Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 18
April 29, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • @RISK is the SANS community's consensus bulletin summarizing the most
    • important vulnerabilities and exploits identified during the past week
    • and providing guidance on appropriate actions to protect your systems
    • (PART I). It also includes a comprehensive list of all new
    • vulnerabilities discovered in the past week (PART II).
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 5 (#1)
    • Third Party Windows Apps
    • 11 (#2)
    • Mac Os
    • 1
    • Linux
    • 2
    • Cross Platform
    • 28 (#3, #4, #5)
    • Web Application - Cross Site Scripting 14
    • Web Application - SQL Injection 25
    • Web Application
    • 25
    • Network Device
    • 3

************************* Sponsored By SANS *********************

Good security architecture is not vendor- or product driven. It is driven by the processes that support the mission, or business objectives. Find out more about these processes at SANS Security Architecture Summit April 24-26 in Las Vegas

http://www.sans.org/info/58528

******************************************************************

TRAINING UPDATE

-- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

http://www.sans.org/security-west-2010/

-- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

-- SANS Secure Europe Amsterdam 2010, June 21-July 3, 2010 8 courses.

http://www.sans.org/secure-amsterdam-2010/

-- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

-- SANS Boston 2010, August 2-8, 2010 11 courses. Special Events include Rapid Response Security Strategy Competition

http://www.sans.org/boston-2010/

Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Geneva, Toronto, Singapore and Canberra all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Joshua Bronson at TippingPoint as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Microsoft Windows Media Buffer Overflow Vulnerability
  • Affected:
    • Windows Media Service on Microsoft Windows 2000 Server Service Pack 4

  • Description: Windows Media Service, a platform for streaming live or on-demand content over a network, does not perform proper boundary checks on user-supplied data. A remote attacker can exploit this vulnerability in order to overflow a buffer and potentially execute arbitrary code. Microsoft released a patch in MS10-025 that did not fix the vulnerability but later updated the patch to fully address the issue.

  • Status: Vendor confirmed, update available

  • References:
  • (2) HIGH: Adobe Download Manager Remote Code Execution Vulnerability
  • Affected:
    • Adobe Reader and Acrobat prior to 9.2

  • Description: Adobe Download Manager, a product to help users download updates to Adobe Reader and other Adobe files, is prone to buffer overflow vulnerability. The vulnerability exists in an ActiveX control, making it remotely exploitable: by enticing a user to visit a malicious site, an attacker can exploit this vulnerability in order to execute arbitrary code with the permissions of the currently logged-in user.

  • Status: Vendor confirmed, update available

  • References:
  • (4) HIGH: Opera Memory Corruption Vulnerability
  • Affected:
    • Opera 10.x

  • Description: A memory corruption vulnerability exists in Opera, a popular web browser. By continuously writing to a page using a the JavaScript method document.write(), an attacker can execute arbitrary code with the permissions of the currently logged-in user. There is currently no update available from the vendor.

  • Status: No vendor confirmation or updates available

  • References:
  • (5) MODERATE: MIT Kerberos Double Free Vulnerability
  • Affected:
    • MIT Kerberos after krb5-1.7 and prior to krb5-1.8.2

  • Description: MIT Kerberos, a tool for authenticating client-server applications, is prone to a double free vulnerability. An remote authenticated attacker can exploit this vulnerability in order to terminate the KDC (key distribution center) in Kerberos. It may theoretically be possible to use this vulnerability to execute arbitrary code.

  • Status: Vendor confirmed, update available

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 18, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 18, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9196 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.18.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows "SfnLOGONNOTIFY" Local Denial Of Service
  • Description: Microsoft Windows is exposed to a local denial of service issue that affects the "SfnLOGONNOTIFY" function of "win32k.sys" system file. Microsoft Windows 2000, Windows XP and Windows 2003 are affected.
  • Ref: http://www.securityfocus.com/bid/39630
  • 10.18.2 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows "SfnINSTRING" Local Denial Of Service
  • Description: Microsoft Windows is exposed to a local denial of service issue that affects the "SfnINSTRING" function of "win32k.sys" system file. Microsoft Windows 2000, Windows XP and Windows 2003 are affected.
  • Ref: http://www.securityfocus.com/bid/39631
  • 10.18.3 - CVE: Not Available
  • Platform: Windows
  • Title: ZipScan ZIP File Remote Buffer Overflow
  • Description: ZipScan is a search application for compressed files.The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling specially crafted ZIP files. ZipScan version 2.2c is affected.
  • Ref: http://seclists.org/fulldisclosure/2010/Apr/54
  • 10.18.4 - CVE: Not Available
  • Platform: Windows
  • Title: Rumba FTP Client File Name Remote Stack Buffer Overflow
  • Description: Rumba FTP Client is an FTP client for Microsoft Windows. The client is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on server-supplied data. Rumba FTP Client version is 4.2 affected.
  • Ref: http://www.securityfocus.com/bid/39683
  • 10.18.6 - CVE: CVE-2010-1278
  • Platform: Third Party Windows Apps
  • Title: Adobe Download Manager "gp.ocx" ActiveX Control Buffer Overflow
  • Description: Adobe Download Manager is a client application for managing the retrieval of Adobe software products. Adobe Download Manager is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-077/
  • 10.18.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Rising Antivirus 2010 "RsAssist.sys" Driver IOCTL Handling Local Privilege Escalation
  • Description: Rising Antivirus 2010 is a security product available for Microsoft Windows. Rising Antivirus 2010 is exposed to a local privilege escalation issue because the "RsAssist.sys" driver fails to properly handle input via a crafted IOCTL call. Rising Antivirus 2010 versions prior to 22.0.3.54 are affected.
  • Ref: http://www.ntinternals.org/ntiadv1001/ntiadv1001.html
  • 10.18.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EDraw Flowchart ActiveX Control "OpenDocument()" Method Remote Code Execution
  • Description: The EDraw Flowchart ActiveX control is a tool to create business and technical diagrams. The ActiveX control is exposed to a remote code execution issue caused by a memory corruption issue that can be triggered by manipulating parameters to the "OpenDocument()" method of the ActiveX control provided by the "EDImage.ocx" file. EDraw Flowchart version 2.3.0.6 is affected.
  • Ref: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4936.php
  • 10.18.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EDraw Flowchart ActiveX Control ".edd" File Buffer Overflow
  • Description: The EDraw Flowchart ActiveX control is a tool to create business and technical diagrams. The EDraw Flowchart ActiveX control is exposed to a buffer overflow issue because it fails to bounds-check user-supplied data.
  • Ref: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4935.php
  • 10.18.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Alt-N MDaemon Multiple Remote Denial of Service Vulnerabilities
  • Description: MDaemon is an email server for Windows platforms. MDaemon is exposed to multiple remote denial of service issues. An unspecified issue in message parsing can cause the application to crash. An unspecified issue in email handling can cause 100% CPU usage. MDaemon versions prior to 11.0.1 are affected.
  • Ref: http://files.altn.com/mdaemon/release/relnotes_en.html
  • 10.18.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Free MP3 CD Ripper ".wav" File Buffer Overflow
  • Description: Free MP3 CD Ripper is a multimedia player available for Microsoft Windows. Free MP3 CD Ripper is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a ".wav" audio file through the "wav to mp3" function. Free MP3 CD Ripper version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/39672
  • 10.18.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CommView "cv2k1.sys" Driver Local Denial of Service
  • Description: CommView is a network monitoring tool for the Windows operating system. The application is exposed to a local denial of service issue because it fails to properly restrict user access to the "cv2k1.sys" driver. Specifically, a malicious user can access the "cv2k1.sys" driver to open the ".CV2K_" device and issue malformed IOCTL requests. CommView versions prior to 6.1 Build 644 are affected.
  • Ref: http://www.securityfocus.com/bid/39705
  • 10.18.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EasyZip ZIP Archive Stack Buffer Overflow
  • Description: EasyZip is a file compression/extraction application for the Windows operating system. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. EasyZip version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39720
  • 10.18.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BigAnt Office Messenger "AntCore.dll" ActiveX Control Multiple Heap Buffer Overflow
  • Description: BigAnt Office Messenger is an instant messenger application. The control is exposed to multiple heap-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. BigAnt Office Messenger version 2.52 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 10.18.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Acoustica CD/DVD Label Maker ".m3u" File Buffer Overflow Vulnerability
  • Description: Acoustica CD/DVD Label Maker is a media label maker for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input.Acoustica CD/DVD Label Maker version 3.32 is affected.
  • Ref: http://secunia.com/advisories/39630/
  • 10.18.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WM Downloader ".pls" File Remote Stack Buffer Overflow
  • Description: WM Downloader is a file download management application. The vendor's RM-MP3 Converter is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input.WM Downloader version 3.0.0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/39748
  • 10.18.17 - CVE: CVE-2010-0105
  • Platform: Mac Os
  • Title: Apple Mac OS X HFS Hard Links Local Denial of Service
  • Description: Apple Mac OS X is exposed to a local denial of service issue that occurs in the HFS filesystem implementation and can be triggered by creating a special structure with nested hard links. Apple Mac OS X versions 10.6.2 and 10.6.3 are affected.
  • Ref: http://www.securityfocus.com/bid/39658
  • 10.18.18 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "gfs2_quota" Structure Write Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue affecting the "gfs2" file system. Specifically, when a "gfs2_quota" structure straddles a page boundary, updates to the structure are not correctly written to disk. This can result in a buffer overflow condition which may lead to memory corruption.
  • Ref: http://www.securityfocus.com/bid/39715
  • 10.18.19 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "find_keyring_by_name()" Local Memory Corruption
  • Description: The Linux kernel is exposed to a local memory corruption issue. Specifically, the "find_keyring_by_name()" function does not ignore keyrings with no usage. This allows memory from freed keyrings to be reallocated unsafely. kernel version 2.6.34-rc5 is affected.
  • Ref: http://www.gossamer-threads.com/lists/linux/kernel/1216391
  • 10.18.20 - CVE: CVE-2010-0879
  • Platform: Cross Platform
  • Title: PeopleSoft Enterprise and JD Edwards EnterpriseOne Remote PeopleTools
  • Description: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are prone to a remote vulnerability in PeopleTools. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Valid Session" privileges. Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne versions: 8.49.26 and 8.50.07 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.18.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NCH Software Axon 2.13 Multiple Remote Vulnerabilities
  • Description: NCH Software Axon is a virtual PBX for the Windows operating system. NCH Software Axon virtual PBX is exposed to multiple remote issues. A cross site scripting issue occurs because the application fails to properly sanitize user-supplied input. A cross-site request forgery issue can be exploited through HTTP requests to delete extensions. An arbitrary file deletion issue affects the "file" parameter of the "/logdelete" script because the application does not properly sanitize user-supplied input. A directory traversal issue affects the "file" parameter of the "/logprop" script because the application does not properly sanitize user-supplied input. Axon version 2.13 is affected.
  • Ref: http://www.securityfocus.com/bid/39483
  • 10.18.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ZipGenius ZIP Archive Stack Buffer Overflow
  • Description: ZipGenius is a file compression suite that supports various compression formats; it is available for Microsoft Windows. The application is prone to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when the application processes a ".zip" archive that contains a file with a specially crafted filename. ZipGenius version 6.3.1.2552 is affected.
  • Ref: http://www.securityfocus.com/bid/39622
  • 10.18.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome Multiple Security Vulnerabilities
  • Description: Google Chrome is a web browser for multiple platforms. The browser is exposed to multiple issues. An unspecified issue related to a type confusion error with forms affects the browser. An unspecified issue related to an HTTP request error may allow attackers to carry out cross-site request forgery attacks. A security issue may allow attackers to reference local files through developer tools. A cross-domain scripting issue affects "chrome://net-internals". A cross-domain scripting issue affects "chrome://downloads". A security issue may allow a malicious site to load with the privileges of the New Tab page. An unspecified memory corruption issue exists in V8 bindings. Google Chrome versions prior to Chrome 4.1.249.1059 are affected.
  • Ref: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.ht
    ml
  • 10.18.24 - CVE: CVE-2010-0991
  • Platform: Cross Platform
  • Title: imlib2 "src/lib/image.h" Remote Buffer Overflow
  • Description: imlib2 is a library to process images. The library is exposed to a heap-based buffer overflow issue that occurs when an application using the affected library processes specially crafted ARGB, XPM, or BMP image files. Specifically the issue exists due to a logical error in the "IMAGE_DIMENSIONS_OK()" macro of the "src/lib/image.h" file. imlib2 version 1.4.3 is affected.
  • Ref: http://secunia.com/secunia_research/2010-54/
  • 10.18.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Elastix "id_nodo" Parameter Local File Include
  • Description: Elastix is an open source PBX application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id_nodo" parameter of the "help/frameRight.php" script. Elastix version 1.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39610
  • 10.18.26 - CVE: CVE-2010-0593
  • Platform: Cross Platform
  • Title: Cisco Small Business Video Surveillance Cameras & 4-Port Router Authentication Bypass
  • Description: Small Business Video Surveillance Cameras are a component of network based physical security solutions. Multiple Cisco Small Business Video Surveillance Cameras and a 4-port Gigabit router are exposed to a remote authentication bypass issue. PVC2300 Business Internet Video Camera, WVC200 Wireless-G PTZ Internet Video Camera, WVC210 Wireless-G PTZ Internet Video Camera, WVC2300 Wireless-G Business Internet Video Camera and RVS4000 4-port Gigabit Security Router are affected.
  • Ref: http://www.securityfocus.com/archive/1/510867
  • 10.18.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: peedProject SpeedCommander ZIP Archive Buffer Overflow
  • Description: SpeedProject SpeedCommander is a file manager application available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when the application processes a ".zip" archive that contains a file with a specially crafted filename. SpeedCommander version 13.10 is affected.
  • Ref: http://www.corelan.be:8800/
  • 10.18.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xftp "PWD" Response Remote Buffer Overflow
  • Description: Xftp is an SFTP and FTP file transfer program for Windows platforms. The application is exposed to a stack-based buffer overflow issue because it fails to properly validate the "PWD" response in FTP connections before copying it into an insufficiently sized buffer. Xftp version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39628
  • 10.18.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player 1.0.5 And Prior Multiple Security Vulnerabilities
  • Description: VLC Media Player is a multiformat media player available for multiple platforms. VLC Media Player is exposed to multiple security issues. A heap-based buffer overflow issue exists in the A/52 decoder. A heap-based buffer overflow issue exists in the DTS decoder. A heap-based buffer overflow issue exists in the MPEG Audio decoder. A security issue in the AVI demuxer can be exploited to access invalid memory. A security issue in the ASF demuxer can be exploited to access invalid memory. A security issue in the Matroska (MKV) demuxer can be exploited to access invalid memory. A security issue in the XSPF playlist parser can be exploited to access invalid memory. A security issue in the ZIP archive decompressor can be exploited to access invalid memory. A heap-based buffer overflow issue exists in the RTMP implementation. VLC Media Player versions 0.5.0 through 1.0.5 are affected.
  • Ref: http://www.videolan.org/security/sa1003.html
  • 10.18.30 - CVE: CVE-2010-1034
  • Platform: Cross Platform
  • Title: HP System Management Homepage Unspecified Remote
  • Description: HP System Management Homepage is a web-based interface used to simplify the management of servers. HP System Management Homepage is exposed to an unspecified security issue.
  • Ref: http://www.securityfocus.com/bid/39632
  • 10.18.31 - CVE: CVE-2010-1157
  • Platform: Cross Platform
  • Title: Apache Tomcat Authentication Header Realm Name Information Disclosure
  • Description: Apache Tomcat is a Java-based web server application for multiple operating systems. Tomcat is exposed to a remote information disclosure issue. Specifically, when using BASIC and DIGEST authentication, the "WWW-Authenticate" HTTP header includes a realm name. Tomcat version 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 are affected.
  • Ref: http://www.securityfocus.com/archive/1/510879
  • 10.18.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apache ActiveMQ Source Code Information Disclosure
  • Description: Apache ActiveMQ is a Message Broker and Enterprise Integration Patterns provider. It is implemented in Java and available for a number of platforms. The application is exposed to an issue that lets attackers access source code because it fails to properly sanitize user-supplied input. Apache ActiveMQ versions 5.3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/510896
  • 10.18.33 - CVE: CVE-2010-1035
  • Platform: Cross Platform
  • Title: HP Virtual Machine Manager for Windows Unspecified Remote Privilege Escalation
  • Description: HP Virtual Machine Manager for Windows is a virtualization management tool. The application is exposed to an unspecified remote privilege escalation issue. Authenticated attackers can exploit this issue to gain SYSTEM-level privileges on the affected computer. Virtual Machine Manager for Windows versions prior to 6.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/510881
  • 10.18.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cacti Multiple Input Validation Security Vulnerabilities
  • Description: Cacti is a frontend to RRDTool. It is implemented in PHP and uses an SQL backend database. Cacti is exposed to multiple input validation issues. Exploiting these issues can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Cacti version 0.8.7e is affected.
  • Ref: http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-sql-injection-0104.p
    hp
  • 10.18.35 - CVE: CVE-2010-1316
  • Platform: Cross Platform
  • Title: Tembria Server Monitor HTTP Request Remote Buffer Overflow
  • Description: Tembria Server Monitor is an application designed to monitor networks for potential problems. It is available for Microsoft Windows. Tembria Server Monitor is exposed to a remote buffer overflow vulnerability because it fails to properly handle user-supplied input. Tembria Server Monitor versions prior to 5.6.1 are affected.
  • Ref: http://www.tembria.com/products/servermonitor/versionhistory.html
  • 10.18.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JCaptcha Sound File CAPTCHA Security Bypass
  • Description: JCaptcha is a Java-based CAPTCHA implementation. JCaptcha is exposed to a security bypass issue that occurs because the application will generate the same ".wav" file when it is passed the same parameters.
  • Ref: http://jcaptcha.octo.com/jira/browse/FWK-114
  • 10.18.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Intel C++ Compiler and Debugger Multiple Insecure Temporary File Modification Vulnerabilities
  • Description: The Intel C++ Compiler and Debugger for Linux are development tools. The applications create temporary files and change file permissions in an insecure manner. An attacker with local access could potentially exploit these issues to perform symbolic link attacks, overwriting temporary files in the context of the affected application.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0261.html
  • 10.18.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Microviet Zip Unzip ZIP File Remote Stack Buffer Overflow
  • Description: Microviet Zip Unzip is a file compression/extraction application. The application is exposed to a remote stack buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling specially crafted ZIP files. Microviet Zip Unzip version 6 is affected.
  • Ref: http://www.securityfocus.com/bid/39688
  • 10.18.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NovaStor NovaNET Multiple Code Execution, Denial of Service, Information Disclosure Vulnerabilities
  • Description: NovaStor NovaNET is a backup and recovery solution available for various platforms. NovaNET was renamed "NovaBACKUP Network" as of version 13. NovaNET is exposed to multiple remote issues: Two buffer overflow issues, an information disclosure issue and a denial of service issue. NovaNET 11 and 12 are affected by all issues. NovaBACKUP Network 13 is affected by the denial of service issue.
  • Ref: http://www.securityfocus.com/bid/39693
  • 10.18.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Zip Wrangler ZIP File Remote Stack Buffer Overflow
  • Description: Zip Wrangler is a file compression/extraction application. The application is exposed to a remote stack buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling a ZIP containing an excessively large filename. Zip Wrangler version 1.20 is affected.
  • Ref: http://www.securityfocus.com/bid/39700
  • 10.18.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server SIP Logging Information Disclosure
  • Description: IBM WebSphere Application Server (WAS) is a service oriented architecture. WAS is exposed to an information disclosure issue. SIP messages are logged in their entirety by the server. WAS versions prior to 7.0.0.11 and 6.1.0.31 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
  • 10.18.42 - CVE: CVE-2010-0738, CVE-2010-1428, CVE-2010-1429
  • Platform: Cross Platform
  • Title: JBoss Enterprise Application Platform Multiple Vulnerabilities
  • Description: JBoss Enterprise Application Platform is a tool for developing Web 2.0 applications on a pure Java platform. The software is exposed to multiple issues. An authentication bypass issue affects the JMX Console because it requires authentication only for HTTP request containing GET and POST strings. An authentication bypass issue affects the JBoss Application Server Web Console because it requires authentication only for HTTP request containing GET and POST strings, A remote information disclosure issue may allow unauthenticated users to access the status servlet and potentially sensitive information.
  • Ref: http://www.securityfocus.com/bid/39710
  • 10.18.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gitolite Security Bypass
  • Description: Gitolite is an application that allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. Gitolite is exposed to a security bypass issue that occurs because the application fails to restrict Gitolite admin user from placing files to "src/" and "hooks/" directories into $GL_ADMINDIR. Gitolite version 1.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/39709
  • 10.18.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wing FTP Server Versions Prior to 3.4.1 Multiple Information Disclosure
  • Description: Wing FTP Server is an FTP server application. Wing FTP Server is exposed to multiple information disclosure issues. An information disclosure issue affects the web client. An unspecified information disclosure issue occurs when handling specially crafted HTTP requests. Versions prior to Wing FTP Server 3.4.1 are vulnerable.
  • Ref: http://www.wftpserver.com/serverhistory.htm
  • 10.18.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Systems Insight Manager Unspecified Remote Privilege Escalation
  • Description: HP Systems Insight Manager is a tool for managing HP servers. The application is exposed to an unspecified remote privilege escalation issue. Versions prior to Systems Insight Manager 6.0 are vulnerable.
  • Ref: http://www.securityfocus.com/bid/39734
  • 10.18.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Systems Insight Manager Unspecified Cross-Site Scripting
  • Description: HP Systems Insight Manager is a tool for managing HP servers. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. HP Systems Insight Manager version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39735
  • 10.18.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Systems Insight Manager Unspecified Cross-Site Request Forgery
  • Description: HP Systems Insight Manager is a tool for managing HP servers. The application is exposed to an unspecified cross-site request forgery issue because it fails to properly validate requests. Versions prior to Systems Insight Manager 6.0 are affected.
  • Ref: http://www.securityfocus.com/bid/39736
  • 10.18.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DBSite wb CMS "index.php" Multiple Cross-Site Scripting
  • Description: DBSite wb CMS is a PHP-based content management system. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/39613
  • 10.18.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Webessence CMS "type" Parameter Cross-Site Scripting
  • Description: Webessence CMS is a content management system implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the "type" parameter of the "admin/media.php" script is affected. Webessence CMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39617
  • 10.18.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: FlashCard "id" Parameter Cross-Site Scripting
  • Description: FlashCard is a PHP-based application for creating and sending e-cards. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "cPlayer.php" script. FlashCard version 2.6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39648
  • 10.18.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: W2B phpGreetCards "index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: W2B phpGreetCards is a web application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. phpGreetCards version 3.7 is affected.
  • Ref: http://www.securityfocus.com/bid/39656
  • 10.18.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GetSimple CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: GetSimple CMS is a PHP-based content management system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. GetSimple CMS version 2.01 is affected.
  • Ref: http://code.google.com/p/get-simple-cms/source/detail?r=133
  • 10.18.53 - CVE: CVE-2010-1503
  • Platform: Web Application - Cross Site Scripting
  • Title: Google Chrome "chrome://net-internals" Cross-Domain Scripting
  • Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to a cross-domain scripting issue that affects the "chrome://net-internals". Chrome versions prior to 4.1.249.1059 are affected.
  • Ref: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.ht
    ml
  • 10.18.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sethi Family Guestbook Multiple Vulnerabilities
  • Description: Sethi Family Guestbook is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "number", "bg", and "f" parameters of the "index.php" script. Sethi Family Guestbook version 3.1.8 is affected.
  • Ref: http://www.sethi.org/tools/releases/guestbook-export.txt
  • 10.18.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PowerEasy "ComeUrl" Parameter Cross-Site Scripting
  • Description: PowerEasy is a web-based application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "ComeUrl" parameter of the "User_ChkLogin.asp" script. PowerEasy version 2006 is affected.
  • Ref: http://archives.neohapsis.com/archives/bugtraq/2010-04/0225.html
  • 10.18.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kasseler CMS "index.php" Cross-Site Scripting
  • Description: Kasseler CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "online" parameter of the "index.php" script. Kasseler CMS version 2.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39703
  • 10.18.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HTML Purifier Unspecified Cross-Site Scripting
  • Description: HTML Purifier is an HTML filtering application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter. HTML Purifier versions prior to 4.1.0 are affected.
  • Ref: http://www.securityfocus.com/bid/39709
  • 10.18.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Auto-Img-Gallery "upload.cgi" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Auto-Img-Gallery is a Perl based image gallery script. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Specifically, this issue affects the "user" and "pass" parameters of the "upload.cgi" script when the "ac" parameter is set to "login". Auto-Img-Gallery version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39714
  • 10.18.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Webessence CMS "oembd.php" Cross-Site Scripting
  • Description: Webessence CMS is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "webessence/oembed.php" script. Webessence CMS version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/39716
  • 10.18.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Zikula Application Framework "lang" Parameter Cross-Site Scripting
  • Description: Zikula Application Framework is a web-based application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "lang" parameter of the "ZLanguage.php" script. Zikula Application Framework version 1.2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/510987/30/0/threaded
  • 10.18.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: i-Net Online Community Multiple Vulnerabilities
  • Description: i-Net Online Community Site Script is an online social networking application. The application is exposed to multiple SQL injection and cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/39725
  • 10.18.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_qpersonel" Component
  • Description: The "com_qpersonel" component is a PHP-based extension for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "katid" parameter of the "com_personel" component before using it an SQL query. com_qpersonel version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/39466
  • 10.18.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: e107 "e107_admin/banner.php" SQL Injection
  • Description: e107 is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "click_url" parameter of the "e107_admin/banner.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39609
  • 10.18.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Amiro.CMS Unspecified SQL Injection
  • Description: Amiro.CMS is a web-based content management system. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Amiro.CMS version 5.4.4 is affected.
  • Ref: http://seclists.org/fulldisclosure/2010/Apr/268
  • 10.18.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Cacti "export_item_id" Parameter SQL Injection
  • Description: Cacti is a web-based frontend application for RRDTool (round-robin database tool). RRDTool is used to handle time series data such as network bandwidth, temperatures, and CPU load. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "export_item_id" parameter of the "templates_export.php" script before using it in an SQL query. Cacti versions 0.8.7e and earlier are affected.
  • Ref: http://www.exploit-db.com/sploits/Bonsai-SQL_Injection_in_Cacti.pdf
  • 10.18.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Matrix "id" Parameter SQL Injection
  • Description: AJ Matrix is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query. AJ Matrix version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39654
  • 10.18.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Memorial Web Site Script "id" Parameter SQL Injection
  • Description: Memorial Web Site Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "show_memorial.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39664
  • 10.18.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Satellite-X "username" Parameter SQL Injection
  • Description: Satellite-X is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "username" parameter of the "admin/index.php" script before using it in an SQL query. Satellite-X version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39671/info
  • 10.18.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlstraSoft EPay Enterprise Multiple SQL Injection Vulnerabilities
  • Description: Joels Bulletin Board (JBB) is a bulletin application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "shop.htm" and "shop.php" scripts. EPay Enterprise version 4.13 is affected.
  • Ref: http://www.securityfocus.com/bid/39680
  • 10.18.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WHMCS "deptid" Parameter SQL Injection
  • Description: WHMCS (WHM Complete Solution) is a PHP-based application for billing and managing clients. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "deptid" parameter of the "submitticket.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39681/info
  • 10.18.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlstraSoft Template Seller Pro SQL Injection
  • Description: Template Seller Pro is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "tempid" parameter of the "fullview.php" script. Template Seller Pro version 3.25 is affected.
  • Ref: http://www.securityfocus.com/bid/39682
  • 10.18.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HuronCMS "index.php" Multiple SQL Injection Vulnerabilities
  • Description: HuronCMS is a PHP and MYSQL based content management system for small educative institutions. It includes database backup, source code, and general use images. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "index.php" script. HuronCMS version 8 11 2007 is affected.
  • Ref: http://www.securityfocus.com/bid/39685
  • 10.18.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NKInFoweb "id_sp" Parameter SQL Injection
  • Description: NKInFoweb is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_sp" parameter of the "loadorder.php" script before using it in an SQL query. NKInFoWeb versions 5.2.2.0 and 2.5 are affected.
  • Ref: http://www.securityfocus.com/bid/39689
  • 10.18.74 - CVE: CVE-2010-1300
  • Platform: Web Application - SQL Injection
  • Title: Yamamah "calbums" Parameter SQL Injection
  • Description: Yamamah is an open source photo gallery management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "calbums" parameter before using it in an SQL query. Yamamah version 1.00 is affected.
  • Ref: http://www.securityfocus.com/bid/39690
  • 10.18.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NCT Jobs Portal Script Multiple SQL Injection Vulnerabilities
  • Description: NCT Jobs Portal Script is a web application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/39694
  • 10.18.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Cyber CMS "faq.php" SQL Injection
  • Description: Cyber CMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "faq.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39698
  • 10.18.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Uiga Personal Portal "view" Parameter SQL Injection
  • Description: Uiga Personal Portal is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "view" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39699
  • 10.18.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMScout "album" Parameter SQL Injection
  • Description: CMScout is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "album" parameter of the "index.php" script before using it in an SQL query. CMScout version 2.08 is affected.
  • Ref: http://www.securityfocus.com/bid/39707
  • 10.18.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Free Realty "agentadmin.php" Multiple SQL Injection Vulnerabilities
  • Description: Free Realty is a web-based real estate application implemented in PHP. The application is exposed to multiple SQL injection issues because its fails to sufficiently sanitize user-supplied data before using it in an SQL query. These issues affect the "admin"and "password" fields of the "agentadmin.php" script when logging in as an administrator.
  • Ref: http://www.securityfocus.com/bid/39712
  • 10.18.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PostNuke modload Module "sid" Parameter SQL Injection
  • Description: modload is a module for the PostNuke content manager. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39713
  • 10.18.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ramaas Software CMS Multiple SQL Injection Vulnerabilities
  • Description: Ramaas Software CMS is a PHP-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent issues in the underlying database.
  • Ref: http://www.securityfocus.com/bid/39723
  • 10.18.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Webessence CMS SQL Injection and Arbitrary File Upload Vulnerabilities
  • Description: Webessence CMS is a content management system implemented in PHP. The application is exposed to multiple input validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. Webessence CMS version 1.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39726
  • 10.18.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Infocus Real Estate Script "system_member_login.php" Multiple Vulnerabilities
  • Description: Infocus Real Estate Script is a web-based real estate application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "system_member_login.php" script. Infocus Real Estate Script enterprise edition is affected.
  • Ref: http://www.securityfocus.com/bid/39731
  • 10.18.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CLScript Classifieds Script "hpId" Parameter SQL Injection
  • Description: Classifieds Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "hpId" parameter of the "help-details.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39737/info
  • 10.18.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ABC Joomla Extension com_abc "index.php" SQL Injection Vulnerability
  • Description: ABC Joomla Extension com_abc is an extension for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "sectionid" parameter of the "index.php" script. ABC Joomla Extension com_abc version 1.1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/39741
  • 10.18.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz Polls Script SQL Injection and Cross-Site Scripting
  • Description: Polls Script is a polling system implemented in PHP. The application is exposed to the following security issues. Multiple SQL injection issues because the application fails to properly sanitize input to unspecified parameters of the "login.php" and "admin/index.php" scripts before using it in an SQL query. A cross-site scripting issue that affects the "category" parameter of the "polls/index_search.php" script.
  • Ref: http://www.securityfocus.com/bid/39745
  • 10.18.87 - CVE: Not Available
  • Platform: Web Application
  • Title: SAGU-PRO "DOCUMENT_ROOT" Parameter Multiple Remote File Include Vulnerabilities
  • Description: SAGU-PRO is a PHP-based application implemented in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "DOCUMENT_ROOT" parameter. SAGU-PRO version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39463
  • 10.18.88 - CVE: Not Available
  • Platform: Web Application
  • Title: openstock facture "dsn[phptype]" Parameter Local File Include
  • Description: openstock facture is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "dsn[phptype]" parameter of the "soustab.php" script. openstock facture version 2.02 is affected.
  • Ref: http://www.securityfocus.com/bid/39484
  • 10.18.89 - CVE: Not Available
  • Platform: Web Application
  • Title: LightNEasy "language" Parameter Local File Include
  • Description: LightNEasy is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "plugins/filemanger/get_file.php" script.
  • Ref: http://www.itsecteam.com/en/vulnerabilities/vulnerability46.htm
  • 10.18.90 - CVE: Not Available
  • Platform: Web Application
  • Title: LightNEasy "get_file.php" Local File Disclosure Vulnerability
  • Description: LightNEasy is a web-based application implemented in PHP. The application is exposed to a local file disclosure issue because it fails to adequately validate user-supplied input. This issue affects the "file" parameter of the "plugins/filemanager/get_file.php" script. LightNEasy versions 3.1 and 3.1.1 are affected.
  • Ref: http://www.itsecteam.com/en/vulnerabilities/vulnerability46.htm
  • 10.18.91 - CVE: Not Available
  • Platform: Web Application
  • Title: phpThumb() "fltr[]" Parameter Command Injection
  • Description: phpThumb() is an application used to create thumbnails from images. The application is exposed to a command injection issue because it fails to adequately sanitize user-supplied input to the "fltr[]" parameter in the "phpThumb.php" script. phpThumb() version 1.7.9 is affected.
  • Ref: http://www.securityfocus.com/bid/39605
  • 10.18.92 - CVE: Not Available
  • Platform: Web Application
  • Title: openMairie openRegistreCIL Local and Remote File Include Vulnerabilities
  • Description: openMairie openRegistreCIL is a web-based municipal registry application. The application is exposed to multiple input validation issues. A local file include issue that affects the "dsn[phptype]" parameter of the "scr/soustab.php" script. Multiple remote file include issues affect the "path_om" parameter. openMairie openRegistreCIL version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/39611
  • 10.18.93 - CVE: Not Available
  • Platform: Web Application
  • Title: v2marketplacescript Arbitrary File Upload
  • Description: v2marketplacescript is a PHP-based file upload application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied files to the "upload_test.php" script when uploading to the web server.
  • Ref: http://www.exploit-db.com/exploits/12315
  • 10.18.94 - CVE: Not Available
  • Platform: Web Application
  • Title: WB News "/base/Comments.php" HTML Injection
  • Description: WB News is a web application implemented in PHP. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input to the comment sender's name in the "/base/Comments.php" script. WB News version 2.3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39626
  • 10.18.95 - CVE: Not Available
  • Platform: Web Application
  • Title: HTC Touch SMS Preview Popup HTML Injection
  • Description: HTC Touch Windows Mobile is a smartphone. HTC Touch Windows Mobile is exposed to an HTML injection issue that occurs because the application fails to sufficiently sanitize SMS messages before viewing them using the preview feature.
  • Ref: http://www.securityfocus.com/archive/1/510897
  • 10.18.96 - CVE: Not Available
  • Platform: Web Application
  • Title: In-Portal "config.php" Arbitrary File Upload
  • Description: In-Portal is a PHP-based content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied files to the "/core/editor/editor/filemanager/connectors/php/config.php" script when uploading to the web server. In-Portal version 5.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39652
  • 10.18.97 - CVE: Not Available
  • Platform: Web Application
  • Title: GetDLE Lab Group Perexody Module for DataLife Engine HTML Injection
  • Description: Perexody (also known as Referer) is a module for the DataLife Engine content manager. The module is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied data received through the "Referer" HTTP header.
  • Ref: http://www.securityfocus.com/archive/1/510919
  • 10.18.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Satellite-X "admin/index.php" Arbitrary File Upload
  • Description: Satellite-X is a PHP-based content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input before uploading them onto the web server. Satellite-X version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39674
  • 10.18.99 - CVE: Not Available
  • Platform: Web Application
  • Title: HP System Management Homepage "RedirectUrl" Parameter URI Redirection
  • Description: HP System Management Homepage is web-based application for IT Administrators to predict, diagnose, and rapidly respond to potential and actual system failures for a single server. The application is exposed to an open-redirection issue because it fails to properly sanitize user-supplied input to the "RedirectUrl" parameter of the "red2301.html" script.
  • Ref: http://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirecti
    on_abuse
  • 10.18.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Palm WebOS SMS Script Injection
  • Description: Palm is a smartphone. WebOS is an operating system used with the device. Palm WebOS is exposed to a script injection issue that occurs because the system fails to sufficiently sanitize SMS messages before displaying them. Specifically an attacker can include IFRAMEs in the SMS messages, which will be opened in a browser once a message is viewed.
  • Ref: http://intrepidusgroup.com/insight/2010/04/webos-examples-of-sms-delivered-injec
    tion-flaws/
  • 10.18.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Ektron CMS400.NET Multiple Security Issues
  • Description: CMS400.NET is a web-based content manager. The application is exposed to multiple security issues. Multiple cross-site scripting issues exist. An information disclosure issue that occurs because the access to a diagnostics page is not properly restricted. A cookie manipulation issue affects the application. A directory traversal issue affects the XML parser. A security-bypass issue that affects the application because it fails to properly restrict access to the "WorkArea" directory and A URI redirection issue affects the "workarea/blankredirect.aspx" page. Ektron CMS400.NET version 7.5.2.49 is affected.
  • Ref: http://www.westpoint.ltd.uk/advisories/wp-09-0010.txt
  • 10.18.102 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPegasus "connectors/php/config.php" Remote File Upload
  • Description: PHPegasus is a PHP-based content manager. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input. This issue affects the upload feature accessible through the "core/editor/editor/filemanager/connectors/php/config.php" script. PHPegasus versions 0-1-1 and 0-1-2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/510932
  • 10.18.103 - CVE: Not Available
  • Platform: Web Application
  • Title: G5-Scripts Guestbook PHP "guestbook.php" HTML Injection Vulnerability
  • Description: Guestbook PHP is a web-based application implemented in PHP. Guestbook PHP is exposed to an HTML injection vulnerability because it fails to sufficiently sanitize user-supplied input. Guestbook PHP version 1.2.8 is affected.
  • Ref: http://www.xenuser.org/documents/security/guestbook_php_xss.txt
  • 10.18.104 - CVE: Not Available
  • Platform: Web Application
  • Title: ALPHA CMS "Absolute_Path" Parameter Local File Include
  • Description: ALPHA CMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "Absolute_Path" parameter of the "alpha.php" script. ALPHA CMS version 3.2 is affected.
  • Ref: http://sourceforge.net/projects/alpha-cms/
  • 10.18.105 - CVE: Not Available
  • Platform: Web Application
  • Title: iNetScripts Arbitrary File Upload
  • Description: iNetScripts is a web application implemented in PHP. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately verify the type and extension of the file being uploaded.
  • Ref: http://www.securityfocus.com/bid/39706
  • 10.18.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Amiro.CMS Multiple Input Validation Issues
  • Description: Amiro.CMS is a PHP-based content management application. The application is exposed to the following issues. An unspecified arbitrary file overwrite issue because it fails to properly sanitize user-supplied input. An unspecified local file include issue because it fails to properly sanitize user-supplied input. Versions prior to Amiro.CMS 5.6 are affected.
  • Ref: http://www.securityfocus.com/bid/39724
  • 10.18.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Pointdev IDEAL Migration & IDEAL Administration ".ipj" File Buffer Overflow
  • Description: IDEAL Migration and IDEAL Administration are applications for managing Windows NT and Active Directory domains. The applications are exposed to a buffer overflow issue because they fail to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing a specially-crafted ".ipj" project file. IDEAL Migration version 4.5.1 and IDEAL Administration version 10.2 are affected.
  • Ref: http://www.securityfocus.com/bid/39729
  • 10.18.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Help Center Live "file" Parameter Local File Include
  • Description: Help Center Live is a live support tool implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "module.php" script. Help Center Live version 2.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/39732
  • 10.18.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Ultimate Portfolio Joomla! Component "controller" Parameter Local File Include
  • Description: Ultimate Portfolio is a portfolio component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_ultimateportfolio" component. Ultimate Portfolio version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39739
  • 10.18.110 - CVE: Not Available
  • Platform: Web Application
  • Title: SmartSite Joomla! Component "controller" Parameter Local File Include
  • Description: The Recly Interactive SmartSite is a component for the Joomla! content manager. SmartSite is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_smartsite" component.
  • Ref: http://www.securityfocus.com/bid/39736/references
  • 10.18.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla Graphics Joomla! Component "controller" Parameter Local File Include
  • Description: Joomla Graphics is a component for the Joomla! content manager. Joomla Graphics is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_graphics". Joomla Graphics version 1.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/39743
  • 10.18.112 - CVE: Not Available
  • Platform: Network Device
  • Title: Huawei EchoLife HG520 Remote Information Disclosure Vulnerability
  • Description: The Huawei EchoLife HG520 is a home Internet gateway device. The device is exposed to an information disclosure vulnerability. Firmware versions 3.10.18.7-1.0.7.0, 3.10.18.5-1.0.7.0 and 3.10.18.4 are affected. Software versions V100R001B120Telmex and V100R001B121Telmex are affected.
  • Ref: http://www.securityfocus.com/bid/39650
  • 10.18.113 - CVE: Not Available
  • Platform: Network Device
  • Title: Huawei EchoLife HG520c "AutoRestart.html" Authentication Bypass
  • Description: The Huawei EchoLife HG520c is a home Internet gateway device. The device is exposed to an authentication bypass issue. Specifically, an attacker can exploit this issue to access "/AutoRestart.html" without proper authentication. Firmware versions 3.10.18.7-1.0.7.0, 3.10.18.5-1.0.7.0 and 3.10.18.4 are affected. Software Versions V100R001B120Telmex and V100R001B121Telmex are affected.
  • Ref: http://www.securityfocus.com/bid/39650

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS instructors are top tier on all training classes.
-Fuchu Liu, First Quadrant

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU