@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Microsoft Office Excel Remote Code Execution Vulnerability (0day)
• (2) CRITICAL: Adobe Reader and Acrobat Buffer Overflow Vulnerability (APSA09-01)
• (3) HIGH: Adobe Flash Player Multiple Vulnerabilities (APSB09-01)
• (4) HIGH: Orbit Downloader Long URL Buffer Overflow Vulnerability
• (5) MODERATE: ksquirrel-libs Radiance RGBE File Parsing Buffer Overflow Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Microsoft Office

• 09.9.1 - Microsoft Excel Unspecified Remote Code Execution

Third Party Windows Apps

• 09.9.2 - Windows Live Messenger Charset Data Remote Denial of Service
• 09.9.3 - Got All Media URI Handling Remote Denial of Service
• 09.9.4 - FathFTP ActiveX Control "DeleteFile()" Method Arbitrary File Delete
• 09.9.5 - iDefense COMRaider "DeleteFile()" Method Arbitrary File Deletion
• 09.9.6 - Sony Network Camera ActiveX Control Unspecified Buffer Overflow
• 09.9.7 - Orbit Downloader "Connecting" Log Message Creation Remote Buffer Overflow

Mac Os

• 09.9.8 - Apple Mac OS X Certificate Assistant Insecure Temporary File Creation
• 09.9.9 - Apple Mac OS X "csregprinter" Local Privilege Escalation
• 09.9.10 - Apple Mac OS X AFP Server Remote Denial of Service
• 09.9.11 - Apple Mac OS X Server Manager Authentication Bypass Security
• 09.9.12 - Apple Mac OS X Remote Apple Events Out of Bounds Memory Access Security
• 09.9.13 - Apple Mac OS X "dscl" Local Information Disclosure
• 09.9.14 - Apple Mac OS X Remote Apple Events Uninitialized Buffer Information Disclosure
• 09.9.15 - Apple Mac OS X Insecure Downloads Folder Permissions Information Disclosure
• 09.9.16 - Apple Mac OS X "FSEvents" Local Information Disclosure

Linux

• 09.9.17 - Linux Kernel SPARC "mremap()" Multiple Denial Of Service Vulnerabilities
• 09.9.18 - Linux Kernel "sock.c" SO_BSDCOMPAT Option Information Disclosure

BSD

• 09.9.19 - OpenBSD bgpd Remote Denial of Service

Solaris

• 09.9.20 - Fujitsu Enhanced Support Facility Information Disclosure

Cross Platform

• 09.9.21 - djbdns dnscache SOA Requests Remote Cache Poisoning
• 09.9.22 - IBM WebSphere Message Broker Information Disclosure
• 09.9.23 - Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
• 09.9.24 - SBLIM-SFCB Unspecified Vulnerability
• 09.9.25 - Fujitsu Jasmine2000 Enterprise Edition WebLink HTTP Response Splitting
• 09.9.26 - Yaws Multiple Header Request Denial of Service
• 09.9.27 - Mozilla Firefox International Domain Name Subdomain URI Spoofing
• 09.9.28 - GoAhead WebServer Authentication Bypass and Multiple Denial of Service Vulnerabilities
• 09.9.29 - Adobe Reader PDF File Handling Remote Code Execution
• 09.9.30 - IBM WebSphere Partner Gateway RNIF Document Security Bypass
• 09.9.31 - IBM WebSphere Application Server Installation Factory Information Disclosure
• 09.9.32 - IBM AIX "pppdial" Local Buffer Overflow
• 09.9.33 - IBM WebSphere MQ Queue Manager Multiple Local Privilege Escalation Vulnerabilities
• 09.9.34 - Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior
• 09.9.35 - OptiPNG GIF Image Handling Memory Corruption
• 09.9.36 - IBM WebSphere Application Server WSPolicy Information Disclosure
• 09.9.37 - Adobe Flash Player Invalid Object Reference Remote Code Execution
• 09.9.38 - Moodle User Edit Form Unspecified Remote Privilege Escalation
• 09.9.39 - IBM TXSeries for Multiplatforms "forcepurge" Unspecified Security
• 09.9.40 - IBM WebSphere Application z/OS CSLv2 Identity Assertion Unspecified Local Vulnerability
• 09.9.41 - Adobe Flash Player Unspecified Information Disclosure
• 09.9.42 - Adobe Flash Player Unspecified Remote Denial of Service
• 09.9.43 - OpenSite Multiple Security Vulnerabilities
• 09.9.44 - CATIA V5 Unspecified Vulnerability
• 09.9.45 - Steamcast Multiple Memory Corruption Vulnerabilities
• 09.9.46 - ZNC Webadmin Module Remote Privilege Escalation

Web Application - Cross Site Scripting

• 09.9.47 - phpDenora IRC Channel Name Cross-Site Scripting
• 09.9.48 - NetMRI Login Application Error Page Cross-Site Scripting
• 09.9.49 - Agavi Multiple Cross-Site Scripting Vulnerabilities
• 09.9.50 - TangoCMS "listeners.php" Cross-Site Scripting
• 09.9.51 - cPanel HTML Injection and Cross-Site Scripting Vulnerabilities
• 09.9.52 - Zen Cart Multiple Unspecified Cross-Site Request Forgery Vulnerabilities
• 09.9.53 - Libero "search term" Cross-Site Scripting
• 09.9.54 - Magento Multiple Cross-Site Scripting Vulnerabilities
• 09.9.55 - Adobe RoboHelp Server Multiple Cross-Site Scripting Vulnerabilities
• 09.9.56 - Adobe RoboHelp Multiple Cross-Site Scripting Vulnerabilities
• 09.9.57 - dradis Multiple Cross-Site Scripting Vulnerabilities
• 09.9.58 - piCal Module for XOOPS "index.php" Cross Site Scripting

Web Application - SQL Injection

• 09.9.59 - A4Desk Event Calendar "eventid" Parameter SQL Injection
• 09.9.60 - Graugon Forum "view_profile.php" SQL Injection
• 09.9.61 - HispaH Text Link ADS "idtl" Parameter SQL Injection
• 09.9.62 - Joomla! and Mambo gigCalendar Component "banddetails.php" SQL Injection
• 09.9.63 - Joomla! and Mambo gigCalendar Component "venuedetails.php" SQL Injection
• 09.9.64 - Taifajobs "jobdetails.php" SQL Injection
• 09.9.65 - MDPro and PostNuke My_eGallery Module "pid" Parameter SQL Injection
• 09.9.66 - xGuestbook "login.php" SQL Injection
• 09.9.67 - Moodle HotPot Module "report.php" SQL Injection
• 09.9.68 - Qwerty CMS "index.php" SQL Injection

Web Application

• 09.9.69 - SAS Hotel Management System Arbitrary File Upload
• 09.9.70 - Firepack User-Agent HTTP Header PHP Code Injection
• 09.9.71 - lastRSS autoposting bot MOD "phpbb_root_path" Parameter Remote File Include
• 09.9.72 - Goople CMS "editpass.php" Multiple Remote PHP Code Injection Vulnerabilities
• 09.9.73 - Blue Utopia "index.php" Local File Include
• 09.9.74 - phpScheduleIt Multiple Remote PHP Code Injection Vulnerabilities
• 09.9.75 - Pyrophobia "index.php" Local File Include
• 09.9.76 - Page Engine CMS "fPrefix" Parameter Multiple Remote File Include Vulnerabilities
• 09.9.77 - PayPal Download Shop SQL Injection and Arbitrary File Upload Vulnerabilities
• 09.9.78 - Huawei E960 HSDPA Router SMS Inbox View HTML Injection
• 09.9.79 - Professioneller Anzeigenmarkt Multiple SQL Injection Vulnerabilities
• 09.9.80 - Free Arcade Script "play.php" Local File Include
• 09.9.81 - M5zn Arbitrary File Upload Vulnerability
• 09.9.82 - BarnOwl Prior to 1.0.5 Multiple Buffer Overflow Vulnerabilities
• 09.9.83 - Cambium Group Content Management System Multiple Remote Vulnerabilities
• 09.9.84 - OpenGoo User Permissions Security Bypass

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 9, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 09.9.1 - CVE: Not Available
• Platform: Microsoft Office
• Title: Microsoft Excel Unspecified Remote Code Execution
• Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Microsoft Excel is exposed to an unspecified remote code execution issue. Attackers may exploit this issue by enticing victims into opening a malicious Excel file. Microsoft Excel version 2007 is affected.
• Ref: http://www.securityfocus.com/bid/33870

• 09.9.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Windows Live Messenger Charset Data Remote Denial of Service
• Description: Windows Live Messenger is an instant messaging application available for Microsoft Windows. The application is exposed to a remote denial of service issue because it fails to handle instant messages with malformed "Charset" data. When attempting to process malformed data, the application will crash. Windows Live Messenger 2009 version 14.0.8064.206 is affected.
• Ref: http://www.securityfocus.com/bid/33825

• 09.9.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Got All Media URI Handling Remote Denial of Service
• Description: Got All Media is a Home theater PC application for Microsoft Windows platforms. Got All Media is exposed to a remote denial of service issue when processing URI requests. This issue occurs when the application handles an HTTP GET request over TCP port 5550. Got All Media version 7.0.0.3 is affected.
• Ref: http://www.securityfocus.com/bid/33830

• 09.9.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: FathFTP ActiveX Control "DeleteFile()" Method Arbitrary File Delete
• Description: FathFTP is an ActiveX control that implements FTP client and server functionality. The ActiveX control is exposed to an issue that lets attackers delete arbitrary files on the affected computer. Attackers can exploit this issue to delete arbitrary files on the affected computer in the context of the application using the ActiveX control (typically Internet Explorer).
• Ref: http://support.microsoft.com/kb/240797

• 09.9.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: iDefense COMRaider "DeleteFile()" Method Arbitrary File Deletion
• Description: iDefense COMRaider is an ActiveX fuzzing utility. iDefense COMRaider is exposed to an issue that lets attackers delete arbitrary files on the affected computer. This issue affects the "DeleteFile()" method of the ActiveX control. Attackers can exploit this issue to delete arbitrary files on the affected computer in the context of the application using the ActiveX control (typically Internet Explorer).
• Ref: http://www.securityfocus.com/archive/1/501183

• 09.9.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Sony Network Camera ActiveX Control Unspecified Buffer Overflow
• Description: Sony Network Camera ActiveX control allows users to manage Sony security cameras from a computer. The application is exposed to an unspecified buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
• Ref: http://www.securityfocus.com/bid/33876/references

• 09.9.7 - CVE: CVE-2009-0187
• Platform: Third Party Windows Apps
• Title: Orbit Downloader "Connecting" Log Message Creation Remote Buffer Overflow
• Description: Orbit Downloader is a peer to peer file downloader for Windows platforms. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Orbit Downloader versions prior to 2.8.5 are affected.
• Ref: http://secunia.com/secunia_research/2009-9/

• 09.9.8 - CVE: CVE-2009-0011
• Platform: Mac Os
• Title: Apple Mac OS X Certificate Assistant Insecure Temporary File Creation
• Description: Apple Mac OS X Certificate Assistant creates temporary files in an insecure manner. An attacker with local access may exploit this issue to overwrite files with the privileges of a local user running Certificate Assistant. Mac OS X version 10.5.6 (both client and server) is affected.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.9 - CVE: CVE-2009-0017
• Platform: Mac Os
• Title: Apple Mac OS X "csregprinter" Local Privilege Escalation
• Description: Apple Mac OS X is prone to a local privilege escalation vulnerability. The issue stems from a heap-based buffer overflow in the "csregprinter" component. This issue affects Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6 and Mac OS X Server v10.5.6.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.10 - CVE: CVE-2009-0142
• Platform: Mac Os
• Title: Apple Mac OS X AFP Server Remote Denial of Service
• Description: Apple Mac OS X is exposed to a remote denial of service issue. This issue affects the AFP Server. Specifically, due to a race condition error the server may enter into an infinite loop when processing file enumeration requests. Mac OS X version 10.5.6 (both client and server) is affected.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.11 - CVE: CVE-2009-0138
• Platform: Mac Os
• Title: Apple Mac OS X Server Manager Authentication Bypass Security
• Description: Apple Mac OS X is exposed to an authentication bypass issue that affects the Server Manager ("servermgrd"). The issue is caused by an error in validation of authentication credentials. Mac OS X v10.5.6 and Mac OS X Server v10.5.6 are affected.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.12 - CVE: CVE-2009-0019
• Platform: Mac Os
• Title: Apple Mac OS X Remote Apple Events Out of Bounds Memory Access Security
• Description: Apple Mac OS X is exposed to an out of bounds memory access issue that affects the Remote Apple Events component. The issue occurs because the application fails to properly bounds check user-supplied data. Mac OS X versions v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6 and Mac OS X Server v10.5.6 are affected.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.13 - CVE: CVE-2009-0013
• Platform: Mac Os
• Title: Apple Mac OS X "dscl" Local Information Disclosure
• Description: The "dscl" application included with Apple Mac OS X is prone to a local information disclosure vulnerability that may reveal user passwords to attackers. Specifically, the application requires passwords to be passed to it in its command line arguments. Mac OS X versions 10.4.11 and 10.5.6 (both client and server) are affected.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.14 - CVE: CVE-2009-0018
• Platform: Mac Os
• Title: Apple Mac OS X Remote Apple Events Uninitialized Buffer Information Disclosure
• Description: Apple Mac OS X is exposed to an out of bounds memory access issue that affects the Remote Apple Events component. The issue is caused by an uninitialized memory buffer. The issue affects Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6 and Mac OS X Server v10.5.6.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.15 - CVE: CVE-2009-0014
• Platform: Mac Os
• Title: Apple Mac OS X Insecure Downloads Folder Permissions Information Disclosure
• Description: Apple Mac OS X is exposed to a local information disclosure issue. Specifically, after a user deletes their Downloads folder, the Folder Manager recreates it with global read permissions. The issue affects Mac OS X v10.5.6 and Mac OS X Server v10.5.6.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.16 - CVE: CVE-2009-0015
• Platform: Mac Os
• Title: Apple Mac OS X "FSEvents" Local Information Disclosure
• Description: The FSEvents system included with Apple Mac OS X is prone to a local information disclosure vulnerability. This issue stems from an access validation error that allows a local attacker to view information associated with file events they would not normally have access to. Mac OS X version 10.5.6 (both client and server) is affected.
• Ref: http://support.apple.com/kb/ht3438

• 09.9.17 - CVE: CVE-2008-6107
• Platform: Linux
• Title: Linux Kernel SPARC "mremap()" Multiple Denial Of Service Vulnerabilities
• Description: The Linux kernel is exposed to multiple denial of service issues when mapping memory addresses on SPARC based computers. These issues occur in the following source files and functions: "arch/sparc64/kernel/sys_sparc32.c": "sys32_mremap()"; "arch/sparc/kernel/sys_sparc.c": "sparc_mmap_check()" and "arch/sparc64/kernel/sys_sparc.c": "sparc64_mmap_check()". These issues occur because of a failure to adequately check virtual address ranges when the MREMAP_FIXED bit is not set, allowing local attackers to cause a kernel panic with unspecified "mremap()" calls. Linux kernel versions prior to 2.6.25.4 are affected.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.4

• 09.9.18 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "sock.c" SO_BSDCOMPAT Option Information Disclosure
• Description: Linux Kernel is exposed to an information disclosure issue because it fails to properly initialize certain memory before using it in a user-accessible operation. Specifically, the issue resides in the "sock_getsockopt()" function of the "net/core/sock.c" source file. Linux Kernel versions prior to 2.6.28.6 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=486305

• 09.9.19 - CVE: Not Available
• Platform: BSD
• Title: OpenBSD bgpd Remote Denial of Service
• Description: OpenBSD Border Gateway Protocol daemon (bgpd) is exposed to a remote denial of service issue when processing long Autonomous System (AS) paths. This issue affects the "aspath_prepend()" function of the "usr.sbin/bgpd/rde_attr.c" source file and arises because the application does not correctly prepend its own AS to very long AS paths. OpenBSD versions 4.4 and 4.3 are affected.
• Ref: http://www.openbsd.org/errata44.html

• 09.9.20 - CVE: CVE-2007-3012
• Platform: Solaris
• Title: Fujitsu Enhanced Support Facility Information Disclosure
• Description: Fujitsu Enhanced Support Facility is a system and log monitoring solution for Solaris Operating System. Fujitsu Enhanced Support Facility is exposed to an information disclosure issue due to an error when handling "HRM-S" client connections. Enhanced Support Facility versions 3.0 and 3.0.1 are affected. Ref: http://www.fujitsu.com/global/support/software/security/products-f/esf-200901e.html

• 09.9.21 - CVE: CVE-2008-4392
• Platform: Cross Platform
• Title: djbdns dnscache SOA Requests Remote Cache Poisoning
• Description: djbdns is a suite of Domain Name System (DNS) tools. The dnscache (caching/resolver server) component of djbdns is exposed to a DNS cache poisoning issue that arises because the application fails to handle SOA (Start of Authority) records in a proper manner. djbdns version 1.05 is affected.
• Ref: http://www.securityfocus.com/bid/33818

• 09.9.22 - CVE: CVE-2009-0503
• Platform: Cross Platform
• Title: IBM WebSphere Message Broker Information Disclosure
• Description: IBM WebSphere Message Broker is a communication solution. IBM WebSphere Message Broker is exposed to a local information disclosure issue due to a design error. Specifically when a JDBC exception occurs, the application writes sensitive database connection information to the event / system logs. IBM WebSphere Message Broker version 6.1 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431

• 09.9.23 - CVE: CVE-2009-0040
• Platform: Cross Platform
• Title: Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerabilities
• Description: The "libpng" library is a PNG reference library. The "libpng" library is exposed to multiple memory corruption issues because the library fails to properly initialize data structures. Specifically, the application improperly initializes certain pointer arrays before attempting to free them when the application runs out of memory. "libpng" versions prior to 1.0.43 and 1.2.35 are affected. Ref: http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com

• 09.9.24 - CVE: Not Available
• Platform: Cross Platform
• Title: SBLIM-SFCB Unspecified Vulnerability
• Description: SBLIM-SFCB (Small Footprint CIM Broker) is a CIM server. The application is exposed to an unspecified issue. Small Footprint CIM Broker versions prior to 1.3.3 are affected.
• Ref: http://www.securityfocus.com/bid/33829

• 09.9.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Fujitsu Jasmine2000 Enterprise Edition WebLink HTTP Response Splitting
• Description: Fujitsu Jasmine2000 Enterprise Edition is exposed to an HTTP response splitting issue. The issue occurs because the application fails to sufficiently sanitize input to the WebLink template before using it in HTTP headers. Ref: http://www.fujitsu.com/global/support/software/security/products-f/jasmine-200901e.html

• 09.9.26 - CVE: Not Available
• Platform: Cross Platform
• Title: Yaws Multiple Header Request Denial of Service
• Description: Yaws (Yet Another Web Server) is an HTTP server for Unix and Linux platforms. Yaws is exposed to a remote denial of service issue. Specifically, the issue occurs because memory is consumed when the web server attempts to process infinite header requests. Yaws versions prior to 1.80 are affected.
• Ref: http://www.securityfocus.com/bid/33834

• 09.9.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Mozilla Firefox International Domain Name Subdomain URI Spoofing
• Description: Mozilla Firefox is a browser available for a number of operating systems. The application is affected by a URI spoofing vulnerability because it fails to adequately handle specific characters in IDN subdomains. Firefox version 3.0.6 is affected.
• Ref: http://www.mozilla.org/projects/security/tld-idn-policy-list.html

• 09.9.28 - CVE: CVE-2002-2427, CVE-2002-2428, CVE-2002-2429,CVE-2002-2430, CVE-2002-2431, CVE-2003-1568, CVE-2003-1569
• Platform: Cross Platform
• Title: GoAhead WebServer Authentication Bypass and Multiple Denial of Service Vulnerabilities
• Description: GoAhead WebServer is an embedded web server. The application is exposed to multiple remote issues. A remote attacker may exploit these issues to gain access to protected documents or to create a denial of service condition.
• Ref: http://data.goahead.com/Software/Webserver/2.1.6/release.htm

• 09.9.29 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe Reader PDF File Handling Remote Code Execution
• Description: Adobe Reader is an application for viewing PDF files. Adobe Reader is exposed to a remote code execution issue that presents itself when a malformed XObject image stream causes incorrect decoding with the "/JBIG2Decode" filter. Adobe Reader version 9 is affected.
• Ref: http://www.adobe.com/support/security/advisories/apsa09-01.html

• 09.9.30 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Partner Gateway RNIF Document Security Bypass
• Description: IBM WebSphere Partner Gateway facilitates business to business data integration and transaction management. IBM WebSphere Partner Gateway is exposed to a security bypass issue. This issue arises because the application fails to verify signatures due to altered service content or digital signature foot-print.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21330341

• 09.9.31 - CVE: CVE-2009-0437
• Platform: Cross Platform
• Title: IBM WebSphere Application Server Installation Factory Information Disclosure
• Description: IBM WebSphere Application Server (WAS) is an application server used for service oriented architecture. The application is exposed to a local information disclosure issue because it logs sensitive information. WAS version 6.0.2 installed on Microsoft Windows is affected.
• Ref: http://xforce.iss.net/xforce/xfdb/48527

• 09.9.32 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM AIX "pppdial" Local Buffer Overflow
• Description: The IBM AIX "pppdial" program is used to establish an asynchronous connection with a remote system for use by the PPP (Point to Point Protocol) subsystem. The "pppdial" program is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. AIX versions 5.3 and 6.1 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ44199

• 09.9.33 - CVE: CVE-2009-0439
• Platform: Cross Platform
• Title: IBM WebSphere MQ Queue Manager Multiple Local Privilege Escalation Vulnerabilities
• Description: IBM WebSphere MQ is a commercially available messaging engine for enterprises. The application is exposed to multiple unspecified local privilege escalation issues. These issues affect the "setmqaut", "dmpmqaut", and "dspmqaut" authorization commands for the Queue Manager. Attackers can exploit these issues to gain elevated privileges, which may result in the complete compromise of affected computers.
• Ref: http://xforce.iss.net/xforce/xfdb/48529

• 09.9.34 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior
• Description: The HTTP 1.1 specification requires that HTTP requests include a "Host" header indicating the domain the request is intended for. Multiple HTTP proxy implementations are exposed to an information disclosure issue related to the interpretation of the "Host" HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the "Host" HTTP header instead of the destination IP address.
• Ref: http://www.kb.cert.org/vuls/id/435052

• 09.9.35 - CVE: Not Available
• Platform: Cross Platform
• Title: OptiPNG GIF Image Handling Memory Corruption
• Description: OptiPNG is an application for optimizing and converting PNG files. OptiPNG is exposed to a memory corruption issue that affects the "GIFReadNextExtension()" function of the "lib/pngxtern/gif/gifread.c" source file. The issue arises when the application handles a specially crafted GIF image file. This issue occurs because the application attempts to use heap memory after it has been deallocated. OptiPNG versions 0.6.2 and earlier are affected.
• Ref: http://optipng.sourceforge.net/

• 09.9.36 - CVE: CVE-2009-0504
• Platform: Cross Platform
• Title: IBM WebSphere Application Server WSPolicy Information Disclosure
• Description: IBM WebSphere Application Server (WAS) is an application server used for service oriented architecture. WAS is exposed to a local information disclosure issue because it fails to properly recognize that the "com.ibm.wsspi.wssecurity.token/IDAssertion.isUsed" binding property is set, allowing sensitive information to pass via SOAP messages. WAS version 7.0 is affected.
• Ref: http://xforce.iss.net/xforce/xfdb/48700

• 09.9.37 - CVE: CVE-2009-0520
• Platform: Cross Platform
• Title: Adobe Flash Player Invalid Object Reference Remote Code Execution
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. The application is exposed to a remote code execution issue because it fails to properly deallocate memory when an object is destroyed. Flash Player version 9.0.124.0 is affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-01.html

• 09.9.38 - CVE: CVE-2008-6125
• Platform: Cross Platform
• Title: Moodle User Edit Form Unspecified Remote Privilege Escalation
• Description: Moodle is an open source application for managing online courseware. Moodle is exposed to a remote privilege escalation issue that occurs in the user edit form. Remote attackers may exploit this issue to elevate their privileges within Moodle.
• Ref: http://moodle.org/mod/forum/discuss.php?d=87971

• 09.9.39 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM TXSeries for Multiplatforms "forcepurge" Unspecified Security
• Description: IBM TXSeries for Multiplatforms is a distributed CICS processor for mixed language applications. The software is exposed to an unspecified issue that is related to the request acknowledgment wait time after a "forcepurge" request is sent to CICSAS. IBM TXSeries for Multiplatforms version 6.2 GA is affected.
• Ref: http://xforce.iss.net/xforce/xfdb/48885

• 09.9.40 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Application z/OS CSLv2 Identity Assertion Unspecified Local Vulnerability
• Description: IBM WebSphere Application Server (WAS) is an application server used for service oriented architecture. WAS is exposed to an unspecified local issue. This issue is related to the CSLv2 Identity Assertion feature and occurs when EJBs are communicated between WAS 6.1 and prior versions. WAS versions 6.0.2 and 5.1 installed on z/OS are affected.
• Ref: http://xforce.iss.net/xforce/xfdb/48886

• 09.9.41 - CVE: CVE-2009-0521
• Platform: Cross Platform
• Title: Adobe Flash Player Unspecified Information Disclosure
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe Flash Player is exposed to an information disclosure issue due to an unspecified error in the Flash Player binary. Flash Player on Linux based operating systems is affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-01.html

• 09.9.42 - CVE: Not Available10.0.22.87 are affected.
• Platform: Cross Platform
• Title: Adobe Flash Player Unspecified Remote Denial of Service
• Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. The application is exposed to an unspecified remote denial of service issue because it fails to validate user-supplied input. Flash Player versions prior to
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-01.html

• 09.9.43 - CVE: Not Available
• Platform: Cross Platform
• Title: OpenSite Multiple Security Vulnerabilities
• Description: OpenSite is a PHP-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to gain unauthorized access, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. OpenSite version 2.1 is affected.
• Ref: http://www.bluemoon.com.vn/advisories/bmsa200903.html

• 09.9.44 - CVE: Not Available
• Platform: Cross Platform
• Title: CATIA V5 Unspecified Vulnerability
• Description: CATIA V5 is a product development solution for manufacturing organizations. The application is exposed to an unspecified vulnerability. CATIA V5 Release 18 versions prior to Service Pack 8 are affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27015226

• 09.9.45 - CVE: CVE-2008-0550
• Platform: Cross Platform
• Title: Steamcast Multiple Memory Corruption Vulnerabilities
• Description: Steamcast is a media server available for multiple platforms. The application is exposed to multiple issues. Steamcast versions 0.9.75 and earlier are affected.
• Ref: http://aluigi.altervista.org/adv/steamcazz-adv.txt

• 09.9.46 - CVE: Not Available
• Platform: Cross Platform
• Title: ZNC Webadmin Module Remote Privilege Escalation
• Description: ZNC is a bouncer application for Internet Relay Chat (IRC). ZNC is exposed to a remote privilege escalation issue that affects the webadmin module of the application and arises due to a lack of validation of user-supplied input. ZNC versions prior to 0.066 are affected.
• Ref: http://en.znc.in/wiki/ChangeLog/0.066

• 09.9.47 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: phpDenora IRC Channel Name Cross-Site Scripting
• Description: phpDenora is a web interface to the Denora IRC Statistics Services application. phpDenora is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects IRC channel names. phpDenora versions prior to 1.2.3 are affected.
• Ref: http://sourceforge.net/project/shownotes.php?release_id=661189

• 09.9.48 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: NetMRI Login Application Error Page Cross-Site Scripting
• Description: NetMRI is a network management application suite. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue occurs in the login application, and affects an unspecified error page. NetMRI versions prior to 3.0.2 are affected.
• Ref: http://www.securityfocus.com/archive/1/501033

• 09.9.49 - CVE: CVE-2009-0417
• Platform: Web Application - Cross Site Scripting
• Title: Agavi Multiple Cross-Site Scripting Vulnerabilities
• Description: Agavi is a PHP application framework. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. These issues can occur when using Microsoft Internet Explorer versions 6 and 7 because they do not strictly enforce RFC 3986, which describes which characters should not be permitted in URIs.
• Ref: http://trac.agavi.org/ticket/1019

• 09.9.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TangoCMS "listeners.php" Cross-Site Scripting
• Description: TangoCMS is a PHP-based content management system. TangoCMS is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "hook_cntrlr_error_output()" function of the "modules/page/hooks/listeners.php" script. TangoCMS versions prior to 2.2.4 are affected.
• Ref: http://tangocms.org/changelog

• 09.9.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: cPanel HTML Injection and Cross-Site Scripting Vulnerabilities
• Description: cPanel is a web hosting control panel implemented in PHP. Since it fails to properly sanitize user-supplied input, the application is exposed to multiple input validation issues. cPanel versions 11.24.4 and 11.24.7 builds 34195 and prior are affected.
• Ref: http://www.securityfocus.com/bid/33840

• 09.9.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Zen Cart Multiple Unspecified Cross-Site Request Forgery Vulnerabilities
• Description: Zen Cart is a web-based shopping cart application. Zen Cart is exposed to multiple unspecified cross-site request forgery issues. Zen Cart version 1.3.8 is affected.
• Ref: http://www.securityfocus.com/bid/33844

• 09.9.53 - CVE: CVE-2009-0540
• Platform: Web Application - Cross Site Scripting
• Title: Libero "search term" Cross-Site Scripting
• Description: Libero is a PHP based application for library management. Libero is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "search term" form-field parameter.
• Ref: http://www.securityfocus.com/bid/33856

• 09.9.54 - CVE: CVE-2009-0541
• Platform: Web Application - Cross Site Scripting
• Title: Magento Multiple Cross-Site Scripting Vulnerabilities
• Description: Magento is a web-based ecommerce application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie based authentication credentials. Magento version 1.2.0 is affected.
• Ref: http://seclists.org/fulldisclosure/2009/Feb/0255.html

• 09.9.55 - CVE: CVE-2009-0523
• Platform: Web Application - Cross Site Scripting
• Title: Adobe RoboHelp Server Multiple Cross-Site Scripting Vulnerabilities
• Description: Adobe RoboHelp Server is an application for serving RoboHelp files using the IIS web server. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Adobe RoboHelp Server versions 6 and 7 are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-02.html

• 09.9.56 - CVE: CVE-2009-0524
• Platform: Web Application - Cross Site Scripting
• Title: Adobe RoboHelp Multiple Cross-Site Scripting Vulnerabilities
• Description: Adobe RoboHelp is a tool for creating application help files in a number of formats. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. These issues affect unspecified files in the "WebHelp5Exttemplate_stock" and "WildFireExttemplate_stock" directories and will impact files generated using the vulnerable application. Adobe RoboHelp versions 6 and 7 are vulnerable.
• Ref: http://www.adobe.com/support/security/bulletins/apsb09-02.html

• 09.9.57 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: dradis Multiple Cross-Site Scripting Vulnerabilities
• Description: dradis is a tool for sharing information during security assessments. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Specifically, these issues affect the node labels in the "nodestree.js" script and the category name in the "notesbrowser.js" script. dradis versions prior to 2.0 are vulnerable. Ref: http://sourceforge.net/project/shownotes.php?release_id=663516&group_id=209736

• 09.9.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: piCal Module for XOOPS "index.php" Cross Site Scripting
• Description: piCal is a module for the XOOPS content manager. piCal is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "event_id" parameter of the "index.php" script. piCal version 0.91h is affected.
• Ref: http://xoops.peak.ne.jp/md/d3forum/index.php?forum_id=1

• 09.9.59 - CVE: CVE-2008-6104
• Platform: Web Application - SQL Injection
• Title: A4Desk Event Calendar "eventid" Parameter SQL Injection
• Description: A4Desk Event Calendar is a web-based calendar implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "eventid" parameter of the "admin/index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/33835

• 09.9.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Graugon Forum "view_profile.php" SQL Injection
• Description: Graugon Forum is a PHP-based web forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "view_profile.php" script before using the data in an SQL query. Graugon Forum version 1 is affected.
• Ref: http://www.securityfocus.com/bid/33847

• 09.9.61 - CVE: CVE-2008-6155
• Platform: Web Application - SQL Injection
• Title: HispaH Text Link ADS "idtl" Parameter SQL Injection
• Description: HispaH Text Link ADS is a PHP based ad application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "idtl" parameter of the "index.php" script when the "action" parameter is set to "buy".
• Ref: http://www.securityfocus.com/bid/33850

• 09.9.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! and Mambo gigCalendar Component "banddetails.php" SQL Injection
• Description: gigCalendar is a PHP-based component for the Joomla! and Mambo content managers. gigCalendar is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gigcal_bands_id" parameter of the "banddetails.php" component before using it in an SQL query. gigCalendar version 1.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/501174

• 09.9.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! and Mambo gigCalendar Component "venuedetails.php" SQL Injection
• Description: gigCalendar is a PHP-based component for the Joomla! and Mambo content managers. gigCalendar is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gigcal_venues_id" parameter of the "venuedetails.php" component before using it in an SQL query. gigCalendar version 1.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/501175

• 09.9.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Taifajobs "jobdetails.php" SQL Injection
• Description: Taifajobs (Job Recruitment System) is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "jobid" parameter of the "jobdetails.php" script before using the data in an SQL query. Taifajobs version 1.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/501183

• 09.9.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: MDPro and PostNuke My_eGallery Module "pid" Parameter SQL Injection
• Description: The My_eGallery module provides image gallery functionality for the MDPro and PostNuke content managers. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter when called with the "do" parameter set to "showpic" before using the data in an SQL query.
• Ref: http://www.securityfocus.com/bid/33871

• 09.9.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: xGuestbook "login.php" SQL Injection
• Description: xGuestbook is a web-based guestbook application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "login.php" script before using it in an SQL query. xGuestbook version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/33875

• 09.9.67 - CVE: CVE-2008-6124
• Platform: Web Application - SQL Injection
• Title: Moodle HotPot Module "report.php" SQL Injection
• Description: Moodle is an open source application for managing online courseware. The HotPot module provides support for some types of quizzes. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to an unspecified parameter of the "report.php" script before using it in an SQL query.
• Ref: http://moodle.org/mod/forum/discuss.php?d=101402

• 09.9.68 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Qwerty CMS "index.php" SQL Injection
• Description: Qwerty CMS is a PHP based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/33885

• 09.9.69 - CVE: Not Available
• Platform: Web Application
• Title: SAS Hotel Management System Arbitrary File Upload
• Description: SAS Hotel Management System is an ASP-based application for handling hotel reservations. The application is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize file extensions before uploading photos onto the web server in the "register_hotel.asp" script.
• Ref: http://www.securityfocus.com/bid/33817

• 09.9.70 - CVE: Not Available
• Platform: Web Application
• Title: Firepack User-Agent HTTP Header PHP Code Injection
• Description: Firepack is a PHP based web application which attempts to exploit various browser vulnerabilities. Firepack is exposed to an issue that lets attackers inject arbitrary PHP code. The issue occurs because the "index.php" script fails to properly sanitize user-supplied input to the "User-Agent" HTTP header before writing it to the "ref.db" file.
• Ref: http://www.milw0rm.com/exploits/8075

• 09.9.71 - CVE: Not Available
• Platform: Web Application
• Title: lastRSS autoposting bot MOD "phpbb_root_path" Parameter Remote File Include
• Description: lastRSS autoposting bot MOD is a module for phpBB. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "phpbb_root_path" parameter of the "includes/functions_lastrss_autopost.php" script. lastRSS autoposting bot MOD version 0.1.3 is affected.
• Ref: http://www.securityfocus.com/bid/33843

• 09.9.72 - CVE: CVE-2008-6119
• Platform: Web Application
• Title: Goople CMS "editpass.php" Multiple Remote PHP Code Injection Vulnerabilities
• Description: Goople CMS is a PHP based content manager. Goople CMS is exposed to issues that attackers can leverage to execute arbitrary PHP code in the context of the application. These issues occur because the application fails to adequately validate user-supplied input to the "username" and "password" parameters of the "gooplecms/admin/account/action/editpass.php" script. This data is then written to the "admin/userandpass.php" script. Goople CMS version 1.7 is affected.
• Ref: http://www.securityfocus.com/bid/33848

• 09.9.73 - CVE: Not Available
• Platform: Web Application
• Title: Blue Utopia "index.php" Local File Include
• Description: Blue Utopia is a PHP-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/33851

• 09.9.74 - CVE: Not Available
• Platform: Web Application
• Title: phpScheduleIt Multiple Remote PHP Code Injection Vulnerabilities
• Description: phpScheduleIt is a PHP-based resource scheduling system. phpScheduleIt is exposed to issues that attackers can leverage to execute arbitrary PHP code in the context of the application. These issues occur because the application fails to adequately validate user-supplied input to the "start_date" and "end_date" parameters in the "process_reservation()" function of the "reserve.php" and "check.php" scripts. phpScheduleIt versions prior to 1.2.11 are vulnerable.
• Ref: http://sourceforge.net/project/shownotes.php?release_id=662749

• 09.9.75 - CVE: Not Available
• Platform: Web Application
• Title: Pyrophobia "index.php" Local File Include
• Description: Pyrophobia is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "pid" parameter of the "index.php" script. Pyrophobia version 2.1.3.1 is affected.
• Ref: http://www.securityfocus.com/bid/33861

• 09.9.76 - CVE: Not Available
• Platform: Web Application
• Title: Page Engine CMS "fPrefix" Parameter Multiple Remote File Include Vulnerabilities
• Description: Page Engine CMS is a content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/33860

• 09.9.77 - CVE: Not Available
• Platform: Web Application
• Title: PayPal Download Shop SQL Injection and Arbitrary File Upload Vulnerabilities
• Description: PayPal Download Shop is a web-based application. The application is exposed to multiple remote issues. Exploiting these issues could allow an attacker to compromise the application, upload arbitrary files, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/33862

• 09.9.78 - CVE: Not Available
• Platform: Web Application
• Title: Huawei E960 HSDPA Router SMS Inbox View HTML Injection
• Description: Huawei E960 HSDPA Router is a networking device. The device's web-based interface is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects the "Inbox View" for incoming SMS messages. Attackers may send multiple SMS messages, in reverse order, to create malicious script code that overcomes the 32 character limit in the SMS "Inbox View". Huawei E960 HSDPA Router with firmware version 246.11.04.11.110sp04 is affected.
• Ref: http://www.securityfocus.com/archive/1/501178

• 09.9.79 - CVE: Not Available
• Platform: Web Application
• Title: Professioneller Anzeigenmarkt Multiple SQL Injection Vulnerabilities
• Description: Professioneller Anzeigenmarkt is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username1" and "password1" parameters of the "siteadmin/login.php" script when the "s2" parameter is set to "ANMELDEN".
• Ref: http://www.securityfocus.com/bid/33868

• 09.9.80 - CVE: Not Available
• Platform: Web Application
• Title: Free Arcade Script "play.php" Local File Include
• Description: Free Arcade Script is an application for managing arcade games. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "template" parameter of the "play.php" script. Free Arcade Script version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33869

• 09.9.81 - CVE: Not Available
• Platform: Web Application
• Title: M5zn Arbitrary File Upload Vulnerability
• Description: M5zn is a web-based application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the software fails to adequately sanitize file extensions before uploading photos onto the web server. M5zn version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/33874

• 09.9.82 - CVE: Not Available
• Platform: Web Application
• Title: BarnOwl Prior to 1.0.5 Multiple Buffer Overflow Vulnerabilities
• Description: BarnOwl is an instant messaging client. Since it fails to perform adequate boundary checks on user-supplied data, the application is exposed to multiple buffer overflow issues. BarnOwl versions prior to 1.0.5 are vulnerable.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515118

• 09.9.83 - CVE: Not Available
• Platform: Web Application
• Title: Cambium Group Content Management System Multiple Remote Vulnerabilities
• Description: Cambium Group Content Management System is a web-based content manager. Cambium Group Content Management System is exposed to multiple remote issues. A successful exploit may allow an attacker to compromise the application, gain unauthorized access to the application, gain access to sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/33882

• 09.9.84 - CVE: Not Available
• Platform: Web Application
• Title: OpenGoo User Permissions Security Bypass
• Description: OpenGoo is web-based application. OpenGoo is exposed to a security bypass issue. Attackers may exploit the issue to bypass certain security restrictions and modify their own permissions. OpenGoo versions prior to 1.2.1 are affected.
• Ref: http://sourceforge.net/project/shownotes.php?release_id=663706

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.