Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 7
February 12, 2009

SANS Newsletters Home

Internet Explorer and Exchange Server, both from Microsoft, have critical vulnerabilities reported this week, as does RealPlayer. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 7 (#1, #2, #3)
    • Third Party Windows Apps
    • 5
    • Linux
    • 7
    • HP-UX
    • 1
    • Solaris
    • 1
    • Aix
    • 1
    • Cross Platform
    • 20 (#4, #5)
    • Web Application - Cross Site Scripting
    • 19
    • Web Application - SQL Injection
    • 19
    • Web Application
    • 31
    • Network Device
    • 9

****************** Sponsored By The LOG MANAGEMENT Summit **************

Attend the Log Management Summit April 6-7 to find best practices in selecting and implementing the right tools in ways that ensure you meet regulatory requirements and improve your security at the same time. As a bonus you'll hear from organizations that have found they can use log management to improve operational efficiency as well as security. http://www.sans.org/ info/38648"> http://www.sans.org/ info/38648

*************************************************************************

TRAINING UPDATE - - SANS 2009 in Orlando in early March - the largest security training conference and expo in the world. lots of evening sessions: http://www.sans.org/ - - Looking for training in your own Community? http://sans.org/community/ For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
Solaris
Aix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) CRITICAL: RealNetworks RealPlayer File Parsing Multiple Vulnerabilities
  • Affected:
    • Real Networks RealPlayer 11

  • Description: RealPlayer is a proprietary media player from RealNetworks desgined to play different multimedia formats. RealPlayer has got multiple vulnerabilities in the way it parses certain Internet Video Recorder (IVR) files. A specially crafted IVR files could trigger either a heap corruption vulnerability or a buffer overflow condition which can overwrite arbitrary memory location with a NULL byte. Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code with the privileges of the logged in user. User Interaction is required though the user doesn't have to open the files but a simple preview of the files is enough to trigger these issues.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 7, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.7.1 - CVE: CVE-2009-0098
  • Platform: Other Microsoft Products
  • Title: Microsoft Exchange Server TNEF Decoding Remote Code Execution
  • Description: Microsoft Exchange Server is an email server for the Microsoft Windows platform. The application is exposed to a remote code execution issue caused by an error in handling Transport Neutral Encapsulation Format (TNEF) data. TNEF is used to encode Rich Text Format (RTF) data in email messages.
  • Ref: http://support.microsoft.com/kb/959239
  • 09.7.2 - CVE: CVE-2009-0099
  • Platform: Other Microsoft Products
  • Title: Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service
  • Description: Microsoft Exchange Server is an email server for Microsoft Windows. The application is exposed to a remote denial of service issue. Specifically, this issue occurs in the Electronic Message System Microsoft Database (EMSMDB2) provider.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-003.mspx
  • 09.7.3 - CVE: CVE-2009-0075
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue when the application tries to access objects that have been appended and deleted in a specific order.
  • Ref: http://www.securityfocus.com/archive/1/500831
  • 09.7.4 - CVE: CVE-2009-0095
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Object Validation Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. Visio is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. The software fails to properly validate object data when opening specially-crafted Visio files, which can cause memory to become corrupted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx
  • 09.7.5 - CVE: CVE-2009-0096
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Object Copy Memory Corruption Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. Visio is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. The software fails to properly copy object data in memory when parsing specially crafted Visio files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx
  • 09.7.6 - CVE: CVE-2009-0097
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Memory Corruption Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. Visio is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. The software fails to properly allocate memory when opening a specially crafted Visio file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-005.mspx
  • 09.7.7 - CVE: CVE-2009-0076
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue because the application fails to handle malicious web pages containing certain CSS styles. Specifically, the problem occurs when processing a CSS stylesheet with specific combinations of style directives, one of which must be "zoom".
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-012/
  • 09.7.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: QIP 2005 Malformed Rich Text Message Remote Denial of Service
  • Description: QIP 2005 is an instant messaging client for the ICQ protocol; it is available for Microsoft Windows. QIP 2005 is exposed to a denial of service issue because it fails to handle malformed messages. A remote attacker may exploit this issue by sending a maliciously constructed rich text message to the vulnerable client. QIP 2005 build 8082 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500656
  • 09.7.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FeedDemon "outline" Tag Buffer Overflow
  • Description: FeedDemon is an RSS newsfeed reader for Microsoft Windows. FeedDemon is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input when handling a maliciously crafted OPML (Outline Processor Markup Language) file. FeedDemon versions 2.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/500686
  • 09.7.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Password Door Local Buffer Overflow
  • Description: Password Door is a password protection application for Microsoft Windows platforms. The application is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. The issue affects data supplied to "PassDoor.exe" and may be triggered when the application processes header data in excess of 601 characters. Password Door version 8.4 is affected.
  • Ref: http://www.securityfocus.com/bid/33634
  • 09.7.11 - CVE: CVE-2009-0305
  • Platform: Third Party Windows Apps
  • Title: BlackBerry Application Web Loader ActiveX Control Remote Buffer Overflow
  • Description: Research in Motion BlackBerry Application Web Loader ActiveX control is an application used to load applications onto BlackBerry devices. The BlackBerry Application Web Loader ActiveX control is exposed to a remote stack-based buffer overflow issue that affects the "load()" and "loadJad()" methods of the ActiveX control. BlackBerry Application Web Loader version 1.0 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/131100
  • 09.7.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nokia Phoenix Service Software ActiveX Controls Multiple Buffer Overflow Vulnerabilities
  • Description: Nokia Phoenix Service Software includes multiple ActiveX controls used for firmware updates on Nokia phones. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. Nokia Phoenix Service Software version 2008.04.007.32837 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500829
  • 09.7.13 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "make_indexed_dir()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly handle malformed file system images. The problem occurs in the "make_indexed_dir()" function of the "fs/ext3/namei.c" source file. Linux kernel versions prior to 2.6.27.14 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.14
  • 09.7.14 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "inotify_read()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. Specifically, this issue occurs in the "inotify_read()" function in the "fs/notify/inotify/inotify_user.c" source code file. If a user space process supplies an invalid pointer to a "read()" function, the inotify device mutex may be unlocked twice. The Linux kernel versions prior to 2.6.28.3 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3
  • 09.7.15 - CVE: Not Available
  • Platform: Linux
  • Title: Wicd "wicd.conf" Default Configuration Local Information Disclosure
  • Description: Wicd (Wireless Interface Connection Daemon) is a tool used for establishing wired and wireless network connections for Linux. The application is exposed to a local information disclosure issue because its default configuration fails to restrict ownership of its daemon. Wicd versions prior to 1.5.9 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1465
  • 09.7.16 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Console Selection Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue in console selection. This issue is caused by an off-by-two memory error that occurs in the "set_selection()" function of the "selection.c" source file. Linux kernel versions prior to 2.6.28.4 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4
  • 09.7.17 - CVE: Not Available
  • Platform: Linux
  • Title: ZeroShell "cgi-bin/kerbynet" Remote Command Execution
  • Description: ZeroShell is a Linux distribution intended for embedded systems. It includes a web-based administrative interface. The application is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "type" parameter of the "cgi-bin/kerbynet" script. ZeroShell version 1.0beta11 is affected.
  • Ref: http://www.zeroshell.net/eng/patch-details/#C100
  • 09.7.18 - CVE: Not Available
  • Platform: Linux
  • Title: GNOME Evolution S/MIME Email Signature Verification
  • Description: GNOME Evolution is an email, address book, and calendar application for users of the GNOME desktop. GNOME Evolution is exposed to a signature verification issue. This issue occurs because the application fails to properly verify email signatures included in Secure / Multipurpose Internet Mail Extensions (S/MIME) mail messages.
  • Ref: http://bugzilla.gnome.org/show_bug.cgi?id=564465
  • 09.7.19 - CVE: CVE-2009-0036
  • Platform: Linux
  • Title: libvirt "libvirt_proxy.c" Local Privilege Escalation
  • Description: The "libvirt" library is used to interact with the virtualization capabilities of recent versions of Linux. The "libvirt" library is exposed to a local privilege escalation issue because it fails to perform adequate boundary-checks on user-supplied data.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0036
  • 09.7.20 - CVE: CVE-2009-0206
  • Platform: HP-UX
  • Title: HP-UX NFS Unspecified Local Denial of Service
  • Description: HP-UX is exposed to a local denial of service issue. The issue stems from an unspecified error in the NFS ONCplus package. HP-UX version B.11.31 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500726
  • 09.7.21 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun OpenSolaris Process File System Local Code Execution
  • Description: Sun Solaris is exposed to a local code execution issue because of an unspecified error. The issue occurs in the process file system ("proc(4)") when interacting with the "contract(4)" file system. OpenSolaris based on builds snv_85 through snv_100 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244026-1
  • 09.7.22 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "at" Local Information Disclosure
  • Description: AIX is a Unix operating system from IBM. The "at" command is used to execute commands at a specified time. AIX is exposed to a local information disclosure issue that stems from a design error. Specifically, the "/usr/bin/at" command in the "bos.rte.cron" fileset fails to properly drop permissions before reading certain files. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558
  • 09.7.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Openfiler "password.html" Password Reset Security Bypass
  • Description: Openfiler is open source storage appliance software. The application is exposed to a security bypass issue related to the password reset feature. An attacker may exploit this issue by setting the "userauthenticated" global variable through a POST request to the "account/password.html" script which allows bypassing certain checks and resetting arbitrary user's password. Openfiler version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/33605
  • 09.7.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Trend Micro Interscan Web Security HTTP Proxy Authentication Information Disclosure
  • Description: Trend Micro InterScan Web Security Suite is a solution for Internet gateways to protect networks against web-based attacks. The application is exposed to an information disclosure when handling HTTP Proxy Authentication headers.
  • Ref: http://www.securityfocus.com/archive/1/500760
  • 09.7.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Non-Creative Software LCPlayer ".qt" File Remote Buffer Overflow
  • Description: Non-Creative Software LCPlayer is a multimedia player application. LCPlayer is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing a ".qt" file containing an overly long URI. LCPlayer version 0.5.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500660
  • 09.7.26 - CVE: CVE-2009-0211, CVE-2009-0212, CVE-2009-0213,CVE-2009-0214, CVE-2009-021
  • Platform: Cross Platform
  • Title: AREVA e-terrahabitat Multiple Security Vulnerabilities
  • Description: AREVA e-terrahabitat is a suite of Supervisory Control And Data Acquisition (SCADA) software. e-terrahabitat is exposed to multiple issues. AREVA e-terrahabitat versions 5.7 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/337569
  • 09.7.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ClearBudget Invalid ".htaccess" Unauthorized Access
  • Description: ClearBudget is an expense management application. ClearBudget is exposed to an unauthorized access issue because it fails to properly restrict access to certain directories. ClearBudget version 0.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33643
  • 09.7.28 - CVE: CVE-2009-0264
  • Platform: Cross Platform
  • Title: Fujitsu Systemcast Wizard Lite Registry Tool Buffer Overflow
  • Description: Fujitsu Systemcast Wizard Lite is a support application for Fujitsu PRIMEQUEST servers. Systemcast Wizard Lite is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs in the Registry Tool component. Systemcast Wizard Lite versions 2.0A and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33644
  • 09.7.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wireshark 1.0.5 Multiple Denial of Service Vulnerabilities
  • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and Unix like systems. Wireshark is exposed to multiple issues. Wireshark versions 0.99.6 through 1.0.5 are affected.
  • Ref: http://www.wireshark.org/security/wnpa-sec-2009-01.html
  • 09.7.30 - CVE: CVE-2009-0205
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager Unspecified Remote Code Execution
  • Description: HP OpenView Network Node Manager is a fault management application for IP networks. The application is exposed to a remote code execution issue due to an unspecified error. HP OpenView Network Node Manager versions 7.01, 7.51 and 7.53 are affected. Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610
  • 09.7.31 - CVE: CVE-2009-0375, CVE-2009-0376
  • Platform: Cross Platform
  • Title: RealNetworks RealPlayer IVR File Parsing Multiple Vulnerabilities
  • Description: RealNetworks RealPlayer is an application that allows users to play various media formats. The application is exposed to multiple memory corruption issues. RealPlayer version 11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500722
  • 09.7.32 - CVE: CVE-2008-4559
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities
  • Description: HP OpenView Network Node Manager is a fault management application for IP networks. Network Node Manager is exposed to multiple remote command execution issues. Specifically, issues exist in the "webappmon.exe" and "OpenView5.exe" CGI applications. These issues occur due to user supplied data not being properly sanitized before being supplied as command line arguments to external applications. Network Node Manager version 7.53 under Linux is affected.
  • Ref: http://www.securityfocus.com/archive/1/500734
  • 09.7.33 - CVE: CVE-2008-4562
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager "ovlaunch" Buffer Overflow
  • Description: HP OpenView Network Node Manager is a fault management application for IP networks. The "ovlaunch" CGI application is used to launch the remote user interface. Network Node Manager is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data. The problem occurs in "ovlaunch". Network Node Manager version 7.53 running on Microsoft Windows is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=772
  • 09.7.34 - CVE: CVE-2009-0475
  • Platform: Cross Platform
  • Title: OpenCORE "pvmp3_huffman_parsing.cpp" Remote Buffer Underflow
  • Description: OpenCORE is an open source multimedia decoding subsystem. The library is exposed to a remote buffer underflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, the vulnerability resides in the "pvmp3_huffman_parsing.cpp" source file.
  • Ref: http://review.source.android.com/Gerrit#change,8815
  • 09.7.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PyCrypto ARC2 Module Buffer Overflow
  • Description: PyCrypto (Python Cryptography Toolkit) is a set of cryptographic modules for the Python programming language. PyCrypto is exposed to a buffer overflow issue because it fails to adequately verify user-supplied input. This issue resides in the ARC2 module. This issue can be triggered with specially crafted ARC2 keys in excess of 128 bytes. Ref: http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
  • 09.7.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
  • Description: Trend Micro InterScan Web Security Suite is a solution for internet gateways to protect networks against web-based attacks. The application is exposed to multiple security bypass issues that stem from access control errors in multiple JSP pages. InterScan Web Security Suite version 3.1 for Windows is affected. Ref: http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt
  • 09.7.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Open Handset Alliance Android Multiple Local Vulnerabilities
  • Description: Open Handset Alliance Android (previously Google Android) is a software stack and operating system for mobile phones. Android is exposed to multiple issues. Android version 1.0 as shipped with the T-Mobile G1 phone is affected.
  • Ref: http://www.securityfocus.com/bid/33695
  • 09.7.38 - CVE: CVE-2007-4321
  • Platform: Cross Platform
  • Title: Fail2ban "wuftpd.conf" Remote Denial of Service
  • Description: Fail2ban is an application designed to monitor authentication failure messages and block hosts that attempt brute force attacks against network services. The application is designed to monitor log entries made by the network services when authentication failures occur. When failures are logged, the application adds the source IP address of attacking computers directly as a firewall rule or inserts the address into the block list.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514163
  • 09.7.39 - CVE: CVE-2009-0432, CVE-2009-0433, CVE-2009-0434,CVE-2009-0435, CVE-2009-0436, CVE-2009-0438, CVE-2008-4284,CVE-2008-4283
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Multiple Vulnerabilities
  • Description: IBM WebSphere Application Server (WAS) is an application server used for service oriented architecture. IBM WebSphere Application Server is exposed to multiple issues. A local attacker could exploit this vulnerability using unspecified attack vectors to have an unknown impact on the system.
  • Ref: http://xforce.iss.net/xforce/xfdb/48526
  • 09.7.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Directory Server LDAP Request Denial of Service
  • Description: Sun Java System Directory Server is an LDAP (Lightweight Directory Access Protocol) server distributed with multiple Sun products. Sun Java System Directory Server is exposed to a denial of service issue. Specifically, this vulnerability occurs when processing specially crafted LDAP requests and stems from an unspecified issue in the LDAP SDK (Software Development Kit) for C. Ref: http://www.sun.com/software/products/directory_srvr_ee/dir_srvr/index.xml
  • 09.7.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Varnish HTTP Request Parsing Denial of Service
  • Description: Varnish is an HTTP accelerator application. Varnish is exposed to a remote denial of service issue caused by an unspecified error when processing a malformed HTTP request. Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users. Varnish versions prior to 2.0.1 are affected.
  • Ref: http://www.securityfocus.com/bid/33712
  • 09.7.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Tor Multiple Denial of Service Vulnerabilities
  • Description: Tor is an implementation of second generation Onion Routing, a connection oriented anonymizing communication service. Tor is exposed to multiple denial of service issues. Tor versions prior to 0.2.0.34 are affected.
  • Ref: http://archives.seul.org/or/announce/Feb-2009/msg00000.html
  • 09.7.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Team "online.asp" Cross-Site Scripting Vulnerability
  • Description: Team is a web-based bulletin board application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "lookname" parameter in the "online.asp" script.
  • Ref: http://www.securityfocus.com/bid/33614
  • 09.7.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Moodle Forum Unspecified Cross-Site Request Forgery
  • Description: Moodle is a content manager for online courseware. Moodle is exposed to a cross-site request forgery issue. This issue affects the application's forum. Moodle versions 1.9 up to but not including 1.9.4; versions 1.8 up to but not including 1.8.8; and versions 1.7 up to but not including 1.7.7 are affected.
  • Ref: http://www.securityfocus.com/bid/33615
  • 09.7.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Power System Of Article Management Multiple Cross-Site Scripting Vulnerabilities
  • Description: Power System Of Article Management is a web-based application implemented in ASP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Issues have been reported in the "ComeUrl" parameter of the "userchklogin.asp" and "userlogin.asp" scripts. Power System Of Article Management version 3.0 is affected.
  • Ref: http://www.milw0rm.com/exploits/7981
  • 09.7.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Multiple Scripts For Sites EZ Products "directory.php" Cross-Site Scripting
  • Description: Scripts For Sites distribute multiple web-based PHP applications. Multiple Scripts For Sites products are exposed to a cross-site scripting issue because they fail to sufficiently sanitize user-supplied data to the "email" field of the "directory.php" script when "ax" is set to "remind".
  • Ref: http://www.securityfocus.com/bid/33688
  • 09.7.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Moodle "Login As" Cross-Site Scripting
  • Description: Moodle is a content manager for online courseware. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue occurs if "teacher" or "administrator" users utilize the "Login As" feature to visit "MyMoodle" or "Blog" pages of that user.
  • Ref: http://moodle.org/security/
  • 09.7.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mahara Forum Post Cross-Site Scripting
  • Description: Mahara is a Perl based eportfolio application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue occurs in forum posts. Mahara versions prior to 1.0.9 are affected.
  • Ref: http://mahara.org/interaction/forum/topic.php?id=198
  • 09.7.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Views Bulk Operations Unspecified Cross-Site Scripting
  • Description: Views bulk operations is a third party plugin module for the Drupal content management system for performing bulk updates of nodes. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://drupal.org/node/369223
  • 09.7.50 - CVE: CVE-2008-3821
  • Platform: Web Application - Cross Site Scripting
  • Title: Cisco IOS HTTP Server Multiple Cross-Site Scripting Vulnerabilities
  • Description: Cisco IOS HTTP Server is a web server for the Cisco IOS operating system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Specifically, these issues affect the "level/15/exec/-/" and "exec/" scripts. Cisco IOS version 12.4(23) is affected. Ref: http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html
  • 09.7.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: htmLawed CSS Expressions Unspecified Cross-Site Scripting
  • Description: htmLawed is a PHP script for input text processing. htmLawed is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an unspecified parameter. The issue is related to handling dynamic crafted CSS expressions. htmLawed versions prior to 1.1.6 are affected. Ref: http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s4.3
  • 09.7.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Scripts for Sites EZ Baby "password.php" Cross-Site Scripting
  • Description: Scripts for Sites EZ Baby is a web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "u2" parameter in the "password.php" script when submitted via an HTTP POST request.
  • Ref: http://www.securityfocus.com/bid/33635
  • 09.7.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kipper Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: Kipper is a PHP based template manager. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. Kipper version 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/33640
  • 09.7.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EZ Reminder "password.php" Cross-Site Scripting
  • Description: EZ Reminder is a PHP-based reminder script. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the email box when editing a user password through the "password.php" script.
  • Ref: http://www.securityfocus.com/bid/33641
  • 09.7.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Phorum Unspecified Cross-Site Scripting
  • Description: Phorum is a web-based forum application. Phorum is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Phorum version 5.2.10-RC1 is affected.
  • Ref: http://www.phorum.org/phorum5/read.php?64,136129
  • 09.7.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MediaWiki "config/index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: MediaWiki is a PHP based wiki application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters of the "config/index.php" script. MediaWiki versions prior to 1.13.4, 1.12.4, and 1.6.12 are affected. Ref: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_4/phase3/RELEASE-NOTES
  • 09.7.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AdaptCMS Lite Cross-Site Scripting and Remote File Include Vulnerabilities
  • Description: AdaptCMS Lite is a PHP based content manager. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to execute malicious PHP code in the context of the web server process. AdaptCMS Lite version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/33698
  • 09.7.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pebble Unspecified Cross-Site Scripting
  • Description: Pebble is an open source blogging tool implemented in Java and XML. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to an unspecified parameter. The issue affects Pebble versions prior to 2.3.2.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=660130
  • 09.7.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Zeroboard Xpress Engine "func.inc.php" Cross-Site Scripting
  • Description: Xpress Engine is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input through the "/config/func.inc.php" script. Xpress Engine version 1.1.15 is affected.
  • Ref: http://www.securityfocus.com/bid/33703
  • 09.7.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Novell QuickFinder Server Multiple Cross-Site Scripting Vulnerabilities
  • Description: Novell QuickFinder Server is a web-based search solution for enterprises. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "adminurl" parameter of the "AdminServlet" script and POST parameters of the "AdminServlet" script.
  • Ref: http://www.securityfocus.com/archive/1/500825
  • 09.7.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sajax "Sajax.php" Cross-Site Scripting
  • Description: Sajax is a PHP-based tool for Ajax enabled web sites. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input through a URI to the "sajax_get_common_js()" function in the "php/Sajax.php" script. Sajax version 0.12 is affected.
  • Ref: http://www.securityfocus.com/bid/33711
  • 09.7.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YapBB "forumhop.php" SQL Injection
  • Description: YapBB (Yet Another PHP Bulletin Board) is a PHP-based bulletin board application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forumID" parameter of the "forumhop.php" script before using it in an SQL query. YapBB version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33620
  • 09.7.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ProFTPD Character Encoding SQL Injection
  • Description: ProFTPD is an FTP server implementation that is available for Unix and Linux platforms. It can be integrated with multiple database servers. ProFTPD is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. ProFTPD versions 1.3.1 and later are affected.
  • Ref: http://bugs.proftpd.org/show_bug.cgi?id=3173
  • 09.7.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BusinessSpace "id" Parameter SQL Injection
  • Description: BusinessSpace is web-based collaboration software for teams, groups and companies. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it an SQL query. BusinessSpace version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33692
  • 09.7.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: A Better Member-Based ASP Photo Gallery "view.asp" SQL Injection
  • Description: A Better Member-Based ASP Photo Gallery is an ASP-based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "entry" parameter of the "view.asp" script.
  • Ref: http://www.securityfocus.com/bid/33693
  • 09.7.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Director "searching" Parameter SQL Injection
  • Description: PHP Director is a video content manager. The application is exposed to an SQL injection issue because the application fails to sufficiently sanitize user-supplied input to the "searching" parameter of the "index.php" script. PHP Director version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33694
  • 09.7.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CafeEngine "catid" Parameter SQL Injection
  • Description: CafeEngine is a PHP-based application for managing cafe or restaurant web pages. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33655
  • 09.7.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Calendar SQL Credentials Information Disclosure
  • Description: PHP-Calendar is web-based calendar application implemented in PHP. PHP-Calendar is exposed to an information disclosure issue because it fails to restrict access to multiple scripts. HP-Calendar versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/33656
  • 09.7.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ilch CMS "HTTP_X_FORWARDED_FOR" SQL Injection
  • Description: Ilch CMS is PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input in the "HTTP_X_FORWARDED_FOR" HTTP header. This issue occurs in the "getip()" function of the "include/includes/func/statistics.php" script. Ilch CMS versions 1.1L and earlier are affected.
  • Ref: http://www.ilch.de/news-188.html
  • 09.7.70 - CVE: CVE-2009-0297
  • Platform: Web Application - SQL Injection
  • Title: ClickAuction "login_check.asp" Multiple SQL Injection Vulnerabilities
  • Description: ClickAuction is a web-based auction application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "txtEmail" and "txtPassword" parameters of the "login_check.asp" script.
  • Ref: http://www.securityfocus.com/bid/33671
  • 09.7.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ilchClan "statistic.php" SQL Injection
  • Description: ilchClan is a PHP based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "X-Forwarded-For" HTTP header value in "thegetip()" function of the "include/includes/func/statistic.php" script before using it an SQL query. ilchClan version 1.1L is affected.
  • Ref: http://www.ilch.de/news-188.html
  • 09.7.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FlexCMS "catId" Parameter SQL Injection
  • Description: FlexCMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catId" parameter before using it an SQL query.
  • Ref: http://www.securityfocus.com/bid/33696
  • 09.7.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: If-CMS "id" Parameter SQL Injection
  • Description: If-CMS is web-based content management software implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "frame.php" script before using it an SQL query. If-CMS version 2.07 is affected.
  • Ref: http://www.securityfocus.com/bid/33697
  • 09.7.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Halite News "halite.php" SQL Injection
  • Description: Halite News, also known as Fluorine CMS, is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "halite.php" script before using it in an SQL query. Halite News version 0.1 rc 1 is affected.
  • Ref: http://www.securityfocus.com/bid/33727
  • 09.7.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyNews "login.php" SQL Injection
  • Description: MyNews is a web-based news reader. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "username" and "password" textboxes when logging in to the affected application via the "login.php" script. MyNews Beta version 0.10 is affected.
  • Ref: http://www.securityfocus.com/bid/33728
  • 09.7.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: w3b|cms Multiple SQL Injection Vulnerabilities
  • Description: w3b|cms is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/33706
  • 09.7.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Banking@Home "Login.asp" Multiple SQL Injection Vulnerabilities
  • Description: Banking@Home is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "Login.asp" script. Banking@Home version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500824
  • 09.7.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ProFTPD "mod_sql_mysql" Username SQL Injection
  • Description: ProFTPD is an FTP server implementation that is available for Unix and Linux platforms. It can be integrated with multiple database servers. ProFTPD is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/500823
  • 09.7.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Auth PHP "login.php" SQL Injection
  • Description: Auth PHP is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "login.php" script before using them in an SQL query. Auth PHP version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33723
  • 09.7.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bluebird "login.php" Multiple SQL Injection Vulnerabilities
  • Description: Bluebird is a web-based application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "passwd" parameters of the "login.php" script. Bluebird Pre-Release is affected.
  • Ref: http://www.securityfocus.com/bid/33725
  • 09.7.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Jaws Multiple Local File Include Vulnerabilities
  • Description: Jaws is a web-based application framework and content management application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. Jaws version 0.8.8 is affected.
  • Ref: http://www.securityfocus.com/bid/33607
  • 09.7.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Log Table HTML Injection
  • Description: Moodle is an open source application for managing online courseware. It is freely available under the GNU Public license for Unix and variants, and for Microsoft Windows. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Ref: http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67
  • 09.7.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Calendar Export Unspecified Information Disclosure
  • Description: Moodle is a content manager for online courseware. The application is exposed to an unspecified information disclosure issue related to the calendar export feature. Moodle versions 1.9 up to but not including 1.9.4, and versions 1.8 up to but not including 1.8.8 are affected.
  • Ref: http://moodle.org/security/
  • 09.7.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle "/user/pix.php" Information Disclosure
  • Description: Moodle is a content manager for online courseware. The application is exposed to an information disclosure issue because it fails to restrict access to the "/user/pix.php" script. Moodle versions 1.9 up to but not including 1.9.4, and versions 1.8 up to but not including 1.8.8 are affected.
  • Ref: http://moodle.org/security/
  • 09.7.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Bitrix Site Manager Multiple Input Validation Vulnerabilities
  • Description: Bitrix Site Manager is a PHP-based content manager. The application is exposed multiple input validation issues. An attacker may leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials.
  • Ref: http://www.securityfocus.com/bid/33689
  • 09.7.86 - CVE: Not Available
  • Platform: Web Application
  • Title: rgboard Multiple Input Validation Vulnerabilities
  • Description: rgboard is a web-based application. The application is exposed to multiple input validation issues. A remote attacker can exploit these issues to obtain sensitive information or execute malicious PHP code in the context of the web server process. rgboard version 4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500662
  • 09.7.87 - CVE: Not Available
  • Platform: Web Application
  • Title: MetaBBS Administration Settings Authentication Bypass
  • Description: MetaBBS is PHP-based forum software. The application is exposed to an issue that lets attackers modify user passwords because it fails to adequately secure access to administrative functions of the "admin/settings/index.php" script. MetaBBS version 0.11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500666
  • 09.7.88 - CVE: Not Available
  • Platform: Web Application
  • Title: GR Blog Multiple Administrative Scripts Authentication Bypass Vulnerabilities
  • Description: GR Blog is a PHP-based blogging application. The application is exposed to multiple authentication bypass issues because it fails to perform adequate authentication checks. GR Blog version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/33629
  • 09.7.89 - CVE: Not Available
  • Platform: Web Application
  • Title: ESET Remote Administrator HTML Injection
  • Description: ESET Remote Administrator is a web-based application used to manage ESET's products in a networked environment. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue occurs in the "Additional Report Settings" interface. ESET Remote Administrator versions prior to 3.0.105 are affected.
  • Ref: http://www.eset.eu/support/changelog-eset-remote-administrator-3
  • 09.7.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Link Module HTML Injection
  • Description: Link is a third party component for Drupal used to provide added functionality to the Content Construction Kit (CCK) module. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Help" field before using the input in dynamically generated content. The Link module version 5.x-2.5 is affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0036.html
  • 09.7.91 - CVE: Not Available
  • Platform: Web Application
  • Title: ClearBudget Local File Include and Authentication Bypass Vulnerabilities
  • Description: ClearBudget is PHP-based finance and budgeting application. The application is exposed to multiple input validation issues. An attacker can exploit the authentication bypass vulnerability to gain unauthorized access to the affected application. ClearBudget version 0.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/33645
  • 09.7.92 - CVE: Not Available
  • Platform: Web Application
  • Title: txtBB User Profile "Miasto" Field HTML Injection
  • Description: txtBB is a web-based content manager written in PHP. txtBB is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "Miasto" field of a user profile. txtBB version 1.0 RC3 is affected.
  • Ref: http://www.securityfocus.com/bid/33646
  • 09.7.93 - CVE: Not Available
  • Platform: Web Application
  • Title: WikkiTikkiTavi "upload.php" Arbitrary File Upload
  • Description: WikkiTikkiTavi is a wiki engine implemented in PHP. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize file extensions before uploading files via the "upload.php" script. WikkiTikkiTavi version 1.11 is affected.
  • Ref: http://www.securityfocus.com/bid/33647
  • 09.7.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Mailist "send.php" Local File Include
  • Description: Mailist is a PHP-based subscription mailing list. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "load" parameter of the "send.php" script. Mailist version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33648
  • 09.7.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Zeroboard Multiple Remote Vulnerabilities
  • Description: Zeroboard is a bulletin board system. The application is exposed to multiple issues. Zeroboard version 4 pl8 is affected.
  • Ref: http://www.securityfocus.com/bid/33649
  • 09.7.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Taridnt UP Remote File Upload
  • Description: Taridnt UP is a web-based application. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize the contents of a file before uploading it. Taridnt UP version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33691
  • 09.7.97 - CVE: CVE-2008-4560
  • Platform: Web Application
  • Title: HP OpenView Network Node Manager Multiple Information Disclosure Vulnerabilities
  • Description: HP OpenView Network Node Manager (NNM) is used to perform remote administration of HP computer hardware. HP OpenView Network Node Manager is exposed to multiple information disclosure issues that occur in various CGI applications. HP OpenView Network Node Manager version 7.53 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=771
  • 09.7.98 - CVE: Not Available
  • Platform: Web Application
  • Title: SilverNews Multiple Input Validation Vulnerabilities
  • Description: SilverNews is a PHP-based content manager. The application is exposed to multiple input validation issues. An attacker can exploit these issues to execute arbitrary code within the context of the web server, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or gain access to sensitive information. SilverNews version 2.04 is affected.
  • Ref: http://www.securityfocus.com/bid/33669
  • 09.7.99 - CVE: Not Available
  • Platform: Web Application
  • Title: phpYabs "Azione" Parameter Remote File Include
  • Description: phpYabs is web-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "Azione" parameter of the "moduli/libri/index.php" script. phpYabs version 0.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33670
  • 09.7.100 - CVE: Not Available
  • Platform: Web Application
  • Title: PyBlosxom Atom Flavor Multiple XML Injection Vulnerabilities
  • Description: PyBlosxom is a file based weblog system. The application is exposed to multiple XML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, these issues exist in the Atom flavour in "head.atom" when handling URLs. PyBlosxom version 1.4.3 is affected.
  • Ref: http://www.helith.net/txt/netgear_ssl312_remote_dos.txt
  • 09.7.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal "install.php" Local File Include
  • Description: Drupal is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "profile" parameter of the "install.php" script. Drupal version 6.9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500759
  • 09.7.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Hedgehog-CMS "specialacts.php" Arbitrary File Upload
  • Description: Hedgehog-CMS is a web-based content management system. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize file extensions before uploading files via the "specialacts.php" script. Hedgehog-CMS version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/33699
  • 09.7.103 - CVE: Not Available
  • Platform: Web Application
  • Title: WebFrame Local and Remote File Include Vulnerabilities
  • Description: WebFrame is a PHP-based framework application. The application is exposed to multiple input validation issues. A remote attacker can exploit these issues to obtain sensitive information or execute malicious PHP code in the context of the web server process. WebFrame version 0.76 is affected.
  • Ref: http://www.securityfocus.com/bid/33701
  • 09.7.104 - CVE: Not Available
  • Platform: Web Application
  • Title: YANOCC "lang_check.php" Local File Include
  • Description: YANOCC (Yet Another NOCC) is a web-based email client implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "lang_check.php" script. YANOCC version 0.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33704
  • 09.7.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Potato News "user" Cookie Parameter Local File Include
  • Description: Potato News is a PHP-based news script. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "user" cookie parameter that is processed by the "admin.php" script. Potato News version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33729
  • 09.7.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Thyme "export.php" Local File Include
  • Description: Thyme is a PHP based photo calendar application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "export_to" parameter of the "export.php" script. Thyme version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/33731
  • 09.7.107 - CVE: Not Available
  • Platform: Web Application
  • Title: SnippetMaster Webpage Editor Cross-Site Scripting and Remote File Include Vulnerabilities
  • Description: SnippetMaster Webpage Editor is a web site content editing tool. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. SnippetMaster Webpage Editor version 2.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/33705
  • 09.7.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Hedgehog-CMS Local File Include and PHP code Injection Vulnerabilities
  • Description: Hedgehog-CMS is a PHP based content manager. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. Hedgehog-CMS version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/33710
  • 09.7.109 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Cross-Site Scripting and Information Disclosure Vulnerabilities
  • Description: TYPO3 is a PHP-based content manager. The application is exposed to multiple remote issues. Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/
  • 09.7.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Q-News "settings.php" Remote Command Execution
  • Description: Q-News is a PHP-based Quick News generator. The application is exposed to an issue that attackers can leverage to execute arbitrary PHP commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "cmd" parameter of the "settings.php" script. Q-News version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/33717
  • 09.7.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Papoo "message_class.php" Local File Include
  • Description: Papoo is a web-based content management system implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "pfadhier" parameter of the "lib/classes/message_class.php" script. Papoo version 3.6 is affected; other versions may also be vulnerable.
  • Ref: http://www.securityfocus.com/bid/33718
  • 09.7.112 - CVE: CVE-2009-0058, CVE-2009-0059, CVE-2009-0061,CVE-2009-0062
  • Platform: Network Device
  • Title: Multiple Cisco Wireless LAN Controllers Multiple Remote Vulnerabilities
  • Description: Cisco Wireless LAN controllers are used to control various wireless LAN functions. Multiple Cisco Wireless LAN Controllers are exposed to multiple issues.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml
  • 09.7.113 - CVE: CVE-2008-4419
  • Platform: Network Device
  • Title: HP Multiple LaserJet Printers Unspecified Directory Traversal
  • Description: HP LaserJet printers are network attached printers. The devices' embedded web server, HP-ChaiSOE/1.0, is exposed to an unspecified directory traversal issue because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/500724
  • 09.7.114 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com OfficeConnect Wireless Cable/DSL Gateway "SaveCfgFile" Access Validation
  • Description: The 3Com OfficeConnect Wireless Cable/DSL Gateway is a Wi-Fi networking router. The device is exposed to an access validation issue because of a lack of authentication when users access the "SaveCfgFile" CGI application. The 3Com OfficeConnect Wireless Cable/DSL Gateway firmware version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/500762
  • 09.7.115 - CVE: Not Available
  • Platform: Network Device
  • Title: Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URI Redirection
  • Description: Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge is a logic control device. The web interface is used to display log file and status information. Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge is exposed to a remote URI redirection issue because the device's web interface fails to sufficiently sanitize user-supplied input.
  • Ref: http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation .cfg/php/enduser/std_adp.php?p_faqid=57729
  • 09.7.116 - CVE: Not Available
  • Platform: Network Device
  • Title: Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Multiple Cross-Site Scripting Vulnerabilities
  • Description: Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge is a logic control device. The web interface is used to display log files and status information. The application is exposed to multiple cross-site scripting issues because the device's web interface fails to sufficiently sanitize user-supplied input data. Ref: http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=57729
  • 09.7.117 - CVE: Not Available
  • Platform: Network Device
  • Title: NetGear SSL312 CGI Binary Remote Denial of Service
  • Description: NetGear SSL312 is an SSL VPN concentrator. The appliance is exposed to a remote denial of service issue that occurs in the "cgi-bin/single_cgi" CGI-binary. An attacker can exploit the issue using the web interface of the appliance. Successful exploitation allows remote attackers to cause denial of service conditions.
  • Ref: http://www.helith.net/txt/netgear_ssl312_remote_dos.txt
  • 09.7.118 - CVE: Not Available
  • Platform: Network Device
  • Title: Nokia N95 Malformed JPEG Denial of Service
  • Description: Nokia N95 is a smartphone developed by Nokia. Nokia N95 is exposed to a denial of service issue that occurs in the devices web browser. This issue occurs when handling malformed JPEG files. A successful exploit of this issue allows remote attackers to crash the browser on the affected device, denying service to legitimate users.
  • Ref: http://www.securityfocus.com/archive/1/500752
  • 09.7.119 - CVE: Not Available
  • Platform: Network Device
  • Title: Avaya DECT Products Information Disclosure Weakness
  • Description: Digital Enhanced Cordless Telecommunications (DECT) is a standard for wireless telephones. IP DECT and ISDN DECT are the two Avaya telephony systems that use DECT. An information disclosure weakness exists in DECT. Successful exploitation of this issue will allow attackers to obtain sensitive information.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2009-021.htm
  • 09.7.120 - CVE: Not Available
  • Platform: Network Device
  • Title: Swann DVR4 SecuraNet Directory Traversal
  • Description: Swann DVR4 SecuraNet is a hardware device used for recording remote cameras. It includes an embedded web server. The web server is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Specifically, the application fails to sanitize directory traversal strings contained in the URL.
  • Ref: http://www.securityfocus.com/bid/33716

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Very intense. I have never been to a conference where we received so much information and so much more to learn post-conference.
-Paul Abels, UPS

GIAC GSEC Certification

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County