Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 2
January 7, 2010

SANS Newsletters Home

The hottest security skills employers are seeking for 2010: 1. Red teaming/penetration testing (systems/networks and applications) 2. Forensics 3. Security essentials 4. Reverse engineering malware 5. Auditing networks and systems (hands-on testing) 6. Intrusion detection 7. Security management and leadership 8. Securing virtual systems 9. CISSP certification Plus: Effective presentation skills for security professionals Not surprisingly you'll find the highest rated courses in the world on each of these topics in New Orleans (January), Orlando (March), and San Diego (May).

See: http://www.sans.org/index.php

Alan

Please note two free ISACA presentations for those of you in New Orleans next week:

Wednesday Jan 13 6:00-9pm - COINS program for Security Leadership given by Stephen Northcutt

Friday Jan 15 6:30-9:30 - HackLab given by John Strand, SANS instructor

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • -------------------------- -------------------------------------
    • Linux
    • 1
    • Cross Platform
    • 1 (#1)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 13
    • Web Application
    • 13 (#2)

************************************************************************* TRAINING UPDATE

-- SANS Security East 2010, New Orleans, January 10-18, 2010 19 courses, bonus evening presentations: Top 7 Trends in Incident Response and Computer Forensics, Advanced Forensic Techniques and more

http://www.sans.org/security-east-2010/index.php

-- SANS AppSec 2010, San Francisco, January 29-February 5, 2010 8 courses, bonus evening presentations, including Social Zombies: Your Friends Want to Eat Your Brains

http://www.sans.org/appsec-2010/index.php

-- SANS Phoenix, February 14 -February 20, 2010

http://www.sans.org/phoenix-2010/index.php

-- SANS 2010, Orlando, March 6 - March 15, 2010 38 courses and bonus evening presentations, including Software Security Street Fighting Style

http://www.sans.org/sans-2010/index.php

-- SANS Northern Virginia Bootcamp 2010, April 6-13

http://www.sans.org/reston-2010/index.php

Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at

http://www.sans.org/ondemand/spring09.php

Plus Tokyo, Bangalore, Oslo and Dublin all in the next 90 days. For a list of all upcoming events, on-line and live:

http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Linux
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

**************************** Sponsored Link: ****************************

1) Participation is needed! Be a part of this years 2010 SANS Log Management Report by completing the survey and have a chance to win a $250 AMEX Card.

Click here to complete the survey an be automatically registered.

http://www.sans.org/info/52959

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems.

Widely Deployed Software
  • (1) HIGH: PDF-XChange Viewer Memory Corruption Vulnerability
  • Affected:
    • PDF-XChange Viewer 2.0.42.9

  • Description: PDF-XChange Viewer is a PDF reader for Windows Operating Systems from Tracker Software Products. A memory corruption vulnerability has been identified in this application and it can be triggered by a specially crafted PDF file. The specific flaw is an input validation error in "PDFXCview.exe". Note that the vulnerable code might also be present with bundles that are installed by default, for example the PDF-XChange shell extension "XCShInfo.dll". In such cases the vulnerability will be exploited on selecting or hovering the mouse pointer over, the malicious PDF file. Successful exploitation will allow an attacker to execute arbitrary code in the context of the affected application. Some technical details for the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) MODERATE: Net Transport Download Manager Buffer Overflow Vulnerability
  • Affected:
    • Net Transport versions 2.x

  • Description: Net Transport also known as NetXfer is a download manager from Xi Software and it supports most of the popular Internet protocols. A buffer overflow vulnerability has been identified in this application and the vulnerability can be triggered by a specially crafted packet to the ed2k port. The specific flaw is caused by boundary error while processing certain eDonkey packets. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Full technical details for the vulnerability are publicly available via the proof-of-concept.

  • Status: Vendors confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 2, 2010

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7812 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.2.1 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel RTL8169 NIC "RxMaxSize" Frame Size Remote Denial of Service
  • Description: The Linux Kernel is exposed to a remote denial of service issue in the RTL8169 NIC driver. Specifically, this error is triggered when processing a network frame of exactly "RxMaxSize" (1532 or 1533 bytes). Linux kernel versions prior to 2.6.12 and Linux Kernel versions 2.6.30 and later are affected. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=126fa4b9ca5d9d7cb7d46f779ad3bd3631ca387c
  • 10.2.2 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libpurple MSN-SLP Emoticon Directory Traversal
  • Description: Libpurple is a library used to provide instant messaging functionality. It is used by the Pidgin and Adium instant messaging clients. Libpurple is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue affects the MSN-SLP protocol support included in Libpurple.
  • Ref: http://www.securityfocus.com/bid/37524
  • 10.2.3 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Joomla! "com_noticia" Component "Itemid" Parameter Cross-Site Scripting
  • Description: The "com_noticia" application is a component for the Joomla! content manager. The component is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Itemid" parameter.
  • Ref: http://www.securityfocus.com/bid/37526
  • 10.2.4 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ArticleLive PHP "admin/index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: ArticleLive is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "admin/index.php" script. ArticleLive PHP version 2005.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/37534
  • 10.2.5 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Joomla! "com_artistavenue" Component "Itemid" Parameter Cross-Site Scripting
  • Description: The "com_artistavenue" application is a component for the Joomla! content manager. The component is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Itemid" parameter.
  • Ref: http://www.securityfocus.com/bid/37537
  • 10.2.6 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Conkurent PHPMyCart Cross-Site Scripting and Authentication Bypass Vulnerabilities
  • Description: Conkurent PHPMyCart is a PHP-based web application. PHPMyCart is exposed an authentication bypass issue that occurs because the plugin fails to restrict unauthorized users from accessing the "admin/addn.php" administrative script, and a cross-site scripting issue because the plugin fails to sufficiently sanitize user-supplied input to the "name" parameter of the "sign_aff.php" script. PHPMyCart version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/37553
  • 10.2.7 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SendStudio Cross-Site Scripting and Security Bypass Vulnerabilities
  • Description: SendStudio is a MySQL and PHP-based email newsletter application. SendStudio is exposed to a cross-site scripting issue and a security bypass issue because the application fails to sufficiently sanitize user-supplied input to the "SID" parameter of the "admin/index.php" script. Send Studio version 4.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/37554
  • 10.2.8 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BosClassifieds "recent.php" Cross-Site Scripting
  • Description: BosClassifieds is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "type" parameter of the "recent.php" script. BosClassifieds version 1.20 is affected.
  • Ref: http://www.securityfocus.com/bid/37555
  • 10.2.9 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Imagevue "amount" Parameter Cross-Site Scripting
  • Description: Imagevue is a web-based photo gallery. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "amount" parameter of the "upload.php" script. Imagevue version r16 is affected.
  • Ref: http://www.securityfocus.com/bid/37557
  • 10.2.10 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Stardevelop Live Help "SERVER" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: Stardevelop Live Help is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "SERVER" parameter of the "index_offline.php" and "frames.php" scripts. Live Help version 2.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/37558
  • 10.2.11 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Photokorn Cross-Site Scripting and Remote File Include Vulnerabilities
  • Description: Photokorn is a PHP-based web application. Because it fails to sufficiently sanitize user-supplied input, the application is exposed to multiple issues: a cross-site scripting issue that affects the "lang" parameter of the "install.php" script and a remote file include issue that affects the "lg" parameter of the "index.php" script. Photokorn version 1.542 is affected.
  • Ref: http://www.securityfocus.com/bid/37559
  • 10.2.12 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Discuz! "referer" Parameter Cross-Site Scripting
  • Description: Discuz! is web-based forum software. Discuz! is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "referer" parameter of the "member.php" script. Discuz! version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/37562
  • 10.2.13 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DieselPay Cross-Site Scripting and Directory Traversal Vulnerabilities
  • Description: DieselPay is a web-based application. The application is exposed to a cross-site scripting issue and a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "read" parameter of the "index.php" script. DieselPay version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/37564
  • 10.2.14 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Reamday Enterprises Magic News Plus Cross-Site Scripting
  • Description: Magic News Plus is a web-based news application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "index.php" script. Magic News Plus version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37566
  • 10.2.15 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPCart "search.php" Cross-Site Scripting
  • Description: PHPCart is a web-based shopping cart application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "order_id" parameter of the "search.php" script. PHPCart version 3.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37567
  • 10.2.16 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VirtuaSystems VirtuaNews Pro "admin.php" Cross-Site Scripting
  • Description: VirtuaNews Pro is a web-based news application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "username" parameter of the "admin.php" script. VirtuaNews Pro version 1.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/37568
  • 10.2.17 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VisionGate "login.php" Cross-Site Scripting
  • Description: VisionGate is a web-based portal application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "url" parameter of the "login.php" script. VisionGate version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/37569
  • 10.2.18 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_kkcontent" Component "catID" Parameter SQL Injection
  • Description: The "com_kkcontent" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catID" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37527
  • 10.2.19 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eStore "store.php" SQL Injection
  • Description: eStore is a PHP-based e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "store.php" script before using it in an SQL query. eStore version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37525
  • 10.2.20 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dictionary Module for XOOPS "id" Parameter SQL Injection
  • Description: Dictionary is a PHP-based component for the XOOPS content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "detail.php" script before using it in an SQL query. Dictionary version 0.91b is affected.
  • Ref: http://www.securityfocus.com/bid/37535
  • 10.2.21 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin "ads_saed" script "bnnr.php" SQL Injection
  • Description: "ads_saed" is a script for vBulletin content manager. The script is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user name" field of the "bnnr.php" script before using it in an SQL query. ads_saed version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/37539
  • 10.2.22 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Slide Popups 1 "slidepop1.php" SQL Injection
  • Description: Slide Popups 1 is a PHP-based pop-up ad application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user name" field of the "slidepop1.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37540
  • 10.2.23 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PozScripts Classified Ads "store_info.php" SQL Injection
  • Description: PozScripts Classified Ads is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "store_info.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37541
  • 10.2.24 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_airmonoblock" Component "id" Parameter SQL Injection
  • Description: The "com_airmonoblock" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37542
  • 10.2.25 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin "ads_saed" Component "vb/bnnr.php" SQL Injection
  • Description: The "ads_saed" application is a PHP-based component for the vBulletin bulletin board application. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "vb/bnnr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37544
  • 10.2.26 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Link Trader "ratelink.php" SQL Injection
  • Description: Link Trader is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lnkid" parameter of the "ratelink.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37546
  • 10.2.27 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Discuz! "name" Parameter SQL Injection
  • Description: Discuz! is web-based forum software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "name" parameter of the "misc.php" script before using it in an SQL query. Discuz! version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/37556
  • 10.2.28 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_countries" Component "locat" Parameter SQL Injection
  • Description: The "com_countries" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "locat" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/37561
  • 10.2.29 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ArticleLive "blogs.php" SQL Injection
  • Description: ArticleLive is web-based forum software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "blogs.php" script before using it in an SQL query. ArticleLive NX version 1.7.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/37565
  • 10.2.30 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DZOIC Handshakes Login SQL Injection
  • Description: DZOIC Handshakes is a PHP-based application for social networking. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" parameter of the login page.
  • Ref: http://www.securityfocus.com/bid/37570
  • 10.2.31 - CVE: Not Available
  • Platform: Web Application
  • Title: RoseOnlineCMS "admin" Parameter Local File Include
  • Description: RoseOnlineCMS is a web-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "admin" parameter of the "modules/admincp.php" script. RoseOnlineCMS version 3 B1 is affected.
  • Ref: http://www.securityfocus.com/bid/37529
  • 10.2.32 - CVE: Not Available
  • Platform: Web Application
  • Title: I-RATER Basic "poza.php" Arbitrary File Upload
  • Description: I-RATER Basic is a PHP-based web application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input before uploading files via the "picture/poza.php" script.
  • Ref: http://www.securityfocus.com/bid/37530
  • 10.2.33 - CVE: Not Available
  • Platform: Web Application
  • Title: DieselScripts Job Site Cross-Site Scripting and Remote File Include Vulnerabilities
  • Description: DieselScripts Job Site is a web-based application. The application is exposed to multiple issues: a remote file include issue that affects the "_COOKIE['lang']" parameter of the "index.php" script, Multiple cross-site scripting issues that affect the "uname" and "ename" parameters of the "forgot.php" script, and a security bypass issue that may allow attackers to gain administrative access to the affected application. Diesel Job Site version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/37532
  • 10.2.34 - CVE: Not Available
  • Platform: Web Application
  • Title: Avatar Studio PHP-Fusion Module Local File Include and Arbitrary File Upload Vulnerabilities
  • Description: Avatar Studio is a PHP-based module for the PHP-Fusion content management system. The module is exposed to multiple input validation issues: a local file include issue affects the "avatar_studio" parameter of the "avatar_studio.php" script and an arbitrary file upload issue that affects the "avatar_select" parameter of the "avatar_studio.php" script. Specifically, the application fails to sufficiently sanitize file extensions before uploading files onto the web server.
  • Ref: http://www.securityfocus.com/bid/37533
  • 10.2.35 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Autocomplete Widgets for CCK Text and Number Module Information Disclosure
  • Description: The Autocomplete Widgets for CCK Text and Number module is a module for the Drupal content manager. The application is exposed to an information disclosure issue because it fails to follow CCK access permissions. Attackers can view values for text and number fields when they are not authorized to do so. Autocomplete Widgets for CCK Text and Number versions prior to 6.x-1.3 are affected.
  • Ref: http://drupal.org/node/670942
  • 10.2.36 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! "com_rd_download" Component Directory Traversal
  • Description: The "com_rd_download" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "cid" parameter of the "com_rd_download" component.
  • Ref: http://www.securityfocus.com/bid/37538
  • 10.2.37 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin Spoof User Data Unspecified Input Validation
  • Description: vBulletin is a content manager and is exposed to an input validation issue. This could allow a brute force attack to compromise and spoof input data for a given user. To resolve this issue, it is necessary to release a patch level version of the active versions of vBulletin. vBulletin versions prior to 4.0.0 PL1, 3.8.4 PL2, and 3.7.6 PL2 are affected. Ref: http://www.vbulletin.com/forum/showthread.php?332633-vBulletin-4-0-0-PL1-3-8-4-PL2-and-3-7-6-PL2-Released
  • 10.2.38 - CVE: Not Available
  • Platform: Web Application
  • Title: pL-PHP "modules/pages/index.php" Local File Include
  • Description: pL-PHP is a web-based content manager. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "modules/pages/index.php" script. pL-PHP version 0.9 beta is affected.
  • Ref: http://www.securityfocus.com/bid/37547
  • 10.2.39 - CVE: Not Available
  • Platform: Web Application
  • Title: Run Digital Download Component for Joomla! Unspecified Unauthorized Access
  • Description: Run Digital Download is a component for the Joomla! content manager. The application is exposed to an unspecified unauthorized access issue related to file access. Exploiting this issue could allow attackers to gain unauthorized access to the affected application. RD Download versions prior to v0.9 are affected.
  • Ref: http://www.securityfocus.com/bid/37548
  • 10.2.40 - CVE: Not Available
  • Platform: Web Application
  • Title: phpYellow Arbitrary File Upload
  • Description: phpYellow is a PHP-based web application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied files before uploading them to the web server.
  • Ref: http://www.securityfocus.com/bid/37549
  • 10.2.41 - CVE: Not Available
  • Platform: Web Application
  • Title: "com_abbrev" Joomla! Component "controller" Parameter Local File Include
  • Description: The "com_abbrev" application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
  • Ref: http://www.securityfocus.com/bid/37560
  • 10.2.42 - CVE: Not Available
  • Platform: Web Application
  • Title: Kayako eSupport "s_query" Parameter HTML Injection
  • Description: Kayako eSupport is a web-based support suite. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input to the "s_query" parameter of the "index.php" script. eSupport version 3.04.10 is affected.
  • Ref: http://www.securityfocus.com/bid/37563
  • 10.2.43 - CVE: Not Available
  • Platform: Web Application
  • Title: "com_bfsurvey" Joomla! Component "controller" Parameter Local File Include
  • Description: The "com_bfsurvey" application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
  • Ref: http://www.securityfocus.com/bid/37572

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS training is like a catalyst. It not only boosts your knowledge but also inspires you to learn more.
-Tan Koon Yaw, IDA

SEC505: Securing Windows and Resisting Malware

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc