@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Novell Netware Groupwise SMTP Command Handling Buffer Overflow
• (2) CRITICAL: Mulitple Mozilla Products Multiple Vulnerabilities
• (3) HIGH: Multiple VNC Clients Multiple Vulnerabilities
• (4) HIGH: Free Download Manager Remote Buffer Overflow
• (5) HIGH: NewsGator FeedDemon RSS Handling Buffer Overflow
• (6) HIGH: Nokia PC Suite Playlist Handling Buffer Overflow
• (7) MODERATE: Sun Sun Fire Embedded Lights Out Management Login Bypass

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 09.6.1 - Microsoft Internet Explorer HTML Form Value Buffer Overflow

Third Party Windows Apps

• 09.6.2 - Thomson Demo mp3PRO Player/Encoder ".m3u" File Remote Buffer Overflow
• 09.6.3 - Web on Windows ActiveX "WriteIniFileString/ShellExecute" Arbitrary File Overwrite
• 09.6.4 - Synactis ALL In-The-Box ActiveX Control Arbitrary File Overwrite
• 09.6.5 - Spider Player Multiple Playlist Files Buffer Overflow
• 09.6.6 - Multiple Kaspersky Products "klim5.sys" Local Privilege Escalation
• 09.6.7 - BreakPoint Software Hex Workshop ".cmap" File Handling Memory Corruption
• 09.6.8 - Nokia Multimedia Player ".m3u" File Heap Buffer Overflow
• 09.6.9 - Euphonics ".pls" File Buffer Overflow
• 09.6.10 - BlazeVideo HDTV Player PLF File Heap Buffer Overflow

Linux

• 09.6.11 - Linux Kernel "inotify" Local Privilege Escalation
• 09.6.12 - Red Hat Certificate System Security Bypass
• 09.6.13 - Todd Miller Sudo "Runas_Alias" Supplementary Group Local Privilege Escalation

BSD

• 09.6.14 - OpenBSD BGP UPDATE Message Remote Denial of Service

Solaris

• 09.6.15 - Sun Solaris ip(7P) Kernel Module IP-in-IP Packet Handling Local Denial of Service
• 09.6.16 - Sun Solaris ip(7P) Kernel Module Minor Number Allocation Local Denial of Service

Novell

• 09.6.17 - Novell GroupWise WebAccess Unspecified HTML Injection
• 09.6.18 - Novell GroupWise HTTP POST/GET Request Information Disclosure
• 09.6.19 - Novell GroupWise Internet Agent Unspecified Remote Buffer Overflow

Cross Platform

• 09.6.20 - W3C Amaya HTML "input" Tag Parameter Buffer Overflow
• 09.6.21 - W3C Amaya Multiple Buffer Overflow Vulnerabilities
• 09.6.22 - Autonomy Ultraseek "cs.html" URI Redirection
• 09.6.23 - FFmpeg "libavformat/4xm.c" Remote Code Execution
• 09.6.24 - Sun Fire X2100/X2200 M2 Servers Security Bypass and Remote Command Execution
• 09.6.25 - Trickle "LD_PRELOAD" Arbitrary Code Execution
• 09.6.26 - IBM AIX "rmsock" Insecure Log File Handling
• 09.6.27 - Xerox WorkCentre Web Server Unspecified Remote Command Execution
• 09.6.28 - IBM WebSphere Application Server Arbitrary File Information Disclosure
• 09.6.29 - Gretech GOM Player ".pls" File Remote Buffer Overflow
• 09.6.30 - PHP "mbstring.func_overload" Web server Denial of Service
• 09.6.31 - Enomaly ECP Insecure Temporary File Creation
• 09.6.32 - VMware ESX VMDK Delta Disk Host Denial of Service
• 09.6.33 - Free Download Manager Remote Control Server Stack Buffer Overflow
• 09.6.34 - Free Download Manager Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities
• 09.6.35 - PSCS VPOP3 Email Message HTML Injection
• 09.6.36 - Small HTTP server FTP Directory Traversal
• 09.6.37 - Bugzilla Pseudo Random Number Generator Shared Seed
• 09.6.38 - NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities
• 09.6.39 - Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
• 09.6.40 - Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
• 09.6.41 - Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service

Web Application - Cross Site Scripting

• 09.6.42 - HP Select Access Unspecified Cross-Site Scripting
• 09.6.43 - Piggydb Unspecified Cross-Site Scripting
• 09.6.44 - htmLawed Multiple Unspecified Cross-Site Scripting Vulnerabilities
• 09.6.45 - Profense Cross-Site Request Forgery and Cross-Site Scripting Vulnerabilities
• 09.6.46 - D-Link DVG-2001s VoIP Phone Adaptor "page_CfgDevInfo_Set" Cross-Site Scripting
• 09.6.47 - Google Chrome Cross-Site Scripting and Cross Domain Security Bypass Vulnerabilities
• 09.6.48 - Novell GroupWise WebAccess "gw/webacc" Multiple Cross-Site Scripting Vulnerabilities
• 09.6.49 - E-Php B2B Trading Marketplace Script Multiple Cross-Site Scripting Vulnerabilities
• 09.6.50 - D-Link DIR-300 Cross-Site Scripting and Security Bypass Vulnerabilities
• 09.6.51 - Vivvo 404 Error Page Cross-Site Scripting
• 09.6.52 - Ez PHP Comment Reviewer Name Cross-Site Scripting

Web Application - SQL Injection

• 09.6.53 - Max.Blog "offline_auth.php" SQL Injection
• 09.6.54 - SocialEngine "blog.php" SQL Injection
• 09.6.55 - Domain Technologie Control "client/new_account.php" Multiple SQL Injection Vulnerabilities
• 09.6.56 - smartSite CMS "articles.php" SQL Injection
• 09.6.57 - ASP-DEV XM Events Diary "diary_viewC.asp" SQL Injection
• 09.6.58 - NetArt Media Car Portal Login SQL Injection
• 09.6.59 - KTP Computer Customer Database "lname" Parameter SQL Injection
• 09.6.60 - PLE CMS "login.php" SQL Injection
• 09.6.61 - SalesCart Login Multiple SQL Injection Vulnerabilities
• 09.6.62 - Bugs Online "help.asp" SQL Injection
• 09.6.63 - SkaLinks Administration Login SQL Injection
• 09.6.64 - e-Vision CMS "iframe.php" SQL Injection
• 09.6.65 - ClickCart Login Parameters SQL Injection Vulnerabilities
• 09.6.66 - Online Grades Login Parameters SQL Injection Vulnerabilities
• 09.6.67 - Multiple Whole Hog Software Products Login SQL Injection
• 09.6.68 - phpBLASTER "blaster_user" Parameter SQL Injection
• 09.6.69 - WEBalbum "photo.php" SQL Injection
• 09.6.70 - MyDesign Sayac "admin.asp" Login Parameters SQL Injection
• 09.6.71 - DMXReady Online Notebook Manager Login Parameters SQL Injection Vulnerabilities

Web Application

• 09.6.72 - Star Articles Multiple Administrative Scripts Authentication Bypass Vulnerabilities
• 09.6.73 - Personal Site Manager 0.3 Multiple Remote Vulnerabilities
• 09.6.74 - Coppermine Photo Gallery "picEditor.php" Remote File Upload
• 09.6.75 - KTP Computer Customer Database "p" Parameter Local File Include
• 09.6.76 - SIR GNUBoard Multiple Remote Vulnerabilities
• 09.6.77 - ReVou SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.6.78 - BPAutosales "index.php" SQL Injection and Cross-Site Scripting Vulnerabilities
• 09.6.79 - BoonEx Orca Topic Title HTML Injection
• 09.6.80 - Drupal ImageField Module Multiple Vulnerabilities
• 09.6.81 - OpenHelpdesk "ajax.php" Remote Command Execution
• 09.6.82 - Multiple Whole Hog Software Products Cookie Authentication Bypass
• 09.6.83 - Multiple Groone Products "abspath" Parameter Remote File Include
• 09.6.84 - SMA-DB Cross-Site Scripting and Remote File Include Vulnerabilities
• 09.6.85 - AJA Portal Multiple Local File Include Vulnerabilities
• 09.6.86 - Flatnux User Profile "Job" Field HTML Injection
• 09.6.87 - Sourdough "neededFiles[patForms]" Parameter Remote File Include
• 09.6.88 - phpSlash "fields" Parameter Remote Command Execution
• 09.6.89 - CMS Mini "guestbook" Remote Command Execution
• 09.6.90 - Simple Machines Forum Censored Words HTML Injection
• 09.6.91 - AJA Portal Rapidshare Module Arbitrary File Upload
• 09.6.92 - Technote "shop_this_skin_path" Parameter Remote File Include
• 09.6.93 - Simple Machines Forum "[url]" Tag HTML Injection
• 09.6.94 - DreamPics Photo/Video Gallery "exhibition_id" SQL Injection
• 09.6.95 - TxtBlog "admin/index.php" Remote Command Execution
• 09.6.96 - Flatnux "_FNROOTPATH" Parameter Remote File Include
• 09.6.97 - Syntax Desktop "synTarget" Parameter Local File Include
• 09.6.98 - GR Board Multiple Remote File Include Vulnerabilities
• 09.6.99 - PHPbbBook "bbcode.php" Local File Include

Network Device

• 09.6.100 - Motorola Wimax Modem CPEi300 Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities
• 09.6.101 - Zoom VoIP Telephone Adapter Cross-Site Request Forgery

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King and Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 6, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.6.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer HTML Form Value Buffer Overflow
• Description: Microsoft Internet Explorer is a web browser for the Windows operating system. Internet Explorer is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when the application processes an HTML Form request containing an overly long string within the form input "value" field. Internet Explorer 7 on Windows XP SP3 is affected.
• Ref: http://blogs.technet.com/swi/archive/2009/01/28/stack-overflow-st ack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx

• 09.6.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Thomson Demo mp3PRO Player/Encoder ".m3u" File Remote Buffer Overflow
• Description: Thomson Demo mp3PRO Player/Encoder is a multimedia player available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Thomson Demo mp3PRO Player/Encoder version 1.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33513

• 09.6.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Web on Windows ActiveX "WriteIniFileString/ShellExecute" Arbitrary File Overwrite
• Description: Web on Windows (WOW) is an ActiveX control that hosts Microsoft "webbrowser" control. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. Web on Windows version 2 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 09.6.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Synactis ALL In-The-Box ActiveX Control Arbitrary File Overwrite
• Description: Synactis ALL In-The-Box ActiveX is an application for creating documents. The application is exposed to a vulnerability that allows attackers to overwrite arbitrary local files. Specifically, the "SaveDoc()" method of the "ALL_IN_THE_BOX.OCX" ActiveX control will overwrite files in an insecure manner. Synactis ALL In-The-Box ActiveX version 3 is affected.
• Ref: http://www.dsecrg.com/pages/vul/show.php?id=62

• 09.6.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Spider Player Multiple Playlist Files Buffer Overflow
• Description: Spider Player is a media player for Microsoft Windows. The application is exposed to an off by one buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when handling specially crafted ".asx", ".m3u" or ".pls" playlist files. Spider Player version 2.3.9.5 is affected.
• Ref: http://www.securityfocus.com/bid/33548

• 09.6.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Multiple Kaspersky Products "klim5.sys" Local Privilege Escalation
• Description: Kaspersky Anti-Virus and Internet Security are security applications for Microsoft Windows. Multiple Kaspersky products are exposed to a local privilege escalation issue because they fail to perform adequate boundary checks on user-supplied data. Kaspersky AV 2008 and Kaspersky AV for WorkStations 6.0 are affected.
• Ref: http://www.securityfocus.com/archive/1/500606

• 09.6.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: BreakPoint Software Hex Workshop ".cmap" File Handling Memory Corruption
• Description: Hex Workshop is a hex editor for the Microsoft Windows platform. Hex Workshop is exposed to a memory corruption issue. This issue occurs because the application fails to handle malformed Color Map (.cmap) files. Hex Workshop version 6 is affected.
• Ref: http://www.securityfocus.com/archive/1/500622

• 09.6.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Nokia Multimedia Player ".m3u" File Heap Buffer Overflow
• Description: Nokia Multimedia Player is a media player for Microsoft Windows. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed ".m3u" files. Nokia Multimedia Player version 1.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/500627

• 09.6.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Euphonics ".pls" File Buffer Overflow
• Description: Euphonics is a media player for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed ".pls" files. Euphonics version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33589

• 09.6.10 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: BlazeVideo HDTV Player PLF File Heap Buffer Overflow
• Description: BlazeVideo HDTV Player is a high definition television player for Microsoft Windows. BlazeVideo HDTV Player is exposed to a heap-based buffer overflow issue because the application fails to properly handle malformed playlist (".plf") files. BlazeVideo HDTV Player version 3.5 is affected.
• Ref: http://www.securityfocus.com/bid/33588

• 09.6.11 - CVE: CVE-2008-5182
• Platform: Linux
• Title: Linux Kernel "inotify" Local Privilege Escalation
• Description: The Linux kernel is exposed to a local privilege escalation issue due to a race condition error in the "inotify" functionality. Specifically, the issue occurs in the Linux kernel "inotify" watch removal and umount implementation. Linux kernel 2.6 versions prior to 2.6.28-rc5 are affected.
• Ref: https://rhn.redhat.com/errata/RHSA-2009-0225.html

• 09.6.12 - CVE: CVE-2008-5082
• Platform: Linux
• Title: Red Hat Certificate System Security Bypass
• Description: Red Hat Certificate System (RHCS) is an enterprise level Public Key Infrastructure (PKI) deployment manager. Red Hat Certificate System is exposed to a security bypass issue. Specifically, the issue occurs because the Token Processing System (TPS) component fails to properly verify the challenge response received when enrolling a new security token. Red Hat Certificate System version 7.3 is affected.
• Ref: http://rhn.redhat.com/errata/RHSA-2009-0007.html

• 09.6.13 - CVE: CVE-2009-0034
• Platform: Linux
• Title: Todd Miller Sudo "Runas_Alias" Supplementary Group Local Privilege Escalation
• Description: Todd Miller Sudo is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. The "sudo" utility is exposed to a local privilege escalation issue because it fails to correctly validate certain non-default rules in the "sudoer" configuration file. This issue occurs in the "sudo/parse.c" source file. "sudo" versions 1.6.9 p17 to 1.6.9 p19 are affected.
• Ref: https://issues.rpath.com/browse/RPL-2954

• 09.6.14 - CVE: Not Available
• Platform: BSD
• Title: OpenBSD BGP UPDATE Message Remote Denial of Service
• Description: OpenBSD is exposed to a remote denial of service issue. This issue occurs due to an error while processing BGP UPDATE messages with an invalid AS attribute. OpenBSD versions 4.4 and 4.3 are affected.
• Ref: http://www.openbsd.org/errata44.html

• 09.6.15 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris ip(7P) Kernel Module IP-in-IP Packet Handling Local Denial of Service
• Description: Sun Solaris is a UNIX based operating system. Solaris is exposed to a local denial of service issue. Specifically, the issue stems from an unspecified error and affects the Solaris ip(7P) kernel module. The issue arises when a specially-crafted IP-in-IP packet is processed.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240086-1

• 09.6.16 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris ip(7P) Kernel Module Minor Number Allocation Local Denial of Service
• Description: Sun Solaris is a UNIX based operating system. Solaris is exposed to a local denial of service issue in the Solaris "ip(7P)" kernel module. The problem occurs due to an issue when allocating minor numbers, and may allow a local attacker to open a large number of sockets, resulting in denial of service conditions to 32-bit applications.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248026-1

• 09.6.17 - CVE: CVE-2009-0273
• Platform: Novell
• Title: Novell GroupWise WebAccess Unspecified HTML Injection
• Description: Novell GroupWise WebAccess is a secure mobile option for GroupWise collaboration software. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. The issue occurs in HTML email or HTML attachments.
• Ref: http://www.securityfocus.com/archive/1/500572

• 09.6.18 - CVE: CVE-2009-0274
• Platform: Novell
• Title: Novell GroupWise HTTP POST/GET Request Information Disclosure
• Description: Novell GroupWise is a cross-platform collaborative software product. Novell GroupWise is exposed to an information disclosure when handling HTTP POST requests. An attacker can exploit this issue to convert HTTP POST requests into HTTP GET requests.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7002322

• 09.6.19 - CVE: Not Available
• Platform: Novell
• Title: Novell GroupWise Internet Agent Unspecified Remote Buffer Overflow
• Description: Novell GroupWise is collaboration software available for a number of platforms, including Linux and Microsoft Windows. GroupWise includes an Internet Agent process which acts as a mail transfer agent. The Internet Agent is exposed to a remote buffer overflow issue that occurs when handling malformed arguments.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7002502

• 09.6.20 - CVE: Not Available
• Platform: Cross Platform
• Title: W3C Amaya HTML "input" Tag Parameter Buffer Overflow
• Description: W3C Amaya is a freely available web browser and editor that runs on multiple platforms. Amaya is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Amaya versions 11.0 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/500492

• 09.6.21 - CVE: Not Available
• Platform: Cross Platform
• Title: W3C Amaya Multiple Buffer Overflow Vulnerabilities
• Description: W3C Amaya is a freely available web browser and editor that runs on multiple platforms. Amaya is exposed to multiple buffer overflow issues because it fails to perform adequate checks on user-supplied input. Amaya versions prior to 11.1 are affected.
• Ref: http://www.securityfocus.com/archive/1/500492

• 09.6.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Autonomy Ultraseek "cs.html" URI Redirection
• Description: Autonomy Ultraseek is a search engine. Ultraseek has also been known as Verity. The application is exposed to a remote URI redirection issue because it fails to properly sanitize user-supplied input "url" parameter of the "cs.html" script.
• Ref: http://www.kb.cert.org/vuls/id/202753

• 09.6.23 - CVE: Not Available
• Platform: Cross Platform
• Title: FFmpeg "libavformat/4xm.c" Remote Code Execution
• Description: FFmpeg is an application used to record, convert, and stream audio and video. The application is exposed to a remote code execution issue because it fails to adequately validate user-supplied input. This issue occurs in the "libavformat/4xm.c" source file, and occurs because of a NULL pointer dereference error. FFmpeg trunk revision versions prior to 16846 are vulnerable.
• Ref: http://www.trapkit.de/advisories/TKADV2009-004.txt

• 09.6.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Fire X2100/X2200 M2 Servers Security Bypass and Remote Command Execution
• Description: Sun Fire X2100 M2 and X2200 M2 Servers are exposed to a security bypass issue and a remote command execution issue. Specifically, these issues occur in Embedded Lights Out Manager (ELOM). Sun Fire X2100/X2200 M2 Servers firmware versions prior to 3.20 are vulnerable.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1

• 09.6.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Trickle "LD_PRELOAD" Arbitrary Code Execution
• Description: Trickle is a portable userspace bandwidth shaper. Trickle is exposed to an arbitrary code execution issue that exists in the "trickle.c" source file. This issue results from a design error that may allow local attackers to load malicious library from the current working directory using the "LD_PRELOAD" provided that the file is named "trickle-overload.so".
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456

• 09.6.26 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM AIX "rmsock" Insecure Log File Handling
• Description: IBM AIX is a UNIX based operating system. The "rmsock" and "rmsock64" utilities, used to manage sockets are prone to a log file handling issue. By default these utilities are setuid root. AIX versions 5.2, 5.3, and 6.1 are affected.
• Ref: http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc

• 09.6.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Xerox WorkCentre Web Server Unspecified Remote Command Execution
• Description: Xerox WorkCentre is a web capable printer and photocopier. WorkCentre is exposed to an unspecified remote command execution issue because it fails to sanitize user-supplied input. This issue occurs in the web server.
• Ref: http://www.securityfocus.com/bid/33531

• 09.6.28 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Application Server Arbitrary File Information Disclosure
• Description: IBM WebSphere Application Server is designed to facilitate the creation of various enterprise web applications. WebSphere Application Server is exposed to an information disclosure issue because it retrieves arbitrary files. WebSphere Application Server version 6.0.1 for z/OS is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK79232

• 09.6.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Gretech GOM Player ".pls" File Remote Buffer Overflow
• Description: Gretech GOM Player is a multimedia player application. GOM Player is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing malformed ".pls" files. GOM Player version 2.0.12 is affected.
• Ref: http://www.securityfocus.com/bid/33536

• 09.6.30 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP "mbstring.func_overload" Web server Denial of Service
• Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a denial of service issue because it fails to limit global scope for certain settings relating to unicode text operations.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=479272

• 09.6.31 - CVE: CVE-2008-4990
• Platform: Cross Platform
• Title: Enomaly ECP Insecure Temporary File Creation
• Description: Enomaly ECP (Elastic Computing Platform) is a management interface for virtual cloud infrastructure. ECP creates temporary files in an insecure manner. The issue occurs because the "enomalism2.sh" script creates "/tmp/enomalism2.pid" in an insecure manner. ECP versions prior to 2.1.1 are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/500573

• 09.6.32 - CVE: CVE-2008-4914
• Platform: Cross Platform
• Title: VMware ESX VMDK Delta Disk Host Denial of Service
• Description: VMware ESX is a set of server emulation applications available for several platforms. VMware ESX is exposed to a denial of service issue because it fails to handle exceptional conditions. The problem occurs when a corrupted VMDK delta disk is loaded in a guest operating system.
• Ref: http://www.securityfocus.com/bid/33549

• 09.6.33 - CVE: CVE-2009-0183
• Platform: Cross Platform
• Title: Free Download Manager Remote Control Server Stack Buffer Overflow
• Description: Free Download Manager is a download accelerator and manager application. The application is exposed to a remote stack based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs in the Remote Control Server when processing an overly long "Authorization" header in HTTP requests.
• Ref: http://secunia.com/secunia_research/2009-3/

• 09.6.34 - CVE: CVE-2009-0184
• Platform: Cross Platform
• Title: Free Download Manager Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities
• Description: Free Download Manager is a download accelerator and manager application. Free Download Manager is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Multiple stack-based and heap-based buffer overflows occur when the application parses torrent files with overly long file names, tracker URIs or comments.
• Ref: http://secunia.com/secunia_research/2009-5/

• 09.6.35 - CVE: Not Available
• Platform: Cross Platform
• Title: PSCS VPOP3 Email Message HTML Injection
• Description: PSCS VPOP3 is a webmail server. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, the application fails to properly sanitize "script" and "iframe" HTML tags contained in email messages. Ref: http://discuss.pscs.co.uk/fusionbb/showtopic.php?fid/10/tid/14928/pid/19323

• 09.6.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Small HTTP server FTP Directory Traversal
• Description: Small HTTP server is an application that includes an HTTP server, FTP server, a mail server and various other services. Small HTTP is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. The vulnerability occurs in the FTP server. Small HTTP Server version 3.05.84 is affected.
• Ref: http://www.securityfocus.com/bid/33570

• 09.6.37 - CVE: Not Available
• Platform: Cross Platform
• Title: Bugzilla Pseudo Random Number Generator Shared Seed
• Description: Bugzilla is an opensource bug tracking software package. Bugzilla is exposed to an issue due to the shared use of a pseudo random number generator (PRNG) seed. Specifically, when Bugzilla is run under mod_perl, the PRNG seed function "srand()" is called at compile time. This results in the same seed being shared between child web server processes. Bugzilla versions 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl are affected.
• Ref: http://www.bugzilla.org/security/3.0.7/

• 09.6.38 - CVE: Not Available
• Platform: Cross Platform
• Title: NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities
• Description: NaviCOPA Web Server is a web server application for Microsoft Windows operating systems. The application is exposed to multiple issues. Attackers can exploit the information disclosure issue to retrieve arbitrary source code in the context of the web server process. NaviCOPA Web Server version 3.01 is affected.
• Ref: http://www.securityfocus.com/archive/1/500626

• 09.6.39 - CVE: CVE-2009-0388
• Platform: Cross Platform
• Title: Multiple VNC Clients Multiple Integer Overflow Vulnerabilities
• Description: Virtual Network Computing (VNC) is used to provide remote access to computers. Multiple VNC client applications are exposed to integer overflow issues because they fail to properly validate data supplied by the VNC server. Specifically, these issues result from trusting data supplied by the server before using it to construct static buffers.
• Ref: http://www.securityfocus.com/archive/1/500632

• 09.6.40 - CVE: CVE-2009-0352, CVE-2009-0353, CVE-2009-0354,CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358
• Platform: Cross Platform
• Title: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
• Description: The Mozilla Foundation has released multiple advisories regarding security vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. These issues can be exploited to cause the application to crash, arbitrary code execution may also be possible.
• Ref: http://www.mozilla.org/security/announce/2009/mfsa2009-02.html

• 09.6.41 - CVE: Not Available
• Platform: Cross Platform
• Title: Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service
• Description: Squid is an opensource proxy server available for a number of platforms. Squid is exposed to a remote denial of service issue due to an unspecified error when processing requests with malformed HTTP version numbers. Squid versions prior to 2.7.STABLE5, 3.0.STABLE12 and 3.1.0.4 are affected.
• Ref: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt

• 09.6.42 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: HP Select Access Unspecified Cross-Site Scripting
• Description: HP OpenView Select Access provides identity management services to regulate user access to various network resources. The application is exposed to a cross-site scripting issue due to an unspecified error. HP Select Access versions 6.1 and 6.2 are affected. Ref: https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01658614&admit=109447626+1233252952039+28353475

• 09.6.43 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Piggydb Unspecified Cross-Site Scripting
• Description: Piggydb is a web-based application implemented in Java. Piggydb is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Piggydb versions prior to 3.3 are affected.
• Ref: http://piggydb.devjavu.com/wiki/changelog#v3.3

• 09.6.44 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: htmLawed Multiple Unspecified Cross-Site Scripting Vulnerabilities
• Description: htmLawed is a PHP script for input text processing. htmLawed is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to unspecified parameters. The issues are related to handling of dynamic crafted CSS expressions. htmLawed versions prior to 1.1.4 are affected.
• Ref: http://www.securityfocus.com/bid/33507

• 09.6.45 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Profense Cross-Site Request Forgery and Cross-Site Scripting Vulnerabilities
• Description: Profense is a web application firewall. The routers are exposed to multiple remote issues. The attacker can exploit the HTML injection issue to execute arbitrary script code in the context of the affected site. Profense version 2.6.2 is affected.
• Ref: http://www.securityfocus.com/bid/33523

• 09.6.46 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: D-Link DVG-2001s VoIP Phone Adaptor "page_CfgDevInfo_Set" Cross-Site Scripting
• Description: D-Link DVG-2001s is a VoIP phone adaptor device. The device's web-based interface is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Forms/page_CfgDevInfo_Set" script. D-Link DVG-2001s with firmware version 1.00.007 is affected.
• Ref: http://www.securityfocus.com/bid/33526

• 09.6.47 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Google Chrome Cross-Site Scripting and Cross Domain Security Bypass Vulnerabilities
• Description: Google Chrome is a web browser. Google Chrome is exposed to multiple issues. The issue will allow the attacker to bypass the same origin policy and gain access to potentially sensitive information; other attacks may also be possible. Google Chrome versions prior to 1.0.154.46 are affected. Ref: http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html

• 09.6.48 - CVE: CVE-2009-0273
• Platform: Web Application - Cross Site Scripting
• Title: Novell GroupWise WebAccess "gw/webacc" Multiple Cross-Site Scripting Vulnerabilities
• Description: Novell GroupWise WebAccess is a secure mobile option for GroupWise collaboration software. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "User.id" and "Library.queryText" parameters of the "gw/webacc" script. This issue occurs when the parameters are submitted through an HTTP POST request. Ref: http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321

• 09.6.49 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: E-Php B2B Trading Marketplace Script Multiple Cross-Site Scripting Vulnerabilities
• Description: E-Php B2B Trading Marketplace Script is a web-based application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/33551

• 09.6.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: D-Link DIR-300 Cross-Site Scripting and Security Bypass Vulnerabilities
• Description: D-Link DIR-300 is a wireless router. The device is exposed to multiple issues. D-Link DIR-300 with firmware version 1.04-tomi-1.1.2 is affected.
• Ref: http://www.securityfocus.com/bid/33556

• 09.6.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Vivvo 404 Error Page Cross-Site Scripting
• Description: Vivvo is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue occurs in the 404 error page. Vivvo versions prior to 4.1.1 are affected.
• Ref: http://www.vivvo.net/changelog.php

• 09.6.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Ez PHP Comment Reviewer Name Cross-Site Scripting
• Description: Ez PHP Comment is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the Reviewer's Name textbox.
• Ref: http://www.securityfocus.com/bid/33587

• 09.6.53 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Max.Blog "offline_auth.php" SQL Injection
• Description: Max.Blog is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "offline_auth.php" script before using it an SQL query. Max.Blog version 1.0.6 is affected.
• Ref: http://www.securityfocus.com/archive/1/500470

• 09.6.54 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SocialEngine "blog.php" SQL Injection
• Description: SocialEngine is a PHP-based platform for social networking. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of the "blog.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/33495

• 09.6.55 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Domain Technologie Control "client/new_account.php" Multiple SQL Injection Vulnerabilities
• Description: Domain Technologie Control is a GPL control panel for hosting. The application is exposed to multiple SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Domain Technologie Control versions prior to 0.29.16 are affected. Ref: http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973

• 09.6.56 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: smartSite CMS "articles.php" SQL Injection
• Description: smartSite CMS is a content manager application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "var" parameter of the "articles.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/33497

• 09.6.57 - CVE: CVE-2008-5924
• Platform: Web Application - SQL Injection
• Title: ASP-DEV XM Events Diary "diary_viewC.asp" SQL Injection
• Description: ASP-DEV XM Events Diary is an ASP based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "diary_viewC.asp" script before using it in an SQL query.
• Ref: http://www.asp-dev.com/main.asp?page=42

• 09.6.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: NetArt Media Car Portal Login SQL Injection
• Description: NetArt Media Car Portal is a web-based vehicle classifieds application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "username" and "password" textboxes when logging in to the affected application. NetArt Media Car Portal version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33521

• 09.6.59 - CVE: CVE-2008-5954
• Platform: Web Application - SQL Injection
• Title: KTP Computer Customer Database "lname" Parameter SQL Injection
• Description: KTP Computer Customer Database is a web-based application. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "lname" parameter if the "p" and "a" parameters are set to "login".
• Ref: http://www.securityfocus.com/bid/33520

• 09.6.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PLE CMS "login.php" SQL Injection
• Description: PLE CMS is a content management system for Pre Lecture Exercises (PLE). The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "school" parameter of the "login.php" script before using it in an SQL query. PLE CMS version 1.0 - beta 4.2 is affected.
• Ref: http://www.securityfocus.com/bid/33524

• 09.6.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SalesCart Login Multiple SQL Injection Vulnerabilities
• Description: SalesCart is ASP-based ecommerce application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
• Ref: http://www.securityfocus.com/bid/33534

• 09.6.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Bugs Online "help.asp" SQL Injection
• Description: Bugs Online is an ASP based bug tracking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "stype" parameter of the "help.asp" script before using it in an SQL query. Bugs Online version 2.14 is affected.
• Ref: http://www.securityfocus.com/archive/1/500571

• 09.6.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SkaLinks Administration Login SQL Injection
• Description: SkaLinks is a PHP-based link exchange script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Admin name" textbox when logging in to the affected application through the administration login page. SkaLinks version 1.5 is affected.
• Ref: http://www.securityfocus.com/bid/33546

• 09.6.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: e-Vision CMS "iframe.php" SQL Injection
• Description: e-Vision CMS is a PHP based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "iframe.php" script before using it in an SQL query. e-Vision CMS version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/33547

• 09.6.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ClickCart Login Parameters SQL Injection Vulnerabilities
• Description: ClickCart is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Email" and "Password" fields in the "customer_login.asp" script. ClickCart version 6.0 is affected.
• Ref: http://www.securityfocus.com/bid/33575

• 09.6.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Online Grades Login Parameters SQL Injection Vulnerabilities
• Description: Online Grades is a PHP-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "uname" and "pass" parameters in the "parents/login.php". Online Grades version 3.2.4 is affected.
• Ref: http://www.securityfocus.com/bid/33576

• 09.6.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Multiple Whole Hog Software Products Login SQL Injection
• Description: Ware Support is an online help desk application. Password Protect is a password protection application. The applications are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "username" and "password" textboxes when logging in to the affected applications.
• Ref: http://www.securityfocus.com/bid/33564

• 09.6.68 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpBLASTER "blaster_user" Parameter SQL Injection
• Description: phpBLASTER is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "blaster_user" cookie parameter as supplied through the "mainfile.php" script before using it in an SQL query. phpBLASTER version 1.0 RC1 is affected.
• Ref: http://www.securityfocus.com/bid/33567

• 09.6.69 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: WEBalbum "photo.php" SQL Injection
• Description: WEBalbum is a PHP-based photo album application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "photo.php" script before using it in an SQL query. WEBalbum version 2.4b is affected.
• Ref: http://www.securityfocus.com/bid/33590

• 09.6.70 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: MyDesign Sayac "admin.asp" Login Parameters SQL Injection
• Description: MyDesign Sayac is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" textboxes when logging in to the application through the "admin.asp" script. MyDesign Sayac version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/33593

• 09.6.71 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: DMXReady Online Notebook Manager Login Parameters SQL Injection Vulnerabilities
• Description: DMXReady Online Notebook Manager is a web-based application used to create, edit and manage online documents. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields in the login page. DMXReady Online Notebook Manager version 1.1 is affected.
• Ref: http://www.dmxready.com/productdetails.asp?mid=5&ItemID=175

• 09.6.72 - CVE: Not Available
• Platform: Web Application
• Title: Star Articles Multiple Administrative Scripts Authentication Bypass Vulnerabilities
• Description: star Articles is a PHP-based content manager. The application is exposed to multiple authentication bypass issues because it fails to perform adequate authentication checks. Star Articles version 6.0 is affected.
• Ref: http://www.securityfocus.com/bid/33511

• 09.6.73 - CVE: Not Available
• Platform: Web Application
• Title: Personal Site Manager 0.3 Multiple Remote Vulnerabilities
• Description: Personal Site Manager is a PHP-based content manager. The application is exposed to multiple remote issues. Personal Site Manager version 0.3 is affected.
• Ref: http://www.securityfocus.com/bid/33512

• 09.6.74 - CVE: Not Available
• Platform: Web Application
• Title: Coppermine Photo Gallery "picEditor.php" Remote File Upload
• Description: Coppermine Photo Gallery is a PHP-based image gallery application. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input to the "img_dir" parameter of the "picEditor.php" script. Coppermine Photo Gallery version 1.4.19 is affected.
• Ref: http://www.securityfocus.com/bid/33514

• 09.6.75 - CVE: CVE-2008-5953
• Platform: Web Application
• Title: KTP Computer Customer Database "p" Parameter Local File Include
• Description: KTP Computer Customer Database is a PHP based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "p" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/33518

• 09.6.76 - CVE: Not Available
• Platform: Web Application
• Title: SIR GNUBoard Multiple Remote Vulnerabilities
• Description: SIR GNUBoard is a web-based forum application. The application is exposed to multiple security issues. Attackers can exploit these issues to compromise the application, access or modify data, exploit latent issues in the underlying database, or learn the location of uploaded files. GNUBoard version 4.31.04 is affected.
• Ref: http://www.securityfocus.com/bid/33538

• 09.6.77 - CVE: Not Available
• Platform: Web Application
• Title: ReVou SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: ReVou is a microblogging application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/33540

• 09.6.78 - CVE: Not Available
• Platform: Web Application
• Title: BPAutosales "index.php" SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: BPowerHouse BPAutosales is an ecommerce web application. The application is exposed to multiple input validation issues. BPAutosales version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/33543

• 09.6.79 - CVE: Not Available
• Platform: Web Application
• Title: BoonEx Orca Topic Title HTML Injection
• Description: BoonEx Orca is a web-based forum application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Orca version 2.0.2 is affected.
• Ref: http://www.securityfocus.com/bid/33545

• 09.6.80 - CVE: Not Available
• Platform: Web Application
• Title: Drupal ImageField Module Multiple Vulnerabilities
• Description: ImageField is a module for the Drupal content manager. The module is exposed to multiple issues. Successful exploits require the "administer content types" permissions. ImageField version 5.x-2.2 is affected.
• Ref: http://justin.madirish.net/node/338

• 09.6.81 - CVE: Not Available
• Platform: Web Application
• Title: OpenHelpdesk "ajax.php" Remote Command Execution
• Description: OpenHelpdesk is a PHP based web application. The application is exposed to an issue that attackers can leverage to execute arbitrary PHP commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "function" parameter of the "ajax.php" script before passing it to an "eval()" function. OpenHelpdesk version 1.0.100 is affected.
• Ref: http://www.securityfocus.com/bid/33574

• 09.6.82 - CVE: Not Available
• Platform: Web Application
• Title: Multiple Whole Hog Software Products Cookie Authentication Bypass
• Description: Ware Support is an online help desk application. Password Protect is a password protection application. The applications are exposed to an authentication bypass issue because they fail to adequately verify user-supplied input used for cookie-based authentication.
• Ref: http://www.securityfocus.com/bid/33577

• 09.6.83 - CVE: Not Available
• Platform: Web Application
• Title: Multiple Groone Products "abspath" Parameter Remote File Include
• Description: Groone GLinks is a links manager. Groone GBook is a guestbook application. The applications are exposed to a remote file include issue because they fail to properly sanitize user-supplied input to the "abspath" parameter of the "includes/header.php" script.
• Ref: http://www.securityfocus.com/bid/33578

• 09.6.84 - CVE: Not Available
• Platform: Web Application
• Title: SMA-DB Cross-Site Scripting and Remote File Include Vulnerabilities
• Description: SMA-DB is a PHP-based web application. Since it fails to sufficiently sanitize user-supplied input, the application is exposed to multiple issues. SMA-DB version 0.3.12 is affected.
• Ref: http://www.securityfocus.com/bid/33562

• 09.6.85 - CVE: Not Available
• Platform: Web Application
• Title: AJA Portal Multiple Local File Include Vulnerabilities
• Description: AJA Portal is a web portal application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. AJA Portal version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/33565

• 09.6.86 - CVE: Not Available
• Platform: Web Application
• Title: Flatnux User Profile "Job" Field HTML Injection
• Description: Flatnux is a web-based content manager. Flatnux is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "Job" field of a user profile.
• Ref: http://www.securityfocus.com/bid/33566

• 09.6.87 - CVE: Not Available
• Platform: Web Application
• Title: Sourdough "neededFiles[patForms]" Parameter Remote File Include
• Description: Sourdough is a web application frame work for PHP5. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "neededFiles[patForms]" parameter of the "thirdparty/patForms/examples/example_clientside_javascript.php" script. Sourdough version 0.3.5 is affected.
• Ref: http://www.securityfocus.com/bid/33569

• 09.6.88 - CVE: Not Available
• Platform: Web Application
• Title: phpSlash "fields" Parameter Remote Command Execution
• Description: phpSlash is a PHP-based web application. The application is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "fields" parameter of the "index.php" script. phpSlash version 0.8.1.1 is vulnerable; other versions may also be affected.
• Ref: http://www.securityfocus.com/bid/33572

• 09.6.89 - CVE: Not Available
• Platform: Web Application
• Title: CMS Mini "guestbook" Remote Command Execution
• Description: CMS Mini is a PHP-based content manager. The application is exposed to an issue that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs in the "guestbook" module. CMS Mini version 0.2.2 is affected.
• Ref: http://www.securityfocus.com/bid/33573

• 09.6.90 - CVE: Not Available
• Platform: Web Application
• Title: Simple Machines Forum Censored Words HTML Injection
• Description: Simple Machines Forum (SMF) is an opensource web forum. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Simple Machines Forum version 1.1.7 is affected.
• Ref: http://www.securityfocus.com/archive/1/500624

• 09.6.91 - CVE: Not Available
• Platform: Web Application
• Title: AJA Portal Rapidshare Module Arbitrary File Upload
• Description: AJA Portal Rapidshare Module is a web-based application. The application is exposed to an issue that lets attackers upload arbitrary files. The problem occurs because the application fails to verify the contents of files before uploading them to the web server.
• Ref: http://www.securityfocus.com/bid/33591

• 09.6.92 - CVE: Not Available
• Platform: Web Application
• Title: Technote "shop_this_skin_path" Parameter Remote File Include
• Description: Technote is a PHP based web application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "shop_this_skin_path" parameter of the "skin_shop/standard/2_view_body/body_default.php" script. Technote version 7.2 is affected.
• Ref: http://www.securityfocus.com/bid/33592

• 09.6.93 - CVE: Not Available
• Platform: Web Application
• Title: Simple Machines Forum "[url]" Tag HTML Injection
• Description: Simple Machines Forum (SMF) is an opensource web forum that is written in PHP. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
• Ref: http://www.securityfocus.com/bid/33595

• 09.6.94 - CVE: Not Available
• Platform: Web Application
• Title: DreamPics Photo/Video Gallery "exhibition_id" SQL Injection
• Description: DreamPics Photo/Video Gallery is a PHP based video and photo album application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "exhibition_id" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/33596

• 09.6.95 - CVE: Not Available
• Platform: Web Application
• Title: TxtBlog "admin/index.php" Remote Command Execution
• Description: TxtBlog is a PHP based web application. The application is exposed to an issue that attackers can leverage to execute arbitrary PHP commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "blog" parameter of the "admin/index.php" script when the "page" parameter is set to "create". This data is later saved to a file with a ".php" extension. TxtBlog version 1.0 Alpha is affected.
• Ref: http://www.securityfocus.com/bid/33597

• 09.6.96 - CVE: Not Available2009-01-27 is affected.
• Platform: Web Application
• Title: Flatnux "_FNROOTPATH" Parameter Remote File Include
• Description: Flatnux is a web-based content manager written in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "_FNROOTPATH" parameter of the "include/theme.php" script. Flatnux version
• Ref: http://www.securityfocus.com/bid/33599

• 09.6.97 - CVE: Not Available
• Platform: Web Application
• Title: Syntax Desktop "synTarget" Parameter Local File Include
• Description: Syntax Desktop is a content manager implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "synTarget" parameter of the "admin/modules/aa/preview.php" script. Syntax Desktop version 2.7 is affected.
• Ref: http://www.securityfocus.com/bid/33601

• 09.6.98 - CVE: Not Available
• Platform: Web Application
• Title: GR Board Multiple Remote File Include Vulnerabilities
• Description: GR Board is a web-based application implemented in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. GR Board version 1.8 is affected.
• Ref: http://www.securityfocus.com/bid/33602

• 09.6.99 - CVE: Not Available
• Platform: Web Application
• Title: PHPbbBook "bbcode.php" Local File Include
• Description: PHPbbBook is a guest book application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "l" parameter of the "bbcode.php" script. PHPbbBook version 1.3 is affected.
• Ref: http://sourceforge.net/projects/syntax-desktop/

• 09.6.100 - CVE: Not Available
• Platform: Network Device
• Title: Motorola Wimax Modem CPEi300 Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities
• Description: Motorola Wimax Modem CPEi300 is a modem developed by Motorola. Motorola Wimax Modem CPEi300 is exposed to cross-site scripting and a directory traversal issues because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "sysconf.cgi" script.
• Ref: http://www.securityfocus.com/archive/1/500545

• 09.6.101 - CVE: Not Available
• Platform: Network Device
• Title: Zoom VoIP Telephone Adapter Cross-Site Request Forgery
• Description: Zoom VoIP Telephone Adapter is used to make internet telephone calls. Zoom VoIP Telephone Adapter is exposed to a cross-site request forgery issue that may allow attackers to change VoIP provider information and perform other unauthorized actions through the "callwzd.html" script. Zoom VoIP Telephone Adapter ATA1+1 version 1.2.5 is affected.
• Ref: http://www.securityfocus.com/bid/33528

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.