@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) HIGH: IBM Lotus iNotes ActiveX Control Buffer Overflow Vulnerability
• (2) HIGH: IBM Informix Multiple Buffer Overflow Vulnerabilities
• (3) HIGH: Multiple Vendor "librpc.dll" Signedness Error Code Execution Vulnerability
• (4) MODERATE: Microsoft Internet Explorer VBScript Windows Help Code Execution Vulnerability
• (5) MODERATE: Modo 401 LXO Processing Integer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 10.10.1 - Microsoft Windows Unspecified Denial of Service

Other Microsoft Products

• 10.10.2 - Microsoft Internet Explorer "winhlp32.exe" "MsgBox()" Stack-Based Buffer Overflow

Third Party Windows Apps

• 10.10.3 - Google Picasa JPEG Image Processing Integer Overflow
• 10.10.4 - MediaCoder ".m3u" File Remote Buffer Overflow
• 10.10.5 - DateV "DVBSExeCall.ocx" ActiveX Control Remote Command Execution
• 10.10.6 - Domino Web Access ActiveX Control Unspecified Buffer Overflow
• 10.10.7 - Multiple Vendor "librpc.dll" Stack Buffer Overflow
• 10.10.8 - ProSSHD "scp_get()" Buffer Overflow

Linux

• 10.10.9 - Linux Kernel TSB I-TLB Load Local Privilege Escalation
• 10.10.10 - Linux Kernel "devtmpfs" Insecure Root Directory Permission
• 10.10.11 - Linux Kernel KVM Segment Selector Loading Local Privilege Escalation
• 10.10.12 - Linux Kernel "dvb_net_ule()" Remote Denial of Service

Aix

• 10.10.13 - IBM AIX LDAP Login Local Denial of Service

Cross Platform

• 10.10.14 - WebKit Image Decoder Memory Allocation Remote Code Execution
• 10.10.15 - EMC HomeBase Server Directory Traversal Remote Code Execution
• 10.10.16 - MochaSoft FTPDisc "get" Request Remote Denial of Service
• 10.10.17 - cronie "crontab" Symbolic Link Local Privilege Escalation
• 10.10.18 - Zhang Boyang FTP Server Remote Denial of Service
• 10.10.19 - Kojoney "urllib.urlopen()" Remote Denial of Service
• 10.10.20 - TIBCO Administrator
• 10.10.21 - Weekly Archive by Node Type Module Weekly Summary Security Bypass
• 10.10.22 - Apple Safari Style Tag Remote Memory Corruption
• 10.10.23 - Symantec Altiris Deployment Solution "dbmanager.exe" Denial of Service
• 10.10.24 - VKPlayer ".mid" File Processing Buffer Overflow
• 10.10.25 - Asterisk CIDR Notation in Access Rule Remote Security Bypass
• 10.10.26 - XMail Insecure Temporary File Creation
• 10.10.27 - Hitachi JP1/Cm2/Network Node Manager Insecure File Permissions
• 10.10.28 - PHP LCG entropy Unspecified Security
• 10.10.29 - PHP "tempnam()" "safe_mode" Validation Restriction Bypass
• 10.10.30 - Todd Miller Sudo "runas_default" Local Privilege Escalation
• 10.10.31 - FileExecutive Multiple Remote Vulnerabilities
• 10.10.32 - Apple Safari "background" attribute Remote Denial of Service
• 10.10.33 - IBM Domino Web Access Prior to 229.281 Unspecified Security Vulnerabilities
• 10.10.34 - IBM Informix Dynamic Server "librpc.dll" Multiple Buffer Overflow Vulnerabilities
• 10.10.35 - Reductive Labs Puppet "/tmp" Insecure File Permissions Vulnerabilities
• 10.10.36 - MochaSoft FTPDisc Multiple Remote Denial of Service Vulnerabilities
• 10.10.37 - Libpng "png_decompress_chunk()" Function Denial of Service

Web Application - Cross Site Scripting

• 10.10.38 - TRUC "login_reset_password_page.php" Cross-Site Scripting
• 10.10.39 - WebKit "window.open()" method Cross-Domain Scripting
• 10.10.40 - Computer Associates eHealth Performance Manager Web Interface Cross-Site Scripting
• 10.10.41 - Softbiz Jobs "sbad_type" Parameter Cross-Site Scripting
• 10.10.42 - MySmartBB Multiple Cross-Site Scripting Vulnerabilities
• 10.10.43 - Sawmill Unspecified Cross-Site Scripting
• 10.10.44 - Multiple IBM Products Login Page Cross-Site Scripting
• 10.10.45 - tDiary TrackBack Transmission Plugin Cross-Site Scripting
• 10.10.46 - Hitachi Multiple Products Unspecified Cross-Site Scripting
• 10.10.47 - ARISg "wflogin.jsp" Cross-Site Scripting
• 10.10.48 - Oracle Siebel "loyalty_enu/start.swe" Cross-Site Scripting
• 10.10.49 - ExtCalendar "upgrade.php" Cross-Site Scripting
• 10.10.50 - MarketGate Package for Eshbel Priority ERP "Referer" Parameter Cross-Site Scripting
• 10.10.51 - Discuz! "uid" Parameter Cross-Site Scripting
• 10.10.52 - Sparta Systems TrackWise EQMS Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 10.10.53 - Pre Multi-Vendor E-Commerce Solution "detail.php" SQL Injection
• 10.10.54 - MASA2EL Music City "index.php" Multiple SQL Injection Vulnerabilities
• 10.10.55 - Softbiz Jobs "moredetails.php" SQL Injection
• 10.10.56 - Bispage Content Manager Admin Page SQL Injection
• 10.10.57 - Softbiz Auktios Multiple SQL Injection Vulnerabilities
• 10.10.58 - HD FLV Player Component for Joomla! "id" Parameter SQL Injection
• 10.10.59 - shortCMS "printview.php" SQL Injection
• 10.10.60 - Softbiz Classifieds PLUS Script Multiple SQL Injection Vulnerabilities
• 10.10.61 - GameScript "index.php" SQL Injection
• 10.10.62 - JSK Internet WebAdministrator "download.php" SQL Injection
• 10.10.63 - Softbiz Recipes Portal and Link Directory Script "showcats.php" SQL Injection
• 10.10.64 - Entry Level CMS "index.php" SQL Injection
• 10.10.65 - Pre Classified Listings "signup.asp" SQL Injection
• 10.10.66 - SLAED CMS SQL Injection
• 10.10.67 - Joomla! "com_yanc" Component "listid" Parameter SQL Injection
• 10.10.68 - Uiga Fan Club and Personal Portal "id" Parameter SQL Injection
• 10.10.69 - Blax Blog "girisyap.php" SQL Injection
• 10.10.70 - Uiga Fan Club Login Multiple SQL Injection Vulnerabilities
• 10.10.71 - Scriptsfeed Business Directory Software
• 10.10.72 - 1024 CMS "id" Parameter SQL Injection
• 10.10.73 - My Little Forum "contact.php" SQL Injection
• 10.10.74 - Phptroubleticket "vedi_faq.php" SQL Injection

Web Application

• 10.10.75 - WikyBlog Multiple Remote Input Validation Vulnerabilities
• 10.10.76 - SilverStripe Multiple Remote Vulnerabilities
• 10.10.77 - PHP F1 Max's Photo Album "admin.php" Arbitrary File Upload
• 10.10.78 - OpenInferno OI.Blogs Multiple Local File Include Vulnerabilities
• 10.10.79 - Facebook-style Statuses Module User Status Security Bypass
• 10.10.80 - PBoard "upload/index.php" Remote File Upload
• 10.10.81 - Article Friendly Security Bypass
• 10.10.82 - Newbie CMS Insecure Cookie Authentication Bypass
• 10.10.83 - Arab Cart "showimg.php" Cross-Site Scripting and SQL Injection Vulnerabilities
• 10.10.84 - Ceondo InDefero Unauthorized Access
• 10.10.85 - Website Baker "framework/class.wb.php" Security Bypass
• 10.10.86 - TYPO3 OpenID Module Backend User Account Security Bypass
• 10.10.87 - Crawlability vBSEO "vbseo.php" Local File Include
• 10.10.88 - Orbital Viewer ".orb" File Stack-Based Buffer Overflow
• 10.10.89 - Nemo Multiple File Attachments Mail Form "upload.php" Arbitrary File Upload
• 10.10.90 - Open Educational System "CONF_INCLUDE_PATH" Parameter Multiple Remote File Include Vulnerabilities
• 10.10.91 - SLAED CMS Remote File Upload
• 10.10.92 - SLAED CMS Multiple Remote File Include Vulnerabilities
• 10.10.93 - SLAED CMS Installation Script Unauthorized Access
• 10.10.94 - Article Friendly "filename" Parameter Local File Include
• 10.10.95 - DeDeCMS

Network Device

• 10.10.96 - TrendNet TV-IP110W Missing Authentication Check Security Bypass

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 10, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 10, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 8115 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 10.10.1 - CVE: Not Available
• Platform: Windows
• Title: Microsoft Windows Unspecified Denial of Service
• Description: Microsoft Windows is exposed to an unspecified denial of service issue. Attackers can exploit this issue to crash an affected computer with a Blue Screen of Death error, denying service to legitimate users.
• Ref: http://www.scmagazineus.com/malta-researchers-find-windows-bug-that-crashes-pcs/
  article/164439/

• 10.10.2 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer "winhlp32.exe" "MsgBox()" Stack-Based Buffer Overflow
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied input. This issue affects the "winhlp32.exe" binary, and can be triggered when overly long input is passed to the "helpfile" parameter of a "MsgBox()" generated with VBscript.
• Ref: http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt

• 10.10.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Google Picasa JPEG Image Processing Integer Overflow
• Description: Google Picasa is a graphics application available for Microsoft Windows. Picasa is exposed to a remote integer overflow issue that occurs when processing JPEG image files. The issue affects the "PicasaPhotoViewer.exe" application and may results in a heap-based buffer overflow.
• Ref: http://www.securityfocus.com/bid/38384

• 10.10.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: MediaCoder ".m3u" File Remote Buffer Overflow
• Description: MediaCoder is a media file transcoder available for Microsoft Windows. MediaCoder is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".m3u" file. MediaCoder version 0.7.3.4605 is affected.
• Ref: http://www.securityfocus.com/bid/38405

• 10.10.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DateV "DVBSExeCall.ocx" ActiveX Control Remote Command Execution
• Description: DateV is a security application. The DateV "DVBSExeCall.ocx" ActiveX control is exposed to a remote command execution issue that affects the "ExecuteExe()" method of the ActiveX control. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious web page.
• Ref: http://support.microsoft.com/kb/240797

• 10.10.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Domino Web Access ActiveX Control Unspecified Buffer Overflow
• Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. Domino Server supports email, scheduling, instant messaging and data driven applications. Web Access is a browser-based client for Lotus Domino. Domino Web Access is also known as Lotus iNotes. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Domino Web Access version 6.5, Domino Web Access versions 7.0 prior to 7.0.4, and Domino Web Access versions 8.0 prior to 8.0.2FP4 Hotfix 229.281 are affected.
• Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857

• 10.10.7 - CVE: CVE-2009-2754
• Platform: Third Party Windows Apps
• Title: Multiple Vendor "librpc.dll" Stack Buffer Overflow
• Description: "librpc.dll" is an RPC protocol parsing library used by the ISM portmapper service "portmap.exe". The "librpc.dll" RPC protocol parsing library is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs because of a signedness error when handling unspecified parameter sizes during authentication via TCP port 36890. IBM Informix IDS and EMC Legato Networker are affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-023/

• 10.10.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: ProSSHD "scp_get()" Buffer Overflow
• Description: ProSSHD is an SSH client and server available for Microsoft Windows. ProSSHD is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling a specially crafted SCP GET command. ProSSHD version v1.2 20090726 is affected.
• Ref: http://www.securityfocus.com/bid/38487

• 10.10.9 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel TSB I-TLB Load Local Privilege Escalation
• Description: Linux kernel is exposed to a local privilege escalation issue because it allows attackers to execute code in nonexecutable mappings. Specifically, the TSB I-tlb load code tries to use an "andcc" operation to verify the "_PAGE_EXEC_4U" bit. However, when performing this bit operation, it will almost always return true when it shouldn't in some cases.
• Ref: http://marc.info/?l=linux-sparc&m=126662196902830&w=2

• 10.10.10 - CVE: CVE-2010-0299
• Platform: Linux
• Title: Linux Kernel "devtmpfs" Insecure Root Directory Permission
• Description: The "devtmpfs" program is a kernel component that is used to create the device filesystem when the system boots. The Linux kernel is exposed to an issue that lets attackers create files as the superuser. This issue occurs because the root directory of "devtmpfs" is incorrectly set at mode 1777 instead of 0755.
• Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.7

• 10.10.11 - CVE: CVE-2010-0419
• Platform: Linux
• Title: Linux Kernel KVM Segment Selector Loading Local Privilege Escalation
• Description: The Linux kernel is exposed to a privilege escalation issue affecting the Kernel-based Virtual Machine (KVM). Specifically, local users can exploit this issue to bypass permission checks when segment selectors are loaded. Linux kernel versions prior to 2.6.32-rc4 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=563463

• 10.10.12 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "dvb_net_ule()" Remote Denial of Service
• Description: The Linux kernel is exposed to a remote denial of service issue affecting the Unidirectional Lightweight Encapsulation (ULE) implementation. ULE is used to encapsulate IP datagrams over MPEG-2 transport streams and is described by RFC 4326. ULE is commonly used by, for example, satellite internet traffic. This issue occurs in the "dvb_net_ule()" function of the "drivers/media/dvb/dvb-core/dvb_net.c" source code file.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=569237

• 10.10.13 - CVE: Not Available
• Platform: Aix
• Title: IBM AIX LDAP Login Local Denial of Service
• Description: IBM AIX is exposed to a local denial of service issue. An attacker can exploit this issue to prevent LDAP authenticated users from logging in, and denying service to legitimate users.
• Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4
  956&myns=paix53&mync=E

• 10.10.14 - CVE: CVE-2010-0659
• Platform: Cross Platform
• Title: WebKit Image Decoder Memory Allocation Remote Code Execution
• Description: WebKit is an application development framework designed to allow browsers to render web pages. The application is exposed to a remote code execution issue because it fails to properly handle a memory allocation failure when decoding images. Specifically, this issue is triggered when processing a GIF file that specifies a large size.
• Ref: http://trac.webkit.org/changeset/52833

• 10.10.15 - CVE: CVE-2010-0620
• Platform: Cross Platform
• Title: EMC HomeBase Server Directory Traversal Remote Code Execution
• Description: EMC HomeBase Server is the server component of the HomeBase backup and restore product. HomeBase Server is exposed to a remote code execution issue because it fails to properly sanitize user-supplied data. Specifically, attackers may use directory traversal sequences (../) to upload malicious content to arbitrary files.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-020/

• 10.10.16 - CVE: Not Available
• Platform: Cross Platform
• Title: MochaSoft FTPDisc "get" Request Remote Denial of Service
• Description: MochaSoft FTPDisc is an FTP Server available for the Apple iPhone and iPod touch. The application is exposed to a remote denial of service issue because it fails to handle crafted "get" requests. MochaSoft FTPDisc version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38382

• 10.10.17 - CVE: CVE-2010-0424
• Platform: Cross Platform
• Title: cronie "crontab" Symbolic Link Local Privilege Escalation
• Description: The "cronie" tool runs specified programs at scheduled times. The application is exposed to a local privilege escalation issue that stems from a race condition in the crontab when setting the "mtime" and "atime" values of temporary files. cronie versions prior to 1.4.4 are affected.
• Ref: http://www.securityfocus.com/bid/38391

• 10.10.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Zhang Boyang FTP Server Remote Denial of Service
• Description: Zhang Boyang FTP Server is an FTP Server available for the Apple iPhone and iPod touch. The application is exposed to a remote denial of service issue because it fails to handle crafted TCP packets. Zhang Boyang FTP Server version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38389

• 10.10.19 - CVE: Not Available
• Platform: Cross Platform
• Title: Kojoney "urllib.urlopen()" Remote Denial of Service
• Description: Kojoney is a low level interaction honeypot that emulates an SSH server. The application is exposed to a remote denial of service issue because it fails to validate user-supplied URIs when emulating the "wget" and "curl" commands. Kojoney versions prior to 0.0.4.2 are affected.
• Ref: http://www.securityfocus.com/archive/1/509713

• 10.10.20 - CVE: CVE-2010-0683
• Platform: Cross Platform
• Title: TIBCO Administrator
• Description: TIBCO Administrator is a component found in multiple TBCO products. It is used to provide authenticated administration services. The application is exposed to a security bypass issue because it fails to properly enforce privileges. This issue affects the "TIBRepoServer5.jar" file. TIBCO Administrator versions 5.4.0 through 5.6.0 are affected.
• Ref: http://www.tibco.com/multimedia/security_advisory_administrator_tcm8-10685.txt

• 10.10.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Weekly Archive by Node Type Module Weekly Summary Security Bypass
• Description: Weekly Archive by Node Type is a module for the Drupal content manager. The module is exposed to a security bypass issue in the weekly summary listings. Specifically, the module fails to construct SQL queries that respect the node access restriction. This will allow attackers to view nodes that are restricted by the node access module.
• Ref: http://drupal.org/node/724286

• 10.10.22 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari Style Tag Remote Memory Corruption
• Description: Apple Safari is a web browser. Safari is exposed to a remote memory corruption issue that can be triggered by an HTML document containing a "style" tag surrounding malformed data. Safari version 4.0.4 is affected.
• Ref: http://www.securityfocus.com/bid/38398

• 10.10.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Symantec Altiris Deployment Solution "dbmanager.exe" Denial of Service
• Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients and handheld devices from a centralized location. Symantec Altiris Deployment Solution is exposed to a remote denial of service issue. Specifically the issue occurs in the "dbmanager.exe" file due to a use-after-free error that can dereference invalid memory. Symantec Altiris Deployment Solution version 6.9 SP3 build 430 is affected.
• Ref: http://www.securityfocus.com/bid/38410

• 10.10.24 - CVE: Not Available
• Platform: Cross Platform
• Title: VKPlayer ".mid" File Processing Buffer Overflow
• Description: VKPlayer is a media player that supports multiple file formats. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when the application parses malformed ".mid" files. VKPlayer version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38423

• 10.10.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Asterisk CIDR Notation in Access Rule Remote Security Bypass
• Description: Asterisk is an open source PBX application available for multiple operating platforms. Asterisk is exposed to a security bypass issue because it fails to properly enforce "permit=" and "deny=" rules in access control lists (ACL).
• Ref: http://downloads.asterisk.org/pub/security/AST-2010-003.html

• 10.10.26 - CVE: Not Available
• Platform: Cross Platform
• Title: XMail Insecure Temporary File Creation
• Description: XMail is a mail server for various platforms including Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, Solaris and Microsoft Windows. The application creates temporary files in an insecure manner. XMail versions prior to 1.27 are affected.
• Ref: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27

• 10.10.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Hitachi JP1/Cm2/Network Node Manager Insecure File Permissions
• Description: Hitachi JP1/Cm2/Network Node Manager is used to manage a network from a single console. Hitachi JP1/Cm2/Network Node Manager Remote Console is exposed to a security issue because it sets insecure file permissions. Successful exploitation allows an attacker to obtain sensitive information or gain escalated privileges.
• Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-002/inde
  x.html

• 10.10.28 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP LCG entropy Unspecified Security
• Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to an unspecified security issue that affects LCG entropy. PHP versions prior to 5.2.13 are affected.
• Ref: http://samy.pl/phpwn/

• 10.10.29 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP "tempnam()" "safe_mode" Validation Restriction Bypass
• Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a "safe_mode" restriction bypass issue. Successful exploits could allow an attacker to access files in unauthorized locations or create files in writable directories. PHP versions 5.2.12 and earlier are affected.
• Ref: http://www.php.net/releases/5_2_13.php

• 10.10.30 - CVE: CVE-2010-0427
• Platform: Cross Platform
• Title: Todd Miller Sudo "runas_default" Local Privilege Escalation
• Description: Todd Miller "sudo" is a widely used Linux/Unix command that allows users to securely run commands as the superuser or as other users. The utility is exposed to a local privilege escalation issue when "runas_default" is used. "sudo" versions prior to 1.6.9p21 are affected.
• Ref: http://www.securityfocus.com/bid/38432

• 10.10.31 - CVE: Not Available
• Platform: Cross Platform
• Title: FileExecutive Multiple Remote Vulnerabilities
• Description: FileExecutive is a file manager. The application is exposed to multiple remote issues: 1) A cross-site request forgery issue may allow attackers to add new administrator users and edit administrator credentials. 2) An arbitrary file upload issue affects the "index.php" script. 3) An arbitrary file disclosure issue affects the "file" parameter of the "download.php" script. 4) A path disclosure issue affects the "dir" parameter of the "listdir.php" script. FileExecutive version 1.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/38433

• 10.10.32 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari "background" attribute Remote Denial of Service
• Description: Apple Safari is a web browser. Apple Safari is exposed to a remote denial of service issue. Specifically, the issue arises when the browser processes an HTML file with excessive amounts of string values supplied via the "background" attribute of the HTML <body> tag. Safari versions 4.0.4 and 4.0.3 are affected.
• Ref: http://www.securityfocus.com/bid/38447

• 10.10.33 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM Domino Web Access Prior to 229.281 Unspecified Security Vulnerabilities
• Description: IBM Domino Web Access facilitates web access to Domino-based mail, calendar, schedule, to-do lists, contact lists and notebooks for Lotus Domino users. Domino Web Access is also known as Lotus iNotes. The application is exposed to multiple unspecified issues that affect the "Ultralite" component of Domino Web Access. IBM Lotus Domino Web Access version 8.0.2 FP4 prior to Hotfix 229.281 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27018109

• 10.10.34 - CVE: CVE-2009-2753
• Platform: Cross Platform
• Title: IBM Informix Dynamic Server "librpc.dll" Multiple Buffer Overflow Vulnerabilities
• Description: IBM Informix Dynamic Server is an application server that runs on various platforms. IBM Informix Dynamic Server is exposed to a stack-based buffer overflow issue and a heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. These issues affect the "librpc.dll" library which is used by ISM Portmapper service ("portmap.exe") listening on TCP port 36890 by default.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-022/

• 10.10.35 - CVE: CVE-2010-0156
• Platform: Cross Platform
• Title: Reductive Labs Puppet "/tmp" Insecure File Permissions Vulnerabilities
• Description: Puppet is a configuration management system. Puppet is exposed to multiple insecure file permission issues. Specifically, these issues occur because the application creates the multiple files in the "/tmp" directory with insecure permissions.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=502881

• 10.10.36 - CVE: Not Available
• Platform: Cross Platform
• Title: MochaSoft FTPDisc Multiple Remote Denial of Service Vulnerabilities
• Description: MochaSoft FTPDisc is an FTP Server available for the Apple iPhone and iPod touch. The application is exposed to multiple remote denial of service issues because it fails to handle crafted "USER", "CWD" and "DELE" requests. MochaSoft FTPDisc version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38475

• 10.10.37 - CVE: CVE-2010-0205
• Platform: Cross Platform
• Title: Libpng "png_decompress_chunk()" Function Denial of Service
• Description: The "libpng" library is a PNG reference library. The library is exposed to a remote denial of service issue. Specifically, when parsing PNG files containing highly compressed ancillary chunks, the "png_decompress_chunk()" function in the affected library can consume an excessive amount of resources. libpng versions prior to 1.4.1, 1.2.43, and 1.0.53 are affected.
• Ref: http://www.kb.cert.org/vuls/id/576029

• 10.10.38 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: TRUC "login_reset_password_page.php" Cross-Site Scripting
• Description: TRUC is a web-based application for tracking requirements and use cases. It is implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "error" parameter of the "login_reset_password_page.php' script. TRUC version 0.11.0 is affected.
• Ref: http://www.securityfocus.com/bid/38445

• 10.10.39 - CVE: CVE-2010-0661
• Platform: Web Application - Cross Site Scripting
• Title: WebKit "window.open()" method Cross-Domain Scripting
• Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. The application is exposed to a cross-domain scripting issue because it fails to properly enforce the same origin policy. This issue affects the "window.open()" function of the "WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp" source file. WebKit versions prior to r52401 are affected.
• Ref: http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

• 10.10.40 - CVE: CVE-2010-0640
• Platform: Web Application - Cross Site Scripting
• Title: Computer Associates eHealth Performance Manager Web Interface Cross-Site Scripting
• Description: Computer Associates eHealth Performance Manager is an application for managing the performance of network applications and services. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue affects the application's web interface. Computer Associates eHealth Performance Manager version 6.0.x, 6.1.x, and 6.2.x are affected.
• Ref: http://seclists.org/fulldisclosure/2010/Feb/415

• 10.10.41 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Softbiz Jobs "sbad_type" Parameter Cross-Site Scripting
• Description: Softbiz Jobs is a PHP-based script for job recruitment. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "sbad_type" parameter of the "addad.php" script.
• Ref: http://www.securityfocus.com/bid/38383

• 10.10.42 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MySmartBB Multiple Cross-Site Scripting Vulnerabilities
• Description: MySmartBB is a bulletin board application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data supplied via various PHP predefined variables. MySmartBB version 1.7.0 is affected.
• Ref: http://www.securityfocus.com/bid/38385

• 10.10.43 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Sawmill Unspecified Cross-Site Scripting
• Description: Sawmill is a log analysis and reporting application. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. Sawmill versions prior to 7.2.18 are affected.
• Ref: http://www.sawmill.net/version_history7.html

• 10.10.44 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Multiple IBM Products Login Page Cross-Site Scripting
• Description: IBM Lotus Web Content Management is a suite of web-based applications for Windows, Unix and Sun platforms. IBM WebSphere Portal is a content manager for enterprises. IBM Lotus Quickr is a web-based collaboration software designed for sharing documents and media. The applications are exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the login page.
• Ref: http://trac.webkit.org/changeset/52833

• 10.10.45 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: tDiary TrackBack Transmission Plugin Cross-Site Scripting
• Description: tDiary is a web-based diary application implemented in Ruby. The application is exposed to a cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to an unspecified parameter of the TrackBack transmission ("tb-send.rb") module. tDiary versions prior to 2.2.3 are affected.
• Ref: http://www.securityfocus.com/bid/38413

• 10.10.46 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Hitachi Multiple Products Unspecified Cross-Site Scripting
• Description: Multiple Hitachi products are exposed to a cross-site scripting issue because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-001/inde
  x.html

• 10.10.47 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ARISg "wflogin.jsp" Cross-Site Scripting
• Description: ARISg is a Java-based application for drug reporting (pharmacovigilance). The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "errmsg" parameter of the "wflogin.jsp" script. ARISg version 5.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/509758

• 10.10.48 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Oracle Siebel "loyalty_enu/start.swe" Cross-Site Scripting
• Description: Oracle Siebel is a customer relationship management application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the URI of the "htim_enu/start.swe" page. Oracle Siebel versions 7.7 and 7.8 are affected.
• Ref: http://www.securityfocus.com/archive/1/509774

• 10.10.49 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ExtCalendar "upgrade.php" Cross-Site Scripting
• Description: ExtCalendar is a PHP-based web calendar application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "html_footer()" function of the "upgrade.php" script before using it in an SQL query. ExtCalendar version 2.0 beta is affected.
• Ref: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4928.php

• 10.10.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MarketGate Package for Eshbel Priority ERP "Referer" Parameter Cross-Site Scripting
• Description: The MarketGate Package for Eshbel Priority ERP is an application suite for businesses. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the HTTP Referer field of the "priorSysMan.htm" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/archive/1/509792

• 10.10.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Discuz! "uid" Parameter Cross-Site Scripting
• Description: Discuz! is web-based forum software. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "uid" parameter of the "eccredit.php" script. Discuz! version 6.0.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/509800

• 10.10.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Sparta Systems TrackWise EQMS Multiple Cross-Site Scripting Vulnerabilities
• Description: Sparta Systems TrackWise EQMS is a web-based quality management solution. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
• Ref: http://www.securityfocus.com/archive/1/509792/30/0/threaded

• 10.10.53 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Pre Multi-Vendor E-Commerce Solution "detail.php" SQL Injection
• Description: Pre Multi-Vendor E-Commerce Solution is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "prodid" parameter of the "detail.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38377

• 10.10.54 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: MASA2EL Music City "index.php" Multiple SQL Injection Vulnerabilities
• Description: MASA2EL Music City is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. MASA2EL Music City version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38378

• 10.10.55 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Softbiz Jobs "moredetails.php" SQL Injection
• Description: Softbiz Jobs is a PHP-based script for job recruitment. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sblink_id" parameter of the "moredetails.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38390

• 10.10.56 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Bispage Content Manager Admin Page SQL Injection
• Description: Bispage Content Manager is an ASPX-based application for developing websites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "User Name" and "Password" fields of the "admin" page before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38392

• 10.10.57 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Softbiz Auktios Multiple SQL Injection Vulnerabilities
• Description: Softbiz Auktios is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/38399

• 10.10.58 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: HD FLV Player Component for Joomla! "id" Parameter SQL Injection
• Description: HD FLV Player is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of "com_hdflvplayer" before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38401

• 10.10.59 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: shortCMS "printview.php" SQL Injection
• Description: shortCMS is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "pvid" parameter of the "printview.php" script before using it in an SQL query. shortCMS version 1.11F (B) is affected.
• Ref: http://www.securityfocus.com/bid/38403

• 10.10.60 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Softbiz Classifieds PLUS Script Multiple SQL Injection Vulnerabilities
• Description: The Softbiz Classifieds PLUS script is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/38407

• 10.10.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: GameScript "index.php" SQL Injection
• Description: GameScript is a PHP-based content manager for online games. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" script when the "action" parameter is set to "category". GameScript version 3.0 is affected.
• Ref: http://www.securityfocus.com/bid/38414

• 10.10.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: JSK Internet WebAdministrator "download.php" SQL Injection
• Description: JSK Internet WebAdministrator is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "s" parameter of the "download.php" script before using it in an SQL query. JSK Internet WebAdministrator Lite is affected.
• Ref: http://www.securityfocus.com/bid/38416

• 10.10.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Softbiz Recipes Portal and Link Directory Script "showcats.php" SQL Injection
• Description: Softbiz Recipes Portal and Link Directory Script are PHP-based scripts for sharing online information. These applications are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "sbcat_id" parameter of the "showcats.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38418

• 10.10.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Entry Level CMS "index.php" SQL Injection
• Description: Entry Level CMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "subj" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/38422

• 10.10.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Pre Classified Listings "signup.asp" SQL Injection
• Description: Pre Classified Listings is an ASP-based application for managing classifieds. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "email" parameter of the "signup.asp" script.
• Ref: http://www.securityfocus.com/bid/38446

• 10.10.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SLAED CMS SQL Injection
• Description: SLAED CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "index.php" script. SLAED CMS version 4 is affected.
• Ref: http://www.securityfocus.com/bid/38452

• 10.10.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! "com_yanc" Component "listid" Parameter SQL Injection
• Description: The "com_yanc" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "listid" parameter before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38454

• 10.10.68 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Uiga Fan Club and Personal Portal "id" Parameter SQL Injection
• Description: Uiga Fan Club is a fan page application. Uiga Personal Portal is a web portal application. The applications are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" script when the "view" parameter is set to "photo".
• Ref: http://www.securityfocus.com/bid/38464

• 10.10.69 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Blax Blog "girisyap.php" SQL Injection
• Description: Blax Blog is a PHP-based blogging application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "username" and "password" fields of the "admin/girisyap.php" script. Blax Blog version 0.1 is affected.
• Ref: http://www.securityfocus.com/bid/38465

• 10.10.70 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Uiga Fan Club Login Multiple SQL Injection Vulnerabilities
• Description: Uiga Fan Club is a PHP-based fan page application. The application is exposed to multiple SQL injection issues because it fails to adequately sanitize user-supplied input to the "Username" and "Password" fields when logging in as an administrator via the "admin/admin_login.php" script. Uiga Fan Club version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38466

• 10.10.71 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Scriptsfeed Business Directory Software
• Description: Scriptsfeed Business Directory Software is a PHP-based online directory application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "us" and "ps" parameters of the "login.php" script.
• Ref: http://www.securityfocus.com/bid/38470

• 10.10.72 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: 1024 CMS "id" Parameter SQL Injection
• Description: 1024 CMS is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "rss.php" script. 1024 CMS version 2.1.1 is affected.
• Ref: http://www.securityfocus.com/bid/38476

• 10.10.73 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: My Little Forum "contact.php" SQL Injection
• Description: My Little Forum is a PHP-based web forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "contact.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/38485

• 10.10.74 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Phptroubleticket "vedi_faq.php" SQL Injection
• Description: Phptroubleticket is a PHP-based IT service management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "vedi_faq.php" script before using it in an SQL query. Phptroubleticket version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/38486

• 10.10.75 - CVE: Not Available
• Platform: Web Application
• Title: WikyBlog Multiple Remote Input Validation Vulnerabilities
• Description: WikyBlog is a combined wiki and blog application implemented in PHP and MySQL. The application is exposed to multiple security issues. 1) An arbitrary file upload issue that occurs because the application fails to sufficiently sanitize user-supplied input. 2) A cross-site scripting issue that affects the "which" parameter of the "index.php/Special/Main/Templates" script. 3) A session fixation issue that exists due to a design error when handling sessions. 4) A remote file include issue that presents itself because the application fails to properly sanitize user-supplied input to the "langFile" parameter of the "include/WBmap.php" script. WikyBlog version 1.7.3rc2 is affected.
• Ref: http://www.securityfocus.com/bid/38386

• 10.10.76 - CVE: Not Available
• Platform: Web Application
• Title: SilverStripe Multiple Remote Vulnerabilities
• Description: SilverStripe is a PHP-based content management system. The application is exposed to multiple remote issues. 1) A cross-site scripting issue is present because the application fails to sufficiently sanitize user-supplied data. 2) The application is exposed to multiple information disclosure issues. SilverStripe versions prior to 2.3.6 are affected.
• Ref: http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd
  7926ed2725?tvc=2&fwc=1&pli=1

• 10.10.77 - CVE: Not Available
• Platform: Web Application
• Title: PHP F1 Max's Photo Album "admin.php" Arbitrary File Upload
• Description: Max's Photo Album is a PHP-based web application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input before uploading files via the "admin.php" script.
• Ref: http://www.securityfocus.com/bid/38400

• 10.10.78 - CVE: Not Available
• Platform: Web Application
• Title: OpenInferno OI.Blogs Multiple Local File Include Vulnerabilities
• Description: OI.Blogs is a PHP-based blogging application. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the web server process. OpenInferno OI.Blogs version 1.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/38402

• 10.10.79 - CVE: Not Available
• Platform: Web Application
• Title: Facebook-style Statuses Module User Status Security Bypass
• Description: Facebook-style Statuses is a module for the Drupal content manager. The module is exposed to a security bypass issue in the weekly summary listings. Specifically, a design error in the application may allow an attacker to overwrite another user's status if it's posted within 10 seconds after the victim has posted their status message.
• Ref: http://drupal.org/node/724842

• 10.10.80 - CVE: Not Available
• Platform: Web Application
• Title: PBoard "upload/index.php" Remote File Upload
• Description: PBoard is a PHP-based bulletin board. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input. This issue affects the avatar upload feature in the "upload/index.php" script. PBoard version 2.0.5 is affected.
• Ref: http://www.securityfocus.com/bid/38406

• 10.10.81 - CVE: Not Available
• Platform: Web Application
• Title: Article Friendly Security Bypass
• Description: Article Friendly is a PHP-based application for publishing articles. The application is exposed to a security bypass issue because it fails to properly validate certain HTTP requests. Specifically an attacker may create an arbitrary user with admin privileges by enticing a logged-in administrator to visit a crafted site.
• Ref: http://www.articlefriendly.com/updates.html

• 10.10.82 - CVE: Not Available
• Platform: Web Application
• Title: Newbie CMS Insecure Cookie Authentication Bypass
• Description: Newbie CMS is a web application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Specifically, attackers can gain administrative access to the application by setting the "nb_logged" cookie parameter to an administrator's username and the "path" parameter to "/newbb/admin/" via the "admin/config.php" script. Newbie CMS versions prior to 0.03 are affected.
• Ref: http://newbie-cms.com/forum/index.php?action=vthread&forum=1&topic=1#msg
  1

• 10.10.83 - CVE: Not Available
• Platform: Web Application
• Title: Arab Cart "showimg.php" Cross-Site Scripting and SQL Injection Vulnerabilities
• Description: Arab Cart is a PHP-based ecommerce application. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sanitize user-supplied input to the "id" parameter of the "showimg.php" script. Arab Cart version 1.0.2.0 is affected.
• Ref: http://www.securityfocus.com/bid/38426

• 10.10.84 - CVE: Not Available
• Platform: Web Application
• Title: Ceondo InDefero Unauthorized Access
• Description: InDefero is a web application for developing software. The application is exposed to an unauthorized access issue because it fails to adequately limit authenticated users' access to other users' projects. Specifically, the git-serving component may allow users with a valid SSH key to access restricted files in read-only mode when an attacker knows the short name of a target project. InDefero versions prior to 0.8.10 are affected.
• Ref: http://www.ceondo.com/ecte/2010/02/indefero-security-vulnerability

• 10.10.85 - CVE: Not Available
• Platform: Web Application
• Title: Website Baker "framework/class.wb.php" Security Bypass
• Description: Website Baker is a PHP-based content manager. The application is exposed to a security bypass issue because it fails to properly enforce security restrictions. Specifically, an attacker can exploit the "print_error()" function of the "framework/class.wb.php" script to impersonate a registered user. Website Baker version 2.8.0 is affected.
• Ref: http://www.websitebaker2.org/forum/index.php/topic,15519.0.html

• 10.10.86 - CVE: Not Available
• Platform: Web Application
• Title: TYPO3 OpenID Module Backend User Account Security Bypass
• Description: OpenID is a third party extension for the TYPO3 content manager. The OpenID module included in TYPO3 is exposed to a security bypass issue. Specifically, attackers can log in to the TYPO3 backend by using a backend user account's OpenID identity. TYPO3 version 4.3.0 is affected.
• Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/

• 10.10.87 - CVE: Not Available
• Platform: Web Application
• Title: Crawlability vBSEO "vbseo.php" Local File Include
• Description: vBSEO is a PHP-based application for optimizing search engines. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "vbseourl" file of the "vbseo.php" script. vBSEO version 3.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/38439

• 10.10.88 - CVE: CVE-2010-0688
• Platform: Web Application
• Title: Orbital Viewer ".orb" File Stack-Based Buffer Overflow
• Description: Orbital Viewer is an application for viewing ".orb" files. The application is exposed to a stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when a specially crafted ".orb" file is opened. Orbital Viewer version 1.04 is affected.
• Ref: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-011-or
  bital-viewer-orb-buffer-overflow/

• 10.10.89 - CVE: Not Available
• Platform: Web Application
• Title: Nemo Multiple File Attachments Mail Form "upload.php" Arbitrary File Upload
• Description: Nemo Multiple File Attachments Mail Form is a PHP-based application for handling email attachments. The application is exposed to an issue that lets attackers upload arbitrary files. Specifically, the issue occurs because the application fails to adequately sanitize file extensions before uploading files to the web server through the "upload.php" script. Nemo Multiple File Attachments Mail Form PRO-V2 is affected.
• Ref: http://www.securityfocus.com/bid/38443

• 10.10.90 - CVE: Not Available
• Platform: Web Application
• Title: Open Educational System "CONF_INCLUDE_PATH" Parameter Multiple Remote File Include Vulnerabilities
• Description: Open Educational System is an open source e-learning application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Open Educational System version 0.1 beta and earlier are affected.
• Ref: http://www.securityfocus.com/bid/38449

• 10.10.91 - CVE: Not Available
• Platform: Web Application
• Title: SLAED CMS Remote File Upload
• Description: SLAED CMS is a PHP-based content manager. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input. This issue affects upload feature accessible via the "index.php" script. Uploaded content can be accessed via the "sd/uploads/files/temp/" directory. SLAED CMS version 4 is affected.
• Ref: http://www.securityfocus.com/bid/38450/

• 10.10.92 - CVE: Not Available
• Platform: Web Application
• Title: SLAED CMS Multiple Remote File Include Vulnerabilities
• Description: SLAED CMS is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "file" and "name" parameters of the "index" script. SLAED CMS version 4 is affected.
• Ref: http://www.securityfocus.com/bid/38451

• 10.10.93 - CVE: Not Available
• Platform: Web Application
• Title: SLAED CMS Installation Script Unauthorized Access
• Description: SLAED CMS is a PHP-based content manager. SLAED CMS is exposed to an unauthorized access issue that allows attackers to gain access to installation scripts. This issue arises because the application fails to implement access controls in a proper manner. SLAED CMS 4 is affected.
• Ref: http://www.securityfocus.com/bid/38453

• 10.10.94 - CVE: Not Available
• Platform: Web Application
• Title: Article Friendly "filename" Parameter Local File Include
• Description: Article Friendly is a PHP-based article publishing application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "filename" parameter of the "admin/index.php" script. Article Friendly Pro is affected.
• Ref: http://www.securityfocus.com/bid/38461

• 10.10.95 - CVE: Not Available
• Platform: Web Application
• Title: DeDeCMS
• Description: DeDeCMS is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input. Specifically, the application allows users to gain unauthorized access to the application by setting the "_SESSION[dede_admin_id]" parameter to 1. DeDeCMS GBK version 5.5 is affected.
• Ref: http://www.securityfocus.com/bid/38469

• 10.10.96 - CVE: Not Available
• Platform: Network Device
• Title: TrendNet TV-IP110W Missing Authentication Check Security Bypass
• Description: TrendNet TV-IP110W is a wireless security camera. TrendNet TV-IP110W is exposed to a security bypass issue due to the fact that an authentication check is missing from the firmware. Firmware versions prior to TrendNet TV-IP110W 1.1.0.93 are affected.
• Ref: http://www.securityfocus.com/bid/38482

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.