apps
• Title: Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• Description: Winamp is a multiformat media player for Micorosft Windows platforms. Winamp is exposed to multiple security issues that affect the Module Decoder ("IN_MOD.DLL") plugin. Winamp version 5.56 is affected.
• Ref: http://www.securityfocus.com/archive/1/508527

• 09.52.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• Description: Winamp is a multiformat media player for Micorosft Windows platforms. Winamp is exopsed to multiple integer overflow issues in the "jpeg.w5s" and "png.w5s" filters when processing malformed JPEG and PNG data. Winamp versions prior to 5.57 are affected.
• Ref: http://www.vupen.com/english/advisories/2009/3576

• 09.52.3 - CVE: CVE-2009-4261
• Platform: Linux
• Title: Ganeti Arbitrary Command Execution
• Description: Ganeti is an application used for managing virtual server clusters. The application is exposed to an issue that lets attackers execute arbitrary commands in the context of the application. Specifically, the issue occurs because of insufficient sanitization of user-supplied data through file paths. Ganeti versions prior to 2.0.5, 1.2.9, and 2.1.0 rc2 are affected. Ref: http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2

• 09.52.4 - CVE: Not Available
• Platform: Aix
• Title: IBM AIX "qosmod" Local Buffer Overflow
• Description: AIX is a UNIX operating system from IBM. The IBM AIX "qosmod" functionality is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. AIX version 6.1 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ66918

• 09.52.5 - CVE: Not Available
• Platform: Aix
• Title: IBM AIX "qoslist" Local Buffer Overflow
• Description: AIX is a UNIX operating system from IBM. The IBM AIX "qoslist" functionality is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. AIX version 6.1 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ66966

• 09.52.6 - CVE: CVE-2009-4029
• Platform: Unix
• Title: GNU Automake Insecure Directory Permissions
• Description: GNU Automake is an open source tool used to generate makefiles for use by the make program to compile software from source files. The utility is exposed to an insecure directory permissions issue that arises from a race condition error when the "make dist" and "make distcheck" components of Automake are used. Automake and other packages with Automake generated makefiles are affected. Automake versions prior to 1.10.3 and 1.11.1 are affected.
• Ref: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html

• 09.52.7 - CVE: CVE-2009-2875, CVE-2009-2876, CVE-2009-2877,CVE-2009-2878, CVE-2009-2879, CVE-2009-2880
• Platform: Cross Platform
• Title: Cisco WebEx WRF File Handling Multiple Buffer Overflow Vulnerabilities
• Description: WebEx is a sharing and conferencing application for Microsoft Windows, Linux and Mac OS X. Cisco WebEx is exposed to multiple remote buffer overflow issues because the software fails to perform adequate boundary checks on user-supplied data. These issues occur in the WebEx Recording Format (WRF) player when handling specially crafted WRF files.
• Ref: http://www.securityfocus.com/archive/1/508512

• 09.52.8 - CVE: Not Available
• Platform: Cross Platform
• Title: Kaspersky Products "Every One" Group Insecure Permissions Local Privilege Escalation
• Description: Multiple Kaspersky products are exposed to a local privilege escalation issue. This issue occurs because the applications allow the "Every One" group to have full control of the "BASE" folder.
• Ref: http://www.securityfocus.com/archive/1/508508

• 09.52.9 - CVE: CVE-2009-2747
• Platform: Cross Platform
• Title: IBM WebSphere Application Server JNDI Remote Information Disclosure
• Description: IBM WebSphere Application Server is an application server used for service oriented architecture. The application is exposed to a remote information disclosure issue caused by an error in the Java Naming and Directory Interface. Remote attackers can exploit this issue to query "UserRegistry" objects. IBM WebSphere Application Server versions prior to 6.0.2.39, 6.1.0.29, and 7.0.0.7 are affected.
• Ref: http://xforce.iss.net/xforce/xfdb/54228

• 09.52.10 - CVE: CVE-2009-3703
• Platform: Cross Platform
• Title: Quick Heal Antivirus Insecure Program File Permissions Local Privilege Escalation
• Description: Quick Heal Antivirus is a security application. The application is exposed to a local privilege escalation issue because it installs program files in the "BUILTINusers" directory with "Everyone:F" permissions. Quick Heal Antivirus 2010 is affected.
• Ref: http://www.securityfocus.com/archive/1/508511

• 09.52.11 - CVE: CVE-2009-3987
• Platform: Cross Platform
• Title: Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration
• Description: Mozilla Firefox and SeaMonkey are web applications available for multiple platforms. Mozilla Firefox and Sea Monkey are exposed to a COM object enumeration issue that occurs because the exception message generated by Mozilla's "GeckoActiveXObjects" differs based on whether the COM objects "ProgId" is registered on the affected computer.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-71.html

• 09.52.12 - CVE: CVE-2009-3979
• Platform: Cross Platform
• Title: Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
• Description: Mozilla Firefox is a browser available for various platforms. The application is exposed to multiple remote memory corruption issues that stem from unspecified errors. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-65.html

• 09.52.13 - CVE: CVE-2009-3980
• Platform: Cross Platform
• Title: Mozilla Firefox CVE-2009-3980 Multiple Remote Memory Corruption Vulnerabilities
• Description: Mozilla Firefox is a browser available for various platforms. The application is exposed to multiple remote memory corruption vulnerabilities that stem from unspecified errors. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-65.html

• 09.52.14 - CVE: CVE-2009-3981
• Platform: Cross Platform
• Title: Mozilla Firefox CVE-2009-3981 Remote Memory Corruption
• Description: Mozilla Firefox is a browser available for various platforms. The application is exposed to a remote memory corruption issue that stems from an unspecified error.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-65.html

• 09.52.15 - CVE: CVE-2009-3982
• Platform: Cross Platform
• Title: Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• Description: Mozilla Firefox is a browser available for various platforms. The application is exposed to multiple remote memory corruption issues that stem from unspecified errors. These issues affect the JavaScript engine.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-65.html

• 09.52.16 - CVE: CVE-2009-3986
• Platform: Cross Platform
• Title: Mozilla Firefox "window.opener" Property Chrome Privilege Escalation
• Description: Mozilla Firefox and SeaMonkey are browsers available for multiple platforms. Mozilla Firefox and SeaMonkey are exposed to a remote privilege escalation issue that occurs because a content window opened by a chrome window stores a reference to the chrome window using the "window.opener" property. Using this property an attacker can access content inside the new window with the privileges of the chrome window.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-70.html

• 09.52.17 - CVE: CVE-2009-3983
• Platform: Cross Platform
• Title: Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass
• Description: Mozilla Firefox and SeaMonkey are web applications available for multiple platforms. The applications are exposed to an authentication bypass issue. Specifically, the NT LAN Manager implementation fails to implement credential reflection protection. This will allow credentials to be reflected back to an attacker and can be used against the victim.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-68.html

• 09.52.18 - CVE: CVE-2009-3984
• Platform: Cross Platform
• Title: Mozilla Firefox and SeaMonkey Insecure Protocol Location Bar Spoofing
• Description: Mozilla Firefox and SeaMonkey are web applications available for multiple platforms. Mozilla Firefox and Sea Monkey are affected by a spoofing issue that occurs when a web page is loaded over an insecure protocol such as "http:" or "file:". Specifically, when a webpage is loaded the "document.location" property is set to "https:", which responds with a 204 status and an empty response body.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html

• 09.52.19 - CVE: CVE-2009-3389
• Platform: Cross Platform
• Title: Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow
• Description: Mozilla Firefox and SeaMonkey are web applications available for multiple platforms. Mozilla Firefox and SeaMonkey are exposed to a remote integer overflow issue in the Theora video library. Specifically, calculations on a video's dimensions were used to allocate memory.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-67.html

• 09.52.20 - CVE: CVE-2009-3985
• Platform: Cross Platform
• Title: Mozilla Firefox and SeaMonkey Content Injection Spoofing
• Description: Mozilla Firefox and SeaMonkey are web applications available for multiple platforms. Mozilla Firefox and Sea Monkey are affected by a spoofing issue that occurs because the application allows users to set the "document.location" property to a URL that cannot be displayed and then inject arbitrary JavaScript code into a blank web page.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html

• 09.52.21 - CVE: CVE-2009-3388
• Platform: Cross Platform
• Title: Mozilla Firefox and SeaMonkey "liboggplay" Media Library Remote Memory Corruption Vulnerabilities
• Description: Mozilla Firefox and SeaMonkey are web applications available for multiple platforms. The applications are exposed to multiple remote memory corruption issues because of unspecified errors in the "liboggplay" media library.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-66.html

• 09.52.22 - CVE: Not Available
• Platform: Cross Platform
• Title: OSSIM "uniqueid" Parameter Multiple Remote Command Execution Vulnerabilities
• Description: OSSIM (Open Source Security Information Management) is a compilation of common security tools that are managed through a web console. OSSIM is exposed to multiple issues that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately validate user-supplied input to the "uniqueid" parameter of the "wcl.php", "storage_graphs.php", "storage_graphs2.php", "storage_graphs3.php", and "storage_graphs4.php" scripts. OSSIM version 2.1.5 is affected.
• Ref: http://www.securityfocus.com/bid/37375

• 09.52.23 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Rational ClearQuest CQWeb Interface Password Information Disclosure
• Description: IBM Rational ClearQuest is an application for software development management. The application is exposed to an information disclosure issue in the CQWeb interface when legacy URIs are used for automatic login. Rational ClearQuest versions prior to 7.1.1 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377

• 09.52.24 - CVE: CVE-2007-2281
• Platform: Cross Platform
• Title: HP OpenView Storage Data Protector Multiple Remote Code Execution Vulnerabilities
• Description: HP OpenView Storage Data Protector is a commercial data management product for backup and recovery operations. The application is exposed to multiple remote code execution issues. An attacker can exploit these issues to execute arbitrary code with SYSTEM level privileges.
• Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-09-15

• 09.52.25 - CVE: CVE-2009-4143
• Platform: Cross Platform
• Title: PHP "session.save_path()" Arbitrary Code Execution
• Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to an issue that an attacker could exploit to execute arbitrary code. This issue occurs because certain PHP functions can be interrupted by userspace functions in error cases or as callbacks.
• Ref: http://www.php.net/releases/5_2_12.php

• 09.52.26 - CVE: Not Available
• Platform: Cross Platform
• Title: QuiXplorer "lang" Parameter Local File Include
• Description: QuiXplorer is a web-based application implemented in PHP. It allows users to browse files and directories on a Web server. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "lang" parameter of the ".include/init.php" script. QuiXplorer version 2.4.1beta is affected.
• Ref: http://www.securityfocus.com/archive/1/508533

• 09.52.27 - CVE: CVE-2009-2749
• Platform: Cross Platform
• Title: IBM WebSphere Application Server Feature Pack for CEA Spoofing
• Description: Feature Pack for Communications Enabled Applications provides extra functionality to IBM WebSphere Application Server (WAS). The application is exposed to a spoofing issue because session values may be predictable. Feature Pack versions prior to 1.0.0.1 on WAS 7.0.0.7 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27017328

• 09.52.28 - CVE: CVE-2007-2280
• Platform: Cross Platform
• Title: HP OpenView Storage Data Protector Stack Buffer Overflow
• Description: HP OpenView Storage Data Protector is a commercial data management product for backup and recovery operations. The application is exposed to a remote stack-based buffer overflow issue that affects the OmniInet listening process. Specifically, this vulnerability occurs because the application fails to bounds check data contained in "MSG_PROTOCOL" packets received on TCP port 5555.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-099/

• 09.52.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Wireshark 0.9.0 through 1.2.4 Multiple Vulnerabilities
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. Wireshark is exposed to multiple issues when handling certain types of packets and protocols in varying conditions. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may also execute arbitrary code in the context of vulnerable users running the application.
• Ref: http://www.wireshark.org/security/wnpa-sec-2009-09.html

• 09.52.30 - CVE: Not Available
• Platform: Cross Platform
• Title: GTK+ "gdk/gdkwindow.c" Security Bypass
• Description: GTK+ is a toolkit for creating graphical user interfaces. GTK+ is exposed to a security bypass issue that occurs when trying to paint on non-existent foreign windows. Specifically the issue occurs in the "gdk_window_begin_implicit_paint()" function of the "gdk/gdkwindow.c" file. The vulnerability can be exploited by providing an incorrect password five times in gnome screensaver, which crashes the screensaver and bypasses the screen lock. GTK+ version 2.18.4 is affected.
• Ref: https://bugzilla.gnome.org/show_bug.cgi?id=598476

• 09.52.31 - CVE: Not Available
• Platform: Cross Platform
• Title: Serv-U File Server User Directory Information Disclosure
• Description: Serv-U File Server is a file server application. Serv-U File Server is exposed to an information disclosure due to a design error. Specifically attackers can view directories that are above the user's root directory. Serv-U File Server versions prior to 9.2.0.1 are affected.
• Ref: http://www.serv-u.com/releasenotes/

• 09.52.32 - CVE: CVE-2009-3791
• Platform: Cross Platform
• Title: Adobe Flash Media Server Resource Exhaustion Remote Denial of Service
• Description: Adobe Flash Media Server provides streaming media and a development environment for creating and delivering media applications. Adobe Flash Media Server is exposed to a remote denial of service issue. Adobe Flash Media Server versions 3.5.2 and earlier are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-18.html

• 09.52.33 - CVE: CVE-2009-3086
• Platform: Cross Platform
• Title: Ruby on Rails Message Digest Verification Security Weakness
• Description: Ruby on Rails is a framework for developing web applications; it is available for multiple platforms. Ruby on Rails is exposed to a weakness in a way it verifies message digests in the cookie store. Specifically, the issue is due to a non-constant time algorithm. Successfully exploiting this issue may allow an attacker to determine when a forged signature is partially correct and potentially forge a message digest. Ruby on Rails versions prior to 2.3.4 and 2.2.3 are affected. Ref: http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails

• 09.52.34 - CVE: Not Available
• Platform: Cross Platform
• Title: Intel BIOS SINIT Authenticated Code Module Local Privilege Escalation
• Description: Intel BIOS is exposed to an unspecified privilege escalation issue. This issue affects the SINIT Authenticated Code Module and is the result of a configuration error. Attackers may exploit this issue to bypass Trusted Execution Technology access controls. Ref: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-fr

• 09.52.35 - CVE: CVE-2009-3581, CVE-2009-3582, CVE-2009-3583,CVE-2009-3584
• Platform: Cross Platform
• Title: SQL-Ledger Multiple Remote Vulnerabilities
• Description: SQL-Ledger is a double entry accounting application. The application is exposed to multiple issues. Exploiting these issues could allow an attacker to steal cookie based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database. SQL-Ledger version 2.8.84 is affected.
• Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0415.html

• 09.52.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Trac Alternate Formats Policy Check Bypass Information Disclosure
• Description: Trac is a wiki and issue tracking system. The application is exposed to an information disclosure issue that arises because the application fails to perform a policy check when generating reports using alternate formats such as tab delimited or comma delimited. Trac versions prior to 0.11.6 are affected.
• Ref: http://trac.edgewall.org/browser/tags/trac-0.11.6/ChangeLog

• 09.52.37 - CVE: CVE-2009-4133
• Platform: Cross Platform
• Title: Condor Job Submission Security Bypass
• Description: Condor is a workload management system for Unix and Windows platforms. The application is exposed to a security bypass issue that allows attackers who are authorized to submit jobs to queue under the account of a different user. Condor versions prior to 7.4.1 are affected.
• Ref: https://rhn.redhat.com/errata/RHSA-2009-1688.html

• 09.52.38 - CVE: Not Available
• Platform: Cross Platform
• Title: Hitachi Multiple Storage Command Suite Products "StartTLS" Information Disclosure
• Description: Hitachi Storage Command Suite products are tools for integrating storage devices. Hitachi Storage Command Suite products are exposed to an information disclosure issue when an LDAP server is used for external authorization. Specifically, the "StartTLS" function may not be enabled even if the the application is configured to use "StartTLS". Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-018/index.html

• 09.52.39 - CVE: CVE-2009-3731
• Platform: Web Application - Cross Site Scripting
• Title: iDevSpot iSupport Multiple Cross-Site Scripting Vulnerabilities
• Description: iSupport is a PHP-based helpdesk application. The application is exposed to multiple cross-site scripting issues because the application fails to sufficiently sanitize user-supplied input to the "which" parameter of the "knowledgebase_list.php" and "function.php" files. Additionally, multiple cross-site scripting issues were reported to affect the ticket submit section. ISupport versions 1.8 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/37380

• 09.52.40 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Pluxml-Blog "core/admin/auth.php" Cross-Site Scripting
• Description: Pluxml-Blog is a PHP-based web application. Pluxml-Blog is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "p" parameter of the "core/admin/auth.php" script. Pluxml-Blog version 4.2 is affected.
• Ref: http://www.securityfocus.com/bid/37384

• 09.52.41 - CVE: CVE-2009-4142
• Platform: Web Application - Cross Site Scripting
• Title: PHP "htmlspecialcharacters()" Malformed Multibyte Character Cross-Site Scripting
• Description: PHP is a framework for developing web applications; it is available for multiple platforms. PHP is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Specifically, the "htmlspecialcharacters()" function fails to handle some malformed multibyte character sequences. PHP versions prior to 5.2.12 are affected.
• Ref: http://bugs.php.net/bug.php?id=49785

• 09.52.42 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: cPanel "fileop" Parameter Multiple Cross-Site Scripting Vulnerabilities
• Description: cPanel is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "fileop" parameter of the "fileop.html" and "dofileop.html" files. cPanel version 11 is affected.
• Ref: http://www.securityfocus.com/bid/37394

• 09.52.43 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: JBC Explorer "arbre.php" Cross-Site Scripting
• Description: JBC Explorer is a PHP-based application that allows users to view files on the web server. JBC Explorer is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "last" parameter of the "arbre.php" script. JBC Explorer version 7.20 is affected.
• Ref: http://www.securityfocus.com/bid/37423

• 09.52.44 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Kasseler CMS Multiple Cross-Site Scripting Vulnerabilities
• Description: Kasseler CMS is a PHP-based application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "do", "id" and "uname" parameters of "index.php". Kasseler CMS version 1.3.4 Lite is affected.
• Ref: http://www.securityfocus.com/bid/37435

• 09.52.45 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ClarkConnect Linux "proxy.php" Cross-Site Scripting
• Description: ClarkConnect Linux is an environment designed to provide gateway and other services to home users. ClarkConnect Linux is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "url" parameter of the "public/proxy.php" script. ClarkConnect Linux version 5.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/508577

• 09.52.46 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: webMathematica "MSP" Script Cross-Site Scripting
• Description: webMathematica is a web-based application used to develop dynamic sites. webMathematica is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "MSP" script.
• Ref: http://www.securityfocus.com/bid/37451

• 09.52.47 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Article Directory "login.php" SQL Injection Vulnerabilities
• Description: Article Directory is a web-based news article directory. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" input fields when logging into the application via the "login.php" script.
• Ref: http://www.securityfocus.com/bid/37356

• 09.52.48 - CVE: CVE-2009-3703
• Platform: Web Application - SQL Injection
• Title: WP-Forum Wordpress Plugin Multiple SQL Injection Vulnerabilities
• Description: WP-Forum is PHP-based plugin for Wordpress. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "wpf.class.php": "search_max", "forum" "wpf-post.php": "id". WP-Forum versions prior to 2.4 are affected.
• Ref: http://www.securityfocus.com/archive/1/508504

• 09.52.49 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Digiappz Freekot "login.asp" SQL Injection Vulnerabilities
• Description: Digiappz Freekot is a tool for inserting random quotations into a web site. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Email" and "Password" input fields when logging into the application via the "login.asp" script.
• Ref: http://www.securityfocus.com/bid/37373

• 09.52.50 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: WHMCS "weblink_cat_list.php" SQL Injection
• Description: WHMCS is a web-based news article directory. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bcat_id" parameter of the "weblink_cat_list.php" script.
• Ref: http://www.securityfocus.com/bid/37376

• 09.52.51 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Active Photo Gallery "account.asp" SQL Injection Vulnerabilities
• Description: Active Photo Gallery is a web-based photo gallery and search engine. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Email" and "Password" input fields when logging in to the application via the "account.asp" script. Active Photo Gallery version 6.2 is affected.
• Ref: http://www.securityfocus.com/bid/37399

• 09.52.52 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Pre Job Board "preview.php" SQL Injection Vulnerabilities
• Description: Pre Job Board is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "User" and "Password" input fields when logging in to the application via the "jobseekers/preview.php" script.
• Ref: http://www.securityfocus.com/bid/37400

• 09.52.53 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Active Auction House Multiple SQL Injection Vulnerabilities
• Description: Active Auction House is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "wishlist.asp": "catid"; "links.asp": "linkid". Active Auction House version 3.6 is affected.
• Ref: http://www.securityfocus.com/bid/37401

• 09.52.54 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: eWebquiz "QuizID" Parameter Multiple SQL Injection Vulnerabilities
• Description: eWebquiz is an application for creating web-based quizzes; it is implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "QuizID" parameter of the "questions.asp", "importquestions.asp" and "quiztakers.asp" scripts before using the data in an SQL query. eWebquiz version 8 is affected.
• Ref: http://www.securityfocus.com/bid/37402

• 09.52.55 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_joomportfolio" Component "secid" Parameter SQL Injection
• Description: "com_portfolio" is a component for Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "secid" parameter of the "com_joomportfolio" component before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/37403

• 09.52.56 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_personel" Component "id" Parameter SQL Injection
• Description: The "com_personel" component is a PHP-based extension for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_personel" component before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/37404

• 09.52.57 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Pyrmont V2 WordPress Theme "id" Parameter SQL Injection
• Description: Pyrmont V2 is a PHP-based theme for the Wordpress blogging software. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "results.php" script before using it an SQL query.
• Ref: http://www.securityfocus.com/bid/37409

• 09.52.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Ampache "login.php" Multiple SQL Injection Vulnerabilities
• Description: Ampache is an application for managing clients of online businesses. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "login.php" script. Ampache version 3.4.3 is affected.
• Ref: http://www.securityfocus.com/bid/37417

• 09.52.59 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla Event Manager Component "id" Parameter SQL Injection
• Description: Event Manager is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it an SQL query. Event Manager version 1.5 is affected. Ref: http://www.jforjoomla.com/Joomla-Components/event-manager-15-component.html

• 09.52.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: 4homepages 4images "search_user" Parameter SQL Injection
• Description: 4homepages 4images is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, the application fails to sanitize data supplied to the "search_user" parameter of the "search.php" script. 4images version 1.7.1 is affected.
• Ref: http://www.securityfocus.com/bid/37429

• 09.52.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! DigiStore Component Multiple SQL Injection Vulnerabilities
• Description: The DigiStore component is a PHP-based application for the Joomla! content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cid[]" and "pid[]" parameters of the "com_digistore" component before using them in an SQL query.
• Ref: http://www.securityfocus.com/bid/37433

• 09.52.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla HotBrackets Tournament Brackets Component "id" Parameter SQL Injection
• Description: HotBrackets Tournament Brackets is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of "com_hotbrackets" before using it an SQL query.
• Ref: http://extensions.joomla.org/extensions/sports-a-games/sports/10746

• 09.52.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! JEEMA Article Collection Component "catid" Parameter SQL Injection
• Description: JEEMA Article Collection is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of "com_jeemaarticlecollection" before using it an SQL query. Ref: http://www.forum.jeema.net/component/content/article/4-jeema-article-collection-component/13-about-jeema-article-collection.html

• 09.52.64 - CVE: Not Available
• Platform: Web Application
• Title: Digital Scribe Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: Digital Scribe is PHP-based content manager for teachers. The application is exposed to multiple input validation issues. Cross-site scripting issues affect the "id" and "teacher" parameters in the "showpic.php" script. SQL injection issues affect the following scripts and parameters: "forgot.php": "email" and "stuworkindiv.php": "ID". Digital Scribe version 1.4.1 is affected.
• Ref: http://www.securityfocus.com/bid/37353

• 09.52.65 - CVE: Not Available
• Platform: Web Application
• Title: Recipe Script Multiple Input Validation Vulnerabilities
• Description: Recipe Script is a web-based application. The application is exposed to multiple issues. An issue allows attackers to upload arbitrary files affects the "admin/add_logo.php" script. An issue affects the "admin/send_email_users.php" script that allows attackers to send email to arbitrary recipients. HTML-injection issues affect multiple scripts and parameters. Recipe Script version 5.0 is affected.
• Ref: http://www.securityfocus.com/bid/37359

• 09.52.66 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Sections Module HTML Injection
• Description: The Sections module is used to create sections in the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Sections versions prior to 5.x-1.3 and 6.x-1.3 are affected.
• Ref: http://drupal.org/node/661404

• 09.52.67 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• Description: Drupal is web-based content manager. The application is exposed to multiple input validation issues. An HTML injection issue affects the Contact module because it fails to properly sanitize user-supplied input to the "Contact category name" parameter. An HTML injection issue affects the Menu module because it fails to properly sanitize user-supplied input to the "Menu description" parameter. Dripal 5.x versions prior to 5.21 and 6.x versions prior to 6.15 are affected.
• Ref: http://drupal.org/node/661586

• 09.52.68 - CVE: Not Available
• Platform: Web Application
• Title: OSSIM "repository_attachment.php" Arbitrary File Upload
• Description: OSSIM (Open Source Security Information Management) is a compilation of common security tools that are managed through a web console. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files to the web server through the "repository_attachment.php" script. OSSIM version 2.1.5 is affected.
• Ref: http://www.securityfocus.com/bid/37377

• 09.52.69 - CVE: Not Available
• Platform: Web Application
• Title: Family Connections Multiple Input Validation Vulnerabilities
• Description: Family Connections is a PHP-based content manager. Since the application fails to properly sanitize user-supplied input, it is exposed to multiple input validation issues. Exploiting these issues may allow an unauthorized user to view files, run local scripts, upload and run arbitrary script code, access or modify data, or exploit latent vulnerabilities in the underlying database. Family Connections versions 2.1.3 and prior are affected.
• Ref: http://www.securityfocus.com/bid/37379

• 09.52.70 - CVE: Not Available
• Platform: Web Application
• Title: IDevSpot PhpLinkExchange "Your Email Address" Field HTML Injection
• Description: PhpLinkExchange is a web application used to maintain a link exchange directory. PhpLinkExchange is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before displaying it in a browser. Specifically, this issue affects "Your Email Address" field of the "tellafriend" page. PhpLinkExchange version 1.02 is affected.
• Ref: http://www.securityfocus.com/bid/37381

• 09.52.71 - CVE: Not Available
• Platform: Web Application
• Title: IDevSpot PhpLinkExchange "add_images.php" Arbitrary File Upload
• Description: PhpLinkExchange is a web application used to maintain a link exchange directory. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files to the web server through the "add_images.php" script. PhpLinkExchange version 1.02 is affected.
• Ref: http://www.securityfocus.com/bid/37382

• 09.52.72 - CVE: Not Available
• Platform: Web Application
• Title: Centreon Authentication Mechanism Security Bypass
• Description: Centreon (formerly Oreon) is a PHP-based application for monitoring networks. Centreon is exposed to a security bypass issue due to a design error in the authentication mechanism that will allow an attacker to access functionality such as ping or traceroute and gain access to information from the LDAP service. Centreon versions prior to 2.1.4 are affected.
• Ref: http://www.centreon.com/Development/changelog-2x.html

• 09.52.73 - CVE: Not Available
• Platform: Web Application
• Title: Sitecore CMS Staging Service "api.asmx" Authentication Bypass
• Description: Sitecore CMS is web-based content manager. The application's Staging webservice is used for transmitting files between master and slave servers. The application's Staging webservice is exposed to an authentication bypass issue because it fails to properly restrict access to the "modules/staging/service/api.asmx" script. Sitecore CMS versions prior to 5.4.0 rev 091111 are affected.
• Ref: http://www.securityfocus.com/archive/1/508529

• 09.52.74 - CVE: Not Available
• Platform: Web Application
• Title: ReVou Comment Field HTML Injection
• Description: ReVou is a microblogging application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before displaying it in a browser. Specifically, this issue affects the "Comment" field.
• Ref: http://www.securityfocus.com/bid/37391

• 09.52.75 - CVE: CVE-2009-4111
• Platform: Web Application
• Title: PEAR Sendmail "Recipient" Parameter Arbitrary Argument Injection
• Description: PEAR is a framework for reusable PHP components. PEAR is exposed to a remote argument injection issue because it fails to adequately sanitize user-supplied input data. Specifically, the issue affects the "recipient" parameter. PEAR version 1.1.14 is affected.
• Ref: http://www.openwall.com/lists/oss-security/2009/11/28/2

• 09.52.76 - CVE: Not Available
• Platform: Web Application
• Title: Zen Cart Insecure File and Programs Information Disclosure and Database Deletion
• Description: Zen Cart is a content manager implemented in PHP. Zen Cart is exposed to a security issue that may allow attackers to obtain sensitive information or delete the application's database. This issue occurs because the application puts insecure programs and files into the "docs", "extras", and "zc_install" folders.
• Ref: http://www.securityfocus.com/bid/37397

• 09.52.77 - CVE: Not Available
• Platform: Web Application
• Title: Celerondude Uploader "index.php" Arbitrary File Upload
• Description: Celerondue Uploader is a PHP-based application used from managing file content. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files to the webserver via the "index.php" script. Arbitrary code may run in the context of the webserver process. Celerondude Uploader version 5.3.0 is affected.
• Ref: http://www.securityfocus.com/bid/37406

• 09.52.78 - CVE: Not Available
• Platform: Web Application
• Title: F3Site "GLOBALS[nlang]" Parameter Multiple Local File Include Vulnerabilities
• Description: F3Site is a web application implemented in PHP. The application is exposed to multiple local file include issues because it fails to sufficiently sanitize user-supplied input to the "GLOBALS[nlang]" parameter in the "poll.php" and "new.php" scripts. F3Site 2009 is affected.
• Ref: http://www.securityfocus.com/bid/37408

• 09.52.79 - CVE: Not Available
• Platform: Web Application
• Title: Ghostscript "errprintf()" Function PDF Handling Remote Buffer Overflow
• Description: Ghostscript is a set of tools and libraries for handling Portable Document Format (PDF) and PostScript files. Ghostscript is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input before copying it into a finite sized buffer. Specifically, the issue affects the "errprintf()" function of the "base/gsmisc.c" file and arises when a specially crafted PDF file is processed. Ghostscript versions 8.64 and 8.70 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=540760

• 09.52.80 - CVE: CVE-2008-4580
• Platform: Web Application
• Title: fence "fence_manual" Insecure Temporary File Creation
• Description: The "fence_manual" program is a component of the cluster2 Cluster Manager system. The application creates temporary files in an insecure manner. Specifically, this issue affects the "fence_manual.fifo" temproary file. An attacker with local access could potentially exploit this issue to perform symbolic link attacks, overwriting arbitrary files in the context of the affected application. "fence_manual" versions prior to fence 2.03.09 are affected.
• Ref: http://bugs.gentoo.org/show_bug.cgi?id=240576

• 09.52.81 - CVE: Not Available
• Platform: Web Application
• Title: Simplicity oF Upload "upload.php" Arbitrary File Upload
• Description: Simplicity oF Upload is a PHP-based application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize file extensions before uploading files to the web server through the "upload.php" script. Simplicity oF Upload version 1.3.2 is affected. Ref: http://groups.google.com/group/ganeti/browse_thread/thread/cbce23d89103a8d2

• 09.52.82 - CVE: Not Available
• Platform: Web Application
• Title: Redmine Issue Title HTML Injection
• Description: Redmine is a web-based project management tool. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before displaying it in a browser. Specifically, attackers can use malicious UTF-7 characters in the title field of an issue to trigger this vulnerability. Redmine version 0.8.7 is affected.
• Ref: http://www.securityfocus.com/bid/37425

• 09.52.83 - CVE: Not Available
• Platform: Web Application
• Title: Barracuda Web Application Firewall 660 "cgi-mod/index.cgi" Multiple HTML Injection Vulnerabilities
• Description: The Barracuda Web Application Firewall 660 is a web application firewall device. The Barracuda Web Application Firewall 660 web management interface is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input to the "backup_username", "backup_server", "backup_path", and "backup_password" parameters of the "cgi-mod/index.cgi" CGI application. The Barracuda Web Application Firewall 660 Firmware version 7.3.1.007 is affected.
• Ref: http://www.securityfocus.com/bid/37432

• 09.52.84 - CVE: CVE-2009-3702
• Platform: Web Application
• Title: Simple PHP Blog "blog_language1" Parameter Local File Include
• Description: Simple PHP Blog is a web log application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "blog_language1" parameter of the "languages_cgi.php" script. Simple PHP Blog version 0.5.1 is affected.
• Ref: http://www.securityfocus.com/bid/37434

• 09.52.85 - CVE: Not Available
• Platform: Web Application
• Title: PHPPhotoalbum "upload.php" Arbitrary File Upload
• Description: PHPPhotoalbum is a PHP-based web application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input before uploading files via the "upload.php" script.
• Ref: http://www.securityfocus.com/bid/37436

• 09.52.86 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! JCal Pro Component "mosConfig_absolute_path" Parameter Remote File Include
• Description: JCal Pro is a component for the Joomla! content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "com_jcalpro/cal_popup.php" script. JCal Pro version 1.5.3.6 is affected.
• Ref: http://www.securityfocus.com/bid/37438

• 09.52.87 - CVE: Not Available
• Platform: Web Application
• Title: Joomla! "com_mediaslide" Component Directory Traversal
• Description: "com_mediaslide" is a component for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "viewer.php" script. Information obtained could aid in further attacks.
• Ref: http://www.securityfocus.com/bid/37440

• 09.52.88 - CVE: Not Available
• Platform: Web Application
• Title: paFileDB URI Field HTML Injection
• Description: paFileDB is a PHP-based web application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before displaying it in a browser. Specifically, this issue affects the "URI" field when uploading a file via the "dload.php" script. paFileDB version 3.1 is affected.
• Ref: http://www.securityfocus.com/bid/37444

• 09.52.89 - CVE: Not Available
• Platform: Web Application
• Title: PHPOpenChat Multiple HTML Injection Vulnerabilities
• Description: PHPOpenChat is a PHP-based chat server. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data to the "install.php" script. PHPOpenChat version 3.0.2 is affected.
• Ref: http://www.securityfocus.com/bid/37447

• 09.52.90 - CVE: Not Available
• Platform: Web Application
• Title: DeluxeBB Multiple Vulnerabilities
• Description: DeluxeBB is a PHP-based content management application. The application is exposed to multiple issues. Attackers can exploit these issues to gain administrative access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or perform restricted actions. DeluxeBB version 1.3 is affected.
• Ref: http://www.securityfocus.com/bid/37448

• 09.52.91 - CVE: Not Available
• Platform: Web Application
• Title: PHP-Calendar Multiple Remote and Local File Include Vulnerabilities
• Description: PHP-Calendar is web-based calendar application implemented in PHP. The application is exposed to remote and local file include issues that affect the "configfile" parameter of the "update08.php" script. PHP-Calendar version 1.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/508548

• 09.52.92 - CVE: Not Available
• Platform: Network Device
• Title: D-Link DIR-615 "apply.cgi" Security Bypass
• Description: D-Link DIR-615 is an Ethernet broadband router. D-Link DIR-615 is is exposed to a security bypass issue that occurs because the device allows unrestricted access to the "apply.cgi" script. This will allow attackers to change the administrator's password, disable wireless security, and change other router settings.
• Ref: http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/

• 09.52.93 - CVE: Not Available
• Platform: Network Device
• Title: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Denial of Service
• Description: 3Com OfficeConnect ADSL Wireless 11g Firewall Router is a Wi-Fi networking router. 3Com OfficeConnect ADSL Wireless 11g Firewall Router is exposed to a denial of service issue when handling specially crafted HTTP requests. 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A-72 and 3CRWDR100Y-72 with firmware version 2.06T13 are affected. Ref: http://www.3com.com/products/en_US/detail.jsp?tab=features&sku=3CRWE754G72-A&pathtype=purchase

• 09.52.94 - CVE: Not Available
• Platform: Network Device
• Title: F5 BIG-IP ASM and PSM Remote Buffer Overflow
• Description: F5 BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM) are application firewall devices. F5 BIG-IP ASM and PSM are exposed to a remote buffer overflow issue that affects the "bd" daemon. An attacker may exploit this issue to corrupt memory and execute arbitrary code.
• Ref: http://www.f5.com/products/big-ip/feature-modules/protocol-security-module.html

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.