@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 12
March 18, 2010

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

- Category
- # of Updates & Vulnerabilities
- Summary of Updates and Vulnerabilities in this Consensus
- Platform Number of Updates and Vulnerabilities
- - ------------------------ -------------------------------------
- Windows
- 1 (#5)
- Other Microsoft Products
- 1
- Third Party Windows Apps
- 11 (#3)
- Linux
- 4
- BSD
- 1
- Unix
- 1
- Novell
- 1
- Cross Platform
- 51 (#1, #2, #4, #6)
- Web Application - Cross Site Scripting 21
- Web Application - SQL Injection 51
- Web Application
- 53
- Network Device
- 5

************************ Sponsored By SANS **********************

Join other professionals of the EU forensic community and meet local experts at the 2010 European Community Digital Forensics & Incident Response Summit April 19-20. Discuss the latest processes and technologies for effective incident response and mitigation, forensic analysis, and recovery as a result of a data breach in any size

organization.

http://www.sans.org/info/56333

******************************************************************

TRAINING UPDATE

-- SANS Northern Virginia Bootcamp 2010, April 6-13 Bonus evening presentations include Safe Surfing: How to Surf the Net Without Getting PWND

http://www.sans.org/reston-2010/

-- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

http://www.sans.org/security-west-2010/

-- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

-- SANSFIRE Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

-- SANS Boston 2010, June 6-14, 2010 11 courses

http://www.sans.org/boston-2010/

Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Dubai, Geneva, Toronto, Singapore and Amsterdam all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

(1) CRITICAL: Apple Safari Multiple Vulnerabilities
(2) MODERATE: SAP MaxDB Handshake Request Buffer Overflow Vulnerability
(3) MODERATE: RemoteExec Buffer Overflow Vulnerability
(4) MODERATE: Skype URI Handling Information Disclosure Vulnerability
(5) LOW: Microsoft Windows Help File Processing Vulnerability
(6) LOW: Skype URI Handling XML File Deletion Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

*************************** Sponsored Link ***********************

1) Hear the experts talk about the Advanced Persistent Threat at the Process Control and SCADA Summit March 29-30.

http://www.sans.org/info/56338

******************************************************************

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems.

Widely Deployed Software

(1) CRITICAL: Apple Safari Multiple Vulnerabilities
Affected:
- Safari 4 (Windows)
- Safari 4 (Mac OS X 10.6)
- Safari 4 (Mac OS X 10.5)
- Safari 4 (Mac OS X 10.4)
Description: Safari, Apple's web browser for Mac OS X and Microsoft Windows, contains multiple vulnerabilities in its handling of a variety of inputs. The first issue is an integer overflow vulnerability in ColorSync and it can triggered by a specially crafted image with an embedded color profile. The second issue is a buffer underflow vulnerability in ImageIO in the way it handles TIFF images. The third issue is an uninitialized memory access error in ImageIO and it can be triggered by a specially crafted BMP image. The fourth issue is a memory corruption error while handling certain TIFF images. The fifth issue is an implementation error in the way cookies, that are set by RSS and Atom feeds, are handled. The sixth issue is an error in the handling of the external URL schemes, which might result in opening of a local file. The seventh issue is a use-after-free error in WebKit in the way it handles HTML object element fallback content. The eight issue is a use-after-free error in WebKit in the way it parses XML documents. The ninth issue is a use-after-free error in WebKit in the way it handles HTML elements that has right-to-left text. the tenth issue is a use-after-free error in WebKit in the way it incorrectly handles nested HTML tags. The eleventh issue is an implementation error in WebKit when it handles cross-origin stylesheet requests. The twelfth issue is a use-after-free error in WebKit in the way it handles callbacks for certain HTML elements. The thirteenth issue is a use-after-free error in WebKit in the way it renders content with CSS display property set to "run-in". The fourteenth issue is a use-after-free error in WebKit in the way it handles HTML image elements. In most of the cases, successful exploitation might result in remote code execution. Some technical details for some of the vulnerabilities are publicly available.
Status: Vendor confirmed, updates available.
References:

(2) MODERATE: SAP MaxDB Handshake Request Buffer Overflow Vulnerability
Affected:
- SAP MaxDB 7.6.6
- SAP MaxDB 7.6.3 build 007
- SAP MaxDB 7.6.03.15
- SAP MaxDB 7.6.00.37
- SAP MaxDB 7.6.0.37
- SAP MaxDB 7.4.3.32
Description: SAP MaxDB is a popular enterprise database system. A buffer overflow vulnerability is identified in this product which can be triggered by a specially crafted request packet to TCP port 7210. The issue is caused by inadequate sanity checks done by "serv.exe" process on incoming handshake packets. The "serv.exe" process listens on TCP port 7210 by default. Successful exploitation might allow an attacker to execute arbitrary code with SYSTEM privileges. Authentication is not required to exploit this vulnerability. Some technical details for the vulnerability are publicly available.
Status: Vendor confirmed, updates available.
References:
- Zero Day Initiative Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-032
- Product Home Page
- https://www.sdn.sap.com/irj/sdn/maxdb
- SecurityFocus BID
- http://www.securityfocus.com/bid/38769

(3) MODERATE: RemoteExec Buffer Overflow Vulnerability
Affected:
- RemoteExec versions prior to 4.05
Description: RemoteExec is a Microsoft Windows Network Management application from IS Decisions. A buffer overflow vulnerability has been reported in RemoteExec, which can be triggered by tricking a user into loading a specially crafted RemoteExec Computer List file. The specific flaw is a boundary error while processing ".rec" (RemoteExec Computer List) files with an overlong line. Successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user. Some technical details for the vulnerability are publicly available.
Status: Vendor confirmed, updates available.
References:
- Vendor Security Update
- http://blog.isdecisions.com/post/452928936/security-update-for-remoteexec
- Product Update Release
- http://www.isdecisions.com/en/software/REMOTEEXEC/history.cfm
- Product Home Page
- http://www.isdecisions.com/en/software/remoteexec/
- Secunia Advisory SA38733
- http://secunia.com/advisories/38733/
- SecurityFocus BID
- http://www.securityfocus.com/bid/38763

(4) MODERATE: Skype URI Handling Information Disclosure Vulnerability
Affected:
- Skype versions prior to 4.2.0.1.55 (v4.2 hotfix #1)
Description: Skype from Skype Technologies is a popular software application that provides for Internet-based voice communications. A vulnerability has been identified in Skype that might allow an attacker to bypass security restrictions and gain knowledge of certain sensitive information. This is caused by an error in the way Skype parses arguments that are passed by the 'skype:' protocol handler. The vulnerable application does not perform sufficient sanity checks on the "/datapath" arguments, and if the crafted argument is pointing to a malicious remote SMB share then the attacker might be able to manipulate and gain access to sensitive information. Full technical details for the vulnerability are publicly available.
Status: Vendor confirmed, updates available.
References:
- Vendor Release Notes
- https://developer.skype.com/WindowsSkype/ReleaseNotes
- Zero Day Initiative Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-027
- Security-Assessment Advisory
- http://www.security-assessment.com/files/advisories/Skype_URI_Handling_Vulnerabi
  lity.pdf
- Wikipedia Article on Skype
- http://en.wikipedia.org/wiki/Skype
- Vendor Home Page
- http://www.skype.com/
- SecurityFocus BID
- http://www.securityfocus.com/bid/38699

(5) LOW: Microsoft Windows Help File Processing Vulnerability
Affected:
- Microsoft Windows XP Professional x64 Edition SP3
- Microsoft Windows XP Professional x64 Edition SP2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows XP Professional SP3
- Microsoft Windows XP Professional SP2
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Media Center Edition SP3
- Microsoft Windows XP Media Center Edition SP2
- Microsoft Windows XP Media Center Edition SP1
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP Home SP3
- Microsoft Windows XP Home SP2
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP 64-bit Edition Version 2003 SP1
- Microsoft Windows XP 64-bit Edition Version 2003
- Microsoft Windows XP 64-bit Edition SP1
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP 0
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
Description: A remote command execution vulnerability has been confirmed in MS HTML Help ActiveX control. It has a method which is used to open CHM files from the same directory where the application resides. This can be used by an attacker to load incorrect CHM files residing in the same directory as the application invokes help from, for e.g. a specially crafted notepad.chm file and execute arbitrary commands. User interaction is required to exploit this vulnerability. The user has to be tricked into opening a file, followed by pressing F1 in the document to invoke a help file and finally followed by clicking on a topic in the left pane of the Help window. Full technical details for the vulnerability are publicly available.
Status: Vendor not confirmed, no updates available.
References:
- Secumania Security Group Advisory
- http://www.secumania.net/include/files/mswin-notepad-vuln-adv.pdf
- Vendor Home Page
- http://www.microsoft.com/windows/default.mspx
- Secunia Advisory SA38916
- http://secunia.com/advisories/38916/
- SecurityFocus BID
- http://www.securityfocus.com/bid/38661

(6) LOW: Skype URI Handling XML File Deletion Vulnerability
Affected:
- Skype version 4.2.0.1.55 and prior
Description: Skype from Skype Technologies is a popular software application that provides for Internet-based voice communications. A vulnerability has been identified in Skype that might allow an attacker to delete arbitrary XML files from vulnerable Skype installations. The issue is caused by an error in the way Skype handles 'skype-plugin:' protocol. A specially crafted URI with a 'save_pxml' command can be used by an attacker to trigger this vulnerability. User interaction is required to carry out this attack since the user will have to be tricked into clicking on the crafted URI. Some technical details for the vulnerability are publicly available.
Status: Vendor not confirmed, no updates available.
References:
- Zero Day Initiative Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-028
- Wikipedia Article on Skype
- http://en.wikipedia.org/wiki/Skype
- Vendor Home Page
- http://www.skype.com/
- Secunia Advisory SA38875
- http://secunia.com/advisories/38875/

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 12, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 12, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 8320 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

10.12.1 - CVE: Not Available
Platform: Windows
Title: Microsoft Windows Help File Relative Path Remote Command Execution
Description: Microsoft Windows includes a help system that can be accessed from various applications. Help documents may be stored in ".chm" files. Windows is exposed to a remote command execution issue because it may open ".chm" help files from unsafe locations. Windows 2000 and XP are affected.
Ref: http://secumania.net/index.php?option=com_content&task=view&id=37

10.12.2 - CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Virtual PC Hypervisor Virtual Machine Monitor Security Bypass
Description: Microsoft Virtual PC Hypervisor is a hypervisor based technology used to provide a virtualization platform. Microsoft Virtual PC Hypervisor is exposed to a security bypass issue due to a memory management issue that exists in the Virtual Machine Monitor of the Virtual PC. Virtual PC 2007, Virtual PC 2007 SP1, Windows Virtual PC, Virtual Server 2005 and Windows 7 XP Mode are affected.
Ref: http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=
advisory&name=CORE-2009-0803

10.12.3 - CVE: CVE-2009-4001
Platform: Third Party Windows Apps
Title: XnView DICOM Image Processing Integer Overflow
Description: XnView is a graphics application available for Microsoft Windows. XnView is exposed to a remote integer overflow issue that occurs when decoding DICOM image data. XnView versions prior to 1.97.2 are affected.
Ref: http://secunia.com/secunia_research/2009-60/

10.12.4 - CVE: Not Available
Platform: Third Party Windows Apps
Title: httpdx PNG File Handling Remote Denial of Service
Description: The "httpdx" program is an HTTP and FTP server for Microsoft Windows. The "httpdx" program is exposed to a denial of service issue that occurs when the server handles a specially crafted PNG file. httpdx version 1.5.3 is affected.
Ref: http://www.securityfocus.com/bid/38638

10.12.5 - CVE: Not Available
Platform: Third Party Windows Apps
Title: NovaPlayer ".mp3" File Buffer Overflow
Description: NovaPlayer is a multimedia player available for Microsoft Windows. NovaPlayer is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".mp3" file. NovaPlayer version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/38659

10.12.6 - CVE: Not Available
Platform: Third Party Windows Apps
Title: Authentium Command On Demand ActiveX Control Multiple Buffer Overflow Vulnerabilities
Description: Authentium Command On Demand Online scanner is a web-based antivirus tool. The CSS Web Installer ActiveX control in Authentium Command On Demand Online scanner is exposed to multiple buffer overflow issues. Command On Demand CSS Web Installer ActiveX version 1.4.9508.605 is affected.
Ref: http://www.securityfocus.com/archive/1/509856

10.12.7 - CVE: Not Available
Platform: Third Party Windows Apps
Title: J. River Media Jukebox ".mp3" File Remote Heap Buffer Overflow
Description: J. River Media Jukebox is a media player; it is available for Microsoft Windows. The application is exposed to a remote heap-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing an ".mp3" audio file containing crafted ID3 metadata tags. Media Jukebox version 12 is affected.
Ref: http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4930.php

10.12.8 - CVE: Not Available
Platform: Third Party Windows Apps
Title: BS.Player ".mp3" File Buffer Overflow
Description: BS.Player is a multimedia player available for Microsoft Windows. BS.Player is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing an '.mp3' audio file containing crafted ID3 metadata tags. BS.Player version 2.51 Build 1022 is affected.
Ref: http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4932.php

10.12.9 - CVE: Not Available
Platform: Third Party Windows Apps
Title: K-Lite Codec Pack "StatsReader.exe" Program ".stats" File Processing Buffer Overflow
Description: K-Lite Codec Pack is a collection of codecs and related tools. "StatsReader.exe" is a program of K-Lite Codec Pack. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied input. The issue occurs when the application handles specially crafted ".stats" files.
Ref: http://www.securityfocus.com/bid/38716

10.12.10 - CVE: Not Available
Platform: Third Party Windows Apps
Title: httpdx Multiple Remote Denial of Service Vulnerabilities
Description: httpdx is an HTTP/FTP server for Microsoft Windows. The application is exposed to multiple remote denial of service issues because it fails to handle crafted "USER" and "PASS" requests. httpdx version 1.5.3b is affected.
Ref: http://www.securityfocus.com/bid/38718

10.12.11 - CVE: Not Available
Platform: Third Party Windows Apps
Title: K-Lite Mega Codec AVI File Processing Remote Denial of Service
Description: K-Lite Mega Codec is a collection of codecs and related tools for playing various media formats on media players for Microsoft Windows platforms. Mega Codec is exposed to a remote denial of service issue that occurs when an application handles a specially crafted ".avi" file. Mega Codec version 5.8.0 is affected.
Ref: http://www.securityfocus.com/bid/38733

10.12.12 - CVE: Not Available
Platform: Third Party Windows Apps
Title: WFTPD "REST" Command Remote Denial of Service
Description: WFTPD is an FTP server available for Microsoft Windows. The application is exposed to a remote denial of service issue because it fails to handle invalid values for the "REST" command. WFTPD Server version 3.30 and Pro version 3.30 are affected.
Ref: http://www.securityfocus.com/bid/38762

10.12.13 - CVE: Not Available
Platform: Third Party Windows Apps
Title: IS Decisions RemoteExec ".rec" File Remote Buffer Overflow
Description: IS Decisions RemoteExec is a computer management application available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".rec" file. IS Decisions RemoteExec version 4.04 is affected.
Ref: http://www.isdecisions.com/en/software/remoteexec/history.cfm

10.12.14 - CVE: Not Available
Platform: Linux
Title: McAfee LinuxShield "nailsd" Daemon Remote Code Execution
Description: McAfee LinuxShield is an antivirus application available for the Linux operating system. McAfee LinuxShield is exposed to a remote code execution issue that affects the "nailsd" daemon, which listens on TCP port 65443 by default. McAfee LinuxShield versions 1.5.1 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/509816

10.12.15 - CVE: CVE-2010-0792
Platform: Linux
Title: Fcron "fcrontab" Symbolic Link Arbitrary File Access Vulnerabilities
Description: Fcron is a periodical command scheduler for Unix and Linux platforms. The application is exposed to multiple arbitrary file access issues that occur due to race condition issues in the "fcrontab" program. Fcron versions prior to 3.0.5 are affected.
Ref: http://seclists.org/fulldisclosure/2010/Mar/97

10.12.16 - CVE: Not Available
Platform: Linux
Title: Linux Kernel KVM "hvc_console.c" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service issue that affects the Kernel-based Virtual Machine. Specifically, this issue is caused by a race condition between the "hvc_remove()" and "hvc_close()" functions in the "drivers/char/hvc_console.c" source code file.
Ref: http://patchwork.kernel.org/patch/83353/

10.12.17 - CVE: CVE-2010-0729
Platform: Linux
Title: Red Hat Enterprise Linux "ptrace()" Local Privilege Escalation
Description: Red Hat Enterprise Linux 4 is a Linux based software distribution. Red Hat Enterprise Linux 4 is exposed to a local privilege escalation issue. Specifically, the kernel may fail to call "ptrace_check_attach()" when processes attempt to call "ptrace()". Red Hat Enterprise Linux 4 on ia64 platforms is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0729

10.12.18 - CVE: Not Available
Platform: BSD
Title: FreeBSD and OpenBSD "ftpd" NULL Pointer Dereference Denial of Service
Description: "ftpd" is an FTP server. The FreeBSD and OpenBSD "ftpd" service is exposed to a denial of service issue because of a NULL pointer dereference in the "glob()" function of the "popen.c" source file. A specially crafted command can cause the service to crash. FreeBSD versions 8.0, 6.3 and 4.9 and OpenBSD version 4.6 are affected.
Ref: http://www.openbsd.org/errata46.html

10.12.19 - CVE: CVE-2010-0393
Platform: Unix
Title: CUPS "lppasswd" Tool Localized Message String Security
Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX based systems. CUPS is exposed to a local security weakness when loading localized message strings from arbitrary files. This issue affects the "lppasswd" tool when setting an environment variable to a string contained in an attacker-supplied file.
Ref: http://www.securityfocus.com/bid/38524

10.12.20 - CVE: CVE-2009-4655
Platform: Novell
Title: Novell eDirectory DHost Weak Session Cookie Session Hijacking
Description: Novell eDirectory is an identity management solution. The application is exposed to a session hijacking issue because DHost web service uses predictable values for session IDs when identifying logged in administrators. Novell eDirectory version 8.8.5 is affected.
Ref: http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_co
okie

10.12.21 - CVE: Not Available
Platform: Cross Platform
Title: SUPERAntiSpyware and SuperAdBlocker Multiple Vulnerabilities
Description: SUPERAntiSpyware and SuperAdBlocker are spyware and adware blocking applications. SUPERAntiSpyware and SuperAdBlocker are exposed to multiple local issues. An attacker can exploit these issues to gain elevated privileges on the affected computer, crash the affected computer, gain access to sensitive information, or overwrite arbitrary files.
Ref: http://seclists.org/fulldisclosure/2010/Mar/195

10.12.22 - CVE: CVE-2010-0396
Platform: Cross Platform
Title: dpkg-source Directory Traversal
Description: dpkg is an application for handling the installation and removal of software packages. dpkg-source is a component of dpkg. dpkg-source is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/38654

10.12.23 - CVE: CVE-2010-0408
Platform: Cross Platform
Title: Apache "mod_proxy_ajp" Module Incoming Request Body Denial of Service
Description: Apache "mod_proxy_ajp" is a module for the Apache web server to forward client requests to a Tomcat server using the AJP protocol. The module is exposed to a denial of service issue because it sends an "HTTP_INTERNAL_SERVER_ERROR" instead of an "HTTP_BAD_REQUEST" error.
Ref: http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html

10.12.24 - CVE: CVE-2010-0425
Platform: Cross Platform
Title: Apache Multiple Security Vulnerabilities
Description: Apache server is exposed to the multiple issues. These issues may lead to information disclosure or other attacks. Apache versions prior to 2.2.15-dev are affected.
Ref: http://httpd.apache.org/security/vulnerabilities_20.html

10.12.25 - CVE: CVE-2010-0590
Platform: Cross Platform
Title: Cisco Unified Communications Manager SIP Message (CVE-2010-0590) Denial of Service
Description: Cisco Unified Communications Manager (CUCM) is a software based call processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. CUCM is exposed to a denial of service issue when handling specially crafted SIP messages.
Ref: http://www.securityfocus.com/archive/1/509834

10.12.26 - CVE: CVE-2010-0587
Platform: Cross Platform
Title: Cisco Unified Communications Manager SCCP (CVE-2010-0587) Denial of Service
Description: Cisco Unified Communications Manager (CUCM) is a software based call processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. CUCM is exposed to a denial of service issue when handling specially crafted SCCP (Skinny Call Control Protocol) packets.
Ref: http://www.securityfocus.com/archive/1/509834

10.12.27 - CVE: CVE-2010-0592
Platform: Cross Platform
Title: Cisco Unified Communications Manager CTI Manager Service Denial of Service
Description: Cisco Unified Communications Manager (CUCM) is a software based call processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. CUCM is exposed to a denial of service issue when handling malformed input.
Ref: http://www.securityfocus.com/archive/1/509834

10.12.28 - CVE: CVE-2010-0591
Platform: Cross Platform
Title: Cisco Unified Communications Manager SIP Message (CVE-2010-0591) Denial of Service
Description: Cisco Unified Communications Manager (CUCM) is a software based call processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. CUCM is exposed to a denial of service issue when handling specially crafted SIP messages.
Ref: http://www.securityfocus.com/archive/1/509834

10.12.29 - CVE: CVE-2010-0571
Platform: Cross Platform
Title: Cisco Digital Media Manager (CVE-2010-0571) Remote Privilege Escalation
Description: The Cisco Digital Media Manager is the central management application for all Cisco Digital Media Suite products. The application is exposed to a remote privilege escalation issue because it fails to sufficiently verify user permissions. Cisco Digital Media Manager versions 5.0 and 5.1 are affected.
Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b923.s
html

10.12.30 - CVE: CVE-2010-0588
Platform: Cross Platform
Title: Cisco Unified Communications Manager SCCP (CVE-2010-0588) Denial of Service
Description: Cisco Unified Communications Manager (CUCM) is a software based call processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. CUCM is exposed to a denial of service issue when handling specially crafted SCCP (Skinny Call Control Protocol) packets.
Ref: http://www.securityfocus.com/archive/1/509834

10.12.31 - CVE: CVE-2010-0572
Platform: Cross Platform
Title: Cisco Digital Media Manager Information Disclosure
Description: Cisco Digital Media Manager is a web-based media management application. The application is exposed to an information disclosure issue because it fails to prevent authenticated but unauthorized users from viewing error log messages and stack traces that contain Cisco Digital Media Player user credentials and LDAP credentials (if configured). Cisco Digital Media Manager versions prior to 5.2 are affected.
Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b923.s
html

10.12.32 - CVE: CVE-2010-0570
Platform: Cross Platform
Title: Cisco Digital Media Manager Default Credentials Authentication Bypass
Description: Cisco Digital Media Manager manages, schedules and publishes digital media for Cisco Digital Signs, Cisco Cast and Cisco Show and Share. Cisco Digital Media Manager is exposed to a remote authentication bypass issue because the application retains default credentials after install.
Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b923.s
html

10.12.33 - CVE: CVE-2010-0573
Platform: Cross Platform
Title: Cisco Digital Media Player Video or Data Content Injection
Description: Cisco Digital Media Player is an IP-based endpoint used to display video, graphics, web pages or other dynamic content on remote digital displays. Digital Media Player is exposed to an issue that lets attackers inject video or data onto a remote display.
Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b925.s
html#@ID

10.12.34 - CVE: CVE-2010-0302
Platform: Cross Platform
Title: CUPS File Descriptors Handling Use-After-Free Remote Denial of Service
Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to a denial of service issue caused by a use-after-free error. This issue affects the interface that handles file descriptors.
Ref: http://www.securityfocus.com/bid/38510

10.12.35 - CVE: Not Available
Platform: Cross Platform
Title: Adobe Flash Player Local File Access Information Disclosure
Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Flash supports a security model that distinguishes between local and remote SWF files. The application is exposed to a file access information disclosure issue because Flash files loaded via a UNC (Universal Naming Convention) path are treated as local and may be permitted to access local files.
Ref: http://blog.andlabs.org/2010/03/imposter-and-whitepapers-released.html

10.12.36 - CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser "Content-Length" Buffer Overflow
Description: Opera Web Browser is a browser that runs on multiple operating systems. The application is exposed to a buffer overflow issue. Attackers can exploit this issue to cause an integer overflow error via an overly long value in the "Content-Length" header in an HTTP response. Opera Web Browser version 10.10 and 10.50 are affected.
Ref: http://my.opera.com/securitygroup/blog/2010/03/09/the-malformed-content-length-h
eader-security-issue

10.12.37 - CVE: CVE-2010-0433
Platform: Cross Platform
Title: OpenSSL "dtls1_retrieve_buffered_fragment()" Remote Denial of Service
Description: OpenSSL is an open source implementation of the SSL protocol that is used by a number of other projects, including but not limited to Apache, Sendmail, and Bind. It is commonly found on Linux and UNIX systems. OpenSSL is exposed to a denial of service issue caused by a NULL pointer dereference. OpenSSL versions 0.9.8m and earlier are affected.
Ref: http://www.openwall.com/lists/oss-security/2010/03/03/5

10.12.38 - CVE: CVE-2009-3032
Platform: Cross Platform
Title: Autonomy KeyView Module OLE Processing Buffer Overflow
Description: Autonomy KeyView is a component used in multiple applications. It adds high speed filtering, high fidelity viewing, and the exporting of documents to web-ready HTML or valid XML. The KeyView module is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer. This issue occurs when parsing a specially crafted "Object Linking and Embedding" document.
Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858

10.12.39 - CVE: Not Available
Platform: Cross Platform
Title: libESMTP X.509 Certificate "match_component()" Domain Validation Security Bypass
Description: libESMTP is an SMTP (Simple Mail Transport Protocol) client and library. It includes support for SSL. libESMTP is exposed to a security bypass issue because it fails to properly validate domains against the Common Name field of an X.509 certificate. Specifically, the library may match a domain with a common name that contains the domain as a prefix. libESMTP version 1.0.3 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191

10.12.40 - CVE: Not Available
Platform: Cross Platform
Title: Orb Networks Orb Direct Show Filter MP3 File Divide-By-Zero Denial of Service
Description: Orb is an application that allows users to access media stored on remote computers. The application is exposed to a denial of service issue. When processing a malformed ".mp3" file that contains crafted Direct Show filters in its header data, a divide-by-zero exception can occur, causing the affected application to crash.
Ref: http://www.securityfocus.com/bid/38549

10.12.41 - CVE: CVE-2009-3245
Platform: Cross Platform
Title: OpenSSL "bn_wexpend()" Error Handling Unspecified
Description: OpenSSL is an open source implementation of the SSL protocol that is used by a number of other projects, including but not limited to Apache, Sendmail, and Bind. It is commonly found on Linux and UNIX systems. The library is exposed to an unspecified issue because it fails to properly detect errors when calling the "bn_wexpend()" function. OpenSSL versions prior to 0.9.8m are affected.
Ref: http://www.securityfocus.com/bid/38562

10.12.42 - CVE: CVE-2010-0788, CVE-2010-0790, CVE-2010-0791
Platform: Cross Platform
Title: ncpfs Multiple Local Vulnerabilities
Description: ncpfs allows users to mount volumes of NetWare servers under Linux, print to NetWare print queues, and spool NetWare print queues to Linux printing systems. ncpfs is exposed to multiple local issues. Local attackers can exploit these issues to execute arbitrary commands with elevated privileges, crash the affected computer, and gain access to sensitive information.
Ref: http://seclists.org/fulldisclosure/2010/Mar/122

10.12.43 - CVE: Not Available
Platform: Cross Platform
Title: AKoff MIDI Player ".mid" File Processing Buffer Overflow
Description: AKoff MIDI Player is a media player that supports multiple file formats. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when the application parses malformed ".mid" files. AKoff MIDI Player version 1.00 is affected.
Ref: http://www.securityfocus.com/bid/38567

10.12.44 - CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player Bookmark Creation Buffer Overflow
Description: VLC Media Player is a multimedia player available for Microsoft Windows. VLC Media Player is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when a user attempts to create a bookmark via the "Playback" menu while an ".mp3" audio file containing crafted ID3 metadata tags is playing. VLC Media Player version 1.0.5 is affected.
Ref: http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php

10.12.45 - CVE: CVE-2010-0043
Platform: Cross Platform
Title: Apple Safari ImageIO TIFF Image Remote Code Execution
Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a remote code execution issue affecting the ImageIO component. Memory may become corrupted when a user visits a malicious web page containing a crafted TIFF image. Safari versions prior to 4.0.5 running on Microsoft Windows 7, XP, and Vista are affected.
Ref: http://www.securityfocus.com/bid/38673

10.12.46 - CVE: CVE-2010-0040
Platform: Cross Platform
Title: Apple Safari Prior to 4.0.5 Integer Overflow
Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to an integer overflow issue that may result in a heap buffer overflow. This vulnerability affects ColorSync and is due to an integer overflow error when handling images with embedded color profiles.
Ref: http://www.securityfocus.com/bid/38674

10.12.47 - CVE: CVE-2010-0044
Platform: Cross Platform
Title: Apple Safari Prior to 4.0.5 Configuration Bypass Weakness
Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a configuration bypass weakness that affects the PubSub component of Safari. Specifically, visiting or updating a feed may result in a cookie being set even when Safari is configured to block cookies. Apple Safari versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP, and Vista are affected.
Ref: http://www.securityfocus.com/bid/38675

10.12.48 - CVE: CVE-2010-0041
Platform: Cross Platform
Title: Apple Safari BMP Image Uninitialized Memory Information Disclosure
Description: Apple Safari is a web browser available for Microsoft Windows and Apple Mac OS X. Safari for Windows is exposed to an information disclosure issue because the browser fails to properly initialize memory when handling BMP image data. This issue affects the ImageIO component of Safari. Safari versions prior to 4.0.5 on Microsoft Windows are affected.
Ref: http://www.securityfocus.com/bid/38676

10.12.49 - CVE: CVE-2010-0042
Platform: Cross Platform
Title: Apple Safari TIFF Image Uninitialized Memory Information Disclosure
Description: Apple Safari is a web browser available for Microsoft Windows and Apple Mac OS X. Safari for Windows is exposed to an information disclosure issue because the browser fails to properly initialize memory when handling TIFF image data. This issue affects the ImageIO component of Safari. Safari versions prior to 4.0.5 on Microsoft Windows are affected.
Ref: http://www.securityfocus.com/bid/38677

10.12.50 - CVE: CVE-2010-0045
Platform: Cross Platform
Title: Apple Safari URL Schemes Handling Remote Code Execution
Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a remote code execution issue because it fails to properly handle external URL schemes. Specifically, an attacker may open a local file on an affected system by enticing a user to follow a maliciously crafted URI. Safari versions prior to 4.0.5 running on Microsoft Windows 7, XP, and Vista are affected.
Ref: http://www.securityfocus.com/bid/38683

10.12.51 - CVE: CVE-2010-0046
Platform: Cross Platform
Title: WebKit CSS "format()" Arguments Memory Corruption
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote memory corruption issue due to an error in handling of CSS "format()" arguments
Ref: http://www.securityfocus.com/bid/38684

10.12.52 - CVE: CVE-2010-0050
Platform: Cross Platform
Title: WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote code execution issue that occurs due to a use-after-free error when processing nested HTML tags.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-029/

10.12.53 - CVE: CVE-2010-0052
Platform: Cross Platform
Title: WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote code execution issue due to a use-after-free error that is related to callbacks for HTML elements.
Ref: http://www.securityfocus.com/bid/38686

10.12.54 - CVE: CVE-2010-0047
Platform: Cross Platform
Title: WebKit Object Element Fallback Memory Corruption
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote memory corruption issue due to a use-after-free error while handling the HTML object element fallback content.
Ref: http://www.securityfocus.com/bid/38687

10.12.55 - CVE: CVE-2010-0048
Platform: Cross Platform
Title: WebKit XML Document Parsing Memory Corruption
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote memory corruption issue due to a use-after-free error while parsing XML documents.
Ref: http://www.securityfocus.com/bid/38688

10.12.56 - CVE: CVE-2010-0049
Platform: Cross Platform
Title: WebKit Right-to-Left Displayed Text Handling Memory Corruption
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote memory corruption issue due to a use-after-free error while handling HTML elements containing right-to-left displayed text.
Ref: http://www.securityfocus.com/bid/38689

10.12.57 - CVE: CVE-2010-0053
Platform: Cross Platform
Title: WebKit CSS Display Use-After-Free Error Remote Code Execution
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote code execution issue due to a use-after-free error in the rendering of content with a CSS display property set to "run-in".
Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-030/

10.12.58 - CVE: CVE-2010-0051
Platform: Cross Platform
Title: WebKit Cross-Origin Stylesheet Request Information Disclosure
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue when handling cross-origin stylesheet requests.
Ref: http://www.securityfocus.com/bid/38692

10.12.59 - CVE: Not Available
Platform: Cross Platform
Title: Skype URI Handling Security
Description: Skype is peer-to-peer communications software that supports Internet-based voice communications. The application is exposed to a security issue because it fails to sufficiently sanitize user-supplied input to an argument in the "skype:" URI. Skype versions prior to 4.2.0.155 are affected.
Ref: http://security-assessment.com/

10.12.60 - CVE: Not Available
Platform: Cross Platform
Title: Unbound "sock_list" Structure Allocation Remote Denial of Service
Description: Unbound is a validating, recursive, and caching DNS resolver. The application is exposed to a remote denial of service issue because of a memory error when creating the "sock_list" structure. This is due to Unbound not creating an appropriate structure alignment for 64-bit environments. Unbound versions prior to 1.4.3 are affected.
Ref: http://www.unbound.net/pipermail/unbound-users/2010-March/001057.html

10.12.61 - CVE: CVE-2010-0397
Platform: Cross Platform
Title: PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
Description: PHP is a programming language available for multiple platforms. PHP includes an xmlrpc extension that provides support for the XML-RPC protocol. PHP's xmlrpc extension library is exposed to multiple denial of service issues because it fails to handle specially crafted XML-RPC requests. PHP version 5.3.1 is affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2673

10.12.62 - CVE: Not Available
Platform: Cross Platform
Title: Gretech GOM Player ".avi" File Denial of Service
Description: Gretech GOM Player is a multimedia player application. Gretech GOM Player is exposed to a denial of service issue that occurs when handling specially crafted ".avi" files. GOM Player version 2.1.21 is affected.
Ref: http://www.securityfocus.com/bid/38722

10.12.63 - CVE: Not Available
Platform: Cross Platform
Title: Multiple MicroWorld eScan Products Remote Command Execution
Description: MicroWorld eScan is a series of security applications. Multiple eScan products are exposed to a remote command execution issue. Specifically, the "uname" parameter is not properly sanitized in the "/opt/MicroWorld/var/www/htdocs/forgotpassword.php" script.
Ref: http://www.securityfocus.com/bid/38750

10.12.64 - CVE: Not Available
Platform: Cross Platform
Title: ArGoSoft FTP Server .NET Directory Traversal
Description: ArGoSoft FTP Server .NET is a Windows-based FTP server. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Specifically, the "CWD" command is affected. ArGoSoft FTP Server .NET version 1.0.2.1 is affected.
Ref: http://www.securityfocus.com/bid/38756

10.12.65 - CVE: Not Available
Platform: Cross Platform
Title: Apple iPhone Malformed Characters Denial of Service
Description: Apple iPhone is a mobile phone that runs on the ARM architecture. iPhone is exposed to a denial of service issue that occurs when viewing a malicious web page that passes certain malformed characters to the "innerHTML" property of a HTML DIV element. iPhone 2G with OS version 3.1 and iPhone 3GS with OS version 3.1.3 are affected.
Ref: http://www.securityfocus.com/bid/38758

10.12.66 - CVE: CVE-2010-0104
Platform: Cross Platform
Title: HP Broadcom Integrated NIC Firmware Remote Code Execution
Description: Broadcom Integrated NICs (network interface cards) are supplied with various HP products. Multiple HP devices running HP Broadcom Integrated NIC Firmware are exposed to a remote code execution issue that arises on HP Small Form Factor and Microtower PCs. HP Broadcom Integrated NIC Firmware versions 1.24.0.9 and earlier as well as 8.04 and earlier are affected.
Ref: http://www.securityfocus.com/bid/38759

10.12.67 - CVE: CVE-2010-0421
Platform: Cross Platform
Title: Pango Glyph Definition Table Denial of Service
Description: Pango is a library for laying out and rendering text. Pango is exposed to a denial of service issue because it fails to perform adequate checks on user-supplied data when processing specially crafted font files.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=555831

10.12.68 - CVE: Not Available
Platform: Cross Platform
Title: Trouble Ticket Express File Attachment Module Arbitrary Command Execution
Description: File Attachment Module is an add-on module for Trouble Ticket Express. The module is exposed to an issue that lets attackers execute arbitrary shell commands because the application fails to sufficiently sanitize user-supplied data to the "fid" parameter of the "ttx.cgi" script when the "cmd" parameter is set to "file" and the "fn" parameter is set to any value.
Ref: http://forum.unitedwebcoders.com/index.php/topic,1143.0.html

10.12.69 - CVE: CVE-2009-1299
Platform: Cross Platform
Title: PulseAudio Insecure Temporary File Creation
Description: PulseAudio is a sound server available for various platforms. PulseAudio is exposed to an insecure temporary file creation issue that exists in the "configure.ac" file. This issue occurs because the application uses predictable names for temporary folders.
Ref: https://bugs.edge.launchpad.net/ubuntu/+source/pulseaudio/+bug/509008

10.12.70 - CVE: Not Available
Platform: Cross Platform
Title: SAP MaxDB "serv.exe" Unspecified Remote Code Execution
Description: SAP MaxDB is a database application available for multiple platforms. MaxDB is exposed to an unspecified remote code execution issue because it fails to sufficiently validate user-supplied input.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-032/

10.12.71 - CVE: Not Available
Platform: Cross Platform
Title: Windisc ".bnz" File Stack-Based Buffer Overflow
Description: Windisc is a set of applications for analyzing discrete-math topics. The application is exposed to a stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when the application processes a specially crafted Banzhaf (".bnz") file. Windisc version 1.3 is affected.
Ref: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-013-wi
ndisc-buffer-overflow-bnz/

10.12.72 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Max Network Technology BBSMAX "threadid" Parameter Cross-Site Scripting
Description: Max Network Technology BBSMAX is an ASPX-based forum application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "threadid" parameter of the "post.aspx" script. Max Network Technology BBSMAX version 4.2 is affected.
Ref: http://www.securityfocus.com/archive/1/509989

10.12.73 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kan-Studio Kandidat CMS "contentcenter" Parameter Cross-Site Scripting
Description: Kan-Studio Kandidat CMS is a web-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "contentcenter" parameter of the "media/upload.php" script.
Ref: http://www.securityfocus.com/bid/38635

10.12.74 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DDL CMS "blacklist.php" Cross-Site Scripting
Description: DDL CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "site_name" parameter of the "blacklist.php" script. DDL CMS version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/38643

10.12.75 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Eleanor CMS "Confirm.php" Cross-Site Scripting
Description: Eleanor CMS is a PHP-based content management application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "title" parameter of the "Confirm.php" script. Eleanor CMS version Rc5.1 is affected.
Ref: http://www.securityfocus.com/bid/38647

10.12.76 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ViewVC "lib/viewvc.py" Cross-Site Scripting
Description: ViewVC is a web-based interface for CVS and Subversion version-control repositories; it is implemented in Python. ViewVC is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied data. ViewVC versions prior to 1.1.4 and 1.0.10 are affected.
Ref: http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?view=log&pathrev
=HEAD

10.12.77 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DFD Cart Multiple Cross-Site Scripting Vulnerabilities
Description: DFD Cart is a PHP-based ordering system for wholesale distributors. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. DFD Cart versions 1.197 and 1.198 are affected.
Ref: http://www.securityfocus.com/bid/38505

10.12.78 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal eTracker Module URI Cross-Site Scripting
Description: eTracker is a PHP-based module for the Drupal content manager. The module is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input to the URI.
Ref: http://drupal.org/node/731682

10.12.79 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Comptel Provisioning and Activation "error_msg_parameter" Cross- Site Scripting
Description: Comptel Provisioning and Activation is a web-based customer relationship management application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "error_msg_parameter" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/38534

10.12.80 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BBSXP "ShowPost.asp" Cross-Site Scripting
Description: BBSXP is an ASP-based forum application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "ThreadID" parameter of the "ShowPost.asp" script. BBSXP version 2008 is affected.
Ref: http://www.securityfocus.com/bid/38542

10.12.81 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WordPress Calendar Plugin Multiple Cross-Site Scripting Vulnerabilities
Description: Calendar is a plugin for WordPress implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "name" and "argument" parameters of the "calendar/trunk/calendar.php" script. Calendar versions prior to 1.2.2 are affected.
Ref: http://www.securityfocus.com/bid/38548

10.12.82 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BBSXP Multiple Cross-Site Scripting Vulnerabilities
Description: BBSXP is an ASP-based forum application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. BBSXP version 2008 is affected.
Ref: http://www.securityfocus.com/bid/38558

10.12.83 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Juniper Networks Secure Access "editbk.cgi" Cross-Site Scripting
Description: Juniper Networks Secure Access (SA) devices are network security devices. They are powered by Juniper IVE OS and include a web-based interface. The device web interface is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "row" parameter of the "editbk.cgi" script. Devices running Juniper IVE OS versions 6.0 prior to 6.3R7, 6.4R5 and 6.5R2 are affected.
Ref: http://www.securityfocus.com/archive/1/509887

10.12.84 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Spectrum Software WebManager CMS "pojam" Parameter Cross-Site Scripting
Description: Spectrum Software WebManager CMS is an ASPX-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "pojam" parameter of the "Search_1.aspx" script.
Ref: http://www.securityfocus.com/bid/38573

10.12.85 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Six Apart Vox "search" Page Cross-Site Scripting
Description: Six Apart Vox is a blogging application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "search" page. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Ref: http://www.securityfocus.com/bid/38575

10.12.86 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: dl Download Ticket Service "index.php" Cross-Site Scripting
Description: dl Download Ticket Service is a PHP-based ticket management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "t" parameter of the "index.php" script. dl Download Ticket Service versions prior to 0.7 are affected.
Ref: http://article.gmane.org/gmane.comp.web.dl-ticket-service.general/33

10.12.87 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: UloKI PHP Forum "usercp.php" Cross-Site Scripting
Description: UloKI PHP Forum is a PHP-based forum application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "location" parameter of the "usercp.php" script. UloKI PHP Forum version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/38706

10.12.88 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin "db_create.php" Cross-Site Scripting
Description: phpMyAdmin is a web-based administration interface for MySQL database. phpMyAdmin is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "new_db" parameter of the "db_create.php" script. phpMyAdmin version 3.3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/510052

10.12.89 - CVE: Not Available
Platform: Web Application - Cross-Site Scripting
Title: Joomla! "com_d-greinar" Component "maintree" Parameter Cross-Site Scripting
Description: The "com_d-greinar" application is a component for the Joomla! content manager. The component is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "maintree" parameter.
Ref: http://www.securityfocus.com/bid/38714

10.12.90 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DirectAdmin "CMD_DB_VIEW" Cross-Site Scripting
Description: DirectAdmin is a PHP-based control panel for website administration. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "name" parameter of the "CMD_DB_VIEW" script. DirectAdmin version 1.351 and earlier are affected.
Ref: http://pridels-team.blogspot.com/2010/03/directadmin-v1351-xss-vuln.html

10.12.91 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Multiple Products "banner.swf" Cross-Site Scripting
Description: Multiple products are exposed to a cross-site scripting issue because the applications fail to properly sanitize user-supplied input to the "clickTAG" parameter of the "banner.swf" script.
Ref: http://www.securityfocus.com/archive/1/510064

10.12.92 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Dojo Versions Prior to 1.4.2 Multiple Cross-Site Scripting Vulnerabilities
Description: Dojo is a freely available, open-source JavaScript toolkit used for building web applications. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. Dojo versions prior to 1.4.2 are affected.
Ref: http://www.securityfocus.com/archive/1/510093

10.12.93 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Friendly Technologies TR-069 ACS Login SQL Injection
Description: Friendly Technologies TR-069 ACS is a TR-069 based CPE management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "Password" and "Username" parameters during the login process. Friendly Technologies TR-069 ACS version 2.8.9 is affected.
Ref: http://www.securityfocus.com/archive/1/509987

10.12.94 - CVE: CVE-2010-0122
Platform: Web Application - SQL Injection
Title: Timeclock Software "login_action.php" Multiple SQL Injection Vulnerabilities
Description: Timeclock Software is a PHP-based employee time-tracking application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields of the "login_action.php" script. Timeclock Software version 0.99 is affected.
Ref: http://www.securityfocus.com/archive/1/509995

10.12.95 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Jobs and Recruitment Script "search_result.php" SQL Injection
Description: Softbiz Jobs and Recruitment Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "search_result.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38640

10.12.96 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_about" Component "id" Parameter SQL Injection
Description: The "com_about" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38653

10.12.97 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP City Portal "id" Field Multiple SQL Injection Vulnerabilities
Description: PHP City Portal is a PHP-based content management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" field of the following scripts: "ideo_show.php"; "spotlight_detail.php"; "real_estate_details.php" and "auto_details.php".
Ref: http://www.securityfocus.com/bid/38649

10.12.98 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: JTL-Software JTL-Shop "druckansicht.php" SQL Injection
Description: JTL-Software JTL-Shop is an e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "s" parameter of the "druckansicht.php" script before using it in an SQL query. JTL-Shop version 2 is affected.
Ref: http://www.securityfocus.com/bid/38660

10.12.99 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: daChooch CMS "forum.php" SQL Injection
Description: daChooch CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "thread" parameter of the "forum.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38664

10.12.100 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_blog" Component "id" Parameter SQL Injection
Description: The "com_blog" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_blog" component.
Ref: http://www.securityfocus.com/bid/38668

10.12.101 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Uiga Church Portal "id" Parameter SQL Injection
Description: Uiga Church Portal is a networking portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/38506

10.12.102 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Project Man "login.php" Multiple SQL Injection Vulnerabilities
Description: Project Man is a PHP-based project management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "login.php" script. Project Man version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/38511

10.12.103 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: HazelPress "login.php" Multiple SQL Injection Vulnerabilities
Description: HazelPress is a PHP-based blogging application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "login.php" script. HazelPress version 0.0.4 is affected.
Ref: http://www.securityfocus.com/bid/38516

10.12.104 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpRAINCHECK "id" Parameter SQL Injection
Description: phpRAINCHECK is an application for printing and managing rain checks. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "print_raincheck.php" script. phpRAINCHECK version 0.1.0 is affected.
Ref: http://www.securityfocus.com/bid/38521

10.12.105 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Smartplugs "showplugs.php" SQL Injection
Description: Smartplugs is a PHP-based dump management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "domain" parameter of the "showplugs.php" script before using it in an SQL query. Smartplugs version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/38529

10.12.106 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Survey Component "PollID" Parameter SQL Injection
Description: The Survey application is a PHP-based component for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "PollID" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38536

10.12.107 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke "user.php" SQL Injection
Description: PHP-Nuke is a content manager. PHP-Nuke is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uname" parameter of the "user.php" script before using it an SQL query.
Ref: http://www.securityfocus.com/bid/38539

10.12.108 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress Events Registration with PayPal IPN Component Multiple SQL Injection Vulnerabilities
Description: Events Registration with PayPal IPN is an event registration component for WordPress. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Events-Registration-with-PayPal-IPN versions prior to 2.1.3 are affected.
Ref: http://plugins.trac.wordpress.org/changeset/198395

10.12.109 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: OneCMS "user" Parameter SQL Injection
Description: OneCMS is a PHP-based content manager. OneCMS is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "index.php" script before using it an SQL query. OneCMS version 2.5 is affected.
Ref: http://www.securityfocus.com/bid/38557

10.12.110 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Nabernet Content Manager "articles.php" SQL Injection
Description: Nabernet content manager is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "articles.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38572

10.12.111 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_party" Component "id" Parameter SQL Injection
Description: The "com_party" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_party" component.
Ref: http://www.securityfocus.com/bid/38679

10.12.112 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_color" Component "l" Parameter SQL Injection
Description: The "com_color" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "l" parameter of the "com_color" component.
Ref: http://www.securityfocus.com/bid/38680

10.12.113 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_gigfe" Component "styletype" Parameter SQL Injection
Description: The "com_gigfe" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "styletype" parameter of the "com_gigfe" component.
Ref: http://www.securityfocus.com/bid/38681

10.12.114 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_products" Component "intCategoryId" Parameter SQL Injection
Description: The "com_products" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "intCategoryId" parameter of the "com_products" component.
Ref: http://www.securityfocus.com/bid/38682

10.12.115 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_start" Component "mitID" Parameter SQL Injection
Description: The "com_start" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mitID" parameter.
Ref: http://www.securityfocus.com/bid/38693

10.12.116 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_leader" Component "id" Parameter SQL Injection
Description: The "com_leader" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter.
Ref: http://www.securityfocus.com/bid/38694

10.12.117 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_family" Component "categoryid" Parameter SQL Injection
Description: The "com_family" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "categoryid" parameter.
Ref: http://www.securityfocus.com/bid/38695

10.12.118 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Easynet4u Forum Host "topic.php" SQL Injection
Description: Easynet4u Forum Host is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "topic" parameter of the "topic.php" script before using it in an SQL query.
Ref: http://www.exploit-db.com/exploits/11701

10.12.119 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: APEM apemCMS "id" Parameter SQL Injection
Description: apemCMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of an unspecified script when the "mod" parameter is set to "view_default".
Ref: http://www.securityfocus.com/bid/38703

10.12.120 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_seek" Component "id" Parameter SQL Injection
Description: The "com_seek" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter.
Ref: http://www.securityfocus.com/bid/38711

10.12.121 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_races" Component "raceId" Parameter SQL Injection
Description: The "com_races" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "raceId" parameter.
Ref: http://www.securityfocus.com/bid/38712

10.12.122 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Power Board Currency Module SQL Injection
Description: Invision Power Board is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data in the Currency module. Specifically this issue affects the "index.php" script when "CODE" parameter is set to "docurrencyedit". Invision Power Board version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/38717

10.12.123 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Zigurrat Farsi CMS "manager/textbox.asp" SQL Injection
Description: Zigurrat Farsi CMS is an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "manager/textbox.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/510069

10.12.124 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_nfnaddressbook" Component "record_id" Parameter SQL Injection
Description: The "com_nfnaddressbook" component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "record_id" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38724

10.12.125 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: MambAds Mambo Component "casb" Parameter SQL Injection
Description: MambAds is a component for the Mambo content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "casb" parameter of the "com_mambads" component.
Ref: http://www.securityfocus.com/bid/38725

10.12.126 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_org" Component "id" Parameter SQL Injection
Description: "com_org" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38726

10.12.127 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Classifieds "ad_click.php" SQL Injection
Description: DeltaScripts PHP Classifieds is a PHP-based application for online advertisements. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bid" parameter of the "ad_click.php" script before using it in an SQL query. PHP Classifieds version 7.5 is affected.
Ref: http://www.securityfocus.com/bid/38729

10.12.128 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Anantasoft Gazelle CMS "forgot.php" SQL Injection
Description: Anantasoft Gazelle CMS is a PHP-based content manager. OneCMS is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "table", "activate", and "email" parameters of the "forgot.php" script before using it an SQL query. Anantasoft Gazelle CMS version 1.0 is affected.
Ref: http://www.bugreport.ir/index_70.htm

10.12.129 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pars CMS "RP" Parameter Multiple SQL Injection Vulnerabilities
Description: Pars CMS is an ASP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "RP" parameter in the "fa_default.asp" and "en_default.asp" scripts.
Ref: http://www.securityfocus.com/archive/1/510066

10.12.130 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_org" Component "letter" Parameter SQL Injection
Description: The "com_org" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "letter" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38736

10.12.131 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Domain Verkaus & Auktions Portal "index.php" SQL Injection
Description: Domain Verkaus & Auktions Portal is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" when the "a" parameter is set to "d".
Ref: http://www.securityfocus.com/bid/38737

10.12.132 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Systemsoftware Community Forum "index.php" SQL Injection
Description: Systemsoftware Community Forum is a PHP-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "s_flaeche" parameter of the "index.php" script when the "d" parameter is set to "list1".
Ref: http://www.securityfocus.com/bid/38740

10.12.133 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_route" Component "kid" Parameter SQL Injection
Description: The "com_route" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38754

10.12.134 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_bidding" Component "id" Parameter SQL Injection
Description: "com_bidding" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38755

10.12.135 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_as" Component "catid" Parameter SQL Injection
Description: "com_as" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38757

10.12.136 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Preisschlacht V4 Flash System "aid" Parameter SQL Injection
Description: Preisschlacht V4 Flash System is a web-based shopping application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. Specifically, this issue affects the "aid" parameter of the "forum/index.php" script.
Ref: http://www.securityfocus.com/bid/38770

10.12.137 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Front Door Username Field SQL Injection
Description: Front Door is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "username" field before using it in an SQL query. Front Door version 0.4b is affected.
Ref: http://www.securityfocus.com/bid/38773

10.12.138 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: RogioBiz PHP File Manager "file_manager.php" Multiple SQL Injection Vulnerabilities
Description: RogioBiz PHP File Manager is a PHP-based file-management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "file_manager.php" script. RogioBiz PHP File Manager version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/38774

10.12.139 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Online Community CMS Multiple SQL Injection Vulnerabilities
Description: Online Community CMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/38777

10.12.140 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Family Connections Multiple SQL Injection Vulnerabilities
Description: Family Connections is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "username", "email", "User-Agent" and other unspecified parameters in the "register.php" and "lostpw.php" scripts. Family Connections version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/38778

10.12.141 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_include" Component "ID_NLE" Parameter SQL Injection
Description: "com_include" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID_NLE" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38784

10.12.142 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_ckforms" Component "fid" Parameter SQL Injection
Description: "com_ckforms" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/38785

10.12.143 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: PostNuke FormExpress Module "form_id" Parameter SQL Injection
Description: FormExpress is a module for the PostNuke content manager. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "form_id" parameter before using it in an SQL query. FormExpress version 0.3.2 is affected.
Ref: http://sourceforge.net/projects/pn-formexpress/

10.12.144 - CVE: Not Available
Platform: Web Application
Title: eclime Session Fixation and Multiple Input Validation Vulnerabilities
Description: eclime is a PHP-based e-commerce application. The application is exposed to multiple issues. A session fixation issue affects the administrative section of the application. Multiple SQL injection issues affect the "email_address" and "password" parameters of the "login.php" script when the "action" parameter is set to "process". Multiple cross-site scripting issues. eclime version 1.1.0b is affected.
Ref: http://www.securityfocus.com/bid/38625

10.12.145 - CVE: Not Available
Platform: Web Application
Title: Drupal TinyMCE Module Text Filtering HTML Injection
Description: TinyMCE is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to an unspecified field. TinyMCE versions prior to 5.x-1.11 are affected.
Ref: http://drupal.org/node/738302

10.12.146 - CVE: Not Available
Platform: Web Application
Title: Drupal Monthly Archive by Node Type Module Security Bypass
Description: The Monthly Archive by Node Type module for the Drupal content manager creates monthly archives with a link-block to archived pages. The module is exposed to a security bypass issue because it fails to generate SQL queries with respect to node access restrictions. Monthly Archive by Node Type versions prior to 6.x-1.4, 6.x-2.7, and 6.x-3.3 are affected.
Ref: http://drupal.org/node/738434

10.12.147 - CVE: Not Available
Platform: Web Application
Title: 60cycleCMS "select.php" Multiple HTML Injection Vulnerabilities
Description: 60cycleCMS is a PHP-based content manager. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to the "title" and "body" parameters of the "select.php" script when the "act" parameter is set to "edit".
Ref: http://www.securityfocus.com/bid/38637

10.12.148 - CVE: CVE-2010-0124
Platform: Web Application
Title: Timeclock Software "mysqldump" Local Information Disclosure
Description: Timeclock Software is a PHP-based employee time-tracking application. "mysqldump" is a utility within the application for database backup. The "mysqldump" command-line script is exposed to a local information disclosure issue because it passes the database password to the process list. Timeclock Software version 0.99 is affected.
Ref: http://www.securityfocus.com/archive/1/509996

10.12.149 - CVE: Not Available
Platform: Web Application
Title: ispCP Omega "net2ftp_globals[application_skinsdir]" Parameter Remote File Include
Description: ispCP Omega is a web-hosting application implemented in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "net2ftp_globals[application_skinsdir]" parameter of the "admin1.template.php" script. ispCP Omega version 1.0.4 is affected.
Ref: http://www.securityfocus.com/bid/38644

10.12.150 - CVE: Not Available
Platform: Web Application
Title: Chaton "chat_lang" Parameter Local File Include
Description: Chaton is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "chat_lang" parameter of the "deplacer.php" script. Chaton version 1.5.2 is affected.
Ref: http://www.securityfocus.com/bid/38648

10.12.151 - CVE: Not Available
Platform: Web Application
Title: ImgBrowz0r "imgbrowz0r::init()" Function Remote Directory Traversal
Description: ImgBrowz0r is a PHP-based photo gallery application. The application is exposed to a remote directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "imgbrowz0r::init()" function. ImgBrowz0r version 0.3.5 is affected.
Ref: http://github.com/FSX/imgbrowz0r/blob/0be0940fae96912ebb1f3f96f2fc2b550fefc0c0/C
HANGELOG

10.12.152 - CVE: Not Available
Platform: Web Application
Title: ATutor Multiple HTML Injection Vulnerabilities
Description: ATutor is an online teaching application implemented in PHP. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input. ATutor version 1.6.4 is affected.
Ref: http://www.securityfocus.com/bid/38656

10.12.153 - CVE: Not Available
Platform: Web Application
Title: AneCMS "index.php" Multiple HTML Injection Vulnerabilities
Description: AneCMS is a PHP-based content manager. AneCMS is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input. Specifically, the "name" and "link" field of the "index.php" script in the Admin Module are affected. AneCMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/38657

10.12.154 - CVE: Not Available
Platform: Web Application
Title: Katalog Stron Hurricane Multiple Remote Vulnerabilities
Description: Katalog Stron Hurricane is a PHP-based content manager. The application is exposed to multiple remote issues because it fails to sufficiently sanitize user-supplied input. Katalog Stron Hurricane version 1.3.5 is affected.
Ref: http://www.securityfocus.com/bid/38663

10.12.155 - CVE: Not Available
Platform: Web Application
Title: MyWorks CMS "good.php" Cross-Site Scripting and SQL Injection Vulnerabilities
Description: MyWorks CMS is a PHP-based web application. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sanitize user-supplied input to the "good_id" parameter of the "good.php" script.
Ref: http://www.securityfocus.com/bid/38490

10.12.156 - CVE: Not Available
Platform: Web Application
Title: PhpMySite Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Description: PhpMySite is a PHP-based web site development application. The application is exposed to multiple issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/38492

10.12.157 - CVE: Not Available
Platform: Web Application
Title: TYPO3 Calendar Base Extension SQL Injection
Description: Calendar Base ("cal") is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Calendar Base versions 1.3.1 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/

10.12.158 - CVE: Not Available
Platform: Web Application
Title: PhpCDB "lang_global" Parameter Multiple Local File Include Vulnerabilities
Description: PhpCDB is a PHP-based application for organizing software code. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input. PhpCDB version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/38507

10.12.159 - CVE: Not Available
Platform: Web Application
Title: ProMan Multiple Remote and Local File Include Vulnerabilities
Description: ProMan is a PHP-based workflow management application. ProMan is exposed to multiple input validation issues. An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer or in a remote location with the privileges of the web server process. ProMan version 0.1.1 is affected.
Ref: http://www.securityfocus.com/bid/38509

10.12.160 - CVE: Not Available
Platform: Web Application
Title: Drupal Internationalization Module PHP Filter PHP Code Execution
Description: Magic Tabs is a module for the Drupal content manager. It implements tabs and allows them to be filled via AJAX requests. The Drupal Internationalization module is exposed to a remote PHP code execution issue because the application fails to sanitize user-supplied input passed to the translator section.
Ref: http://drupal.org/node/731632

10.12.161 - CVE: Not Available
Platform: Web Application
Title: Drupal AddThis Button Module HTML Injection
Description: AddThis Button is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize unspecified user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. AddThis Button versions prior to 6.x-2.9 and 5.x-2.2 are affected.
Ref: http://drupal.org/node/731568

10.12.162 - CVE: Not Available
Platform: Web Application
Title: Drupal Workflow Module Comment Field HTML Injection
Description: Workflow is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize unspecified user-supplied input to the "Comment" field of the workflow fieldset. This issue occurs when the Workflow module is used in conjunction with the "Token" module. Workflow versions prior to 5.x-1.3, 5.x-2.6 and 6.x-1.4 are affected.
Ref: http://drupal.org/node/731624

10.12.163 - CVE: Not Available
Platform: Web Application
Title: Gnat-TGP "DOCUMENT_ROOT" Parameter Remote File Include
Description: Gnat-TGP is a PHP-based web application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "DOCUMENT_ROOT" parameter of the "tgpinc.php" script. Gnat-TGP version 1.2.20 is affected.
Ref: http://www.securityfocus.com/bid/38522

10.12.164 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_myblog" Component "task" Parameter Local File Include
Description: The "com_myblog" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "task" parameter of "com_myblog".
Ref: http://www.securityfocus.com/bid/38530

10.12.165 - CVE: Not Available
Platform: Web Application
Title: Argyll CMS "55-Argyll.rules" Security Bypass
Description: Argyll CMS is an open source ICC compatible color management system. The application is exposed to a security bypass issue because it fails to properly restrict access to tty devices in the "55-Argyll.rules" file. Argyll CMS version 1.0.4 is affected.
Ref: http://www.securityfocus.com/bid/38532

10.12.166 - CVE: Not Available
Platform: Web Application
Title: DosyaYukle Scripti Remote File Upload
Description: DosyaYukle Scripti is a PHP-based upload script. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input to the upload feature of the application. Uploaded content can be accessed via the "/dosyayukle/dosyalar/" directory. DosyaYukle Scripti version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/38527

10.12.167 - CVE: Not Available
Platform: Web Application
Title: Emweb Wt Multiple Cross-Site Scripting and Unspecified Security Vulnerabilities
Description: Emweb Wt is a C++ library for developing interactive web applications. The application is exposed to multiple security issues. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Emweb Wt versions prior to 3.1.1 are affected.
Ref: http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html

10.12.168 - CVE: Not Available
Platform: Web Application
Title: Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities
Description: Drupal is a web-based content manager. The application is exposed to multiple security issues. An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions, and perform other attacks. Drupal versions 5.x prior to 5.22 and Drupal versions 6.x prior to 6.16 are affected.
Ref: http://drupal.org/node/731710

10.12.169 - CVE: Not Available
Platform: Web Application
Title: Natychmiast CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Description: Natychmiast CMS is a PHP-based content manager. The application is exposed to multiple cross-site scripting and SQL injection issues because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/archive/1/509890

10.12.170 - CVE: Not Available
Platform: Web Application
Title: OpenPNE Login Security Bypass
Description: OpenPNE is a PHP-based social networking service engine application. The application is exposed to a security bypass issue that affects the login functionality of the mobile version of the application. Attackers may bypass security restrictions to login without proper authorization. OpenPNE versions prior to 2.14.4.1 are affected.
Ref: http://www.securityfocus.com/bid/38564

10.12.171 - CVE: Not Available
Platform: Web Application
Title: Saskia's Shopsystem "id" Parameter Local File Include
Description: Saskia's Shopsystem is a PHP-based online shopping application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "content.php" script. Saskia's Shopsystem beta1 is affected.
Ref: http://www.securityfocus.com/bid/38574

10.12.172 - CVE: Not Available
Platform: Web Application
Title: lukeonweb.net MRW PHP Upload "upload.html" Remote File Upload
Description: lukeonweb.net MRW PHP Upload is a PHP-based application. The application is exposed to a remote file upload issue because it fails to limit the file types that can be uploaded through the "upload.html" file.
Ref: http://www.securityfocus.com/bid/38670

10.12.173 - CVE: Not Available
Platform: Web Application
Title: CodeIgniter "BASEPATH" Multiple Remote File Include Vulnerabilities
Description: CodeIgniter is a development application for PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "BASEPATH" parameter of the "DB_active_rec.php" and "DB_driver.php" scripts. CodeIgniter version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/38672

10.12.174 - CVE: CVE-2010-0054
Platform: Web Application
Title: WebKit HTML Image Element Handling Memory Corruption
Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote memory corruption issue due to a use-after-free error while handling HTML image elements.
Ref: http://www.securityfocus.com/bid/38691

10.12.175 - CVE: Not Available
Platform: Web Application
Title: eZoneScripts Game Room Script Admin Upload Remote File Upload
Description: eZoneScripts Game Room Script is a PHP-based web application. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied files to the admin upload page. Specifically, the application only checks the extension of a file upload, not the contents of the file.
Ref: http://www.securityfocus.com/bid/38705

10.12.176 - CVE: CVE-2010-0613
Platform: Web Application
Title: ARWScripts Fonts Site Script "f" Parameter Local File Include
Description: ARWScripts Fonts Site Script is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "f" parameter of the "viewfile.php" script.
Ref: http://www.securityfocus.com/bid/38709

10.12.177 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_sbsfile" Component "controller" Parameter Local File Include
Description: The "com_sbsfile" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_sbsfile".
Ref: http://www.securityfocus.com/bid/38713

10.12.178 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_juliaportfolio" Component "controller" Parameter Local File Include
Description: The "com_juliaportfolio" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_juliaportfolio".
Ref: http://www.securityfocus.com/bid/38715

10.12.179 - CVE: Not Available
Platform: Web Application
Title: deV!Lz Clanportal "inc/config.php" Remote File Include
Description: deV!L'z Clanportal is a PHP-based web portal application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "basePath" parameter of the "inc/config.php" script. deV!L'z Clanportal version 1.5.2 is affected.
Ref: http://www.securityfocus.com/bid/38720

10.12.180 - CVE: Not Available
Platform: Web Application
Title: PHP-Nuke "name" and "file" Parameters Local File Include
Description: PHP-Nuke is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "name" and "file" parameters of the "module.php" script.
Ref: http://www.securityfocus.com/bid/38727

10.12.181 - CVE: Not Available
Platform: Web Application
Title: DesktopOnNet "don3_lang" Parameter Local File Include
Description: DesktopOnNet is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "don3_lang" parameter of the "don3_toolbox.don3app/don3_toolbox.php" script. DesktopOnNet version 3 Beta9 is affected.
Ref: http://www.securityfocus.com/bid/38728

10.12.182 - CVE: Not Available
Platform: Web Application
Title: Phpkobo AdFreely "LANG_CODE" Parameter Multiple Local File Include Vulnerabilities
Description: Phpkobo AdFreely is a PHP-based web application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. AdFreely version 1.01 is affected.
Ref: http://www.securityfocus.com/bid/38731

10.12.183 - CVE: Not Available
Platform: Web Application
Title: Andromeda "s" Parameter Cross-Site Scripting and Session Fixation Vulnerabilities
Description: Andromeda is a PHP-based streaming MP3 server. Andromeda is exposed to a cross-site scripting issue and a session fixation issue. These issues affect the "s" parameter of the "index.php" script. Andromeda version 1.9.2 is affected.
Ref: http://www.securityfocus.com/bid/38735

10.12.184 - CVE: Not Available
Platform: Web Application
Title: osDate "config["forum_installed"]" Parameter Multiple Remote File Include Vulnerabilities
Description: osDate is a web-based dating application implemented in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "config["forum_installed"]" parameter of the "forum/adminLogin.php" and "forum/userLogin.php" scripts. osDate version 2.1.9 is affected.
Ref: http://evilc0de.blogspot.com/2010/03/osdate-rfi-vuln.html

10.12.185 - CVE: Not Available
Platform: Web Application
Title: Joomla! RokDownloads Component "controller" Parameter Local File Include
Description: RokDownloads is a download management component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_rokdownloads" component.
Ref: http://www.securityfocus.com/bid/38741

10.12.186 - CVE: Not Available
Platform: Web Application
Title: G4J GCalendar Suite Joomla! Component "controller" Parameter Local File Include
Description: G4J GCalendar Suite ('com_gcalendar') is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_gcalendar". GCalendar Suite version 2.1.5 is affected.
Ref: http://www.securityfocus.com/bid/38742

10.12.187 - CVE: Not Available
Platform: Web Application
Title: Ulti Joomla Ulti RPX Joomla! Component "controller" Parameter Local File Include
Description: Ulti Joomla Ulti RPX ("com_rpx") is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_rpx". Ulti RPX version 2.1.0 is affected.
Ref: http://www.securityfocus.com/bid/38743

10.12.188 - CVE: Not Available
Platform: Web Application
Title: Subdreamer CMS Image Gallery Remote File Upload
Description: Subdreamer CMS is a PHP-based content manager. The application is exposed to a remote file-upload issue that occurs because the application fails to adequately sanitize user-supplied input before uploading files to the image gallery. Subdreamer CMS version 3.0.1 is affected.
Ref: http://www.securityfocus.com/bid/38744

10.12.189 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_janews" Component "controller" Parameter Local File Include
Description: The "com_janews" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_janews".
Ref: http://www.securityfocus.com/bid/38746

10.12.190 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_linkr" Component "controller" Parameter Local File Include
Description: The "com_linkr" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_linkr".
Ref: http://www.securityfocus.com/bid/38747

10.12.191 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_ganalytics" Component "controller" Parameter Local File Include
Description: The "com_ganalytics" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_ganalytics".
Ref: http://www.securityfocus.com/bid/38749

10.12.192 - CVE: Not Available
Platform: Web Application
Title: Stack Ideas "com_sectionex" Component for Joomla! Local File Include
Description: The "com_sectionex" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_sectionex".
Ref: http://www.securityfocus.com/bid/38751

10.12.193 - CVE: Not Available
Platform: Web Application
Title: Joomla! Ninja RSS Syndicator Component Local File Include
Description: The Ninja RSS Syndicator application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_ninjarsssyndicator".
Ref: http://www.securityfocus.com/bid/38761

10.12.194 - CVE: Not Available
Platform: Web Application
Title: MyBB Template Parser Remote PHP Code Execution
Description: MyBB (MyBulletinBoard) is a PHP-based bulletin board application. MyBB is exposed to a remote PHP code execution issue that occurs in the application's template parser. MyBB version 1.4.11 is affected.
Ref: http://www.securityfocus.com/bid/38766

10.12.195 - CVE: CVE-2010-0465
Platform: Web Application
Title: SugarCRM Text Filtering Online Documents Section HTML Injection
Description: SugarCRM is a PHP-based customer relationship management application. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "name" field of the Online Documents section. SugarCRM versions prior to 5.5.0a and 5.2.0 are affected.
Ref: http://www.securityfocus.com/archive/1/510116

10.12.196 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_ckforms" Component "controller" Parameter Local File Include
Description: The "com_ckforms" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_ckforms".
Ref: http://www.securityfocus.com/bid/38783

10.12.197 - CVE: Not Available
Platform: Network Device
Title: DeviceKit Storage Device Label Local Privilege Escalation
Description: DeviceKit is a device enumeration toolkit similar to HAL. The application is exposed to a local privilege escalation issue because it fails to properly sanitize the labels of pluggable storage devices. Specifically, the "/" character was not stripped from label names prior to mount attempts.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=523178

10.12.198 - CVE: Not Available
Platform: Network Device
Title: RCA Digital Cable Modem DCM425 "micro_httpd" Remote Denial of Service
Description: The RCA Digital Cable Modem DCM425 is a broadband cable modem. The device is exposed to a remote denial of service issue because it fails to handle specially crafted TCP packets. Specifically, attackers can trigger this issue by sending 1040 bytes to the "micro_httpd" HTTP server on TCP port 80. The RCA Digital Cable Modem DCM425 is affected.
Ref: http://www.securityfocus.com/bid/38488

10.12.199 - CVE: Not Available
Platform: Network Device
Title: Multiple Apple Wireless Products FTP Port Forward Security Bypass
Description: Multiple Apple wireless products are exposed to a security bypass issue. This issue affects the FTP Port command. Specifically, FTP servers running behind Network Address Translation (NAT) can have the command channel re-written so that attackers can access the server when operating in passive mode.
Ref: http://www.securityfocus.com/archive/1/509867

10.12.200 - CVE: CVE-2010-0103
Platform: Network Device
Title: Energizer DUO USB Battery Charger Unauthorized Access
Description: Energizer DUO is a USB battery charger. Energizer DUO is exposed to an unauthorized-access issue. Specifically, the "arucer.dll" accepts arbitrary commands through TCP port 7777. This effectively acts as a back door to the vulnerable computer.
Ref: http://www.kb.cert.org/vuls/id/154421

10.12.201 - CVE: CVE-2010-0418
Platform: Network Device
Title: Chumby Multiple Products Remote Arbitrary Command Injection
Description: Chumby One and Chumby Classic are electronic devices for browsing the web. The devices are exposed to a remote command injection issue because they fail to adequately sanitize user-supplied input data. Chumby One versions prior to 1.0.4 and Chumby Classic versions prior to 1.7.2 are affected.
Ref: http://www.chumby.com/pages/release10mar

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Check Them Out!

Provided more depth on available tools than any other conference!
-Eric Moriak, Flowserve

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 12
March 18, 2010

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

Other Microsoft Products

Third Party Windows Apps

Linux

BSD

Unix

Novell

Cross Platform

Web Application - Cross Site Scripting

Web Application - Cross-Site Scripting

Web Application - SQL Injection

Web Application

Network Device

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 12, 2010

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 12March 18, 2010

Current Newsletters

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

Other Microsoft Products

Third Party Windows Apps

Linux

BSD

Unix

Novell

Cross Platform

Web Application - Cross Site Scripting

Web Application - Cross-Site Scripting

Web Application - SQL Injection

Web Application

Network Device

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered VulnerabilitiesWeek 12, 2010

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

Volume: IX, Issue: 12
March 18, 2010

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 12, 2010