Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 20
May 13, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • @RISK is the SANS community's consensus bulletin summarizing the most
    • important vulnerabilities and exploits identified during the past week
    • and providing guidance on appropriate actions to protect your systems
    • (PART I). It also includes a comprehensive list of all new
    • vulnerabilities discovered in the past week (PART II).
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 2 (#3, #4)
    • Third Party Windows Apps
    • 14 (#2)
    • Linux
    • 1
    • Unix
    • 1
    • Cross Platform
    • 28 (#1, #5, #6, #7, #8, #9)
    • Web Application - Cross Site Scripting 17
    • Web Application - SQL Injection 26
    • Web Application
    • 20
    • Network Device
    • 5

********************** Sponsored By SANS *************************

The SANS WhatWorks in Virtualization and Cloud Computing Summit brings together industry leaders to help enterprises realize the enormous benefits of virtualization while addressing the new security challenges that it creates. You'll discuss the latest processes and tools for securing your virtualized systems in open forums designed to bring you together with both industry experts and your peers facing the same day-to-day challenges.

http://www.sans.org/info/59173

******************************************************************

TRAINING UPDATE

-- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

-- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

-- SANS Boston 2010, August 2-8, 2010 11 courses. Special Events include Rapid Response Security Strategy Competition

http://www.sans.org/boston-2010/

-- SANS Network Security 2010, Las Vegas, September 19-27, 2010 39 courses. Bonus evening presentations include The Return of Command Line Kung Fu and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Initiatives

http://www.sans.org/network-security-2010/

Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Singapore, Amsterdam, Canberra and Portland all in the next 90 days.

For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Rohan Kotian and Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Apple Safari Multiple Vulnerabilities
  • Affected:
    • Apple Safari version 4.0.5 for Windows

  • Description: Safari is Apple's web browser for Apple Mac OS X and Microsoft Windows. It contains two vulnerabilities in its handling of a variety of web page and scripting constructs. The first issue is caused by a use-after-free error in the way Apple Safari handles references to window objects. A specially crafted web-page can be used to trigger this vulnerability and successful exploitation might lead to remote code execution. The second issue leads to information disclosure caused by the way Safari handles HTTP basic authentication credentials in an HTTP request. Full technical details for the first issue are publicly available.

  • Status: Vendor not confirmed, no updates available.

  • References:
  • (3) HIGH: Microsoft Visual Basic for Applications Memory Corruption Vulnerability (MS10-031)
  • Affected:
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2

  • Description: Microsoft Visual Basic for Applications, which is built into most Office programs, is prone to a code execution vulnerability. Microsoft Visual Basic for Applications is an implementation of Microsoft Visual Basic that is embedded in Microsoft Office Applications. Although Microsoft Visual Basic for Applications is designed to run with restricted permissions, an attacker can bypass these restrictions by enticing the user to open and run a specially crafted file for Microsoft Visual Basic for Applications. The attacker can then execute arbitrary code with the permissions of the currently logged-in user.

  • Status: Vendor confirmed, updates available

  • References:
  • (4) HIGH: Microsoft Outlook Express and Windows Mail Integer Overflow Vulnerability (MS10-030)
  • Affected:
    • Microsoft Outlook Express 5.5 Service Pack 2
    • Microsoft Outlook Express 6 Service Pack 1
    • Microsoft Outlook Express 6
    • Microsoft Windows Mail
    • Microsoft Windows Live Mail

  • Description: Microsoft Outlook Express and Microsoft Mail, two widely deployed email clients, are prone to a code-execution vulnerability. By enticing the user to visit a malicious e-mail server, which could potentially be accomplished by man-in-the-middle attacks or DNS cache poisoning, an attacker could exploit the vulnerability and potentially execute arbitrary code with the permissions of the currently logged-in user.

  • Status: Vendor confirmed, updates available

  • References:
  • (6) HIGH: IrfanView PSD Image Parsing Multiple Vulnerabilities
  • Affected:
    • IrfanView 4.25

  • Description: IrfanView is a lightweight viewer/player for Microsoft Windows and is known for its speed and ease of use. Two vulnerabilities have been reported in IrfanView, which can be exploited by a specially crafted PSD file. The first issue is a sign-extension error while parsing some PSD files. An attacker can exploit this issue to cause a heap based buffer overflow. The second issue is caused by a boundary error in the way the affected application processes PSD images that are RLE compressed. Successful exploitation might allow an attacker to execute arbitrary code remotely in the context of the affected application. Some technical details for the vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) MODERATE: MySQL Database Multiple Vulnerabilities
  • Affected:
    • MySQL versions 5.x

  • Description: MySQL, a popular relational database management system (RDBMS), has been identified with multiple vulnerabilities. The first issue is a buffer overflow vulnerability caused by a boundary error, while processing COM_FIELD_LIST command packets. An overly long table name parameter to the COM_FIELD_LIST command can be used to trigger this vulnerability. The second issue is caused by an unspecified error while processing packets that are larger than the maximum size of the packet received. Successful exploitation in this case might lead to a denial of service condition. The third issue is caused by an error while processing table name argument of COM_FIELD_LIST command. A specially crafted table name argument can be used to trigger this vulnerability and successful exploitation in this case might lead to bypass of security restrictions. Some technical details for these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) MODERATE: BaoFeng Storm Buffer Overflow Vulnerability
  • Affected:
    • BaoFeng Storm2012 3.10.x

  • Description: Baofeng Storm is a popular Chinese media player with almost 120 million user base in China. It has a buffer overflow vulnerability which can be triggered by a specially crafted "M3U" playlist file. The specific flaw is caused by a boundary error in "medialib.dll" while processing M3U playlist files with overlong entry. Successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user. Full technical details for the vulnerability are publicly available.

  • Status: Vendor not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 20, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 20, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9510 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.20.1 - CVE: CVE-2010-0816
  • Platform: Other Microsoft Products
  • Title: Microsoft Outlook Express And Windows Mail Common Library Integer Overflow
  • Description: Outlook Express and Windows Mail are mail clients available for Microsoft Windows. Microsoft Outlook Express and Windows Mail are exposed to a remote integer overflow issue because the applications fail to perform boundary checks on integer values.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-030.mspx
  • 10.20.2 - CVE: CVE-2010-0815
  • Platform: Other Microsoft Products
  • Title: Microsoft Visual Basic for Applications Stack Memory Corruption Remote Code Execution
  • Description: Microsoft Visual Basic for Applications (VBA) is an implementation of the Visual Basic programming language. VBA is included with multiple applications, including versions of Microsoft Office. VBA is exposed to a remote code execution issue because of a stack based memory corruption error related to searching for embedded ActiveX controls within a Microsoft Office document.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-031.mspx
  • 10.20.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ziepod+ Podcast Feed Javascript Code Injection
  • Description: Ziepod+ is a podcast receiver and player. The application is exposed to an issue that lets attackers inject arbitrary Javascript code, because it fails to properly sanitize input passed via podcast feeds before processing them. Ziepod+ 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39930
  • 10.20.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 360 Anti-Virus and 360 Security Guard Multiple Local Denial Of Service
  • Description: 360 Anti-Virus and 360 Security Guard are anti-virus and security applications available for the Microsoft Windows operating systems. 360 Anti-Virus and 360 Security Guard are exposed to multiple local denial of service issues because the applications fail to properly handle certain IOCTL requests.
  • Ref: http://www.ntinternals.org/ntiadv1002/ntiadv1002.html
  • 10.20.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 360 safe Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
  • Description: 360 safe is a security product that runs on Microsoft Windows. The application is exposed to multiple local privilege escalation issues because the associated drivers fail to properly validate user space input to IOCTL requests. 360 safe version 3.0.0.1010 is affected.
  • Ref: http://www.securityfocus.com/bid/39940
  • 10.20.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TVUPlayer "PlayerOcx.ocx" Active X Control Arbitrary File Overwrite
  • Description: TVUPlayer is an ActiveX control used to display online media content. The application is exposed to an issue that allows attackers to overwrite arbitrary local files. Specifically, an unspecified method of the "PlayerOcx.ocx" ActiveX control will overwrite files in an insecure manner. TVUPlayer version 2.4.9beta1[build1797] is affected.
  • Ref: http://dsecrg.com/pages/vul/show.php?id=165
  • 10.20.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: dvipng ".dvi" File Parsing Remote Code Execution
  • Description: dvipng is an application that converts ".png" and other image files to ".dvi". dvipng is exposed to a remote code execution issue. This issue occurs when handling a specially crafted '.dvi' file. Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application.
  • Ref: http://www.securityfocus.com/bid/39969
  • 10.20.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: KOL Player ".wav" File Buffer Overflow
  • Description: KOL Player is a multimedia player available for Microsoft Windows. KOL Player is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a ".wav" audio file. KOL Player version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39977
  • 10.20.10 - CVE: CVE-2010-0827
  • Platform: Third Party Windows Apps
  • Title: TeX Live DVI Font Data Parsing Buffer Overflow
  • Description: TeX Live is a suite for producing TeX documents. TeX Live is exposed to a buffer overflow issue because it fails to properly validate user supplied input.
  • Ref: http://www.securityfocus.com/bid/39981
  • 10.20.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Evinco CamShot Remote Stack Buffer Overflow
  • Description: Evinco CamShot is surveillance monitoring software. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input when handling a malformed "GET" request. CamShot version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/39985
  • 10.20.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple Safari "window.parent.close()" Unspecified Remote Code Execution Vulnerability
  • Description: Apple Safari is a browser for Microsoft Windows, Apple Mac OS X, and other platforms. Safari is exposed to an unspecified remote code execution issue that arises when viewing a malicious web page. Apple Safari version 4.0.5 affected.
  • Ref: http://www.securityfocus.com/bid/39990
  • 10.20.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ESET Smart Security and NOD32 Anti-virus Buffer Overflow
  • Description: ESET Smart Security and NOD32 Anti-virus are virus scanning applications. The applications are exposed to a remote buffer overflow issue because they fail to perform adequate boundary checks on user-supplied input when scanning malicious ".LZH" archive files. ESET Smart Security version 4.2 and NOD32 Antivirus version 4.2 are affected.
  • Ref: http://www.securityfocus.com/bid/39998/references
  • 10.20.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Lalim Compact Player ".mp3" File Remote Buffer Overflow
  • Description: Lalim Compact Player is a media player available for Microsoft Windows. Lalim Compact Player is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user supplied input. Lalim Compact Player version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/40014
  • 10.20.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Hyplay ".asx" File Remote Denial of Service
  • Description: Hyplay is a multimedia player. The application is exposed to a remote denial of service issue when handling specially crafted ".asx" files. Hyplay version 1.2.0326.1 is affected.
  • Ref: http://www.securityfocus.com/bid/40048/references
  • 10.20.16 - CVE: CVE-2010-1620
  • Platform: Third Party Windows Apps
  • Title: gdomap Arbitrary Configuration File Line Count "load_iface()" Integer Overflow
  • Description: gdomap is an application used to look up distributed objects of processes running on a local machine or on a network. gdomap is exposed to an integer overflow issue.
  • Ref: http://article.gmane.org/gmane.comp.lib.gnustep.bugs/12379
  • 10.20.17 - CVE: CVE-2010-0730
  • Platform: Linux
  • Title: Red Hat Xen MMIO Instruction Decoder Local Guest Denial of Service
  • Description: Xen is an open source hypervisor or virtual machine monitor. Xen is exposed to a denial of service issue because the application fails to properly validate an instruction in the memory mapped I/O instruction decoder. 32 bit guests on the Xen implementation for Red Hat Enterprise Linux 5 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=572971
  • 10.20.18 - CVE: CVE-2010-0830
  • Platform: Unix
  • Title: GNU glibc "ld.so" ELF Header Parsing Remote Integer Overflow
  • Description: GNU glibc is an implementation of the GNU C library. glibc includes the "ld.so" dynamic linker and loader. ld.so is exposed to a remote integer overflow issue because it fails to sufficiently validate data when parsing ELF binary files. This issue occurs in the "elf/rtld.c" source code file and can be triggered with a crafted ELF binary containing a negative index value in the header.
  • Ref: http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
  • 10.20.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VicFTPS Directory Traversal
  • Description: VicFTPS is a Windows based FTP server. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings from user-supplied commands. A remote attacker could exploit this issue using directory traversal strings to download arbitrary files outside of the FTP server root directory. VicFTPS (Victory FTP Server) version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39919
  • 10.20.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KV AntiVirus 2010 Multiple Denial of Service Vulnerabilities
  • Description: KV AntiVirus 2010 is an anti-virus software. KV AntiVirus 2010 is exposed to multiple denial of service issues. Multiple issues exist in the hooked functions "NtCreateKey()", "NtOpenKey()", "NtDeleteKey()", "NtSetValueKey()" and "NtDeleteValueKey()" of the "KRegEx.sys" device driver when processing malformed parameters. KV AntiVirus 2010 versions prior to 13.0.10.111 are affected.
  • Ref: http://www.ntinternals.org/ntiadv1004/ntiadv1004.html
  • 10.20.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SQLite Browser Local Denial of Service
  • Description: SQLite Browser is an SQLite database browser. SQLite Browser is exposed to a local denial of service issue. SQLite Browser 2.0b1 is affected.
  • Ref: http://www.securityfocus.com/bid/39938
  • 10.20.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BaoFeng Storm2012 M3U File Buffer Overflow
  • Description: BaoFeng Storm2012 is a multimedia player. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, the issue occurs when parsing a specially crafted M3U file.
  • Ref: http://www.securityfocus.com/bid/39951
  • 10.20.24 - CVE: CVE-2010-1549
  • Platform: Cross Platform
  • Title: HP LoadRunner Agent Unspecified Remote Code Execution
  • Description: HP LoadRunner Agent is exposed to an unspecified remote privilege escalation issue. HP LoadRunner Agent version 9.50 is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-080/
  • 10.20.25 - CVE: CVE-2010-1440
  • Platform: Cross Platform
  • Title: TeX Live ".dvi" File Parsing Unspecified Remote Code Execution
  • Description: TeX Live is a suite for producing TeX documents. TeX Live is exposed to an unspecified remote code execution issue because it fails to properly validate user-supplied input. Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application.
  • Ref: http://www.securityfocus.com/bid/39966
  • 10.20.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Core FTP LE Remote Stack Buffer Overflow
  • Description: Core FTP LE is an FTP client for Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input to the SSH "password" field. Core FTP LE version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39972
  • 10.20.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PCRE Regular Expression Compiling Workspace Buffer Overflow
  • Description: PCRE is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5. PCRE is exposed to a buffer overflow issue because the library fails to perform adequate boundary checks on user-supplied input. Versions prior to PCRE 8.02 are affected.
  • Ref: http://www.securityfocus.com/bid/39974
  • 10.20.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cisco Application Control Engine (ACE) HTTP Parsing Security
  • Description: Cisco Application Control Engine (ACE) is a load-balancing application server/appliance. ACE is exposed to a security weakness that may allow attackers to obfuscate HTTP server log entries. The issue occurs because the application does not properly parse linear whitespace from an "HTTP-Version" header as described by RFC 2616.
  • Ref: http://www.securityfocus.com/archive/1/511169
  • 10.20.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: gdomap Multiple Local Information Disclosure
  • Description: gdomap is an application used to look up distributed objects of processes running on a local machine or on a network. gdomap is exposed to multiple local information disclosure issues.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/2889
  • 10.20.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ServersMan@iPhone Remote Denial of Service
  • Description: ServersMan@iPhone is an HTTP Server available for the Apple iPhone. The application is exposed to a remote denial of service issue because it fails to handle crafted HTTP headers. erversMan@iPhone ver3.1.5b is affected.
  • Ref: http://www.securityfocus.com/bid/40007
  • 10.20.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Geo++ GNCASTER HTTP GET Request Denial Of Service
  • Description: Geo++ GNCASTER is an implementation of a NTRIP protocol caster. The server is exposed to a denial of service issue because it fails to properly handle overly long HTTP GET requests for a nonexistent URI. Geo++ GNCASTER version 1.4.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/40009
  • 10.20.33 - CVE: CVE-2010-0553
  • Platform: Cross Platform
  • Title: Geo++ GNCASTER NMEA-data Denial of Service
  • Description: Geo++ GNCASTER is an implementation of a NTRIP protocol caster. The server is exposed to a denial of service issue because it fails to properly handle overly long NMEA data strings. An attacker with valid login credentials can exploit this issue to cause the application to crash, resulting in a denial of service. Geo++ GNCASTER version 1.4.0.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/509197
  • 10.20.34 - CVE: CVE-2010-0550
  • Platform: Cross Platform
  • Title: Geo++ GNCASTER HTTP Digest Authentication Bypass
  • Description: Geo++ GNCASTER is an implementation of a NTRIP protocol caster. The application is exposed to an authentication bypass issue because it fails to properly enforce the HTTP Digest Authentication, allowing users to access "admin.htm" by using the HTTP Basic authentication method. Geo++ GNCASTER version 1.4.0.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/archive/1/509199/100/0/threaded
  • 10.20.35 - CVE: CVE-2010-0554
  • Platform: Cross Platform
  • Title: Geo++ GNCASTER HTTP Digest Authentication Nonce Regeneration Replay Security Bypass
  • Description: Geo++ GNCASTER is an implementation of a NTRIP protocol caster. The application is exposed to a security bypass issue because it fails to regenerate the nonce used during HTTP Digest authentication. Geo++ GNCASTER version 1.4.0.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/archive/1/509199/100/0/threaded
  • 10.20.36 - CVE: CVE-2010-0551
  • Platform: Cross Platform
  • Title: Geo++ GNCASTER HTTP Digest Authentication Information Disclosure
  • Description: Geo++ GNCASTER is an implementation of a NTRIP protocol caster. The application is exposed to an information disclosure issue. Specifically, the application fails to properly handle a failed authentication request by responding with data from the service's memory. Geo++ GNCASTER version 1.4.0.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/archive/1/509199/100/0/threaded
  • 10.20.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xitami "/AUX" Request Remote Denial Of Service
  • Description: Xitami is a web server for Microsoft Windows and UNIX platforms. The application is exposed to a denial of service issue because it fails to adequately handle a "GET /AUX" request. Xitami version 5.0a0 is affected.
  • Ref: http://www.securityfocus.com/bid/40027
  • 10.20.38 - CVE: CVE-2010-0827
  • Platform: Cross Platform
  • Title: TeX Live ".dvi" File Parsing Unspecified Remote Code Execution
  • Description: TeX Live is a suite for producing TeX documents. TeX Live is exposed to an unspecified remote code execution issue because it fails to properly validate user-supplied input. Successfully exploiting this issue can allow attackers to execute arbitrary code within the context of the affected application.
  • Ref: http://www.securityfocus.com/bid/39971
  • 10.20.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mereo Directory Traversal
  • Description: Mereo is an HTTP server. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Specifically, the issue occurs when "%80" is provided along with directory traversal strings ("../"). Mereo version 1.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/40053
  • 10.20.40 - CVE: CVE-2010-1568
  • Platform: Cross Platform
  • Title: Cisco IronPort Desktop Flag Plug-in for Outlook Send Secure Information Disclosure
  • Description: Cisco IronPort Desktop Flag Plug-in for Outlook is a plugin that allows users to encrypt email messages using a Cisco IronPort Encryption Appliance or Email Security Appliance. Cisco IronPort Desktop Flag Plug-in for Outlook is exposed to an information disclosure issue. Specifically when a user sends several emails simultaneously and the "Send Secure" button is used to send several emails, the plug-in will encrypt the first email but will fail to encrypt subsequent emails. Cisco IronPort Desktop Flag Plug-in for Outlook versions 6.2.4.3 up to but not including 6.5.0-006 are affected.
  • Ref: http://www.cisco.com/en/US/products/products_security_response09186a0080b2c505.h
    tml
  • 10.20.41 - CVE: CVE-2010-1550
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager ovet_demandpoll Format String Remote Code Execution
  • Description: HP OpenView Network Node Manager (NNM) is a fault-management application for IP networks. NNM is exposed to a remote code execution issue in the "ovet_demandpoll.exe" process. Attackers can trigger this issue by sending malicious format strings to a "vnsprintf()" call via the "sel" parameter.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-081/
  • 10.20.42 - CVE: CVE-2010-0129, CVE-2010-0986, CVE-2010-1280,CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284,CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-0130,CVE-2010-0127, CVE-2010-1290, CVE-2010-0987, CVE-2010-1288,CVE-2010-1291 and CVE-2010-12
  • Platform: Cross Platform
  • Title: Adobe Shockwave Player APSB10-12 Multiple Remote Issues
  • Description: Adobe Shockwave Player is a multimedia player application. Adobe Shockwave Player is exposed to multiple remote issues. 1) Multiple unspecified memory corruption issues. 2) multiple unspecified buffer overflow issues. 3) An unspecified integer overflow issue. 4) An unspecified security issue due to a signedness error. 5) A denial of service issue due to an infinite loop. 6) An unspecified security issue due to a boundary error. Adobe Shockwave Player version 11.5.6.606 is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-12.html
  • 10.20.43 - CVE: CVE-2010-1551, CVE-2010-1553, CVE-2010-1555,CVE-2010-1554, CVE-2010-1552
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager Unspecified Remote Code Execution
  • Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. NNM is exposed to an unspecified remote code execution issue. An attacker can exploit this issue to execute arbitrary code with SYSTEM level privileges.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-082/
  • 10.20.44 - CVE: CVE-2010-1293
  • Platform: Cross Platform
  • Title: Adobe ColdFusion Unspecified Cross-Site Scripting
  • Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to a cross-site scripting issue because an unspecified parameter of the ColdFusion "Administrator" page fails to properly sanitize user-supplied input. ColdFusion version 9.0 and earlier are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-11.html
  • 10.20.45 - CVE: CVE-2009-3467, CVE-2010-1293, CVE-2010-1294
  • Platform: Cross Platform
  • Title: Adobe ColdFusion Unspecified Local Information Disclosure Issue
  • Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to an unspecified local information disclosure issue. ColdFusion version 9.0 is affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-12.html
  • 10.20.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Samba Multiple Remote Denial of Service
  • Description: Samba is a file and printer sharing application. Samba is exposed to multiple denial of service issues. See reference for further details. Versions prior to Samba 3.4.8 and 3.5.2 are affected.
  • Ref: http://samba.org/samba/history/samba-3.4.8.html
  • 10.20.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 "'t3m_cumulus_tagcloud" Extension HTML Injection and Cross-Site Scripting
  • Description: "t3m_cumulus_tagcloud" is an extension for the TYPO3 content manager. The application is exposed to an HTML injection issue and a cross-site scripting issue that affect the "href" parameter of "tagcloud.swf". TYPO3 "t3m_cumulus_tagcloud" version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39926
  • 10.20.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ShopEx Single "errinfo" Parameter Cross-Site Scripting
  • Description: ShopEx Single is a web-based application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "ShopEx Single" parameter of an unspecified script. ShopEx Single version 4.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39941
  • 10.20.49 - CVE: CVE-2010-1143
  • Platform: Web Application - Cross Site Scripting
  • Title: VMware View Unspecified Cross-site Scripting
  • Description: VMware View is a desktop virtualization solution. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. VMware View versions prior to 3.1.3 are affected.
  • Ref: http://lists.vmware.com/pipermail/security-announce/2010/000092.html
  • 10.20.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal CCK TableField Module Cross-Site Scripting
  • Description: CCK TableField is a PHP-based module for the Drupal content manager. The module is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to table headers. CCK TableField versions prior to 6.x-1.2 are affected.
  • Ref: http://drupal.org/node/790998
  • 10.20.51 - CVE: CVE-2010-1707
  • Platform: Web Application - Cross Site Scripting
  • Title: Piwigo "register.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Piwigo is a photo gallery application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input of the "register.php" script to the following parameters: "login" and "mail_address". Piwigo version 2.0.9 is affected.
  • Ref: http://piwigo.org/code/wsvn/Piwigo/trunk/register.php?op=diff&rev=5936
  • 10.20.52 - CVE: CVE-2010-1112
  • Platform: Web Application - Cross Site Scripting
  • Title: kloNews "cat.php" Cross-Site Scripting
  • Description: kloNews is a PHP-based online news management software. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "cat.php" script. kloNews version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39987
  • 10.20.53 - CVE: CVE-2010-1481
  • Platform: Web Application - Cross Site Scripting
  • Title: PmWiki Table Feature "width" Parameter HTML Injection Vulnerability
  • Description: PmWiki is a guestbook application implemented in ASP. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before displaying it in a browser.
  • Ref: http://www.securityfocus.com/bid/39994
  • 10.20.54 - CVE: CVE-2010-1482
  • Platform: Web Application - Cross Site Scripting
  • Title: CMS Made Simple "admin/editprefs.php" Cross-Site Scripting
  • Description: CMS Made Simple is a web-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "date_format_string" parameter of the "admin/editprefs.php" script. CMS Made Simple versions prior to 1.7.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/511178
  • 10.20.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: my little forum "index.php" Multiple Cross-Site Scripting Issues
  • Description: my little forum is a forum application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the following parameters of the "index.php" script when "mode" is set to "posting" "id" and "back". my little forum version 2.1.4 is affected.
  • Ref: http://www.vupen.com/english/advisories/2010/1032
  • 10.20.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jaws "edit profile" Module "URL" Parameter Cross-Site Scripting
  • Description: Jaws is a web-based application framework and content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "URL" parameter of the "edit profile" module. Jaws versions 0.8.12 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/511175
  • 10.20.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AzDGDatingMedium Multiple Cross-Site Scripting Vulnerabilities
  • Description: AzDGDatingMedium is a web-based application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. AzDGDatingMedium versions prior to 1.9.5 are affected.
  • Ref: http://www.azdg.com/scripts/AzDGDatingMedium/docs/ChangeLog.txt
  • 10.20.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Chipmunk Newsletter Multiple Cross-Site Scripting
  • Description: Chipmunk Newsletter is a web-based application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Chipmunk Newsletter version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40024/info
  • 10.20.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EasyPublish CMS URI Cross-Site Scripting
  • Description: EasyPublish CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the URI of the "index.php" script. EasyPublish CMS version 23.04.2010 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511204
  • 10.20.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Advanced Poll "mysql_host" Parameter Cross-Site Scripting
  • Description: Advanced Poll is a web-based polling application implemented in PHP. Advanced Poll is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input to the "mysql_host" parameter of the "misc/get_admin.php" script. Advanced Poll version 2.08 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511210
  • 10.20.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Saurus CMS "edit.php" Cross-Site Scripting
  • Description: Saurus CMS is a PHP-based content management system. Saurus CMS is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input to the "pealkiri" parameter of the "/admin/edit.php" script. Saurus CMS version 4.7.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511223
  • 10.20.62 - CVE: CVE-2009-3467
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe ColdFusion Unspecified Cross-Site Scripting
  • Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to an unspecified cross-site scripting issue because an unspecified method fails to properly sanitize user-supplied input. ColdFusion versions 9.0 and earlier are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-11.html
  • 10.20.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Movable Type Administrative User Interface Cross-Site Scripting
  • Description: Movable Type is a web log application written in PERL and PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the administrative user interface. Movable Type versions prior to 5.02 are affected.
  • Ref: http://www.movabletype.org/documentation/appendices/release-notes/movable-type-5
    02.html
  • 10.20.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Newsletter Tailor SQL Injection
  • Description: Newsletter Tailor is a mass mailer application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the "admin/index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39913
  • 10.20.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Multiple SQL Injection Vulnerabilities
  • Description: PHP-Nuke is a PHP-based content manager. The application is exposed to two SQL injection issues because it fails to sufficiently sanitize user-supplied input. PHP-Nuke versions 7.0 through 8.1.35 are affected.
  • Ref: http://blog.sitewat.ch/2010/05/vulnerabilities-in-php-nuke.html
  • 10.20.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke "viewslink" module SQL Injection
  • Description: PHP-Nuke is a PHP based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "links.php" script in the "viewslink" module before using it in an SQL query. PHP-Nuke version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39925
  • 10.20.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SmartCMS "index.php" Multiple SQL Injection Vulnerabilities
  • Description: SmartCMS is a PHP-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "pageid" and "lang" parameters of the "index.php" script. SmartCMS 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511126
  • 10.20.68 - CVE: CVE-2010-1046
  • Platform: Web Application - SQL Injection
  • Title: Rostermain "index.php" Multiple SQL Injection Vulnerabilities
  • Description: Rostermain is a PHP-based roster application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields of the "index.php" script. Rostermain version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39935
  • 10.20.69 - CVE: CVE-2010-1047
  • Platform: Web Application - SQL Injection
  • Title: MASA2EL Music City "index.php" Multiple SQL Injection Vulnerabilities
  • Description: MASA2EL Music City is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the following parameters of the "index.php" script: "id" when "go" is set to "singer"; "cat". MASA2EL Music City version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39937
  • 10.20.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AudiStat "mday" Parameter SQL Injection
  • Description: AudiStat is a PHP-based website statistics application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mday" parameter of the "index.php" script before using it in an SQL query. AudiStat version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39943
  • 10.20.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mediashaker shoutCMS "content.php" SQL Injection
  • Description: Mediashaker shoutCMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "content.php" script .
  • Ref: http://www.securityfocus.com/bid/39946
  • 10.20.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DeluxeBB "newpost.php" SQL Injection
  • Description: DeluxeBB is a web-based bulletin board implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to the "memberid" cookie parameter of the "newpost.php" script when the "membercookie" cookie parameter is set to "guest". DeluxeBB version 1.3 is affected.
  • Ref: http://php-security.org/2010/05/06/mops-2010-011-deluxebb-newthread-sql-injectio
    n-issue/index.html
  • 10.20.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Site Manager "id" Parameter SQL Injection
  • Description: Site Manager is a web-based application implemented in CFM. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "page.cfm" script before using it in an SQL query. Site Manager version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39973
  • 10.20.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HAWHAW "newsread.php" SQL Injection
  • Description: HAWHAW is a toolkit for creating universal mobile web applications. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "storyid" parameter of the "newsread.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39978
  • 10.20.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Files2Links F2L-3000 SQL Injection
  • Description: F2L-3000 is software for sharing large files. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the unspecified parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/509157
  • 10.20.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Piwigo "search.php" SQL Injection
  • Description: Piwigo is PHP-based online photo gallery software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to unspecified parameters of the "search.php" script before using it in an SQL query. Versions prior to Piwigo 2.0.8 are affected.
  • Ref: http://www.securityfocus.com/bid/39983
  • 10.20.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Digital Factory Publique! "sid" Parameter SQL Injection
  • Description: Publique! is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "start.html" script before using it in an SQL query. Publique! version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39988
  • 10.20.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke "FriendSend" module SQL Injection
  • Description: PHP-Nuke is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "friend.php" script in the "FriendSend" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39992
  • 10.20.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ECShop "category.php" SQL Injection
  • Description: ECShop is a PHP based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "filter_attr" parameter of the "category.php" script. ECShop version 2.7.2 is affected.
  • Ref: http://www.securityfocus.com/bid/40001
  • 10.20.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: tekno.Portal "makale.php" SQL Injection
  • Description: tekno.Portal is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "makale.php" script. tekno.Portal version 0.1b is affected.
  • Ref: http://www.securityfocus.com/bid/40030/references
  • 10.20.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: B2B Classic Script "offers.php" SQL Injection
  • Description: B2B Classic Script is a PHP-based marketplace trading script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "offers.php" script.
  • Ref: http://www.securityfocus.com/bid/40034
  • 10.20.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Live Shopping Multi Portal System "index.php" SQL Injection
  • Description: Live Shopping Multi Portal System is a PHP-based online shopping application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user supplied data to the "artikel" parameter of the "shop/index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40040
  • 10.20.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Family Connections 2.2.3 Multiple SQL Injection Vulnerabilities
  • Description: Family Connections is a PHP-based content manager. The application is exposed to two SQL injection issues because it fails to sufficiently sanitize user-supplied input. Family Connections version 2.2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/40043
  • 10.20.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 724CMS SQL "ID" Parameter SQL Injection
  • Description: 724Networks Content Management Server (724CMS) is a web-based content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to properly sanitize the "ID" parameter of the "index.php" script when the "Lang" parameter is set to "En". The issue affects 724CMS version 4.59.
  • Ref: http://www.securityfocus.com/bid/40047
  • 10.20.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 724CMS SQL "section.php" SQL Injection
  • Description: 724Networks Content Management Server (724CMS) is a web-based content manager. The application is exposed to an SQL injection issue because it fails to properly sanitize the "ID" parameter of the "section.php" script when the "Lang" parameter is set to "En". 724CMS version 4.59 is affected.
  • Ref: http://www.securityfocus.com/bid/40055
  • 10.20.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Affiliate Store Builder "edit_cms.php" Multiple SQL Injection Vulnerabilities
  • Description: Affiliate Store Builder is a PHP-based online shopping application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. Specifically, the "desc_key" parameter and other unspecified parameters of the "/admin/edit_cms.php" script are affected. Affiliate Store Builder, April 2010 version, is affected.
  • Ref: http://www.htbridge.ch/advisory/xss_in_dynamixgate.html
  • 10.20.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Marinet CMS Multiple Input Validation
  • Description: Marinet CMS is a PHP-based content manager. The application is exposed to multiple input validation issues like SQL injection and cross-site scripting.
  • Ref: http://www.securityfocus.com/bid/40080
  • 10.20.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Wordpress Events Manager Plugin "events-manager.php" SQL Injection
  • Description: Wordpress is a web-based blogging application. Events Manager is a plugin for Wordpress. The application is exposed to an SQL injection issue because it fails to properly sanitize the "event_id" parameter of the "events-manager.php" script. Events Manager versions 2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/40098
  • 10.20.90 - CVE: Not Available
  • Platform: Web Application
  • Title: thEngine "test.class.php" Local File Include
  • Description: thEngine is a PHP-based content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "strLanguage" parameter of the "modules/test/test.class.php" script. thEngine version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39921
  • 10.20.91 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke CAPTCHA Security Bypass
  • Description: PHP Nuke is a web-based application implemented in PHP. The application is exposed to a security bypass issue that occurs in the CAPTCHA authentication routine. PHP Nuke versions 7.0 through 8.1.35 are affected.
  • Ref: http://blog.sitewat.ch/2010/05/vulnerabilities-in-php-nuke.html
  • 10.20.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Limny Avatar Arbitrary File Upload
  • Description: Limny is a PHP-based content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading avatars to the web server. Limny version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/39945
  • 10.20.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Slooze "file" Parameter Command Injection
  • Description: Slooze is a web-based photo album application. The application is exposed to a command injection issue because it fails to adequately sanitize user supplied input to the "file" parameter in the "src/slooze.php" script. Slooze version 0.2.7 is affected.
  • Ref: http://www.securityfocus.com/bid/39948
  • 10.20.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal ImageField Module Multiple Security
  • Description: ImageField is a module for the Drupal content manager. The module is exposed to multiple security issues. A security bypass issue exists because it fails to properly perform access checking when using the Private Downloads setting. An issue with an unspecified security impact exists and is related to restricting file extensions. Versions prior to ImageField 6.x-3.3 are affected.
  • Ref: http://drupal.org/node/791054
  • 10.20.95 - CVE: Not Available
  • Platform: Web Application
  • Title: GetSimple CMS "download.php" Local File Include
  • Description: GetSimple CMS is a PHP-based content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "admin/download.php" script. GetSimple CMS version 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/39957
  • 10.20.96 - CVE: CVE-2010-0799
  • Platform: Web Application
  • Title: phpunity.newsmanager "misc/tell_a_friend/tell.php" Local File Include
  • Description: phpunity.newsmanager is a web-based application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user supplied input to the "id" parameter of the "misc/tell_a_friend/tell.php" script.
  • Ref: http://www.securityfocus.com/bid/39960
  • 10.20.97 - CVE: Not Available
  • Platform: Web Application
  • Title: EmiratesHost Insecure Cookie Authentication Bypass
  • Description: EmiratesHost is a PHP-based web hosting application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Specifically, attackers can gain administrative access to the application by setting the "login" cookie parameter to "right", and the "path" parameter to "/".
  • Ref: http://www.securityfocus.com/bid/39963
  • 10.20.98 - CVE: Not Available
  • Platform: Web Application
  • Title: RaakCms Multiple Input Validation Issues
  • Description: RaakCms is a web-based content management application. RaakCms is exposed to multiple directory traversal issues and a remote file include issue. Multiple directory traversal issues exist because the application fails to sufficiently sanitize directory traversal strings from user-supplied commands in the "dir" parameter. A remote file include issue exists because the application fails to properly sanitize user supplied input to the "webmaster/pic.aspx" script.
  • Ref: http://www.securityfocus.com/archive/1/509296
  • 10.20.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Tinypug Comment HTML Injection
  • Description: Tinypug is a PHP-based web application. The application is exposed to an HTML injection issue because it fails to properly sanitize user supplied input. Specifically, an attacker can exploit this issue by posting specially crafted HTML or JavaScript code in a comment. Tinypug version 0.9.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/509312
  • 10.20.100 - CVE: Not Available
  • Platform: Web Application
  • Title: AzDGDatingMedium "photos.php" Unspecified Security
  • Description: AzDGDatingMedium is a web-based application. The application is exposed to an unspecified security issue that affects the "photos.php" script. AzDGDatingMedium versions prior to 1.9.5 are affected.
  • Ref: http://www.azdg.com/scripts/AzDGDatingMedium/docs/ChangeLog.txt
  • 10.20.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Basml Okul Scripti "banneryukle.asp" Remote File Upload
  • Description: Basml Okul Scripti is a PHP-based web application. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "banneryukle.asp" script.
  • Ref: http://www.securityfocus.com/bid/40012
  • 10.20.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Redatam+SP Web Server "BASE" Parameter Cross-Site Scripting
  • Description: Redatam+SP Web Server is a software for processing information. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user supplied data to the "BASE" parameter of the "cgibin/RpWebEngine.exe/PortalAction" script. Redatam+SP Web Server version V5Rev01 is affected.
  • Ref: http://www.securityfocus.com/bid/40021/references
  • 10.20.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Dark Hart Portal "include_path" Parameter Remote File Include
  • Description: Dark Hart Portal is a web-based application implemented in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "include_path" parameter of the "login.php" script.
  • Ref: http://www.securityfocus.com/bid/40029
  • 10.20.105 - CVE: Not Available
  • Platform: Web Application
  • Title: OrangeHRM 2.5.0.4 Multiple Issues
  • Description: OrangeHRM is a PHP based application for managing human resources. The application is exposed to the multiple issues like HTML injection issues that occur because the application fails to sufficiently sanitize user-supplied input. OrangeHRM version 2.5.0.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511212/30/0/threaded
  • 10.20.106 - CVE: Not Available
  • Platform: Web Application
  • Title: 29o3 CMS "LibDir" Parameter Multiple Remote File Include Vulnerabilities
  • Description: 29o3 CMS is a PHP-based content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/40049
  • 10.20.107 - CVE: Not Available
  • Platform: Web Application
  • Title: 724CMS "section.php" Local File Include
  • Description: 724Networks Content Management Server (724CMS) is a web-based content manager implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "Module" parameter of the "section.php" script. 724CMS version 4.59 is affected.
  • Ref: http://www.securityfocus.com/bid/40054
  • 10.20.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Context Module HTML Injection
  • Description: Context is a PHP-based component for the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to block descriptions. Context version 6.x-2.0-rc3 is affected.
  • Ref: http://www.securityfocus.com/bid/40056/references
  • 10.20.109 - CVE: Not Available
  • Platform: Web Application
  • Title: KosmosBlog Multiple Input Validation
  • Description: KosmosBlog is a PHP-based online blogging application. The application is exposed to multiple issues. Multiple SQL injection issues because it fails to adequately sanitize user-supplied input. A cross-site scripting issue affects the "id" parameter of the "kosmos/administration/addcomment.php" script. An HTML injection issue affects the "naslov" parameter of the "kosmos/administration/addcontentgo.php" script. KosmosBlog version 0.9.3 is affected.
  • Ref: http://www.securityfocus.com/bid/40064/references
  • 10.20.110 - CVE: CVE-2010-0607
  • Platform: Network Device
  • Title: Sterlite SAM300 AX Router "Stat_Radio" Parameter Cross-Site Scripting
  • Description: The Sterlite SAM300 AX Router is a network device for home and small office use. The device's web-based management interface is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Stat_Radio" parameter of the "Forms/status_statistics_1" field.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0075.html
  • 10.20.111 - CVE: Not Available
  • Platform: Network Device
  • Title: Alien RFID Reader Security Bypass
  • Description: Alien RFID reader devices are used to interrogate RFID tags. The device is exposed to a security bypass issue because the Alien account has the same default password for all RFID readers. Version ALR-9900 is affected.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0064.html
  • 10.20.112 - CVE: CVE-2010-0101
  • Platform: Network Device
  • Title: Multiple Lexmark Laser Printers HTTP "Authorization" Header Remote Denial of Service
  • Description: Lexmark manufactures multiple laser printer models. Multiple Lexmark laser printers are exposed to a remote denial of service issue because the devices fail to handle crafted HTTP requests. Affected HTTP-based services listen on TCP ports 80, 443, 8000, and 631.
  • Ref: http://support.lexmark.com/index?page=content&id=TE87&locale=EN&user
    locale=EN_US
  • 10.20.113 - CVE: Not Available16.10.2010.1 is affected.
  • Platform: Network Device
  • Title: Sandra 2010 "sandra.sys" Driver IOCTL Handling Local Privilege Escalation
  • Description: Sandra 2010 is a system diagnostics product available for Microsoft Windows. The application is exposed to a local privilege escalation issue because the "sandra.sys" driver fails to properly handle input through a crafted IOCTL call. Sandra 2010 version
  • Ref: http://www.ntinternals.org/ntiadv0808/ntiadv0808.html
  • 10.20.114 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple 3Com H3C Devices SSH Server Remote Denial of Service
  • Description: Multiple 3Com H3C devices are exposed to a denial of service issue that is caused by an unspecified error when handling specially crafted SSH packets and may be exploited to restart the affected device. H3C S3100, Switch 4500, and Switch 4200G series of products are affected.
  • Ref: http://support.3com.com/documents/H3C/switches/3100/H3C_S3100-52P_CMW3.10.R1702P
    13_Release_Notes.pdf

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Since I am fresh out of college this was a definite eye opener. This course was very valuable in that it gives a view of most tools available for auditing networks.
-Ryan Awai, Eisner LLP

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd