Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 14
April 1, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 9 (#1)
    • Mac Os
    • 1 (#2)
    • Linux
    • 5
    • HP-UX
    • 2
    • Solaris
    • 1
    • AIX
    • 1
    • Novell
    • 1
    • Cross Platform
    • 32 (#3, #4, #5)
    • Web Application - Cross Site Scripting
    • 9
    • Web Application - SQL Injection
    • 14
    • Web Application
    • 16
    • Network Device
    • 12

*************** Sponsored By St. Bernard Software ****************

Is your IT organization struggling to keep your enterprise servers in compliance with security policy? Could your organization pass a surprise security audit today? Security Blanket performs fast, consistent, and repeatable operating system lock down to industry or custom security settings in minutes, not days. Audit ready, all the time! Try Security Blanket for FREE.

http://www.sans.org/info/57453

******************************************************************

TRAINING UPDATE

- -- SANS Northern Virginia Bootcamp 2010, April 6-13 Bonus evening presentations include Safe Surfing: How to Surf the Net Without Getting PWND

http://www.sans.org/reston-2010/

- -- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

http://www.sans.org/security-west-2010/

- -- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

- -- SANSFIRE Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

- -- SANS Boston 2010, June 6-14, 2010 11 courses

http://www.sans.org/boston-2010/

Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Dubai, Geneva, Toronto, Singapore and Amsterdam all in the next 90 days.

For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

******************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Mac Os
Linux
HP-UX
Solaris
Aix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************** Sponsored Link ************************

1) Get real-world forensic techniques from industry-recognized experts at the 2010 European Community Digital Forensics & Incident Response Summit April 19-20 in London.

http://www.sans.org/info/57458

******************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Joshua Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Apple Mac OS X Multiple Vulnerabilities
  • Affected:
    • Apple Mac OS X

  • Description: Multiple vulnerabilities have been reported in Apple's Macintosh OS X, an operating system widely deployed on Apple computers. Successfully exploiting one of these vulnerabilities would allow an attacker to create a variety of exploit conditions. The vulnerabilities range from buffer overflows, bypass of security restrictions, privilege escalation, memory corruption, to denial of services. The vulnerabilities affect a number of Mac OS X applications. Some of these vulnerabilities may be used by attackers to execute arbitrary code on the vulnerable machine.

  • Status: vendor confirmed, updates available

  • References:
  • (5) MODERATE: Apple QuickTime Multiple Vulnerabilities
  • Affected:
    • Apple QuickTime Player prior to 7.6.6 on Windows 7, Vista, and XP SP 2

  • Description: Multiple code execution vulnerabilities have been discovered in QuickTime, a popular media player developed by Apple. The vulnerabilities involve insufficient validation of user input and might lead to memory corruption and buffer overflows. A specially crafted PICT or BMP image or malicious video file can be used to trigger this vulnerability. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application.

  • Status: vendor confirmed, updates available

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 14, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 14, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 8652 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.14.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Unspecified Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to an unspecified remote code execution issue that arises when a user visits a malicious site.
  • Ref: http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf
  • 10.14.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0267) Memory Corruption
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Microsoft Internet Explorer is exposed to a memory corruption issue. This issue occurs when the application attempts to access an object that is uninitialized or deleted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
  • 10.14.3 - CVE: CVE-2010-0807
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Rendering Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when the browser displays a malicious webpage. This issue occurs because of an error when accessing an object that has been incorrectly initialized or deleted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
  • 10.14.4 - CVE: CVE-2010-0805
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2010-0805) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when the browser displays a malicious webpage. This issue occurs because of an error when accessing an object that has been incorrectly initialized or deleted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
  • 10.14.5 - CVE: CVE-2010-0489
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Race Condition (CVE-2010-0489) Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Microsoft Internet Explorer is exposed to a remote code execution issue that occurs when the application attempts to access an object that has been corrupted by a race condition.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
  • 10.14.6 - CVE: CVE-2010-0491
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2010-0491) Memory Corruption Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when the browser opens a malicious webpage. This issue occurs because of an error when accessing an object that has been incorrectly initialized or deleted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
  • 10.14.7 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Post Encoding Information Disclosure
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. Internet Explorer is exposed to an information disclosure issue that arises when the browser displays a malicious webpage. This issue occurs because it fails to properly handle content using specific encoded strings when submitting data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
  • 10.14.8 - CVE: CVE-2010-0490
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Uninitialized Memory (CVE-2010-0490) Memory Corruption
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Microsoft Internet Explorer is prone to a memory corruption vulnerability. This issue occurs when the application attempts to access an object that is uninitialized or deleted.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
  • 10.14.9 - CVE: CVE-2010-0494
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2010-0494) Cross-Domain Information Disclosure
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. The browser is exposed to a cross-domain information disclosure issue because it fails to properly enforce the same-origin policy.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
  • 10.14.10 - CVE: CVE-2009-2801, CVE-2010-0056, CVE-2010-0057,CVE-2010-0533, CVE-2010-0058, CVE-2010-0059, CVE-2010-0060,CVE-2010-0062, CVE-2010-0063, CVE-2010-0064, CVE-2010-0537,CVE-2010-0065, CVE-2010-0497, CVE-2010-0498, CVE-2010-0535,CVE-2010-0500, CVE-2010-0524,
  • Platform: Mac Os
  • Title: Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues that have been addressed in Security Update APPLE-SA-2010-03-29-1. The update addresses new vulnerabilities that affect AppKit, Application Firewall, AFP Server, ClamAV, CoreAudio, CoreMedia, CoreTypes, DesktopServices, Disk Images, Directory Services, Dovecot, Event Monitor, FreeRADIUS, FTP Server, iChat Server, ImageIO, Image RAW, Mail, OS Services, Password Server, Podcast Producer, Preferences, PS Normalizer, QuickTime, Wiki Server, and xar.
  • Ref: http://www.securityfocus.com/bid/39020
  • 10.14.11 - CVE: CVE-2010-0439
  • Platform: Linux
  • Title: Deliver Local Privilege Escalation and Denial of Service Vulnerabilities
  • Description: Deliver is a mail delivery application available for Unix, Linux and other Unix like operating systems. Deliver is exposed to multiple local issues including: Multiple local privilege escalation vulnerabilities due to race conditions, which can be exploited by using symbolic links, and a denial of service issue that may allow attackers to create lock files and prevent users from accessing their mail.
  • Ref: http://www.securityfocus.com/archive/1/510306
  • 10.14.13 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "tcp_rcv_state_process()" Remote Denial of Service
  • Description: The Linux kernel is exposed to a remote denial of service issue in the "tcp_rcv_state_process()" function of the "net/ipv4/tcp_input.c" source file. This issue is triggered when a listening socket is set to "IPV6_RECVPKTINFO" and receives a SYN packet. Linux kernel versions prior to 2.6.19.3 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=577711
  • 10.14.14 - CVE: CVE-2010-1083
  • Platform: Linux
  • Title: Linux Kernel USB interface Local Information Disclosure
  • Description: The Linux kernel is exposed to a local information disclosure issue. Specifically the issue occurs when USB commands fail while trying to read from a USB device. This may return recently freed data of the kernel to the user space.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1083
  • 10.14.15 - CVE: CVE-2010-1088
  • Platform: Linux
  • Title: Linux Kernel NFS Automount "symlinks" Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue that affects NFS. Specifically the issue occurs because automount "symlinks" are followed regardless of "LOOKUP_FOLLOW" check in the "fs/namei.c" file.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1088
  • 10.14.16 - CVE: CVE-2010-0451
  • Platform: HP-UX
  • Title: HP-UX ONCplus NFS Configuration Security Bypass
  • Description: HP-UX is a UNIX based operating system. HP-UX is exposed to a security bypass issue because the ONCplus package can provide an unintended configuration for NFS. Specifically, "NFS_SERVER" may be set to "1" in the "/etc/rc.config.d/nsconf" configuration file. HP-UX versions B.11.31.08 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/38982
  • 10.14.17 - CVE: CVE-2009-1030
  • Platform: HP-UX
  • Title: HP-UX AudFilter Rule Local Denial of Service
  • Description: HP-UX is exposed to a local denial of service issue that occurs when AudFilter rules are enabled. An attacker can exploit this issue to crash the affected computer, denying service to legitimate user.
  • Ref: http://www.securityfocus.com/bid/39046
  • 10.14.18 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Connection Update Manager for Solaris Multiple Insecure Temporary File Creation Vulnerabilities
  • Description: Sun Connection Update Manager for Solaris is an application for managing vendor patches. Sun Connection Update Manager for Solaris creates temporary files in an insecure manner.
  • Ref: http://www.securityfocus.com/archive/1/510305
  • 10.14.19 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "getaddrinfo()" Remote Denial of Service
  • Description: IBM AIX is a UNIX based operating system. AIX is exposed to a remote denial of service issue affecting the "getaddrinfo()" function. Applications that depend on this function may crash; in particular, IBM DB2 is affected. AIX version 5.3 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ66710
  • 10.14.20 - CVE: CVE-2010-0625
  • Platform: Novell
  • Title: Novell Netware FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
  • Description: Netware FTP Server is an FTP server for Novell platform. The server is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data passed to "rmdir" and "mkdir" commands. Netware FTP Server version 5.09.03 is affected.
  • Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5071250.
    html
  • 10.14.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EASY ENTERPRISE Multiple Vulnerabilities
  • Description: EASY ENTERPRISE is a document management application. The application is exposed to multiple issues. EASY ENTERPRISE versions prior to 1754 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/38966
  • 10.14.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Smart PC Recorder MP3 File Remote Denial of Service
  • Description: Smart PC Recorder is a voice recorder application. Smart PC Recorder is exposed to a denial of service issue when handling malformed ".mp3" files. Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
  • Ref: http://www.voiceemotion.com/smartrecorder.htm
  • 10.14.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JINAIS IRC Message Remote Denial of Service
  • Description: JINAIS IRC Server is an IRC server application. The application is exposed to a denial of service issue that occurs when handling a message containing a malicious "topic" value. JINAIS version 0.1.8 is affected.
  • Ref: http://www.securityfocus.com/bid/38972
  • 10.14.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Interchange HTTP Response Splitting
  • Description: Interchange is an ecommerce application implemented in Perl. The application is exposed to an HTTP response splitting issue that affects unspecified parameters. The issue arises when the "BounceReferrals" or "BounceRobotSessionURL" directives are enabled. Interchange versions prior to 5.6.3 and 5.4.5 are affected.
  • Ref: http://www.icdevgroup.org/i/dev/news?mv_arg=00042
  • 10.14.25 - CVE: CVE-2010-0168
  • Platform: Cross Platform
  • Title: Mozilla Firefox Image Preloading Content Policy Check Security Bypass
  • Description: Mozilla Firefox is a web browser available for multiple platforms. Firefox is exposed to a security bypass issue because the content loading policies aren't properly checked before preloading images referenced in HTML documents. Mozilla Firefox version 3.6 is affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-13.html
  • 10.14.26 - CVE: CVE-2010-0165
  • Platform: Cross Platform
  • Title: Mozilla Firefox "TraceRecorder::traverseScopeChain()" Remote Memory Corruption
  • Description: Mozilla Firefox is a browser available for various platforms. The application is exposed to a remote memory corruption issue that stems from an error in the "TraceRecorder::traverseScopeChain()" function of the "jstracer.cpp" source code file. Firefox version 3.6 is affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
  • 10.14.27 - CVE: CVE-2010-0166
  • Platform: Cross Platform
  • Title: Mozilla Firefox "gfxTextRun::SanitizeGlyphRuns()" Remote Memory Corruption
  • Description: Mozilla Firefox is a browser available for various platforms. The application is exposed to a remote memory corruption issue that stems from an error in the "gfxTextRun::SanitizeGlyphRuns()" function of the "gfx/thebes/src/gfxFont.cpp" source code file and is triggered when processing crafted Unicode character data. Firefox version 3.6 for Apple Mac OS X is affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
  • 10.14.28 - CVE: CVE-2010-0167
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/Seamonkey CVE-2010-0167 Multiple Memory Corruption Vulnerabilities
  • Description: Mozilla Firefox, Thunderbird, and Seamonkey are browsers available for various platforms. The applications are exposed to multiple remote memory corruption issues.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
  • 10.14.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari 4 Unspecified Remote Code Execution
  • Description: Apple Safari is a browser for the various operating systems. Safari is exposed to an unspecified remote code execution issue that arises when a user visits a malicious site.
  • Ref: http://www.securityfocus.com/bid/38955
  • 10.14.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple iPhone Safari Unspecified Remote Code Execution
  • Description: Apple Safari is a browser for the various operating systems. Safari running in the iPhone is exposed to an unspecified remote code execution issue that arises when a user visits a malicious site.
  • Ref: http://www.securityfocus.com/bid/38957/references
  • 10.14.32 - CVE: CVE-2010-0731
  • Platform: Cross Platform
  • Title: GnuTLS X.509 Certificate Serial Number Decoding Remote Security
  • Description: GNU Transport Layer Security Library (GnuTLS) is a library that implements the TLS 1.0 and SSL 3.0 protocols. It is maintained by GNU and is available for UNIX and Linux variants. The application is exposed to a security issue due to an unspecified error when decoding serial numbers from X.509 certificates on 64-bit big endian platforms.
  • Ref: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4230
  • 10.14.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple iPhone/iPod Touch Safari Malformed Image Remote Code Execution
  • Description: Apple Safari is a browser for the various operating systems. Apple Safari running on iPhone and iPod touch is prone to an unspecified remote code execution vulnerability. This issue occurs when viewing a webpage containing a malicious image. Safari on Apple iPhone and iPod touch versions 3.1.3 and prior are affected.
  • Ref: http://nishantdaspatnaik.yolasite.com/ipodpoc2.php
  • 10.14.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple iPhone Malformed VML Data Remote Code Execution
  • Description: Apple Safari is a browser for the various operating systems. Safari running on the iPhone is exposed to an unspecified remote code execution issue when viewing a malicious webpage containing specially crafted Vector Markup Language (VML). Apple Safari versions included on iPhone 3.1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/38990
  • 10.14.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari for iPhone/iPod touch Malformed "Throw" Exception Remote Code Execution
  • Description: Apple Safari is a browser for various operating systems. Safari on Apple iPhone and iPod touch is exposed to a remote code execution issue that occurs when processing a webpage containing a malformed "throw" exception. Safari on Apple iPhone and iPod touch version 3.1.3 is affected.
  • Ref: http://nishantdaspatnaik.yolasite.com/ipodpoc5.php
  • 10.14.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari iPhone/iPod touch Malformed Webpage Remote Code Execution
  • Description: Apple Safari is a browser for the various operating systems. Safari running on the iPhone and iPod touch is exposed to a remote code execution issue that occurs when viewing a malicious webpage. Safari on Apple iPhone and iPod touch versions 3.1.3 and prior are affected.
  • Ref: http://nishantdaspatnaik.yolasite.com/ipodpoc2.php
  • 10.14.38 - CVE: CVE-2010-0740
  • Platform: Cross Platform
  • Title: OpenSSL "ssl3_get_record()" Remote Denial of Service
  • Description: OpenSSL is an open-source implementation of the SSL protocol that is used by a number of other projects, including but not limited to Apache, Sendmail, and Bind. It is commonly found on Linux and UNIX systems. OpenSSL is exposed to a denial of service issue caused by a NULL pointer dereference. OpenSSL versions 0.9.8f through 0.9.8m are affected.
  • Ref: http://openssl.org/news/secadv_20100324.txt
  • 10.14.39 - CVE: CVE-2010-0825
  • Platform: Cross Platform
  • Title: GNU Emacs Email Helper Insecure File Creation
  • Description: GNU Emacs is an open source text editor. GNU Emacs is exposed to an insecure file creation issue. This issue occurs because the email helper application creates files without verifying their permissions properly.
  • Ref: http://www.securityfocus.com/bid/39039
  • 10.14.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Trac Ticket Validation Security Bypass
  • Description: Trac is a wiki and issue tracking system. The application is exposed to a security bypass issue that can be exploited by unauthorized users to modify the status and resolution of a ticket. Trac versions prior to 0.11.7 are affected.
  • Ref: http://trac.edgewall.org/wiki/ChangeLog#a0.11.7
  • 10.14.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Aircrack-ng EAPOL Packet Processing Buffer Overflow
  • Description: Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program; it is available for Microsoft Windows and Linux operating systems. Aircrack-ng is exposed to a buffer overflow issue. An attacker can exploit this issue by supplying a malicious capture file or data through a network where an instance of Aircrack-ng is being used to monitor traffic.
  • Ref: http://www.securityfocus.com/bid/39045
  • 10.14.42 - CVE: CVE-2010-1031
  • Platform: Cross Platform
  • Title: HP Insight Control for Linux Unspecified Local Privilege Escalation
  • Description: HP Insight Control Suite for Linux is a management interface for Linux-based servers. Insight Control Suite for Linux is exposed to an unspecified local privilege escalation issue. HP Insight Control for Linux versions 2.11 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/510406
  • 10.14.43 - CVE: CVE-2010-0770
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Orb Client Remote Denial of Service
  • Description: IBM WebSphere Application Server (WAS) is a service-oriented architecture. IBM WebSphere Application Server (WAS) is exposed to a remote denial of service issue due to a design error when handling SSL handshakes for ORB clients. WAS versions prior to 7.0.0.9, 6.1.0.31 and 6.0.2.41 are affected.
  • Ref: http://xforce.iss.net/xforce/xfdb/57182
  • 10.14.44 - CVE: CVE-2010-0448
  • Platform: Cross Platform
  • Title: HP SOA Registry Foundation Unspecified Information Disclosure
  • Description: SOA Registry Foundation is a UDDI (Universal Description, Discovery and Integration) registry available for multiple platforms. The device is exposed to an unspecified remote information disclosure issue. SOA Registry Foundation 6.63 and 6.64 running on AIX, HP-UX, Linux, Solaris, and Windows are affected.
  • Ref: http://www.securityfocus.com/bid/39059
  • 10.14.45 - CVE: CVE-2010-0449
  • Platform: Cross Platform
  • Title: HP SOA Registry Foundation Unspecified Cross-Site Scripting
  • Description: SOA Registry Foundation is a Universal Description, Discovery and Integration (UDDI) registry available for multiple platforms. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. SOA Registry Foundation 6.63 and 6.64 running on AIX, HP-UX, Linux, Solaris, and Windows are affected.
  • Ref: http://www.securityfocus.com/bid/39060
  • 10.14.46 - CVE: CVE-2010-0450
  • Platform: Cross Platform
  • Title: HP SOA Registry Foundation Unspecified Privilege Escalation
  • Description: SOA Registry Foundation is a UDDI (Universal Description, Discovery and Integration) registry available for multiple platforms. The application is exposed to an unspecified privilege escalation issue. SOA Registry Foundation 6.63 and 6.64 running on AIX, HP-UX, Linux, Solaris, and Windows are affected.
  • Ref: http://www.securityfocus.com/bid/39061
  • 10.14.47 - CVE: CVE-2010-0846
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business CVE-2010-0846 Remote ImageIO
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability in ImageIO. The issue can be exploited over multiple protocols. Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.14.48 - CVE: CVE-2010-0840, CVE-2010-0839, CVE-2010-0087
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business CVE-2010-0840 Remote Java Runtime Environment
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, and 1.4.2_25 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.14.49 - CVE: CVE-2010-0841
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business CVE-2010-0841 Remote ImageIO
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability in ImageIO. The issue can be exploited over the "Multiple" protocol. An attacker does not require privileges to exploit this vulnerability. Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, and 1.4.2_25 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.14.51 - CVE: CVE-2010-0842
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business CVE-2010-0842 Remote Vulnerability
  • Description: Oracle Java SE and Java for Business are exposed to a remote issue affecting the Sound component. The vulnerability can be exploited over multiple protocols. This vulnerability affects the following supported versions: 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.14.52 - CVE: CVE-2010-0843
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business CVE-2010-0843 Remote Vulnerability
  • Description: Oracle Java SE and Java for Business are exposed to a remote issue affecting the Sound component. The vulnerability can be exploited over multiple protocols. Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.14.53 - CVE: CVE-2010-0452
  • Platform: Web Application - Cross Site Scripting
  • Title: HP Project and Portfolio Management Center Unspecified Cross- Site Scripting Vulnerabilities
  • Description: HP Project and Portfolio Management Center (PPMC) is a project management application. The application is exposed to multiple unspecified cross-site scripting issues because it fails to sanitize user-supplied input. HP Project and Portfolio Management Center versions 7.5 SP3 and earlier, and 7.1 SP10 and earlier are affected.
  • Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01762443
  • 10.14.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: vBulletin 4.0.2 Search Cross-Site Scripting
  • Description: vBulletin is a web-based forum application implemented in PHP. The application is prone to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "query" parameter of the search pages. vBulletin version 4.0.2 is affected.
  • Ref: http://www.vbulletin.com/forum/showthread.php?346486-Security-Fix-Releases-3.7.7
    -and-4.0.2-PL-2
  • 10.14.55 - CVE: CVE-2010-0171
  • Platform: Web Application - Cross Site Scripting
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey Multiple Cross Domain Scripting Vulnerabilities
  • Description: Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Firefox, Thunderbird, and SeaMonkey are exposed to multiple cross-domain scripting issues that occur when a wrapped object is accessed by the "addEventListener()" and "setTimeout()" functions. Firefox versions prior to 3.6.2, 3.5.8, and 3.0.18 are affected. Thunderbird versions prior to 3.0.2 are affected. SeaMonkey versions prior to 2.0.3 are affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-12.html
  • 10.14.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: vBulletin Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: vBulletin is a web-based forum application implemented in PHP. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. vBulletin versions prior to 4.0.2 PL4 are affected.
  • Ref: http://www.exploit-db.com/exploits/11887
  • 10.14.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM WEBi Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: IBM WEBi is a web interface for content management. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. IBM WEBi versions prior to 1.0.4 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg24025662
  • 10.14.58 - CVE: CVE-2010-0938
  • Platform: Web Application - Cross Site Scripting
  • Title: Todoo Forum "todooforum.php" Cross-Site Scripting
  • Description: Todoo Forum is a web-based bulletin board implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data in the "id_forum" parameter of the "todooforum.php" script. Todoo Forum version 2.0 is affected.
  • Ref: http://www.todoomasters.com/
  • 10.14.59 - CVE: CVE-2010-0768
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM WebSphere Application Server Administration Console Cross- Site Scripting
  • Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. WAS is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. This issue affects the Administration Console. WAS versions prior to 7.0.0.9, 6.1.0.31, and 6.0.2.4 are affected.
  • Ref: http://xforce.iss.net/xforce/xfdb/57164
  • 10.14.60 - CVE: CVE-2010-0940
  • Platform: Web Application - Cross Site Scripting
  • Title: Simple PHP Guestbook "guestbook.php" Cross-Site Scripting
  • Description: Simple PHP Guestbook is a web application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "action" parameter of the "guestbook.php" script. Simple PHP Guestbook version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39049
  • 10.14.61 - CVE: CVE-2010-0132
  • Platform: Web Application - Cross Site Scripting
  • Title: ViewVC Regular Expression Search Cross-Site Scripting
  • Description: ViewVC is a web-based interface for CVS and Subversion version control repositories. It's implemented in Python. ViewVC is exposed to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. This issue affects the "regular expression search" feature. ViewVC versions prior to 1.1.5 and 1.0.11 are affected.
  • Ref: http://secunia.com/secunia_research/2010-26/
  • 10.14.62 - CVE: CVE-2010-0964
  • Platform: Web Application - SQL Injection
  • Title: Eros Erotik Webkatalog "start.php" SQL Injection
  • Description: Eros Webkatalog is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "start.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39034
  • 10.14.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_xmap" Component "Itemid" Parameter SQL Injection
  • Description: "com_xmap" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/510374
  • 10.14.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_software" Component "software_id" Parameter SQL Injection
  • Description: "com_software" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "software_id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38942
  • 10.14.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Php Scripts CMS "event_desc.php" SQL Injection
  • Description: EPhp Scripts CMS is a web-based content manager; it is implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "es_id" parameter of the "event_desc.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38954
  • 10.14.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SiteX "photo.php" SQL Injection
  • Description: SiteX is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "albumid" parameter of the "photo.php" script before using it in an SQL query. SiteX version 0.7.4 beta is affected.
  • Ref: http://www.securityfocus.com/bid/38976
  • 10.14.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! dcsFlashGames Component "catid" Parameter SQL Injection
  • Description: dcsFlashGames is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of "com_dcs_flashgame" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38981
  • 10.14.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SuperNews "index.php" SQL Injection
  • Description: SuperNews is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "noticia" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.exploit-db.com/exploits/11887
  • 10.14.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Kasseler CMS Jokes Module "id" Parameter SQL Injection
  • Description: Kasseler CMS is a PHP-based content manager. Kasseler CMS is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "module" parameter is set to "Jokes".
  • Ref: http://www.securityfocus.com/bid/38995
  • 10.14.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! multiple SQL Injection Vulnerabilities
  • Description: The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following parameters: "actionid" parameter of the "com_actions" component; "season" parameter of the "com_guide" component; "id" parameter of "com_departments" component; "detail" parameter of "com_tariff" component; "id" parameter of "com_personal" component; "id" parameter of "com_units", "com_topmenu", "com_weblinks", "con","category_id", "com_science" and "com_teacher" component; "aid" parameter of "com_agency" component; "category_id" parameter of "com_business" component; "pro_id" parameter of "com_spec" component; "mosConfig_absolute_path" parameter of "com_universal" component; "cid" parameter of "com_wallpapers" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/38997
  • 10.14.71 - CVE: CVE-2010-0764
  • Platform: Web Application - SQL Injection
  • Title: eSmile "index.php" SQL Injection
  • Description: eSmile is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.exploit-db.com/exploits/11382
  • 10.14.72 - CVE: CVE-2010-0802
  • Platform: Web Application - SQL Injection
  • Title: (nv2) Awards "index.php" SQL Injection
  • Description: (nv2) Awards is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" script before using it in an SQL query. (nv2) Awards version 1.1.0 is affected.
  • Ref: http://forums.invisionize.com/nv2-Awards-120-t137847.html
  • 10.14.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Fuctweb CapCC Plugin for WordPress "plugins.php" SQL Injection
  • Description: Fuctweb CapCC Plugin for WordPress is a web-based application implemented in PHP. CATPCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challenge and response protocol to determine if the user is a human or a computer. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "CAPCC_MAX_ATTEMPTS" field of the "plugins.php" script before using it in an SQL query. CapCC version 1.0 is affected.
  • Ref: http://websecurity.com.ua/2688
  • 10.14.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PhotoPost vBGallery "profile.php" Multiple SQL Injection Vulnerabilities
  • Description: PhotoPost vBGallery is a PHP-based image gallery for the vBulletin content system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to multiple parameters of the "profile.php" script before using it in an SQL query. All Enthusiast PhotoPost version 2.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510362
  • 10.14.75 - CVE: CVE-2010-0973
  • Platform: Web Application - SQL Injection
  • Title: phppool media Domain Verkaufs und Auktions Portal SQL Injection
  • Description: Domain Verkaufs und Auktions Portal is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39054
  • 10.14.76 - CVE: Not Available
  • Platform: Web Application
  • Title: WeBAM Denial of Service Vulnerability and CAPTCHA Bypass
  • Description: WeBAM is a web-based application implemented in PHP. The application is exposed to multiple remote issues. Attackers can leverage these issues to cause the affected server to stop responding or to bypass certain security mechanisms.
  • Ref: http://www.securityfocus.com/archive/1/510318
  • 10.14.77 - CVE: Not Available
  • Platform: Web Application
  • Title: justVisual "p" Parameter Local File Include
  • Description: justVisual is a PHP-based content manager. justVisual is exposed to a local file include issue because it fails to properly sanitize user-supplied input. This issue affects the "p" parameter of the "index.php" script. justVisual versions 2.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/38970
  • 10.14.78 - CVE: Not Available
  • Platform: Web Application
  • Title: New-CMS "pg" Parameter Local File Include
  • Description: New-CMS is a PHP-based content management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "pg" parameter of the "index.php" script. New-CMS versions 1.21 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/38971
  • 10.14.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Direct News Multiple Remote File Include Vulnerabilities
  • Description: Direct News is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Direct News version 4.10.2 is affected.
  • Ref: http://www.securityfocus.com/bid/38975
  • 10.14.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Menu Block Partial Menu Tree Block Title Module HTML Injection
  • Description: Menu Block is a PHP-based component for the Drupal content manager. The Menu Block module for Drupal is prone to an HTML injection vulnerability. Specifically, the application fails to sanitize the partial menu tree parent menu item before using it in a block title. Tag Order versions prior to 6.x-2.3. 5.x-2.1 and 5.x-1.1 are affected.
  • Ref: http://drupal.org/node/752236
  • 10.14.81 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenCMS OAMP Comments Module Add Comment HTML Injection
  • Description: OAMP Comments is a comments module for the OpenCMS content manager. The module for OpenCMS is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input passed. This issue occurs when adding comments. OAMP Comments version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510291
  • 10.14.82 - CVE: CVE-2010-0989
  • Platform: Web Application
  • Title: Pulse CMS "delete.php" Arbitrary File Deletion
  • Description: Pulse CMS is a PHP-based content manager. The application is exposed to an issue that lets attackers delete arbitrary files on the affected computer in the context of the web server. This issue affects the "f" parameter of the "delete.php" script. Pulse CMS version 1.2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510307
  • 10.14.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Mime Mail Module PHP Code Execution
  • Description: Mime Mail module is a module for the Drupal content manager. Mime Mail module is used to receive HTML message body, mime-encode it and send it. The Mime Mail module is exposed to a remote PHP code execution issue that occurs due to improper usage of PCRE regular expression engine. Drupal Mime Mail versions prior to 5.x-1.1 are affected.
  • Ref: http://drupal.org/node/751934
  • 10.14.84 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin Post Title HTML Injection
  • Description: vBulletin is a web-based content manager written in PHP. vBulletin is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "Title" field when creating a new post. vBulletin version 4.0.2 is affected.
  • Ref: http://www.vbulletin.com/forum/showthread.php?346486-Security-Fix-Releases-3.7.7
    -and-4.0.2-PL-2
  • 10.14.85 - CVE: CVE-2010-0988
  • Platform: Web Application
  • Title: Pulse CMS Multiple PHP Code Injection Vulnerabilities
  • Description: Pulse CMS is a PHP-based content manager. Pulse CMS is exposed to multiple issues that let attackers inject arbitrary PHP code. The first issue occurs because the application fails to properly sanitize user-supplied input to the "filename" and "block" parameters of the "view.php" script. Pulse CMS version 1.2.2 is affected.
  • Ref: http://secunia.com/secunia_research/2010-45/
  • 10.14.87 - CVE: Not Available
  • Platform: Web Application
  • Title: WebMaid CMS Multiple Remote and Local File Include Vulnerabilities
  • Description: WebMaid CMS is a PHP-based content management application. WebMaid CMS is exposed to multiple input validation issues. An attacker may leverage these issues to execute arbitrary server side script code that resides on an affected computer or in a remote location with the privileges of the web server process. WebMaid CMS version 0.2-6 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/38993
  • 10.14.88 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Faethon "mainpath" Parameter Multiple File Include Vulnerabilities
  • Description: CMS Faethon is a content manager implemented in PHP. Since it fails to sufficiently sanitize user-supplied input, the application is exposed to multiple file include issues. CMS Faethon version 2.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/38996
  • 10.14.89 - CVE: Not Available
  • Platform: Web Application
  • Title: AdaptCMS Lite "admin.php" Security Bypass
  • Description: AdaptCMS Lite is a PHP-based content manager. The application is exposed to a security bypass issue that affects the "admin.php" script. An attacker can exploit this issue to bypass intended security measures and create a new admin user or modify the site administrator's password. AdaptCMS Lite version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/38998
  • 10.14.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Machines Forum Avatar Upload Arbitrary File Upload
  • Description: Simple Machines Forum (SMF) is an open source web forum that is written in PHP. The application is exposed to an issue that lets attackers upload arbitrary files. The problem occurs because the avatar upload component fails to properly validate contents of an uploaded file. Simple Machines Forum versions 1.1.8 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/39007
  • 10.14.91 - CVE: Not Available
  • Platform: Web Application
  • Title: N-13 News "default_login_language" Parameter Local File Include
  • Description: N-13 News is a news management system implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "default_login_language" parameter of the "modules/login.php" script. N-13 News version 3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/39012
  • 10.14.92 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco TFTP Server Remote Denial of Service
  • Description: Cisco TFTP Server is an implementation of the Trivial File Transfer Protocol. The application is exposed to a remote denial of service issue because it fails to properly user-supplied input. Attackers can crash the application by sending certain input to the server. Cisco TFTP Server version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/38968
  • 10.14.93 - CVE: CVE-2010-0580
  • Platform: Network Device
  • Title: Cisco IOS SIP Message (CVE-2010-0580) Denial of Service
  • Description: Cisco IOS is exposed to a denial of service issue when handling specially crafted SIP messages. An attacker can exploit this issue by submitting specially crafted SIP messages via TCP port 5060 or 5061 or via UDP port 5060.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.s
    html#12_4
  • 10.14.94 - CVE: CVE-2010-0577
  • Platform: Network Device
  • Title: Cisco IOS Software Crafted TCP Packet Denial of Service
  • Description: Cisco IOS is exposed to a denial of service issue when handling specially crafted TCP packets. The vulnerability may only be triggered by a TCP segment received during the TCP session establishment phase. The received TCP segment must contain crafted, not malformed, TCP options.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f34.s
    html
  • 10.14.95 - CVE: CVE-2010-0583
  • Platform: Network Device
  • Title: Cisco IOS H.323 Interface Queue Resource Exhaustion Denial of Service
  • Description: Cisco IOS is exposed to a remote denial of service issue affecting the H.323 protocol implementation. An attacker can exploit this issue to consume all available space in the H.323 interface queue, resulting in a queue wedge, which may prevent new packets from being processed.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee4.s
    html
  • 10.14.96 - CVE: CVE-2010-0578
  • Platform: Network Device
  • Title: Cisco IOS IPsec Internet Key Exchange (IKE) Malformed Packet Denial of Service
  • Description: Cisco IOS is exposed to a remote denial of service issue affecting IPsec. Specifically, the software fails to handle specially crafted Internet Key Exchange (IKE) packets. An attacker can exploit this issue by submitting specially crafted network packets via UDP port 500, 4500, 848, or 4848.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee5.s
    html#@ID
  • 10.14.97 - CVE: CVE-2010-0581
  • Platform: Network Device
  • Title: Cisco IOS SIP Message (CVE-2010-0581) Remote Code Execution
  • Description: Cisco IOS is exposed to a denial of service issue when handling specially crafted SIP messages. An attacker can exploit this issue by submitting specially crafted SIP messages via TCP port 5060 or 5061 or via UDP port 5060.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.s
    html#12_4
  • 10.14.98 - CVE: CVE-2010-0583
  • Platform: Network Device
  • Title: Cisco IOS H.323 Interface Memory Leak Remote Denial of Service
  • Description: Cisco IOS is exposed to a remote denial of service issue affecting the H.323 implementation. Specifically, crafted packets can cause a memory leak, eventually leading to the affected device reloading.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee4.s
    html
  • 10.14.99 - CVE: CVE-2010-0579
  • Platform: Network Device
  • Title: Cisco IOS SIP Message (CVE-2010-0579) Remote Code Execution
  • Description: Cisco IOS is exposed to a denial of service issue when handling specially crafted SIP messages. An attacker can exploit this issue by submitting specially crafted SIP messages via TCP port 5060 or 5061 or via UDP port 5060.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.s
    html#12_4
  • 10.14.100 - CVE: CVE-2010-0585
  • Platform: Network Device
  • Title: Cisco IOS For Communication Manager Express SCCP (CVE-2010-0585) Denial of Service
  • Description: Cisco Communications Manager Express (CUCM) is a software based call processing component of the Cisco IP telephony solution. Cisco IOS, configured for use on Cisco Communication Manager Express, is prone to a denial of service vulnerability. This issue occurs when handling a malformed SCCP message.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f33.s
    html
  • 10.14.101 - CVE: CVE-2010-0584
  • Platform: Network Device
  • Title: Cisco IOS NAT SCCP Fragmentation Support Denial of Service
  • Description: Cisco IOS is exposed to a remote denial of service issue that occurs when a device is configured to use the NAT SCCP Fragmentation Support feature. The attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.
  • Ref: http://www.securityfocus.com/archive/1/510308
  • 10.14.102 - CVE: CVE-2010-0576
  • Platform: Network Device
  • Title: Cisco IOS Multiprotocol Label Switching (MPLS) Malformed Packet Denial of Service
  • Description: Cisco IOS is exposed to a remote denial of service issue affecting Multiprotocol Label Switching (MPLS). Specifically, the software fails to handle specially crafted Label Distribution Protocol (LDP) packets.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee2.s
    html#@ID
  • 10.14.103 - CVE: CVE-2010-0586
  • Platform: Network Device
  • Title: Cisco IOS For Communication Manager Express SCCP (CVE-2010-0586) Denial of Service
  • Description: Cisco Communications Manager Express (CUCM) is a software-based call processing component of the Cisco IP telephony solution. Cisco IOS, configured for use on Cisco Communication Manager Express, is exposed to a denial of service issue that occurs when handling a malformed SCCP message.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f33.s
    html

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS is the fastest way to go from an Information Security beginner to an Information Security guru.
-Dave Howard, Emerson

NetWars - Cyber Range

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.