Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 17
April 22, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 5 (#3)
    • Linux
    • 3
    • HP-UX
    • 1
    • Solaris
    • 4
    • Cross Platform
    • 63 (#1, #2, #4, #5)
    • Web Application - Cross Site Scripting
    • 7
    • Web Application - SQL Injection 11
    • Web Application
    • 19
    • Network Device
    • 2

************************ Sponsored By SANS ***********************

Learn how to create a pervasive enterprise security architecture culture where information and network security are a central part of the organization's DNA by attending the SANS Security Architecture Summit April 24-26 in Las Vegas.

http://www.sans.org/info/58278

******************************************************************

TRAINING UPDATE

- -- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

http://www.sans.org/security-west-2010/

- -- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

- -- SANS Secure Europe Amsterdam 2010, June 21-July 3, 2010 8 courses.

http://www.sans.org/secure-amsterdam-2010/

- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

- -- SANS Boston 2010, August 2-8, 2010 11 courses

http://www.sans.org/boston-2010/

Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Geneva, Toronto, Singapore and Canberra all in the next 90 days.

For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
HP-UX
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Links: *****************************

1) Register for the SANS Penetration Testing & Vulnerability Assessment Summit before May, 5 2010 and save $350. http://www.sans.org/info/58283

2) Save $350 on the SANS Forensics and Incident Response Summit when you book by May, 26 2010. http://www.sans.org/info/58288

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Apple Mac OS X Apple Type Services Code Execution Vulnerability (Security Update 2010-003)
  • Affected:
    • Mac OS X Server 10.5
    • Mac OS X 10.5
    • Mac OS X 10.6
    • Mac OS X Server 10.6

  • Description: A remote code execution vulnerability has been identified in Apple Mac OS X. The issue is caused by an indexing error in the Apple Type Services while processing embedded fonts. The specific flaw is in the "TType1ParsingContext::SpecialEncoding()" routine which is defined in " libFontParser.dylib". A document containing a malicious embedded font can be used to trigger this vulnerability. Some technical details for this vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) HIGH: Google Chrome Multiple Vulnerabilities
  • Affected:
    • Google Chrome versions prior to 4.1.249.1059

  • Description: Google Chrome, a web browser from Google, is the fourth most popular browser with 4.63% usage share among all the web browsers. Multiple vulnerabilities have been reported in Google Chrome in the way it handles various inputs. The vulnerabilities reported include cross-site request forgery, cross-site scripting, memory corruption errors, cross-domain access, and privilege escalation. Full technical details for these vulnerabilities are publicly available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 17, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 17, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9136 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.17.1 - CVE: CVE-2010-0589
  • Platform: Third Party Windows Apps
  • Title: Cisco Secure Desktop ActiveX Control Executable File Arbitrary File Download
  • Description: Cisco Secure Desktop is an application that validates and protects the security of SSL VPN clients. Cisco Secure Desktop ActiveX control is exposed to an issue that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.s
    html
  • 10.17.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Mocha W32 LPD Remote Buffer Overflow
  • Description: Mocha W32 LPD is a Windows print server. Mocha W32 LPD is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue by sending excessive data to the LPD daemon upon initial connection. W32 LPD version 1.9 is affected.
  • Ref: http://www.securityfocus.com/bid/39498
  • 10.17.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinMount ZIP File Remote Buffer Overflow
  • Description: WinMount is a file compression/extraction application. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling specially crafted ZIP files. WinMount version 3.3.0401 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510796
  • 10.17.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: netKar PRO ".nkuser" File Creation NULL Pointer Denial of Service
  • Description: netKar PRO is a driving simulator available for Microsoft Windows. netKar PRO is exposed to a remote denial of service issue because it fails to adequately sanitize user-supplied input. netKar PRO version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39558
  • 10.17.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Trellian FTP "PASV" Command Remote Buffer Overflow
  • Description: The Trellian FTP client is an FTP client for Microsoft Windows. The client is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on server-supplied data passed to the "PASV" command.
  • Ref: http://www.securityfocus.com/bid/39598
  • 10.17.6 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "proc_oom_score()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue that affects the "proc_oom_score()" function of the "fs/proc/base.c" source file. Specifically, when the affected function invokes the "badness()" function, it uses the "task->group_leader" parameter, which is set to NULL. This can lead to a NULL-pointer referenced condition. Linux Kernel 2.6.32-rc3 and earlier are affected.
  • Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b95c
    35e76b29ba812e5dabdd91592e25ec640e93
  • 10.17.8 - CVE: CVE-2010-1087
  • Platform: Linux
  • Title: Linux Kernel VM/VFS "invalidatepage()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. Specifically, the VM/VFS does not permit "mapping->a_ops->invalidatepage()" to fail, but the "nfs_wb_page_cancel()" function could fail.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=567184
  • 10.17.9 - CVE: CVE-2010-1032
  • Platform: HP-UX
  • Title: HP-UX Unspecified Local Denial of Service
  • Description: HP-UX is exposed to a local denial of service issue due to an unspecified error.
  • Ref: http://www.securityfocus.com/bid/39588
  • 10.17.10 - CVE: CVE-2010-0882
  • Platform: Solaris
  • Title: Oracle Solaris Local Trusted Extensions
  • Description: Oracle Solaris is exposed to a local issue in Trusted Extensions. Local attackers can exploit this issue to execute arbitrary code with SYSTEM level privileges. Oracle Solaris 10 and OpenSolaris svn_134 and earlier versions are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-263689-1
  • 10.17.11 - CVE: CVE-2010-0889
  • Platform: Solaris
  • Title: Oracle OpenSolaris Local Information Disclosure
  • Description: Oracle OpenSolaris is exposed to a local information disclosure issue. This issue occurs in the kernel, and successful exploits can gain access to potentially sensitive information that might aid in further attacks. OpenSolaris svn_68 through svn_128 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.12 - CVE: CVE-2010-0883, CVE-2010-0884
  • Platform: Solaris
  • Title: Oracle Cluster Unspecified Local Issue
  • Description: Oracle Cluster is exposed to an unspecified local issue. For an exploit to succeed, the attacker must have "Data Service for Oracle E-Business Suite" privileges. This issue affects the following supported versions: 3.1 and 3.2.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-276130-1
  • 10.17.13 - CVE: CVE-2010-0890, CVE-2010-0895
  • Platform: Solaris
  • Title: Oracle Solaris Local
  • Description: Oracle Solaris is exposed to a local issue affecting the kernel. This vulnerability affects the following supported versions: OpenSolaris snv_98 and Solaris 10.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242386-1
  • 10.17.14 - CVE: CVE-2010-0182
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey "nsIContentPolicy" Security Bypass
  • Description: Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. Firefox, Thunderbird and SeaMonkey are exposed to a security bypass issue because the "XMLDocument::load()" function fails to properly validate XML content against the "nsIContentPolicy" security policy. Firefox versions prior to 3.6.2 and 3.5.9; Thunderbird versions prior to 3.0.4 and SeaMonkey versions prior to 2.0.4 are affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
  • 10.17.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Micropoint Proactive Defense "mp110013.sys" Local Privilege Escalation
  • Description: Micropoint Proactive Defense is an anti-virus application. Micropoint Proactive Defense is exposed to a local privilege escalation issue. Specifically, this issue exists in "mp110013.sys" when handling a malicious "DeviceIoControl" request. Micropoint Proactive Defense version 100323.1.2.10581.0285.r1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510712
  • 10.17.16 - CVE: CVE-2010-085110.2.0.3 are affected.
  • Platform: Cross Platform
  • Title: Oracle Database Remote XML DB
  • Description: Oracle Database is exposed to a remote issue in XML DB. The issue can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "Create Session" privileges. Oracle Database versions: 9.2.0.8, 9.2.0.8DV, 10.1.0.5 and
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 12.1.2 - CVE: CVE-2010-085811.5.10.2, and are affected.
  • Platform: Cross Platform
  • Title: Oracle E-Business Suite Remote E-Business Intelligence
  • Description: Oracle E-Business Suite is exposed to a remote issue in E-Business Intelligence. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Supply Chain Intelligence" privileges. Oracle E-Business Suite versions:
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.18 - CVE: CVE-2010-0855
  • Platform: Cross Platform
  • Title: Oracle Fusion Middleware Remote Portal
  • Description: Oracle Fusion Middleware is exposed to a remote issue in Portal. The issue can be exploited over the "HTTP" protocol. An attacker does not require privileges to exploit this issue. Oracle Fusion Middleware version 10.1.2.3 is affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.19 - CVE: CVE-2010-0869
  • Platform: Cross Platform
  • Title: Oracle Transportation Manager Oracle Transportation Management Remote
  • Description: Oracle Transportation Manager is exposed to a remote issue in Oracle Transportation Management. The issue can be exploited over the "HTTP" protocol. Oracle Transportation Manager versions: 5.5.05.07, 5.5.06.00 and 6.0.03 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 11.1.0.7 - CVE: CVE-2010-086010.2.0.4 and are affected.
  • Platform: Cross Platform
  • Title: Oracle Database Remote Core RDBMS
  • Description: Oracle Database is exposed to a remote issue in Core RDBMS. The issue can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "Create User" privileges. Oracle Database versions: 9.2.0.8, 9.2.0.8DV, 10.1.0.5,
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.21 - CVE: CVE-2010-0856
  • Platform: Cross Platform
  • Title: Oracle Fusion Middleware Remote Portal Issue
  • Description: Oracle Fusion Middleware is exposed to a remote issue in Portal. The issue can be exploited over the "HTTP" protocol. An attacker does not require privileges to exploit this issue. Oracle Fusion Middleware versions: 10.1.2.3 and 10.1.4.2 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.22 - CVE: CVE-2010-0872
  • Platform: Cross Platform
  • Title: Oracle Fusion Middleware Remote Oracle Internet Directory
  • Description: Oracle Fusion Middleware is exposed to a remote issue in Oracle Internet Directory. The issue can be exploited over the "LDAP" protocol. An attacker does not require privileges to exploit this issue. Oracle Fusion Middleware versions: 10.1.2.3 and 10.1.4.3 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.23 - CVE: CVE-2010-0862
  • Platform: Cross Platform
  • Title: Oracle Industry Product Suite Remote Retail Issue
  • Description: Oracle Industry Product Suite is exposed to a remote issue in Retail - Oracle Retail Markdown Optimization. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Online Help" privileges. Oracle Industry Product Suite version 13.1 is affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.24 - CVE: CVE-2010-0876
  • Platform: Cross Platform
  • Title: Oracle Life Sciences Industry Suite Remote Issue
  • Description: Oracle Life Sciences Industry Suite is exposed to a remote issue in Clinical Remote Data Capture Option. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "RDC Onsite" privileges. Oracle Life Sciences Industry Suite versions: 4.5.3 and 4.6 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.25 - CVE: CVE-2010-0893
  • Platform: Cross Platform
  • Title: Oracle Convergence Unspecified Remote Issue
  • Description: Oracle Convergence is exposed to an unspecified remote issue which can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Mail" privileges. Oracle Convergence version 1.0 is affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.26 - CVE: CVE-2010-088110.1.2.4 is affected.
  • Platform: Cross Platform
  • Title: Oracle Collaboration Suite Remote User Interface Components
  • Description: Oracle Collaboration Suite Remote User Interface Components is exposed to a remote issue in User Interface Components. The issue can be exploited over the "HTTP" protocol. An attacker does not require privileges to exploit this issue. Oracle Collaboration Suite version
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.27 - CVE: CVE-2010-0864
  • Platform: Cross Platform
  • Title: Oracle Industry Products Suite Remote Retail Place In-Season
  • Description: Oracle Industry Products Suite is prone to a remote vulnerability in Oracle Retail Place In-Season. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Online Help" privileges. This issue affects the Online Help and not the actual application. Oracle Industry Products Suite version 12.2 is affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Communications Industry Suite Remote Issue
  • Description: Oracle Communications Industry Suite is exposed to a remote issue in Oracle Communications Unified Inventory Management. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Online Help" privileges. This issue affects version 7.1.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.29 - CVE: CVE-2010-0875
  • Platform: Cross Platform
  • Title: Oracle Industry Applications Remote Thesaurus Management System
  • Description: Oracle Industry Applications Product Suite is exposed to a remote issue in Life Sciences - Oracle Thesaurus Management System. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "TMS Browser" privileges. This issue affects the following supported versions: 4.5.2, 4.6 and 4.6.1.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.30 - CVE: CVE-2010-085911.5.10.2 ATG RUP6
  • Platform: Cross Platform
  • Title: Oracle E-Business Suite Remote Oracle Application Object Library
  • Description: Oracle E-Business Suite is exposed to a remote issue in Oracle Application Object Library. The issue can be exploited over the "HTTP" protocol. This issue affects the following supported versions:
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.31 - CVE: CVE-2010-0897
  • Platform: Cross Platform
  • Title: Oracle Sun Java System Directory Server Remote Issue
  • Description: Oracle Sun Java System Directory Server is exposed to a remote issue in Directory Service Markup Language. The vulnerability can be exploited over the "LDAP" and "HTTP" protocols. Remote attackers can exploit this issue without authenticating. This issue affects the following supported versions: 5.2, 6.0, 6.1, 6.2, 6.3 and 6.3.1.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-276210-1
  • 10.17.32 - CVE: CVE-2010-0863
  • Platform: Cross Platform
  • Title: Oracle Industry Product Suite Oracle Retail Plan In-Season
  • Description: Oracle Industry Product Suite is exposed to a remote issue in Oracle Retail Plan In-Season. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Online Help" privileges. Oracle Industry Product Suite version 12.2 is affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.33 - CVE: CVE-2010-0894
  • Platform: Cross Platform
  • Title: Oracle Java System Access Manager Remote Issue
  • Description: Oracle Java System Access Manager is exposed to a remote issue. The issue can be exploited over the "HTTP" protocol. An attacker does not require privileges to exploit this issue. Java System Access Manager 7.1, Java System Access Manager 7.0 2005Q4 and OpenSSO Enterprise are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.17.35 - CVE: CVE-2010-0885
  • Platform: Cross Platform
  • Title: Oracle Sun Java System Communications Express Remote Address Book
  • Description: Oracle Sun Java System Communications Express is exposed to a remote issue in Address Book. The issue can be exploited over the "HTTP" protocol. This issue affects the following supported versions: 6 2005Q4 (6.2) and 6.3.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-276630-1
  • 10.17.36 - CVE: CVE-2010-0891
  • Platform: Cross Platform
  • Title: Oracle Sun Management Center Remote Issue
  • Description: Oracle Sun Management Center is exposed to a remote issue. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Solaris Container Manager" privileges. Versions 3.6.1 and 4.0 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248666-1
  • 10.17.37 - CVE: CVE-2010-0436
  • Platform: Cross Platform
  • Title: KDE KDM Insecure File Permission Local Privilege Escalation
  • Description: KDE (K Desktop Environment) is a desktop for Unix variants. KDM (KDE Display Manager) is a replacement of xdm (X Display Manager). KDM is exposed to a local privilege escalation issue because of a race condition error. Specifically, this issue allows local attackers to modify permissions associated with arbitrary files on a computer when KDM attempts to create its control socket during user login. KDM packages shipped with KDE SC versions 2.2.0 up to and including KDE SC 4.4.2 are affected.
  • Ref: http://www.kde.org/info/security/advisory-20100413-1.txt
  • 10.17.38 - CVE: CVE-2010-1163
  • Platform: Cross Platform
  • Title: Todd Miller Sudo "sudoedit" Path Resolution Local Privilege Escalation
  • Description: Todd Miller "sudo" is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. The utility is exposed to a local privilege escalation issue because it fails to correctly handle the "sudoedit" command. Specifically, the issue occurs because the sudo's path resolution code fails to add a "./" prefix to commands found in the current working directory, as expected by sudo's command matching routine. "sudo" versions 1.6.8 up to and including 1.7.2p5 are affected.
  • Ref: http://lab.mediaservice.net/advisory/2010-02-sudo.txt
  • 10.17.39 - CVE: CVE-2010-0994
  • Platform: Cross Platform
  • Title: Visualization Library DAT File Handling Multiple Buffer Overflow Vulnerabilities
  • Description: Visualization Library is a C++ library for building 2-3D graphics applications. Visualization Library is exposed to multiple remote buffer overflow issues because the software fails to perform adequate boundary checks on user-supplied data. These issues occur when the application processes malformed DAT files.
  • Ref: http://secunia.com/secunia_research/2010-2/
  • 10.17.40 - CVE: CVE-2010-0432
  • Platform: Cross Platform
  • Title: Apache OFBiz Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: Apache OFBiz (Open For Business) is an open-source Enterprise Resource Planning (ERP) application. OFBiz is exposed to multiple issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. OFBiz version 9.04 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510746
  • 10.17.41 - CVE: CVE-2010-1317
  • Platform: Cross Platform
  • Title: RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities
  • Description: RealNetworks Helix Server is a multiformat cross-platform streaming server. RealNetworks Helix Server and Helix Mobile Server are exposed to multiple memory corruption issues that can allow attackers to execute remote code: A heap overflow issue related to invalid base64 encodings in NTLM authentication affects the applications. A stack-based buffer overflow issue associated with "AgentX++" affects the applications. An integer overflow issue associated with "AgentX++" affects the applications. Helix Server and Helix Mobile Server versions prior to 14.0 are affected.
  • Ref: http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate04
    1410HS.pdf
  • 10.17.42 - CVE: CVE-2010-0886, CVE-2010-0887
  • Platform: Cross Platform
  • Title: Oracle Java SE and Java for Business Unspecified Vulnerabilities
  • Description: Oracle Java SE and Java for Business are exposed to multiple unspecified issues. These issues may be related to mixed code logging and mixed code warning for "class.getResource("directory/")". Java Runtime Environment versions prior to 1.6.0_20 (JRE 6 Update 20) are affected.
  • Ref: http://blogs.oracle.com/security/2010/04/security_alert_for_cve-2010-08.html
  • 10.17.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RPM Configuration File Handling Remote Buffer Overflow
  • Description: RPM (Remote Print Manager) is an LPD Print Server for Windows. RPM is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue by enticing a user to open a malicious configuration file containing a long "lfFaceName" element. RPM Elite/Select version 5.0.70.6 is affected.
  • Ref: http://www.securityfocus.com/bid/39493
  • 10.17.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM BladeCenter Advanced Management Module Denial of Service
  • Description: IBM BladeCenter Advanced Management Module is a system-management processor for BladeCenter servers. The module is exposed to a remote denial of service issue because it fails to properly handle incoming packets. An attacker can exploit this issue by sending five to ten malformed packets to TCP port 3900.
  • Ref: http://dsecrg.com/pages/vul/show.php?id=149
  • 10.17.45 - CVE: CVE-2010-0739
  • Platform: Cross Platform
  • Title: TeX Live "dospecial.c" ".dvi" File Parsing Integer Overflow
  • Description: TeX Live is a suite for producing TeX documents. TeX Live is exposed to an integer overflow issue because it fails to properly validate user-supplied input. The issue occurs in the "predospecial()" function of the "texk/dvipsk/dospecial.c" source file.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=572941
  • 10.17.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EasyBits Extras Manager "skype-plugin" URI Handler Arbitrary XML File Deletion
  • Description: EasyBits Extras Manager is a plugin component for Skype. EasyBits Extras Manager is exposed to an issue that lets attackers delete arbitrary XML files on the affected computer. Specifically, this issue is triggered when Skype processes a crafted "skype-plugin" URI. Successful attacks can result in denial of service.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-028/
  • 10.17.47 - CVE: CVE-2010-1160, CVE-2010-1161
  • Platform: Cross Platform
  • Title: GNU nano Multiple Local Privilege Escalation Vulnerabilities
  • Description: GNU nano is a text editor application available for multiple platforms. nano is exposed to multiple local privilege escalation issues because it does not maintain an open file descriptor for files being edited, and it writes backup files in an unsafe fashion. nano 2.2.4 are vulnerable.
  • Ref: http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00013.html
  • 10.17.48 - CVE: CVE-2010-0198
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader PNG Data Remote Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote buffer overflow issue that occurs when an affected application parses PNG data within a specially crafted PDF file. This issue affects Adobe Reader 9.3.1 and earlier for Windows, Macintosh and UNIX; Adobe Acrobat 9.3.1 and earlier for Windows and Macintosh; Adobe Reader 8.2.1 and earlier for Windows and Macintosh; and Acrobat 8.2.1 and earlier for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.17.49 - CVE: CVE-2010-0203
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader BMP Data Remote Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote buffer overflow issue that occurs when an affected application parses BMP data within a specially crafted PDF file. This issue affects Adobe Reader 9.3.1 and earlier for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and earlier for Windows and Macintosh; Adobe Reader 8.2.1 and earlier for Windows and Macintosh; and Acrobat 8.2.1 and earlier for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.17.50 - CVE: CVE-2010-0199
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader JPEG Data Remote Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote buffer overflow issue that occurs when an affected application parses JPEG data within a specially crafted PDF file. This issue affects Adobe Reader 9.3.1 and earlier for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and earlier for Windows and Macintosh; Adobe Reader 8.2.1 and earlier for Windows and Macintosh; and Acrobat 8.2.1 and earlier for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.17.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader GIF Data Remote Buffer Overflow
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote buffer overflow issue that occurs when an affected application parses GIF data within a specially crafted PDF file. This issue afects Adobe Reader 9.3.1 and earlier for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and earlier for Windows and Macintosh; Adobe Reader 8.2.1 and earlier for Windows and Macintosh; and Acrobat 8.2.1 and earlier for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.17.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader Prefix Protocol Handler Remote Code Execution
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue that is related to "prefix protocol handlers". This issue affects Adobe Reader 9.3.1 and earlier for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and earlier for Windows and Macintosh; Adobe Reader 8.2.1 and earlier for Windows and Macintosh; and Acrobat 8.2.1 and earlier for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.17.53 - CVE: CVE-2010-0197, CVE-2010-0201, CVE-2010-0204
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader Remote Code Execution
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue because of an unspecified memory corruption issue. This issue affects Adobe Reader 9.3.1 and earlier for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and earlier for Windows and Macintosh; Adobe Reader 8.2.1 and earlier for Windows and Macintosh; and Acrobat 8.2.1 and earlier for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.17.54 - CVE: CVE-2010-0192, CVE-2010-0193, CVE-2010-0196
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader Denial of Service
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a denial of service vulnerability because of an unspecified issue. This issue affects Adobe Reader 9.3.1 and earlier for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and earlier for Windows and Macintosh; Adobe Reader 8.2.1 and earlier for Windows and Macintosh; and Acrobat 8.2.1 and earlier for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.17.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Lotus Notes "SURunAs.exe" Insecure Password Storage Information Disclosure
  • Description: IBM Lotus Notes is a tool for email, calendar, scheduling, and collaboration tasks. The application is exposed to an information disclosure issue because it fails to securely store sensitive data. Specifically, the "SURunAs.exe" program stores Windows administrative authentication credentials in plain text format inside the executable. Lotus Notes versions 7.0, 8.0, and 8.5 are affected.
  • Ref: http://www.securityfocus.com/bid/39525
  • 10.17.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Archive Searcher ZIP File Remote Stack Buffer Overflow
  • Description: Archive Searcher is a compressed file search application. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling specially crafted ZIP files. Archive Searcher version 2.1 is affected.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0216.html
  • 10.17.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: gource Insecure Temporary File Creation
  • Description: gource is an OpenGL-based 3D visualization tool for source control repositories. The application creates temporary files in an insecure manner. Specifically, the application creates the vulnerable log file "/tmp/gource-$UID.tmp". gource versions prior to 0.26b are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
  • 10.17.58 - CVE: CVE-2010-1151
  • Platform: Cross Platform
  • Title: Apache mod_auth_shadow Race Condition Security Bypass
  • Description: mod_auth_shadow is a module for the Apache HTTP Server that authenticates against the "/etc/shadow" file. mod_auth_shadow is exposed to a security bypass issue due to a race condition error. Specifically, the issue occurs when the module uses an external helper library to validate the user credentials.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=578168
  • 10.17.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL UNINSTALL PLUGIN Security Bypass
  • Description: MySQL is an open source SQL database available for multiple operating systems. MySQL is exposed to a security bypass issue that affects the "UNINSTALL PLUGIN" component, which fails to check for privileges before removing a plugin. MySQL versions 5.1.45 and earlier are affected.
  • Ref: http://lists.mysql.com/commits/103144
  • 10.17.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HTTP File Server Security Bypass and Denial of Service Vulnerabilities
  • Description: HTTP File Server is a web server for file sharing. The application is exposed to multiple issues. Exploiting these issues will allow an attacker to download files from restricted directories within the context of the application or cause denial of service conditions.
  • Ref: http://aluigi.altervista.org/adv/hfsref-adv.txt
  • 10.17.61 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fetchmail Debug Mode With Multichar Locale Remote Denial of Service
  • Description: Fetchmail is a freely available, open source, mail retrieval utility. It is available for Unix, Linux, and other Unix like operating systems. Fetchmail is exposed to a remote denial of service issue that occurs when debug mode with Multichar locale is enabled. Fetchmail version 4.6.3 up to and including version 6.3.16 are affected.
  • Ref: http://developer.berlios.de/project/showfiles.php?group_id=1824
  • 10.17.62 - CVE: CVE-2009-3910
  • Platform: Cross Platform
  • Title: Oracle Java Runtime Environment "HsbParser.getSoundBank()" Remote Heap Buffer Overflow
  • Description: Oracle Java SE and Java for Business are exposed to a remote heap-based buffer overflow issue because they fail to sufficiently sanitize user-supplied data. This issue affects the "HsbParser.getSoundBank()" function. Java 5.0 versions prior to Update 24 and Java 6.0 versions prior to Update 19 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21420576
  • 10.17.63 - CVE: CVE-2010-1319
  • Platform: Cross Platform
  • Title: AgentX++ "AgentX::receive_agentx()" Remote Code Execution
  • Description: AgentX++ is an implementation of the Agent Extensibility (AgentX) protocol for supporting SNMP agents. RealNetworks Helix Server is a multiformat, cross-platform streaming server; Helix Server uses AgentX++ source code. AgentX++ is exposed to a remote code execution issue occurs because of an integer overflow condition in the "AgentX::receive_agentx()" function. AgentX++ version 1.4.16 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510822
  • 10.17.64 - CVE: CVE-2010-1318
  • Platform: Cross Platform
  • Title: AgentX++ "AgentX::receive_agentx()" Remote Stack Buffer Overflow
  • Description: AgentX++ is an implementation of the Agent Extensibility (AgentX) protocol for supporting SNMP agents. RealNetworks Helix Server is a multiformat, cross-platform streaming server; Helix Server uses AgentX++ source code. AgentX++ is exposed to a remote stack-based buffer overflow issue affecting the "AgentX::receive_agentx()" function. AgentX++ version 1.4.16 is affected.
  • Ref: http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate04
    1410HS.pdf
  • 10.17.65 - CVE: CVE-2010-0769
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server "resources.xml" Information Disclosure
  • Description: IBM WebSphere Application Server (WAS) is a service-oriented architecture. WebSphere Application Server is exposed to an information disclosure issue because it stores sensitive information in an unsafe fashion. Specifically, "KeyRingPassword" data is stored unencrypted in the "resources.xml" file due to an error related to defining a "J2CConnectionFactory" object. WAS versions prior to 7.0.0.9, 6.1.0.31 and 6.0.2.41 are affected.
  • Ref: http://xforce.iss.net/xforce/xfdb/57185
  • 10.17.66 - CVE: CVE-2010-1458
  • Platform: Cross Platform
  • Title: TweakFS Zip Utility ZIP File Remote Stack Overflow
  • Description: TweakFS Zip Utility is a file extraction application. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling specially crafted ZIP files. TweakFS Zip Utility version 1.0 is affected.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0242.html
  • 10.17.67 - CVE: Not Available
  • Platform: Cross Platform
  • Title: N/X Multiple Input Validation Vulnerabilities
  • Description: N/X is a web-based application. The application is exposed to multiple input validation issues. An attacker can exploit these issues using directory traversal strings to execute local script code in the context of the application or to execute arbitrary code within the context of the web server. N/X version 4.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39571
  • 10.17.68 - CVE: CVE-2010-1152
  • Platform: Cross Platform
  • Title: memcached Memory Consumption Remote Denial of Service
  • Description: memcached is a database caching application available for multiple operating systems. memcached is exposed to a remote denial of service issue. Specifically when a large amount of data without a terminating "n" is provided, the application allocates a large amount of memory. memcached versions prior to 1.4.3 are affected.
  • Ref: http://bugs.pardus.org.tr/show_bug.cgi?id=12672
  • 10.17.69 - CVE: CVE-2010-1033
  • Platform: Cross Platform
  • Title: HP Operations Manager Buffer Overflow
  • Description: HP Operations Manager is an application for managing IT infrastructure. It is available for a number of platforms, including Microsoft Windows. HP Operations Manager is exposed to a buffer overflow issue that affects the "srcvw32.dll" and "srcvw4.dll" files. HP Operations Manager for Windows version 8.10, HP Operations Manager for Windows version 8.16, and HP Operations Manager for Windows version 7.5 is affected.
  • Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02078800
  • 10.17.70 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Cybozu Products Unauthorized Access
  • Description: Multiple Cybozu products are exposed to an unauthorized access issue because they fail to adequately restrict access to sensitive information. These issues affect the login interface, which performs insufficient checks prior to allowing access.
  • Ref: http://www.securityfocus.com/bid/39579
  • 10.17.71 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Cognos 8 Business Intelligence Unspecified Security
  • Description: IBM Cognos 8 Business Intelligence provides business intelligence on a single, service oriented architecture (SOA). IBM Cognos 8 Business Intelligence is exposed to an unspecified issue. IBM Cognos 8 Business Intelligence versions prior to 8.4.1 FP1 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM04649
  • 10.17.72 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DotNetNuke System Message Information Disclosure
  • Description: DotNetNuke is an open source framework for creating and deploying web sites. DotNetNuke is exposed to an information disclosure issue due to a design error which causes system messages to be stored in clear text. DotNetNuke versions 5.3.0 up to and including 5.3.1 are affected.
  • Ref: http://www.dotnetnuke.com/News/Securitybulletinno34/tabid/1531/Default.aspx
  • 10.17.73 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HTTP 1.1 GET Request Directory Traversal
  • Description: The HTTP application is an HTTP server. The HTTP application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Specifically, the application fails to sanitize directory traversal strings ("../") from HTTP GET requests. HTTP version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39590
  • 10.17.74 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Acritum Femitter Server URI Directory Traversal
  • Description: Acritum Femitter Server is an HTTP server. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Specifically, the application fails to sanitize directory traversal strings ("..%2f") from the URI. Acritum Femitter Server version 1.03 is affected.
  • Ref: http://www.securityfocus.com/bid/39594
  • 10.17.75 - CVE: CVE-2010-1320
  • Platform: Cross Platform
  • Title: MIT Kerberos "src/kdc/do_tgs_req.c" Ticket Renewal Double Free Memory Corruption
  • Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos is exposed to a remote memory corruption issue due to a double free error in the "src/kdc/do_tgs_req.c" source file.
  • Ref: http://www.securityfocus.com/archive/1/510843
  • 10.17.76 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DWG Windows FTP Server Authentication Bypass
  • Description: DWG Windows FTP Server is a FTP server for the Windows operating system. The application is exposed to an authentication bypass issue. Specifically, an attacker can exploit this issue to execute certain FTP commands such as "MKD" after a failed login attempt.
  • Ref: http://www.securityfocus.com/bid/39601
  • 10.17.77 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Atlassian JIRA Privilege Escalation and Multiple Cross-Site Scripting Vulnerabilities
  • Description: Atlassian JIRA is a web-based bug-tracking application. Atlassian JIRA is exposed to multiple remote security issues. An unspecified privilege escalation issue can permit authenticated attackers to gain superuser privileges on the underlying operating system. Multiple cross-site scripting issues affect unspecified scripts. JIRA versions 3.12 through 4.1 are affected.
  • Ref: http://jira.atlassian.com/browse/JRA-20995
  • 10.17.78 - CVE: CVE-2010-0190
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe Acrobat and Reader Cross-Site Scripting
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to an unspecified cross-site scripting issue. Affected are: Adobe Reader version 9.3.1 and earlier for Windows, Macintosh, and Unix; Adobe Acrobat version 9.3.1 and earlier for Windows and Macintosh; Adobe Reader 8.2.1 and earlier for Windows and Macintosh; and Acrobat 8.2.1 and earlier for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.17.79 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SIESTTA Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: SIESTTA is a PHP-based classroom management system. The application is exposed to multiple issues. A local file include issue affects the "idioma" parameter of the "/siestta/login.php" script. A cross-site scripting issue affects the "usuario" parameter of the "/siestta/carga_foto_al.php" script. SIESTTA version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39526
  • 10.17.80 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ziggurat Farsi CMS "id" Parameter Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Ziggurat Farsi CMS is an ASP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/510737
  • 10.17.81 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: leaftec CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: leaftec CMS is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because the application fails to sufficiently sanitize user-supplied data, specifically to the "login" and "password" fields of an unspecified page.
  • Ref: http://www.securityfocus.com/bid/39574
  • 10.17.82 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Internet Explorer 8 Cross-Site Scripting Filter "script" Tag Cross-Site Scripting
  • Description: Microsoft Internet Explorer is a web browser for Windows platforms. Internet Explorer 8 includes a cross-site scripting filter component that monitors requests and then identifies and sanitizes potentially malicious traffic that contains script code. Internet Explorer is exposed to a cross-site scripting issue because of a design flaw in the browser's cross-site scripting filter. Internet Explorer version 8 is affected.
  • Ref: http://p42.us/ie8xss/Abusing_IE8s_XSS_Filters.pdf
  • 10.17.83 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kleophatra CMS "module" Parameter Cross-Site Scripting
  • Description: Kleophatra CMS is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "module" parameter of the "index.php" script. Kleophatra CMS version 0.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39593
  • 10.17.84 - CVE: CVE-2010-1329
  • Platform: Web Application - SQL Injection
  • Title: Network Vulnerabilities Scan System
  • Description: The Network Vulnerabilities Scan system is a scanning system implemented in JSP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "roleManager.jsp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/510719
  • 10.17.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joels Bulletin Board (JBB) Parameter Multiple SQL Injection Vulnerabilities
  • Description: Joels Bulletin Board (JBB) is a bulletin application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "showforum.php": "forum"; "verschieben.php": "tid". Joels Bulletin Board (JBB) version 0.9.9rc3 is affected.
  • Ref: http://www.securityfocus.com/bid/39449
  • 10.17.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 404 Error Page Handling (error_404_handling) Unspecified SQL Injection
  • Description: Educator (error_404_handling) is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. 404 Error Page Handling versions 0.1.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-011/
  • 10.17.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: almnzm "id" Parameter SQL Injection
  • Description: almnzm is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. almnzm version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39487
  • 10.17.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Softbiz B2B Trading Marketplace "IndustryID" Parameter SQL Injection
  • Description: Softbiz B2B Trading Marketplace is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "IndustryID" parameter of the "buyers_subcategories.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39496/references
  • 10.17.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zyke CMS "login" Parameter SQL Injection
  • Description: Zyke CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "login" parameter of the "admin.php" script before using it in an SQL query. Zyke CMS version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39536
  • 10.17.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlegroCart "page" Parameter SQL Injection
  • Description: AlegroCart is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "index.php" script before using it in an SQL query. AlegroCart version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39572
  • 10.17.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: leaftec CMS "id" Parameter SQL Injection
  • Description: leaftec CMS is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "article.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39573
  • 10.17.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Musicbox "genre_artists.php" SQL Injection
  • Description: Musicbox is a web-based application for hosting a music site. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "genre_artists.php" script before using it in an SQL query. Musicbox version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39581
  • 10.17.93 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JTM Reseller Joomla! Component "author" Parameter SQL Injection
  • Description: JTM Reseller is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "author" parameter of the "com_jtm" component before using it in an SQL query. JTM Reseller version 1.9 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/39584
  • 10.17.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Viennabux Beta! "cat" Parameter SQL Injection
  • Description: Viennabux Beta! is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "view_topic.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39602
  • 10.17.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Imperva SecureSphere Web Application Firewall and Database Firewall Security Bypass
  • Description: Imperva SecureSphere Web Application Firewall and Database Firewalls are firewall applications. The applications are exposed to a security bypass issue that occurs when applications handle specially crafted packets that contain a large amount of data.
  • Ref: http://www.securityfocus.com/archive/1/510709
  • 10.17.96 - CVE: Not Available
  • Platform: Web Application
  • Title: 60cycleCMS "DOCUMENT_ROOT" Parameter Multiple Local File Include Vulnerabilities
  • Description: 60cycleCMS is a PHP-based content manager. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input to the "DOCUMENT_ROOT" parameter of the following scripts: "news.php"; "submitComment.php" and "sqlConnect.php".
  • Ref: http://www.securityfocus.com/archive/1/510721
  • 10.17.97 - CVE: Not Available
  • Platform: Web Application
  • Title: opentel openmairie tel "dsn[phptype]" Parameter Local File Include
  • Description: openmairie tel is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "dsn[phptype]" parameter of the "soustab.php" script. openmairie tel version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/39486
  • 10.17.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Ziggurat Farsi CMS Arbitrary File Upload
  • Description: Ziggurrat Farsi CMS is an ASP-based content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading files to the web server through the "upload.asp" script.
  • Ref: http://www.securityfocus.com/bid/39530
  • 10.17.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Media in Spot CMS "page" Parameter Local File Include
  • Description: Media in Spot CMS is a PHP-based content manager. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input to the "page" parameter of the "view/lang/index.php" script.
  • Ref: http://www.securityfocus.com/bid/39533
  • 10.17.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Ziggurrat Farsi CMS "bck" Parameter Directory Traversal
  • Description: Ziggurrat Farsi CMS is an ASP-based content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "bck" parameter of the "backup.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/510737
  • 10.17.101 - CVE: CVE-2010-0997
  • Platform: Web Application
  • Title: e107 "content_manager.php" HTML Injection
  • Description: e107 is a PHP-based content manager. The application is exposed to a HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, data created via the "content_heading" parameter of the "107_plugins/content/content_manager.php" script is displayed in an unsafe fashion. e107 versions prior to 0.7.20 are affected.
  • Ref: http://secunia.com/secunia_research/2010-43/
  • 10.17.102 - CVE: CVE-2010-0996
  • Platform: Web Application
  • Title: e107 Avatar/Photograph Arbitrary File Upload
  • Description: e107 is a PHP-based content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading files to the web server through the avatar/photograph image upload functionality. e107 versions prior to 0.7.20 are affected.
  • Ref: http://secunia.com/secunia_research/2010-44/
  • 10.17.103 - CVE: Not Available
  • Platform: Web Application
  • Title: REDAXO "REX[INCLUDE_PATH]" Multiple Remote File Include Vulnerabilities
  • Description: REDAXO is a web-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "REX[INCLUDE_PATH]" parameter of the following scripts: "include/addons/version/pages/index.inc.php" and "include/pages/specials.inc.php". REDAXO version 4.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39549
  • 10.17.104 - CVE: Not Available
  • Platform: Web Application
  • Title: google-joomla 3D map Joomla! Component
  • Description: google-joomla 3D map is a component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_google" component. google-joomla 3D map (com_google) version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/39560
  • 10.17.105 - CVE: CVE-2010-0993
  • Platform: Web Application
  • Title: Flex File Manager Arbitrary File Upload
  • Description: Flex File Manager is a PHP-based file upload application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied files before uploading them onto the web server.
  • Ref: http://www.securityfocus.com/bid/39568
  • 10.17.106 - CVE: Not Available
  • Platform: Web Application
  • Title: openMairie openReglement Local and Remote File Include Vulnerabilities
  • Description: openMairie openReglement is a web-based ID application. The application is exposed to multiple input validation issues. A local file include issue affects the "dsn[phptype]" parameter of the "scr/soustab.php" script. A remote file include issues affects the "path_om" parameter. openMairie openReglement version 1.04 is affected.
  • Ref: http://www.securityfocus.com/bid/39575
  • 10.17.107 - CVE: Not Available
  • Platform: Web Application
  • Title: openMairie openScrutin Local and Remote File Include Vulnerabilities
  • Description: openMairie openScrutin is a web-based emergency response application. The application is exposed to multiple input validation issues. An attacker can exploit these issues to obtain sensitive information or execute malicious PHP code in the context of the web server process. openMairie openScrutin version 1.03 is affected.
  • Ref: http://www.securityfocus.com/bid/39585
  • 10.17.108 - CVE: CVE-2010-1486
  • Platform: Web Application
  • Title: CactuShop "_invoice.asp" Script HTML Injection
  • Description: CactuShop is an ASP-based web shopping cart application. The application is exposed to a HTML injection issue because it fails to properly sanitize user-supplied input. Specifically, this issue can be triggered when a user invoice is processed through the "_invoice.asp" script. CactuShop versions prior to 6.155 are affected.
  • Ref: http://www.coresecurity.com/content/cactushop-xss-persistent-vulnerability
  • 10.17.109 - CVE: Not Available
  • Platform: Web Application
  • Title: dl_stats Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: dl_stats is a download statistics application. The application is exposed to multiple issues because it fails to sanitize user-supplied input. dl_stats version 2.0 is affected.
  • Ref: http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabiliti es-sqli-xss-unprotected-admin-panel/
  • 10.17.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Uploader 0.7 Arbitrary File Upload
  • Description: The Uploader application is a PHP-based file upload application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied files before uploading them onto the web server. Uploader version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/39595
  • 10.17.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Momche YUI Image Upload Script Arbitrary File Upload
  • Description: Momche YUI Image Upload Script is a PHP-based file upload application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied files before uploading them onto the web server.
  • Ref: http://www.securityfocus.com/bid/39596
  • 10.17.112 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin Two-Step External Link Module
  • Description: Two-Step External Link is a module for vBulletin. Two-Step External Link module for vBulletin is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. This issue affects the "url" parameter of the "externalredirect.php" script.
  • Ref: http://www.securityfocus.com/archive/1/510847
  • 10.17.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Mp3 Online Id Tag Editor Multiple Remote File Include Vulnerabilities
  • Description: Mp3 Online Id Tag Editor is a PHP-based MP3 tag-editing application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "determined_format[include]" parameter.
  • Ref: http://www.securityfocus.com/bid/39600
  • 10.17.114 - CVE: Not Available
  • Platform: Network Device
  • Title: Iomega Home Media Network Hard Drive "smbwebclient.php" Authentication Bypass
  • Description: Iomega Home Media Network Hard Drive is a multi function multimedia network device. The application is exposed to an authentication bypass issue. Specifically, an attacker can exploit this issue to access "smbwebclient.php" without proper authentication. "smbwebclient.php" is in an unprotected directory. Iomega Home Media Network Hard Drive Firmware versions 2.038 - 2.061 are affected.
  • Ref: http://www.securityfocus.com/archive/1/510715
  • 10.17.115 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com H3C S9500E/S12500 Switches Denial of Service
  • Description: 3Com H3C S9500E is a series of core routing switches. H3C S12500 data center switches are large core/data center switching platforms. The devices are exposed to a denial of service issue when handling specially crafted HTTP requests. Specifically, the issue occurs when a remote attacker sends a portal authentication URI request to the web interface. H3C versions prior to S9500E-CMW520-R1230P01 and H3C S12500-CMW520-R1230P01 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=578168

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS courses balance the why and the how-to of security. Not only will you learn something, you learn how to do something.
-Greg Kotula, Wall Street On Demand

Security 760

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU