Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 15
April 8, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Office
    • 1
    • Third Party Windows Apps 2
    • Mac Os
    • 20
    • Linux
    • 4
    • Novell
    • 2
    • Cross Platform
    • 47 (#1, #2, #3)
    • Web Application - Cross Site Scripting 8
    • Web Application - SQL Injection
    • 8
    • Web Application
    • 24

*************************************************************************

TRAINING UPDATE

- -- SANS Northern Virginia Bootcamp 2010, April 6-13 Bonus evening presentations include Safe Surfing: How to Surf the Net Without Getting PWND

http://www.sans.org/reston-2010/

- -- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

http://www.sans.org/security-west-2010/

- -- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

- -- SANSFIRE Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

- -- SANS Boston 2010, August 2-8, 2010 11 courses

http://www.sans.org/boston-2010/

Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Geneva, Toronto, Amsterdam and Canberra all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Third Party Windows Apps
Mac Os
Linux
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Mozilla Firefox Remote Code Execution Vulnerability
  • Affected:
    • Mozilla Firefox version 3.6.2
    • Mozilla Firefox version 3.6

  • Description: Mozilla Firefox, an open source web-browser from the Mozilla Application Suite, is the second most popular browser with a usage share of 24.52% and increasing. A use-after-free vulnerability has been identified in Firefox and it can be exploited by a specially crafted web page. The specific flaw is caused by an error while moving DOM nodes in between documents and by triggering a garbage collection at the right time. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Technical details for these vulnerabilities are available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) HIGH: Foxit Reader Embedded Executable Execution Vulnerability
  • Affected:
    • Foxit Reader versions prior to 3.2.1 0401

  • Description: Foxit reader is a multilingual Portable Document Format (PDF) reader and is known for its faster and simpler method of loading and saving the document and smaller file size. A vulnerability has been identified in Foxit Reader which can be triggered by a specially crafted PDF file. The specific flaw is that the vulnerable application automatically executes, without user's permission, executable programs that are embedded in a PDF document. This is facilitated by the use of "Launch Action" command to run the embedded executable. Full technical details for this vulnerability are publicly available along with a proof-of-concept.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) MODERATE: Computer Associates XOsoft Products Multiple Vulnerabilities
  • Affected:
    • Computer Associates XOsoft Replication r12.5
    • Computer Associates XOsoft Replication r12
    • Computer Associates XOsoft High Availability r12.5
    • Computer Associates XOsoft High Availability r12
    • Computer Associates XOsoft Content Distribution r12.5
    • Computer Associates XOsoft Content Distribution r12

  • Description: XOsoft Inc, acquired by Computer Associates (CA), are developers of replication software for different types of recovery, thereby making sure that critical applications and data are always available. Multiple vulnerabilities have been identified in CA XOsoft which be exploited by attackers to either gain sensitive information or execute arbitrary code. The first issue is caused by lack of authentication while processing SOAP requests and this might enable attackers to enumerate user names. The second issue is again caused by lack of authentication while processing SOAP requests and this might enable attackers and this might enable attackers to gain access to potentially sensitive information. The third issue is caused by an error in "/ws_man/xosoapapi.asmx" SOAP endpoint and this might enable an attacker to execute arbitrary code via malformed requests to the server. The fourth issue is a boundary error in "/entry_point.aspx" service and successful exploitation in this case might lead to remote code execution. Some technical details for some of the vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 15, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 15, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9001 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.15.1 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Office Communicator SIP Remote Denial of Service
  • Description: Microsoft Communicator is an online communications client including instant messaging, voice, and video. The application is exposed to a remote denial of service issue that occurs when a large number of SIP "INVITE" requests are sent to the application.
  • Ref: http://www.securityfocus.com/bid/39221
  • 10.15.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TUGZip 3.5 ZIP File Remote Buffer Overflow
  • Description: TUGZip is a file archiving application for Microsoft Windows platforms. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling specially crafted ZIP files. TUGZip version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39180
  • 10.15.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Miranda IM Information Disclosure
  • Description: Miranda IM is an open source multi protocol instant messenger client for Microsoft Windows. Miranda IM is exposed to a security issue that allows for man-in-the-middle attacks. Specifically the issue occurs when a Jabber/XMPP server does not report that it supports TLS, even if the client application is configured to specifically use TLS.
  • Ref: http://www.securityfocus.com/archive/1/510561
  • 10.15.4 - CVE: CVE-2010-0513
  • Platform: Mac Os
  • Title: Apple Mac OS X PS Normalizer PostScript File Stack Buffer Overflow
  • Description: Apple Mac OS X is exposed to a stack-based buffer overflow issue that affects the PS Normalizer component. This issue occurs when handling a malicious PostScript file. An attacker can exploit this issue by enticing a user into opening a specially crafted PostScript file.
  • Ref: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
  • 10.15.5 - CVE: CVE-2009-0138
  • Platform: Mac Os
  • Title: Apple Mac OS X Preferences System Login Restrictions Authentication Bypass Security
  • Description: Apple Mac OS X is exposed to an authentication bypass issue that affects the Preferences component. This issue occurs because the application fails to properly handle system login restrictions for network accounts.
  • Ref: http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
  • 10.15.6 - CVE: CVE-2010-0056
  • Platform: Mac Os
  • Title: Apple Mac OS X AppKit Cocoa Application Spell Checker Buffer Overflow
  • Description: Apple Mac OS X is exposed to a buffer overflow issue that exists in the Cocoa application included in the AppKit component. This issue is triggered when crafted documents are spell checked.
  • Ref: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
  • 10.15.7 - CVE: CVE-2010-0057
  • Platform: Mac Os
  • Title: Apple Mac OS X AFP Server Mount AFP Share Security Bypass
  • Description: Apple Filing Protocol (AFP) Server is an application that provides file services, including uploading and downloading files onto users' computers. Apple Mac OS X is exposed to a security bypass issue that occurs in the AFP Server. This issue occurs because the application fails to properly restrict access to sensitive functions. Remote attackers can exploit this issue to mount AFP shares as a guest when guest access is intended to be disabled.
  • Ref: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
  • 10.15.8 - CVE: CVE-2010-0059
  • Platform: Mac Os
  • Title: Apple Mac OS X CoreAudio QDM2-Encoded Audio Content Memory Corruption
  • Description: CoreAudio is an audio component of the Apple Mac OS X operating system. Apple Mac OS X is exposed to a memory corruption issue that affects the CoreAudio component. This issue occurs when handling QDMC-encoded audio content.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-041/
  • 10.15.9 - CVE: CVE-2009-280110.5.8 are affected.
  • Platform: Mac Os
  • Title: Apple Mac OS X Application Firewall Rule Remote Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue that affects Application Firewall. Certain rules may not be activated following a reboot. Mac OS X versions 10.5.8 and Mac OS X Server
  • Ref: http://www.securityfocus.com/bid/39169
  • 10.6.3 - CVE: CVE-2010-050510.5.8; Mac OS X Server version Mac OS X versions priorto and Mac OS X Server versions prior to areaffected.
  • Platform: Mac Os
  • Title: Apple Mac OS X ImageIO Component JP2 File Remote Heap Buffer Overflow
  • Description: Apple Mac OS X is exposed to a heap-based buffer overflow issue because it fails to sufficiently validate user-supplied data to the ImageIO component when viewing JP2 image files. Mac OS X version
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-058/
  • 10.15.11 - CVE: CVE-2010-0533
  • Platform: Mac Os
  • Title: Apple Mac OS X AFP Server AFP Share Security Bypass
  • Description: Apple Filing Protocol (AFP) Server is an application that provides file services, including uploading and downloading files onto users' computers. Apple Mac OS X is exposed to a security bypass issue that occurs in AFP Server. This issue occurs because the application fails to properly restrict access to certain path traversal functions.
  • Ref: http://www.securityfocus.com/bid/39172
  • 10.15.12 - CVE: CVE-2010-0063
  • Platform: Mac Os
  • Title: Apple Mac OS X CoreTypes Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue because it fails to properly restrict access to unsafe content types in the CoreTypes component. Specifically, the application fails to present a warning before a user manually opens potentially unsafe ".ibplugin" and ".url" content types downloaded by a browser. Mac OS X version 10.5.8; Mac OS X Server version 10.5.8; Mac OS X versions 10.6 prior to 10.6.3 and Mac OS X Server versions 10.6 prior to 10.6.3 are affected.
  • Ref: http://www.securityfocus.com/bid/39175
  • 10.15.13 - CVE: CVE-2010-0497
  • Platform: Mac Os
  • Title: Apple Mac OS X Internet enabled Disk Image Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue that occurs in the "Disk Images" component. The issue occurs because package file types are opened automatically if a specially crafted Menu Extras plugin is included in an Internet enabled disk image. Mac OS X and OS X Server versions 10.5.8, and 10.6.through 10.6.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/510512
  • 10.15.14 - CVE: CVE-2010-0058
  • Platform: Mac Os
  • Title: Apple Mac OS X ClamAV Definition Update Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue that may allow an attacker to bypass virus scans. Successful exploits will allow attackers to bypass virus scanning, possibly allowing malicious files to escape detection. Mac OS X version 10.5.8 and Mac OS X Server version 10.5.8 are affected.
  • Ref: http://www.securityfocus.com/bid/39170
  • 10.15.15 - CVE: CVE-2010-0064
  • Platform: Mac Os
  • Title: Apple Mac OS X Incorrect Copied File Ownership Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue in the Desktop Services component. This issue occurs because the application fails to properly enforce file ownership when an authenticated copy operation is performed in the Finder. Mac OS X and Mac OS X Server versions 10.6 through 10.6.2 are affected.
  • Ref: http://www.securityfocus.com/bid/39230
  • 10.15.16 - CVE: CVE-2010-0501
  • Platform: Mac Os
  • Title: Apple Mac OS X FTP Server Directory Traversal
  • Description: Apple Mac OS X is exposed to a directory traversal issue that exists in the FTP server component. An attacker can exploit this issue to gain access to files that are outside the FTP root directory.
  • Ref: http://www.securityfocus.com/bid/39231
  • 10.15.17 - CVE: CVE-2010-0507
  • Platform: Mac Os
  • Title: Apple Mac OS X Image RAW Component PEF File Remote Buffer Overflow
  • Description: Apple Mac OS X is exposed to a buffer overflow issue because it fails to sufficiently validate user-supplied data to the 'Image RAW' component when viewing PEF image files.
  • Ref: http://www.securityfocus.com/bid/39232
  • 10.15.18 - CVE: CVE-2010-0524
  • Platform: Mac Os
  • Title: Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass
  • Description: FreeRADIUS is an open source implementation of the RADIUS protocol for authentication. Apple Mac OS X is exposed to an authentication bypass issue that exists in the FreeRADIUS component. This issue occurs because the application fails to properly validate certificates when authenticating users through Extensible Authentication Protocol Transport Layer Security (EAP-TLS).
  • Ref: http://www.securityfocus.com/bid/39234
  • 10.15.19 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X DesktopServices Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue in the Desktop Services component. This issue occurs because the application fails to properly restrict access to sensitive functions. Remote attackers can exploit this issue to bypass intended security restrictions and obtain sensitive information. Mac OS X and Mac OS X Server 10.6 through 10.6.2 are affected.
  • Ref: http://www.securityfocus.com/bid/39236
  • 10.15.20 - CVE: CVE-2010-0503
  • Platform: Mac Os
  • Title: Apple Mac OS X iChat Server Remote Code Execution
  • Description: Apple Mac OS X is exposed to a remote code execution issue that affects the iChat Server component. This issue is caused by a use-after-free error. To exploit this issue, an attacker must have authenticated access to the iChat server.
  • Ref: http://www.securityfocus.com/bid/39245
  • 10.15.21 - CVE: CVE-2010-0065
  • Platform: Mac Os
  • Title: Apple Mac OS X Disk Images Component Mounting "bzip2" Image Remote Code Execution
  • Description: Apple Mac OS X is exposed to a remote code execution issue because the Disk Images component fails to properly handle "bzip2" compressed disk images. Memory may become corrupted if an unsuspecting user mounts a specially crafted image.
  • Ref: http://www.securityfocus.com/bid/39252
  • 10.15.22 - CVE: CVE-2010-0504
  • Platform: Mac Os
  • Title: Apple Mac OS X iChat Server Multiple Buffer Overflow Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple remote stack-based buffer overflow issues that affect the iChat Server component. To exploit these issues, an attacker must have authenticated access to the iChat server. Mac OS X Server version 10.5.8 and Mac OS X Server versions 10.6 prior to 10.6.3 are affected.
  • Ref: http://www.securityfocus.com/bid/39255
  • 10.15.23 - CVE: CVE-2010-0498
  • Platform: Mac Os
  • Title: Apple Mac OS X Directory Services Component Record Name Local Privilege Escalation
  • Description: Apple Mac OS X is exposed to a local privilege escalation issue in the Directory Services component. This issue occurs because of insufficient authorization checks when handling record names.
  • Ref: http://www.securityfocus.com/bid/39256
  • 10.15.24 - CVE: CVE-2010-0727
  • Platform: Linux
  • Title: Linux Kernel GFS/GFS2 Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because of a design error. Specifically the issue affects the "gfs2_lock()" and "gfs_lock()" functions because they do not properly remove POSIX locks on files that are setgid without group execute permission.
  • Ref: http://www.openwall.com/lists/oss-security/2010/03/12/1
  • 10.15.25 - CVE: CVE-2010-1187
  • Platform: Linux
  • Title: Linux Kernel "tipc" Module Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue caused by a race condition. This issue affects the "tipc" (Transparent Inter-Process Communication) module. Specifically, user space applications can cause uninitialized data structures to be dereferenced by sending datagrams through "AF_TIPC" before the "tipc" module is initialized. Linux kernel versions prior to 2.6.34-rc2 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc2
  • 10.15.26 - CVE: CVE-2010-0826
  • Platform: Linux
  • Title: GNU libnss_db Local Information Disclosure
  • Description: The GNU "libnss_db" library is an optional library for the GNU C library. It allows NSS (Name Service Switch) to interact with Berkeley DB databases. The library is exposed to a local information disclosure issue because it attempts to open "DB_CONFIG" databases from the current working directory. libnss_db version 2.2.3 is affected.
  • Ref: https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976
  • 10.15.28 - CVE: Not Available
  • Platform: Novell
  • Title: Novell ZENworks Configuration Management Preboot Service Remote Code Execution
  • Description: Novell ZENworks Configuration Management is an IT management application. ZENworks Configuration Management is exposed to an unspecified remote code execution issue affecting the "Preboot Service" component. ZENworks Configuration Management versions prior to 10.3 are affected.
  • Ref: http://www.novell.com/support/viewContent.do?externalId=7005572
  • 10.15.29 - CVE: Not Available
  • Platform: Novell
  • Title: Novell ZENworks Configuration Management Remote Execution Remote Code Execution
  • Description: Novell ZENworks Configuration Management is an IT management application. ZENworks Configuration Management is exposed to an unspecified remote code execution issue affecting the "Remote Management - Remote Code Execution" component. ZENworks Configuration Management versions prior to 10.3 are affected.
  • Ref: http://www.novell.com/support/viewContent.do?externalId=7005573
  • 10.15.30 - CVE: CVE-2010-0088
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business Remote Java Runtime Environment
  • Description: Oracle Java SE and Java for Business are exposed to a remote issue in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2_25 and 1.3.1_27 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.15.31 - CVE: CVE-2010-0850
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business Remote Java 2D
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability in Java 2D. The issue can be exploited over the "Multiple" protocol. An attacker does not require privileges to exploit this vulnerability. Oracle Java SE and Java for Business version 1.3.1_27 is affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.15.32 - CVE: CVE-2010-0844
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business CVE-2010-0844 Remote
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability affecting the Sound component. The issue can be exploited over multiple protocols. Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23, 1.4.2_25, 1.3.1_27 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.15.33 - CVE: CVE-2010-0082
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business CVE-2010-0082 HotSpot Server Remote
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability in HotSpot Server. The issue can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.15.34 - CVE: CVE-2010-0093
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business Remote Vulnerability
  • Description: Oracle Java SE and Java for Business are exposed to a remote issue affecting the Java Runtime Environment component. The vulnerability can be exploited over multiple protocols. Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23 and 1.4.2_25 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.15.35 - CVE: CVE-2010-0092
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business Remote Vulnerability
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability affecting the Java Runtime Environment component. The issue can be exploited over multiple protocols. This issue affects the 64-bit JVM (Java Virtual Machine) only. Oracle Java SE and Java for Business versions 6 Update 18 and 5.0 Update 23 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.15.37 - CVE: CVE-2010-0085
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business Remote Java Runtime Environment
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability in Java Runtime Environment. The issue can be exploited over the "Multiple" protocol. Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 and 1.3.1_27 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpum
    ar2010.html
  • 10.15.39 - CVE: CVE-2010-0095
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business Remote Java Runtime Environment
  • Description: Oracle Java SE and Java for Business are prone to a remote vulnerability in Java Runtime Environment. The issue can be exploited over multiple protocols. Oracle Java SE and Java for Business versions 6 Update 18, 5.0 Update 23 and 1.4.2_25 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-055/
  • 10.15.40 - CVE: CVE-2010-0686
  • Platform: Cross Platform
  • Title: VMware WebAccess URL Forwarding
  • Description: VMware WebAccess is web application that is designed to manage VMware virtual machines running on VMware virtualization applications. Mware WebAccess is exposed to a URL redirection issue that allows attackers to forward requests that seem to originate from the computer running WebAccess to other computers.
  • Ref: http://www.vmware.com/security/advisories/VMSA-2010-0005.html
  • 10.15.41 - CVE: CVE-2010-1137
  • Platform: Cross Platform
  • Title: VMware WebAccess Virtual Machine Name Cross-site Scripting
  • Description: WebAccess is a web-based application from VMware to access VM images remotely. VMware WebAccess is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to virtual machine names. Virtual Center version 2.5, 2.0.2; VMware Server version 1.0; ESX 3.5 and ESX 3.0.3 are affected.
  • Ref: http://www.vmware.com/security/advisories/VMSA-2010-0005.html
  • 10.15.42 - CVE: CVE-2009-2277
  • Platform: Cross Platform
  • Title: VMware WebAccess "/ui/vmDirect.do" Information Disclosure
  • Description: VMware WebAccess is web application that is designed to manage VMware virtual machines running on VMware virtualization applications. VMware WebAccess is exposed to an information disclosure issue that allows attackers to redirect legitimate user requests to a malicious server. Virtual Center version 2.5 with WebAccess; Virtual Center 2.0.2 with WebAccess; ESX 3.5 with WebAccess and ESX 3.0.3 with WebAccess are affected.
  • Ref: http://www.vmware.com/security/advisories/VMSA-2010-0005.html
  • 10.15.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Foxit Reader Remote Code Execution
  • Description: Foxit Reader is an application for handling PDF files. Foxit Reader is exposed to a remote code execution issue because it fails to properly restrict access to certain functionality. Specifically, by using the "/Launch" functionality it is possible to execute arbitrary commands or embedded executable content from a PDF file. Foxit Reader version 3.2 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/570177
  • 10.15.44 - CVE: CVE-2010-0009
  • Platform: Cross Platform
  • Title: CouchDB Message Digest Verification Security Bypass
  • Description: CouchDB is a document oriented database implemented in Erlang; it is available for multiple platforms. CouchDB is exposed to a security bypass issue because it compares message digests using a variable time algorithm. CouchDB versions prior to 0.11 are affected.
  • Ref: http://www.securityfocus.com/bid/39116
  • 10.15.45 - CVE: CVE-2010-0743
  • Platform: Cross Platform
  • Title: iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
  • Description: iSCSI Enterprise Target is an open source iSCSI implementation based on the Ardis target implementation. The application is provided in the Debian Linux distribution as the "iscsitarget" package. tgt (Linux SCSI target framework) is a similar SCSI target driver management tool. Both of these applications are exposed to multiple format string issues because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted printing function. These issues occur in the "isns.c" source file.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=576359
  • 10.15.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Open DC Hub "MyInfo" Message Remote Stack Buffer Overflow
  • Description: Open DC Hub is a hub application for the Direct Connect network. The Direct Connect network is a file sharing network. Open DC Hub is exposed to a remote stack-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling a malformed "MyInfo" message.
  • Ref: http://www.securityfocus.com/bid/39129
  • 10.15.47 - CVE: CVE-2009-2822
  • Platform: Cross Platform
  • Title: Apple AirPort Base Station MAC Address ACL Remote Security Bypass
  • Description: Apple AirPort Base Station is a wireless network device for sharing network resources. AirPort Base Station is exposed to a security bypass issue because it fails to correctly propagate MAC address Access Control Lists (ACLs) to network extenders. AirPort Base Station running versions prior to AirPort Utility 5.5.1 are affected.
  • Ref: http://www.securityfocus.com/bid/39134
  • 10.15.48 - CVE: CVE-2010-0528, CVE-2010-0527, CVE-2010-0529,CVE-2010-0536
  • Platform: Cross Platform
  • Title: Apple QuickTime Color Table Remote Code Execution
  • Description: Apple QuickTime is a media player that supports multiple file formats. Apple QuickTime is exposed to multiple issues: A remote code execution issue because it fails to sufficiently validate user-supplied data; a memory corruption issue because it fails to sufficiently validate user-supplied data when viewing BMP images; a heap-based buffer overflow issue that is triggered when a maliciously crafted PICT image is viewed. QuickTime versions prior to 7.6.6 are affected on Windows 7, Vista, and XP.
  • Ref: http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html
  • 10.15.49 - CVE: CVE-2010-0520
  • Platform: Cross Platform
  • Title: Apple QuickTime FLC File Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a heap-based buffer overflow issue that is triggered when a crafted FLC movie is viewed. Mac OS X 10.6 versions prior to 10.6.3; Mac OS X Server versions 10.6 prior to 10.6.3 and QuickTime versions 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-044/
  • 10.15.50 - CVE: CVE-2010-0517
  • Platform: Cross Platform
  • Title: Apple QuickTime M-JPEG File Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a heap-based buffer overflow issue that is triggered when a specially crafted M-JPEG file is viewed. Mac OS X versions 10.6 prior to 10.6.3; Mac OS X Server versions 10.6 prior to 10.6.3 and QuickTime versions 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-037/
  • 10.15.51 - CVE: CVE-2010-0011
  • Platform: Cross Platform
  • Title: uzbl "eval_js" Function Arbitrary Script Injection
  • Description: Uzbl is a free open source web browser. Uzbl is exposed to an arbitrary script injection issue because it fails to properly sanitize user-supplied input. Specifically, this issue affects the "eval_js" function in "uzbl-core.c".
  • Ref: http://www.uzbl.org/news.php?id=26
  • 7 - CVE: CVE-2010-051910.6.3; Mac OS X Server versions prior to and QuickTimeversions prior to on Mac OS X and Microsoft Windows XP,Vista, and are affected.
  • Platform: Cross Platform
  • Title: Apple QuickTime FlashPix Encoded File Remote Integer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. Apple QuickTime is exposed to an integer overflow issue when viewing FlashPix encoded files. Mac OS X versions 10.6 prior to
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-043/
  • 10.15.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple QuickTime H.264 Movie File Remote Code Execution
  • Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a remote code execution issue that is triggered when viewing a crafted H.264 movie file. Attackers can exploit this issue to cause memory corruption. Mac OS X versions 10.6 prior to 10.6.3; Mac OS X Server versions 10.6 prior to 10.6.3 and QuickTime versions 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7 are affected.
  • Ref: http://www.securityfocus.com/bid/39159
  • 10.15.54 - CVE: CVE-2010-0514
  • Platform: Cross Platform
  • Title: Apple QuickTime H.261 Movie File Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a remote heap-based buffer overflow issue that is triggered when viewing a crafted H.261 encoded movie file. Attackers can exploit this issue to cause memory corruption. Mac OS X versions 10.6 prior to 10.6.3; Mac OS X Server versions 10.6 prior to 10.6.3; QuickTime versions 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7 are affected.
  • Ref: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
  • 10.15.55 - CVE: CVE-2010-0516
  • Platform: Cross Platform
  • Title: Apple QuickTime RLE File Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a heap-based buffer overflow issue that is triggered when a specially crafted RLE file is viewed. Mac OS X versions 10.6 prior to 10.6.3; Mac OS X Server versions 10.6 prior to 10.6.3; QuickTime versions 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7 are affected.
  • Ref: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
  • 10.15.56 - CVE: CVE-2010-0526
  • Platform: Cross Platform
  • Title: Apple QuickTime MPEG Movie File Remote Heap Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a remote heap-based buffer overflow issue that is triggered when viewing a crafted MPEG encoded movie file. Mac OS X versions 10.6 prior to 10.6.3; Mac OS X Server versions 10.6 prior to 10.6.3; QuickTime versions 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-035/
  • 10.15.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: uTorrent WebUI HTTP "Authorization" Header Remote Denial of Service
  • Description: uTorrent WebUI is a web-based administrative interface for the uTorrent BitTorrent client application. The web interface is exposed to a remote denial of service issue. When the software tries to process HTTP requests containing overly long HTTP "Authorization" headers, a crash is triggered. uTorrent WebUI versions 0.370 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/39182
  • 10.15.59 - CVE: CVE-2010-0060
  • Platform: Cross Platform
  • Title: Apple QuickTime QDMC and QDMC2 Encoded Audio Content Memory Corruption
  • Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a memory corruption issue that occurs in the "QuickTimeAudioSupport.qtx" library when handling QDMC and QDMC2 encoded audio content. Specially crafted values within the audio stream can trigger a heap memory corruption.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-038/
  • 10.15.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome Invalid FTP Server Response Remote Denial of Service
  • Description: Google Chrome is a web browser. The application is exposed to a remote denial of service issue because it fails to handle user-supplied input. An attacker can trigger this issue by enticing an unsuspecting user into visiting a malicious web page that contains a referral to a malicious FTP server. Google Chrome version 4.1.249.1042 is affected.
  • Ref: http://www.trapkit.de/advisories/TKADV2010-004.txt
  • 10.15.61 - CVE: CVE-2010-0532
  • Platform: Cross Platform
  • Title: Apple iTunes Install or Update Local Privilege Escalation
  • Description: Apple iTunes is a media player for Microsoft Windows and Apple MAC OS X. Apple iTunes is exposed to a privilege escalation issue while iTunes is being installed or updated. A file that is created by the install process is executed with SYSTEM level privileges. Apple iTunes versions prior to 9.1 on Microsoft Windows platforms are affected.
  • Ref: http://www.securityfocus.com/archive/1/510426
  • 10.15.62 - CVE: CVE-2010-0531
  • Platform: Cross Platform
  • Title: Apple iTunes MP4 File Processing Remote Denial of Service
  • Description: Apple iTunes is a media player for Microsoft Windows and Apple MAC OS X. Apple iTunes is exposed to a remote denial of service issue that can be triggered by supplying malformed MP4 files to the victim. iTunes versions prior to 9.1 are affected.
  • Ref: http://www.securityfocus.com/bid/39113
  • 10.15.63 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP "str_transliterate()" Buffer Overflow
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a buffer overflow issue that occurs when an overly large string is provided as an argument to the "str_transliterate()" function. PHP version 6.0 dev is affected.
  • Ref: http://www.securityfocus.com/bid/39185
  • 10.15.64 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Server WebDAV Request Remote File Disclosure
  • Description: Sun Java System Web Server is an HTTP server. The application is exposed to a remote file disclosure issue. Specifically the issue occurs when crafted WebDAV requests with "LOCK" and "UNLOCK" commands are sent to the application. Sun Java System Web Server version 7.0 Update 4 is affected.
  • Ref: http://www.securityfocus.com/bid/39187
  • 10.15.65 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cache::Cache Perl Module "/tmp" Insecure File Permissions Vulnerabilities
  • Description: Cache::Cache is a caching module for Perl. Cache::Cache is exposed to multiple insecure file permission issues that occur because the application creates multiple files for the default file cache in the "/tmp" directory with insecure permissions. Cache::Cache version 1.06 is affected.
  • Ref: http://vapid.dhs.org/w/doku.php?id=perl_cache:cache_filecache_permissions_issue
  • 10.15.66 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Facil-CMS Local and Remote File Include Vulnerabilities
  • Description: Facil-CMS is a web-based application. The application is exposed to the multiple input validation issues. 1) A local file include issue that affects the "getSiteIndex" parameter of the "facil-cms/index.php" script. 2) A remote file include issue that affects the "FACIL_THEME" parameter of the "facil-cms//includes/facil-settings.php" script. Facil-CMS version 0.1RC2 is affected.
  • Ref: http://www.securityfocus.com/bid/39197
  • 10.15.67 - CVE: CVE-2010-0750
  • Platform: Cross Platform
  • Title: PolicyKit "pkexec" File Existence Information Disclosure Weakness
  • Description: PolicyKit is used to define and handle policies that allow unprivileged processes to communicate with privileged processes. PolicyKit's "pkexec" utility is exposed to an information disclosure weakness because it violates directory permissions. PolicyKit version 0.96 is affected.
  • Ref: http://cgit.freedesktop.org/PolicyKit/commit/?id=14bdfd816512a82b1ad258fa143ae5f
    aa945df8a
  • 10.15.68 - CVE: CVE-2010-0518
  • Platform: Cross Platform
  • Title: Apple QuickTime Sorenson Encoded Movie File Remote Code Execution
  • Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to a remote code execution issue that is triggered when viewing a crafted Sorenson encoded movie file. Attackers can exploit this issue to cause memory corruption. These versions are affected: Mac OS X versions 10.6 prior to 10.6.3, Mac OS X Server 10.6 prior to 10.6.3, QuickTime 7 prior to 7.6.6 on Mac OS X 10.5.8, plus Microsoft Windows XP, Vista, and 7.
  • Ref: http://www.securityfocus.com/bid/39161
  • 10.15.69 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Foxit Reader "Date()" Denial of Service
  • Description: Foxit Reader is an application for handling PDF files. The application is exposed to a denial of service issue because of an input validation error. This issue occurs when crafted "eval()" calls are made with the "Date()" function. Foxit Reader version 3.2.1.0401 is affected.
  • Ref: http://www.securityfocus.com/bid/39223
  • 10.15.70 - CVE: CVE-2010-0200
  • Platform: Cross Platform
  • Title: Adobe Reader Remote Code Execution
  • Description: Adobe Reader is an application for handling PDF files. Adobe Reader is exposed to a remote code execution issue that is triggered by opening a crafted PDF file. Adobe Reader version 9.3.1 is affected.
  • Ref: http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/
  • 10.15.71 - CVE: CVE-2010-1223
  • Platform: Cross Platform
  • Title: Computer Associates XOsoft Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Computer Associates XOsoft is a disaster recovery application. Computer Associates XOsoft is exposed to multiple buffer overflow issues. Successfully exploiting these issues will allow attackers to execute arbitrary code within the context of the affected application.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-066/
  • 10.15.72 - CVE: Not Available
  • Platform: Cross Platform
  • Title: McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
  • Description: McAfee Email Gateway (formerly IronMail) is an email gateway application. McAfee Email Gateway is exposed to multiple issues. 1) A local privilege escalation issue that affects the command line interface when setting the "USER environment" variable. 2) A denial of service issue that affects the client interface when forking multiple processes. 3) A local information disclosure issue that may allow unauthorized users to gain access to usernames and other sensitive information. 4) Multiple cross-site scripting issues that affect the "queueMsgType" and "QtnType" parameters of the "queuedMessage.do" script. McAfee Email Gateway versions prior to 6.7.2 Hotfix 2 are affected.
  • Ref: https://kc.mcafee.com/corporate/index?page=content&id=SB10008
  • 10.15.73 - CVE: CVE-2010-0537
  • Platform: Cross Platform
  • Title: Computer Associates XOsoft Username Enumeration Information Disclosure
  • Description: Computer Associates XOsoft is a disaster recovery application. XOsoft is exposed to an information disclosure issue because of a lack of appropriate authentication. The application enumerates usernames through SOAP requests.
  • Ref: http://www.securityfocus.com/bid/39244
  • 10.15.74 - CVE: CVE-2010-0629
  • Platform: Cross Platform
  • Title: MIT Kerberos kadmind "server_stubs.c" Remote Denial Of Service
  • Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos is exposed to a remote denial of service issue. Specifically, the "kadmind" administration daemon process may crash if an authenticated user communicates using a newer version of the "kadmin" protocol than the daemon supports. MIT Kerberos versions 5 1.5 through 1.6.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/510566
  • 10.15.75 - CVE: CVE-2010-1222
  • Platform: Cross Platform
  • Title: Computer Associates XOsoft Unspecified SOAP Request Information Disclosure
  • Description: Computer Associates XOsoft is a disaster recovery application. XOsoft is exposed to an information disclosure issue because of a lack of appropriate authentication. This issue affects unspecified SOAP requests.
  • Ref: http://www.securityfocus.com/archive/1/510564
  • 10.15.76 - CVE: CVE-2010-0535
  • Platform: Cross Platform
  • Title: Dovecot Service Control Access List Security Bypass
  • Description: Dovecot is a mail server application for Linux and UNIX like operating systems. Dovecot is exposed to a security bypass issue when Kerberos authentication is enabled. This issue occurs because the application fails to properly enforce service access control list (SACL) settings.
  • Ref: http://www.securityfocus.com/bid/39258
  • 10.15.77 - CVE: CVE-2010-1193
  • Platform: Web Application - Cross Site Scripting
  • Title: VMware WebAccess JSON Cross-site Scripting
  • Description: WebAccess is a web-based application from VMware to access a VM image remotely. VMware WebAccess is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to JSON error messages. VMware Server version 2.0 is affected.
  • Ref: http://www.vmware.com/security/advisories/VMSA-2010-0005.html
  • 10.15.78 - CVE: CVE-2010-0828
  • Platform: Web Application - Cross Site Scripting
  • Title: MoinMoin "Despam" Action Cross-Site Scripting
  • Description: MoinMoin is a freely available, open source wiki written in Python. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the page name in the "Despam" action. MoinMoin version 1.7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39110
  • 10.15.79 - CVE: CVE-2010-0941
  • Platform: Web Application - Cross Site Scripting
  • Title: eTek Systems Hit Counter Multiple Cross-Site Scripting Vulnerabilities
  • Description: eTek Systems Hit Counter is a web-based application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Hit Counter version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39117
  • 10.15.80 - CVE: CVE-2010-0804
  • Platform: Web Application - Cross Site Scripting
  • Title: iBoutique Error Page Cross-Site Scripting
  • Description: iBoutique is an ecommerce web application developed in PHP. iBoutique is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the URI on the error page is not adequately sanitized. iBoutique version 4.0 is affected.
  • Ref: http://www.netartmedia.net/
  • 10.15.81 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Piwik "form_url" Parameter Cross-Site Scripting
  • Description: Piwik is a PHP-based wiki application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "form_url" parameter of the "index.php" script. Piwik version 0.5.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39144
  • 10.15.82 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OSSIM "$_SERVER["PHP_SELF"]" Parameter Cross-Site Scripting
  • Description: OSSIM (Open Source Security Information Management) is a compilation of common security tools that are managed through a web console. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "$_SERVER["PHP_SELF"]" parameter of the "control_panel/alarm_console.php" script. OSSIM version 2.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39145
  • 10.15.84 - CVE: CVE-2010-1186
  • Platform: Web Application - Cross Site Scripting
  • Title: NextGEN Gallery WordPress Plugin "xml/media-rss.php" Cross-Site Scripting
  • Description: The NextGEN Gallery plugin for WordPress is a web-based photo application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "mode" parameter of the "xml/media-rss.php" script. NextGEN Gallery versions 1.5.0 and 1.5.1 are affected.
  • Ref: http://www.coresecurity.com/content/nextgen-gallery-xss-vulnerability
  • 10.15.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Centreon "main.php" SQL Injection
  • Description: Centreon (formerly Oreon) is a PHP-based application for monitoring networks. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "host_id" parameter of the "main.php" script before using it in an SQL query. Centreon version 2.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39118
  • 10.15.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ZABBIX "DBcondition" Parameter SQL Injection
  • Description: ZABBIX is an IT monitoring system available for multiple operating platforms. ZABBIX is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" form field of the "api_jsonrpc.php" script. This issue may affect other scripts and parameters that use the "DBcondition()" function in the "include/db.inc.php" source file. ZABBIX versions prior to 1.8.2 are affected.
  • Ref: http://www.zabbix.com/rn1.8.2.php
  • 10.15.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SimpNews Multiple SQL Injection Vulnerabilities
  • Description: SimpNews is a PHP-based news system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. SimpNews versions 2.16.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/39181
  • 10.15.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! Freestyle FAQ Lite Component "faqid" Parameter SQL Injection
  • Description: Freestyle FAQ Lite is a component for the Joomla! content manager. The component is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "faqid" parameter before using it in an SQL query.
  • Ref: http://freestyle-joomla.com/products/freestyle-faq-lite
  • 10.15.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ilchClan "cid" Parameter SQL Injection
  • Description: ilchClan is a content manager. ilchClan is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter before using it an SQL query. ilchClan version 1.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39226
  • 10.15.90 - CVE: CVE-2010-0400
  • Platform: Web Application - SQL Injection
  • Title: Mahara Username Generation SQL Injection
  • Description: Mahara is a web-based portfolio application. Mahara is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data when generating a unique username based on a remote username obtained from a single sign-on application.
  • Ref: http://mahara.org/interaction/forum/topic.php?id=1713
  • 10.15.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_xobbix" Component "prodid" Parameter SQL Injection
  • Description: "com_xobbix" is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "prodid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39259
  • 10.15.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ShopSystem "view_image.php" SQL Injection
  • Description: ShopSystems is a shopping cart application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "view_image.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39260
  • 10.15.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Snipe Gallery Arbitrary File Upload
  • Description: Snipe Gallery is a PHP-based application for image management. The application is exposed to an issue that lets attackers upload arbitrary files. The problem occurs in the "admin/index.php" script when "action" parameter is set to "add" and "cat_id" parameter is set to "3".
  • Ref: http://www.securityfocus.com/bid/39099
  • 10.15.94 - CVE: CVE-2010-0684
  • Platform: Web Application
  • Title: Apache ActiveMQ "createDestination.action" HTML Injection
  • Description: Apache ActiveMQ is a Message Broker and Enterprise Integration Patterns provider. It is implemented in Java and available for a number of platforms. Apache ActiveMQ is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "JMSDestination" parameter of the "createDestination.action" script. Apache ActiveMQ versions prior to 5.3.1 are vulnerable.
  • Ref: http://www.rajatswarup.com/CVE-2010-0684.txt
  • 10.15.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Taxonomy Breadcrumb Module Multiple HTML Injection Vulnerabilities
  • Description: Taxonomy Breadcrumb is a module for the Drupal content manager. The application is exposed to multiple input validation issues. 1) An HTML injection issue that affects the taxonomy term name. 2) An HTML injection issue that affects the node titles. Taxonomy Breadcrumb versions prior to 6.x-1.1 and 5.x-1.5 are vulnerable.
  • Ref: http://drupal.org/node/758456
  • 10.15.96 - CVE: CVE-2010-0967, CVE-2010-0968
  • Platform: Web Application
  • Title: GeekHelps ADMP Local File Include and SQL Injection Vulnerabilities
  • Description: GeekHelps ADMP is a PHP-based content manager. The application is exposed to multiple input validation issues. 1) Multiple local file include issues. 2) A SQL injection issue that affects the "click" parameters of the "bannershow.php" script. GeekHelps ADMP version 1.01 is affected.
  • Ref: http://geekhelps.net/
  • 10.15.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Taxonomy Filter Module Multiple HTML Injection Vulnerabilities
  • Description: Taxonomy Filter is a module for the Drupal content manager. The module is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to "vocabulary names", "terms" and "filter menus" before using it in dynamically generated content. Taxonomy Filter versions prior to 6.x-1.1 are affected.
  • Ref: http://drupal.org/node/758756
  • 10.15.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
  • Description: Moodle is a content manager for online courseware. The application is exposed to multiple security issues. Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information, perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Moodle versions prior to 1.9.8 and 1.8.12 are affected.
  • Ref: http://moodle.org/security/
  • 10.15.99 - CVE: CVE-2010-0799
  • Platform: Web Application
  • Title: phpunity.newsmanager "id" Parameter Local File Include
  • Description: phpunity.newsmanager is web application implemented in PHP. phpunity.newsmanager is exposed to a local file include issue because it fails to properly sanitize user-supplied input. This issue affects the "id" parameter of the "tell.php" script.
  • Ref: http://www.securityfocus.com/bid/39158
  • 10.15.100 - CVE: Not Available
  • Platform: Web Application
  • Title: DynPG CMS Multiple Remote File Include Vulnerabilities
  • Description: DynPG CMS is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. DynPG CMS version 4.1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510477
  • 10.15.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Musicbox "up.php" Arbitrary File Upload
  • Description: Musicbox is a web-based application for hosting a music site. The application is exposed to an issue that lets attackers upload arbitrary files. The problem occurs in the "up.php" script. Musicbox version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39179
  • 10.15.102 - CVE: Not Available
  • Platform: Web Application
  • Title: HoloCMS Denial of Service Vulnerability and CAPTCHA Bypass
  • Description: HoloCMS is a content management application implemented in PHP. The application is exposed to the multiple remote issues. Attackers can leverage these issues to cause the affected server to stop responding or to bypass certain security mechanisms. HoloCMS version 3.1 is affected.
  • Ref: http://websecurity.com.ua/4043/
  • 10.15.103 - CVE: Not Available
  • Platform: Web Application
  • Title: FlatPress "comments.php" HTML Injection
  • Description: FlatPress is a forum application written in PHP. FlatPress is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects posted comments to the site using the "fp-plugins/lastcomments/plugin.lastcomments.php" script. FlatPress version 0.909.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39199
  • 10.15.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Free Image Hosting and Free File Hosting Remote File Upload
  • Description: Free Image Hosting and Free File Hosting are PHP-based applications. The applications are exposed to a remote file upload issue that occurs because the application fails to adequately sanitize user-supplied input before uploading files.
  • Ref: http://www.securityfocus.com/bid/39218
  • 10.15.105 - CVE: Not Available
  • Platform: Web Application
  • Title: ttCMS "inc.header.php" Remote File Include
  • Description: ttCMS is a PHP-based web application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "SYSURL[root]" parameter of the "_acp/templates/inc.header.php" script. ttCMS version 5 is affected.
  • Ref: http://www.securityfocus.com/bid/39218
  • 10.15.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! News Portal Component "controller" Parameter Local File Include
  • Description: The News Portal application is a news component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
  • Ref: http://www.securityfocus.com/bid/39222
  • 10.15.107 - CVE: Not Available
  • Platform: Web Application
  • Title: LionWiki Remote File Upload
  • Description: LionWiki is a PHP-based wiki application. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input to the upload feature of the application. LionWiki version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39224
  • 10.15.108 - CVE: Not Available
  • Platform: Web Application
  • Title: JevonCMS Multiple Remote and Local File Include Vulnerabilities
  • Description: JevonCMS is a PHP-based content management application. JevonCMS is exposed to multiple input validation issues. An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer or in a remote location with the privileges of the web server process.
  • Ref: http://www.securityfocus.com/bid/39228
  • 10.15.109 - CVE: Not Available
  • Platform: Web Application
  • Title: FreePHPBlogSoftware "default_theme.php" Remote File Include
  • Description: FreePHPBlogSoftware is a PHP-based web application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "phpincdir" parameter of the "default_theme.php" script. FreePHPBlogSoftware version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39233
  • 10.15.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Seber Cart Component "view" Parameter Local File Include
  • Description: The Seber Cart application is a shopping cart component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "view" parameter. Seber Cart version 1.0.0.12 is affected.
  • Ref: http://www.securityfocus.com/bid/39237
  • 10.15.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Highslide JS Component "controller" Parameter Local File Include
  • Description: The Highslide JS application is a news component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
  • Ref: http://www.securityfocus.com/bid/39239
  • 10.15.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! J!WHMCS Component "controller" Parameter Local File Include
  • Description: The J!WHMCS application is an account and credentials management component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_jwhmcs". com_jwhmcs version 1.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39243
  • 10.15.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Affiliate Feeds Component for Joomla! "controller" Parameter Local File Include
  • Description: The Affiliate Feeds application is a news component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
  • Ref: http://www.securityfocus.com/bid/39246
  • 10.15.114 - CVE: Not Available
  • Platform: Web Application
  • Title: JOOFORGE Jukebox Component for Joomla! "controller" Parameter Local File Include
  • Description: JOOFORGE Jukebox is a media component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_jukebox" component. Jukebox version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/39248
  • 10.15.115 - CVE: Not Available
  • Platform: Web Application
  • Title: joomla-flickr Component "controller" Parameter Local File Include
  • Description: The joomla-flickr application is an image gallery component for the Joomla! content manager. The component is prone to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_joomlaflickr" component. joomla-flickr version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39251
  • 10.15.116 - CVE: Not Available
  • Platform: Web Application
  • Title: The Best Makers Appointment Component for Joomla! Local File Include
  • Description: The Appointment application is a news component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
  • Ref: http://www.securityfocus.com/bid/39254

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Ben's insight into legal issues and teaching style makes this potentially dry material exciting. His stories and examples add to the printed material
-Karl Kurrle, Golf Savings Bank

CISSP Get Certified Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU