@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Adobe Multiple Products Remote Code Execution Vulnerability
• (2) HIGH: Microsoft Internet Explorer Multiple Vulnerabilities
• (3) HIGH: Apple Safari Multiple Vulnerabilities
• (4) HIGH: Microsoft IIS Authentication Remote Code Execution Vulnerability
• (5) HIGH: Microsoft Data Analyzer ActiveX Control Remote Code Execution Vulnerability
• (6) HIGH: HP OpenView Network Node Manager Buffer Overflow Vulnerabilities
• (7) MEDIUM: Google Chrome Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 10.24.1 - Microsoft Windows Kernel "Win32k.sys" Data Validation Local Privilege Escalation
• 10.24.2 - Microsoft Windows Media Decompression Remote Code Execution
• 10.24.3 - Microsoft Windows OpenType Compact Font Format Driver Local Privilege Escalation
• 10.24.4 - Microsoft IIS Authentication Remote Code Execution

Microsoft Office

• 10.24.5 - Microsoft Excel "SxView" Record Parsing Remote Code Execution
• 10.24.6 - Microsoft Excel "DBQueryExt" ActiveX Data Object (ADO) Parsing Remote Code Execution
• 10.24.7 - Microsoft Office XML Converter for Mac Local Privilege Escalation
• 10.24.8 - Microsoft Office COM Object Validation Remote Code Execution

Other Microsoft Products

• 10.24.9 - Internet Explorer and SharePoint "toStaticHTML" Cross-Domain Information Disclosure
• 10.24.10 - Microsoft Internet Explorer Uninitialized Memory Remote Code Execution
• 10.24.11 - Microsoft Internet Explorer 8 Developer Tools Remote Code Execution
• 10.24.12 - Microsoft SharePoint Help Page Remote Denial of Service

Third Party Windows Apps

• 10.24.13 - Jcom. Band "JcomObjMgr2.dll" ActiveX Control Buffer Overflow
• 10.24.14 - PlayMeNow Multiple Remote Stack Buffer Overflow
• 10.24.15 - Millennium Mp3 ".mpf" File Stack Buffer Overflow
• 10.24.16 - Millennium Mp3 Studio ".m3u" File Stack Buffer Overflow
• 10.24.17 - SubStation Alpha ".rt" File Buffer Overflow
• 10.24.18 - Net Transport eDonkey Protocol Stack Buffer Overflow
• 10.24.19 - D.R. Software Audio Converter ".pls" File Remote Buffer Overflow
• 10.24.20 - Mini-stream Software CastRipper ".pls" File Remote Stack Buffer Overflow
• 10.24.21 - VSO Media Player ".ape" File Buffer Overflow

Linux

• 10.24.22 - RPM Package Update File Attribute Security Bypass
• 10.24.23 - netsniff-ng "netsniff-ng.c" Buffer Overflow
• 10.24.24 - Weborf HTTP Ranger Header Denial of Service

Novell

• 10.24.25 - Novell eDirectory Multiple Remote Vulnerabilities

Cross Platform

• 10.24.26 - OpenSSL Cryptographic Message Syntax Memory Corruption
• 10.24.27 - OpenSSL "EVP_PKEY_verify_recover()" Invalid Return Value Security Bypass
• 10.24.28 - Multiple Kerio Products Administration Console File Disclosure and Corruption
• 10.24.29 - CompleteFTP Server Directory Traversal
• 10.24.30 - Wing FTP Server "admin_loginok.html" HTML Injection
• 10.24.31 - Beanstalk Job Data Remote Command Execution
• 10.24.32 - Todd Miller Sudo "secure path" Security Bypass
• 10.24.33 - HP StorageWorks Storage Mirroring Unspecified Unauthorized Access
• 10.24.34 - Bftpd Security Bypass
• 10.24.35 - RPCBind Multiple Insecure Temporary File Creation Vulnerabilities
• 10.24.36 - Adobe InDesign "INDD" File Handling Remote Buffer Overflow
• 10.24.37 - Computer Associates ARCserve Backup Unspecified Local Information Disclosure
• 10.24.38 - GnuTLS X.509 Unknown Hash Algorithm Denial of Service
• 10.24.39 - Adobe Flash Player, Acrobat Reader, and Acrobat "authplay.dll" Remote Code Execution issue
• 10.24.40 - OpenOffice Python Scripting IDE Remote Code Execution
• 10.24.41 - JForum "bookmarks" Module Multiple HTML Injection Vulnerabilities
• 10.24.42 - I2P "floodfill" Versions Prior To 0.7.10 Unspecified issues
• 10.24.43 - Aqua Real Screensaver ".ar" File Buffer Overflow
• 10.24.44 - Ronnie Garcia uploadify Plugin for jQuery Remote File Upload issue
• 10.24.45 - Core FTP Server Directory Traversal and Denial of Service
• 10.24.46 - wview FTP Logging Buffer Overflow
• 10.24.47 - YPOPs! "PASS" Remote Server Side Buffer Overflow
• 10.24.48 - Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities
• 10.24.49 - D.R. Software Easy CD-DA Recorder ".pls" File Remote Buffer Overflow
• 10.24.50 - Computer Associates PSFormX ActiveX Control Unspecified Security Vulnerability

Web Application - Cross Site Scripting

• 10.24.51 - Hexjector "hexjector.php" Cross-Site Scripting Vulnerability
• 10.24.52 - e-Pares Unspecified Cross-Site Scripting
• 10.24.53 - e-Pares Unspecified Cross-Site Request Forgery
• 10.24.54 - PHP City Portal "cms_data.php" Cross-Site Scripting
• 10.24.55 - MySQL Enterprise Monitor Multiple Unspecified Cross-Site Request Forgery Vulnerabilities
• 10.24.56 - Horde Groupware Unspecified Cross-Site Request Forgery
• 10.24.57 - HP ServiceCenter Unspecified Cross-Site Scripting
• 10.24.58 - MoinMoin "PageEditor.py" Cross-Site Scripting
• 10.24.59 - eFront Multiple Cross-Site Scripting
• 10.24.60 - KubeLabs PHPDug "upcoming.php" Cross-Site Scripting
• 10.24.61 - Obsession-Design Image-Gallery "display.php" Cross-Site Scripting
• 10.24.62 - Western Digital My Book World Edition "lang" Parameter Cross-Site Scripting Vulnerabilities
• 10.24.63 - MRWhois "mrwhois.php" Cross-Site Scripting
• 10.24.64 - Gigya Socialize Plugin for Wordpress Cross-Site Scripting
• 10.24.65 - PHP BandwidthMeter Multiple Cross-Site Scripting Vulnerabilities
• 10.24.66 - WmsCms Multiple Cross-Site Scripting Vulnerabilities
• 10.24.67 - ReVou Search Field Cross-Site Scripting
• 10.24.68 - ZoneCheck Multiple Cross-Site Scripting
• 10.24.69 - boastMachine "key" Parameter Cross-Site Scripting
• 10.24.70 - fileNice "sstring" Parameter Cross-Site Scripting

Web Application - SQL Injection

• 10.24.71 - RSA Key Manager Client Metadata SQL Injection
• 10.24.72 - ImagoScripts Deviant Art Clone "index.php" SQL Injection
• 10.24.73 - WmsCms Multiple SQL Injection Vulnerabilities
• 10.24.74 - IDevSpot TextAds "page" Parameter SQL Injection
• 10.24.75 - PonVFTP "login.php" SQL Injection
• 10.24.76 - DZOIC ClipHouse Login Page "password" Parameter SQL Injection
• 10.24.77 - CommonSense CMS "article_id" Parameter SQL Injection
• 10.24.78 - EMO Realty Manager "cat1" Parameter SQL Injection

Web Application

• 10.24.79 - ECOMAT "index.php" SQL Injection and Cross-Site Scripting Vulnerabilities
• 10.24.80 - dotDefender "index1.cgi" Remote Command Execution
• 10.24.81 - phpGraphy "mysql_cleanup.php" Remote File Include
• 10.24.82 - TCExam "admin/code/tce_functions_tcecode_editor.php" Arbitrary File Upload
• 10.24.83 - e-Pares Session Fixation
• 10.24.84 - TPO Duyuru Scripti Insecure Cookie Authentication Bypass
• 10.24.85 - Anodyne Productions SIMM Management System "page" Parameter Local File Include
• 10.24.86 - Content Management System module for PHProjekt "path_pre" Remote File Include
• 10.24.87 - TomatoCMS Multiple Security Issues
• 10.24.88 - SmartISoft phpBazar "picturelib.php" Remote File Include
• 10.24.89 - p30vel eBook Store "login.php" File Disclosure
• 10.24.90 - osCSS Remote File Upload
• 10.24.91 - DDL CMS "thanks.php" Remote File Include
• 10.24.92 - abcm2ps "getarena()" Heap-Based Buffer Overflow
• 10.24.93 - Ninja Blog Cross-Site Scripting and Remote File Include
• 10.24.94 - Sphider "en" Parameter Remote Command Execution
• 10.24.95 - WebBiblio Subject Gateway System "page" Parameter Local File Include
• 10.24.96 - iScripts eSwap Multiple Security Issues
• 10.24.97 - CuteSITE CMS Multiple Security Issues
• 10.24.98 - eazyPortal HTML Injection and Multiple Unauthorized Access Vulnerabilities
• 10.24.99 - cPanel Image Manager "target" Parameter Local File Include
• 10.24.100 - Rayzz Photoz HTML Injection

Network Device

• 10.24.101 - Motorola SBV6120E SURFboard Digital Voice Modem Directory Traversal

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 24, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9574 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 10.24.1 - CVE: CVE-2010-0484, CVE-2010-0485
• Platform: Windows
• Title: Microsoft Windows Kernel "Win32k.sys" Data Validation Local Privilege Escalation
• Description: The "Win32k.sys" kernel mode device driver provides various functions such as the window manager, collection of user input, screen output, Graphics Device Interface, and serves as a wrapper for DirectX support. Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel. Specifically, the issue arises in the "Win32k.sys" kernel-mode device driver because of insufficient validation of changes in certain kernel objects.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-032.mspx

• 10.24.2 - CVE: CVE-2010-1879, CVE-2010-1880
• Platform: Windows
• Title: Microsoft Windows Media Decompression Remote Code Execution
• Description: Microsoft Windows is exposed to a remote code execution issue when handling compressed media files. The following Windows components are affected: "Asychfilt.dll"; Windows Media Format Runtime, Windows Media Encoder 9, "Quartz.dll" (DirectShow).
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-033.mspx

• 10.24.3 - CVE: CVE-2010-0819
• Platform: Windows
• Title: Microsoft Windows OpenType Compact Font Format Driver Local Privilege Escalation
• Description: Microsoft Windows is exposed to a local privilege escalation issue because it fails to properly validate certain data passed from user mode to kernel mode. The issue affects the "OpenType Compact Font Format" driver and may result in memory corruption.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-037.mspx

• 10.24.4 - CVE: CVE-2010-1256
• Platform: Windows
• Title: Microsoft IIS Authentication Remote Code Execution
• Description: Microsoft Internet Information Service (IIS) is a web server. The application is exposed to a remote code execution issue because it fails to properly parse authentication information resulting in a memory corruption error. This issue affects IIS versions 6.0, 7.0 and 7.5.
• Ref: http://www.securityfocus.com/bid/40573

• 10.24.5 - CVE: CVE-2010-0821, CVE-2010-0823,CVE-2010-0824,CVE-2010-1246, CVE-2010-1245, CVE-2010-1247,CVE-2010-1249, CVE-2010-1251
• Platform: Microsoft Office
• Title: Microsoft Excel "SxView" Record Parsing Remote Code Execution
• Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue. Specifically, parsing "SxView" records in an Excel file can cause memory corruption.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-038.mspx

• 10.24.6 - CVE: CVE-2010-1253
• Platform: Microsoft Office
• Title: Microsoft Excel "DBQueryExt" ActiveX Data Object (ADO) Parsing Remote Code Execution
• Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue. Specifically, parsing a "DBQueryExt" record from an ActiveX Data Object in an Excel file can cause memory corruption.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-038.mspx

• 10.24.7 - CVE: CVE-2010-1254
• Platform: Microsoft Office
• Title: Microsoft Office XML Converter for Mac Local Privilege Escalation
• Description: Microsoft Office XML Converter for Mac converts Office documents between Microsoft Windows and Apple Mac platforms. Microsoft Office XML Converter for Mac is exposed to a local privilege escalation issue. Specifically, the application's installer alters filesystem Access Control Lists (ACLs) in the "/Applications" folder.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-038.mspx

• 10.24.8 - CVE: CVE-2010-1263
• Platform: Microsoft Office
• Title: Microsoft Office COM Object Validation Remote Code Execution
• Description: Microsoft Office is exposed to a remote code execution issue that exists because Microsoft Office fails to properly validate COM object instantiation. Successful exploits would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-036.mspx

• 10.24.9 - CVE: CVE-2010-1257
• Platform: Other Microsoft Products
• Title: Internet Explorer and SharePoint "toStaticHTML" Cross-Domain Information Disclosure
• Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. Microsoft SharePoint and InfoPath are content management applications that support web-based interfaces. The applications are exposed to a cross-domain information disclosure vulnerability because they fail to properly enforce the same origin policy. This issue affects the "toStaticHTML" API.
• Ref: http://www.securityfocus.com/bid/40409/references

• 10.24.10 - CVE: CVE: CVE-2010-1259, CVE-2010-1260, CVE-2010-1261,CVE-2010-1262
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Uninitialized Memory Remote Code Execution
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Microsoft Internet Explorer is exposed to a remote code execution issue that occurs when the application attempts to access an object that is uninitialized or deleted.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-035.mspx

• 10.24.11 - CVE: CVE-2010-0811
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer 8 Developer Tools Remote Code Execution
• Description: Microsoft Internet Explorer 8 Developer Tools ("iedvtool.dll") allows users to debug Microsoft JScript files. Microsoft Internet Explorer 8 Developer Tools is exposed to a remote code execution issue that stems from a memory corruption issue.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-034.mspx

• 10.24.12 - CVE: CVE-2010-1264
• Platform: Other Microsoft Products
• Title: Microsoft SharePoint Help Page Remote Denial of Service
• Description: Microsoft SharePoint is an integrated server application providing content management and search capabilities. Microsoft SharePoint is exposed to a remote denial of service issue that occurs when handling a specially crafted request sent to the Help page.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-039.mspx

• 10.24.13 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Jcom. Band "JcomObjMgr2.dll" ActiveX Control Buffer Overflow
• Description: Jcom. Band is a search application for Internet Explorer. Jcom. Band is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs in the "JcomObjMgr2.dll" ActiveX control when processing an overly long argument to the "isRegistered()" method. Jcom. Band version 2.5 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 10.24.14 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: PlayMeNow Multiple Remote Stack Buffer Overflow
• Description: PlayMeNow is a multimedia player for Microsoft Windows. PlayMeNow is exposed to multiple remote stack-based buffer overflow issues because it fails to perform adequate checks on user-supplied input. Specifically, these issues occur when opening specially crafted ".pls" and ".m3u" files. PlayMeNow versions 7.3 and 7.4 are affected.
• Ref: http://www.securityfocus.com/bid/40563/references

• 10.24.15 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Millennium Mp3 ".mpf" File Stack Buffer Overflow
• Description: The application is an Mp3 player for Microsoft Windows. Mp3 Millennium is exposed to a stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening specially crafted ".mpf" files. Mp3 Millennium version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/40576/references

• 10.24.16 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Millennium Mp3 Studio ".m3u" File Stack Buffer Overflow
• Description: Mp3 Millennium is a multimedia player for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".m3u" file. Millennium Mp3 Studio version affected.
• Ref: http://www.securityfocus.com/bid/40602

• 10.24.17 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: SubStation Alpha ".rt" File Buffer Overflow
• Description: SubStation Alpha is a video subtitling tool for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".rt" file. SubStation Alpha version 4.08 is affected.
• Ref: http://www.securityfocus.com/bid/40604

• 10.24.18 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Net Transport eDonkey Protocol Stack Buffer Overflow
• Description: Net Transport is a downloading manager. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when processing specially crafted eDonkey "OP_LOGINREQUEST" packets sent to the ed2k port of an affected computer. Net Transport version 2.90.510 is affected.
• Ref: http://www.securityfocus.com/bid/40617/references

• 10.24.19 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: D.R. Software Audio Converter ".pls" File Remote Buffer Overflow
• Description: D.R. Software Audio Converter is a media player/converter for the Windows operating system. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. D.R. Software Audio Converter version 8.1 is affected.
• Ref: http://www.securityfocus.com/bid/40618

• 10.24.20 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Mini-stream Software CastRipper ".pls" File Remote Stack Buffer Overflow
• Description: CastRipper is an audio stream ripper available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a ".pls" file that contains excessive data. CastRipper version 2.50.70 is affected.
• Ref: http://www.securityfocus.com/bid/40626/references

• 10.24.21 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: VSO Media Player ".ape" File Buffer Overflow
• Description: VSO Media Player is a multimedia player available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".ape" file. VSO Media Player version 1.0.2.2 is affected.
• Ref: http://www.securityfocus.com/bid/40629/references

• 10.24.22 - CVE: Not Available
• Platform: Linux
• Title: RPM Package Update File Attribute Security Bypass
• Description: RPM is a package management system available for the Linux operating system. RPM is exposed to a security bypass issue because it fails to properly clear file attributes when performing package updates. Specifically, file attributes including the SUID and SGID bits, SELinux contexts, and posix file capabilities are not removed from binary files which are replaced during an update. RPM version 4.8.0 is affected.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/3000

• 10.24.23 - CVE: Not Available
• Platform: Linux
• Title: netsniff-ng "netsniff-ng.c" Buffer Overflow
• Description: netsniff-ng is a Linux network sniffer for packet inspection. netsniff-ng is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs because of a buffer overflow error in "netsniff-ng.c". netsniff-ng versions prior to 0.5.4.1 are affected.
• Ref: http://www.securityfocus.com/bid/40560

• 10.24.24 - CVE: Not Available
• Platform: Linux
• Title: Weborf HTTP Ranger Header Denial of Service
• Description: Weborf is an HTTP server for the Linux platform. The server is exposed to a denial of service issue when handling specially crafted HTTP "Range" Headers. Weborf versions prior to 0.12.1 are affected.
• Ref: http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.1

• 10.24.25 - CVE: CVE-2009-4653
• Platform: Novell
• Title: Novell eDirectory Multiple Remote Vulnerabilities
• Description: Novell eDirectory is an LDAP (Lightweight Directory Access Protocol) server that also implements NCP (NetWare Core Protocol). eDirectory is exposed to multiple issues. An HTTP request containing specially crafted data can trigger a buffer overflow. Specially crafted verbs can trigger a remote denial of service in NDSD. Novell eDirectory versions prior to 8.8 SP5 Patch 4 are affected.
• Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076150.
  html

• 10.24.26 - CVE: CVE-2010-0742
• Platform: Cross Platform
• Title: OpenSSL Cryptographic Message Syntax Memory Corruption
• Description: OpenSSL is an open source implementation of the SSL protocol that is used by a number of projects. OpenSSL is exposed to a remote memory corruption issue that may result in an a write operation to an invalid memory addresses or a double free error. Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected.
• Ref: http://www.openssl.org/news/secadv_20100601.txt

• 10.24.27 - CVE: CVE-2010-1633
• Platform: Cross Platform
• Title: OpenSSL "EVP_PKEY_verify_recover()" Invalid Return Value Security Bypass
• Description: OpenSSL is an open source implementation of the SSL protocol that is used by a number of projects. It is available for various platforms. The library is exposed to a security issue that may allow attackers to bypass certain security restrictions. OpenSSL version 1.0.0 is affected.
• Ref: http://www.openssl.org/news/secadv_20100601.txt

• 10.24.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple Kerio Products Administration Console File Disclosure and Corruption
• Description: Sun Java System Web Server is an HTTP server. Multiple Kerio Products are exposed to a file disclosure and corruption issue that arises from an unspecified error in the administration console. Kerio MailServer up to and including version 6.7.3 as well as Kerio WinRoute Firewall up to and including version 6.7.1 patch2 are affected.
• Ref: http://www.kerio.com/support/security-advisories#1006

• 10.24.29 - CVE: Not Available
• Platform: Cross Platform
• Title: CompleteFTP Server Directory Traversal
• Description: CompleteFTP Server is a Windows based FTP server. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings from user-supplied commands. CompleteFTP Server version 4.0.2 is affected.
• Ref: http://www.enterprisedt.com/products/completeftp/history.html

• 10.24.30 - CVE: Not Available
• Platform: Cross Platform
• Title: Wing FTP Server "admin_loginok.html" HTML Injection
• Description: Wing FTP Server is an FTP server application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. This issue affects the "admin_loginok.html" page included in the Web Administration Interface. Wing FTP Server version 3.5.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/511612

• 10.24.31 - CVE: Not Available
• Platform: Cross Platform
• Title: Beanstalk Job Data Remote Command Execution
• Description: Beanstalk is a Subversion application. Beanstalk is exposed to a remote command execution issue because the software fails to adequately sanitize user-supplied input passed to "job data", which is later passed to a "job data request". Versions prior to Beanstalk 1.4.6 are affected.
• Ref: http://kr.github.com/beanstalkd/2010/05/23/1.4.6-release-notes.html

• 10.24.32 - CVE: CVE-2010-1646
• Platform: Cross Platform
• Title: Todd Miller Sudo "secure path" Security Bypass
• Description: Todd Miller Sudo is a widely used Linux/UNIX command that allows users to securely run commands as the superuser or as other users. The utility is exposed to a local security bypass issue due to Sudo restricting only first instance of the "PATH" environment variable when running with the "secure path" option. Sudo versions 1.3.1 up to and including 1.6.9p22 and Sudo 1.7.0 up to and including 1.7.2p6 are affected.
• Ref: http://www.sudo.ws/sudo/alerts/secure_path.html

• 10.24.33 - CVE: CVE-2010-1962
• Platform: Cross Platform
• Title: HP StorageWorks Storage Mirroring Unspecified Unauthorized Access
• Description: HP StorageWorks Storage Mirroring is a replication and failover solution for enterprises. HP StorageWorks Storage Mirroring is exposed to an unspecified unauthorized access issue. The specific nature and impact of this issue is not known. HP StorageWorks Storage Mirroring v5 versions prior to v5.2.1.870.0 are affected.
• Ref: http://www.securityfocus.com/bid/40539/references

• 10.24.34 - CVE: Not Available
• Platform: Cross Platform
• Title: Bftpd Security Bypass
• Description: Bftpd is an FTP server available for Unix operating systems. The application is exposed to a security bypass issue because it fails to enforce the "ROOTDIR" option in the configuration for anonymous users. Bftpd versions prior to 2.9 are affected.
• Ref: http://bftpd.sourceforge.net/news.html

• 10.24.35 - CVE: Not Available
• Platform: Cross Platform
• Title: RPCBind Multiple Insecure Temporary File Creation Vulnerabilities
• Description: The RPCBind utility converts RPC program numbers into universal addresses. The application creates temporary files in an insecure manner. Specifically, the daemon creates "/tmp/portmap.xdr" and "/tmp/rpcbind.xdr" in order to preserve the state when the service stops.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5

• 10.24.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe InDesign "INDD" File Handling Remote Buffer Overflow
• Description: Adobe InDesign is a graphics and content design application. The application is exposed to a remote buffer overflow issue. The issue occurs when an affected application parses a specially crafted "INDD" file. Adobe InDesign version CS3 is affected.
• Ref: http://www.securityfocus.com/bid/40565/references

• 10.24.37 - CVE: CVE-2010-2157
• Platform: Cross Platform
• Title: Computer Associates ARCserve Backup Unspecified Local Information Disclosure
• Description: Computer Associates ARCserve Backup products provide backup and restore protection. The application is exposed to an unspecified local information disclosure issue. CA ARCserve Backup r12.5 Windows; CA ARCserve Backup r12.0 Windows and CA ARCserve Backup r11.5 Windows are affected.
• Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=238390

• 10.24.38 - CVE: CVE-2006-7239
• Platform: Cross Platform
• Title: GnuTLS X.509 Unknown Hash Algorithm Denial of Service
• Description: GNU Transport Layer Security Library (GnuTLS) is a library that implements the TLS 1.0 and SSL 3.0 protocols. GnuTLS is exposed to a denial of service issue that occurs when processing X.509 certificates that use unsupported signature algorithms. The issue affects the "_gnutls_x509_oid2mac_algorithm" function in the "lib/gnutls_algorithms.c" file and stems from a NULL pointer dereference error. GnuTLS versions prior to1.4.2 are affected.
• Ref: http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html

• 10.24.39 - CVE: CVE-2010-1297
• Platform: Cross Platform
• Title: Adobe Flash Player, Acrobat Reader, and Acrobat "authplay.dll" Remote Code Execution issue
• Description: Adobe Flash Player, Adobe Reader, and Adobe Acrobat are exposed to a remote code execution issue. The cause or nature of this issue is not known at this time.
• Ref: http://www.adobe.com/support/security/advisories/apsa10-01.html

• 10.24.40 - CVE: CVE-2010-0395
• Platform: Cross Platform
• Title: OpenOffice Python Scripting IDE Remote Code Execution
• Description: OpenOffice is a suite of office applications for multiple operating platforms. The software is exposed to a remote code execution issue because it fails to properly handle crafted files. Specifically, this issue affects the built in scripting IDE, and can be triggered by viewing crafted Python scripts embedded within a document file. OpenOffice versions prior to 3.2.1 are affected.
• Ref: http://www.debian.org/security/2010/dsa-2055

• 10.24.41 - CVE: Not Available
• Platform: Cross Platform
• Title: JForum "bookmarks" Module Multiple HTML Injection Vulnerabilities
• Description: JForum is a discussion board system implemented in Java. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. JForum version 2.1.8 is affected.
• Ref: http://ngenuity-is.com/advisories/2010/jun/6/jforum-218-bookmarks-csrf-xss/

• 10.24.42 - CVE: Not Available
• Platform: Cross Platform
• Title: I2P "floodfill" Versions Prior To 0.7.10 Unspecified issues
• Description: I2P is an anonymous networking application available for multiple platforms. The application is exposed to unspecified issues. These issues affects the way routers communicate with floodfill peers. The impact of these issues is currently unknown. We will update this BID when more information emerges. I2P versions prior to 0.7.10 are affected.
• Ref: http://www.i2p2.de/release-0.7.10

• 10.24.43 - CVE: Not Available
• Platform: Cross Platform
• Title: Aqua Real Screensaver ".ar" File Buffer Overflow
• Description: Aqua Real is a screensaver. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".ar" file. Aqua Real versions 1 and 2 are affected.
• Ref: http://www.securityfocus.com/bid/40606

• 10.24.44 - CVE: Not Available
• Platform: Cross Platform
• Title: Ronnie Garcia uploadify Plugin for jQuery Remote File Upload issue
• Description: uploadify is a file upload plugin for jQuery. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input to the file browser dialog box. uploadify version 2.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/40607

• 10.24.45 - CVE: Not Available
• Platform: Cross Platform
• Title: Core FTP Server Directory Traversal and Denial of Service
• Description: Core FTP Server is an FTP server application. The application is exposed to a directory traversal issue and multiple denial of service issues while handling specially crafted FTP requests. Core FTP Server version 1.0.347 and Core FTP Mini SFTP Server 1.0.347 are affected.
• Ref: http://www.securityfocus.com/archive/1/511668

• 10.24.46 - CVE: Not Available
• Platform: Cross Platform
• Title: wview FTP Logging Buffer Overflow
• Description: wview is a weather website creation system. wview is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs due to an unspecified error related to FTP verbose logging. wview versions prior to 5.11.0 are affected.
• Ref: http://groups.google.com/group/wview/browse_thread/thread/82fc3c25e14803e0

• 10.24.47 - CVE: Not Available
• Platform: Cross Platform
• Title: YPOPs! "PASS" Remote Server Side Buffer Overflow
• Description: YPOPs! is an application that provides POP3 and SMTP access to Yahoo! Mail. The application is exposed to a remote server side buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data to the "PASS" command. YPOPs! version 0.9.7.3 is affected.
• Ref: http://www.securityfocus.com/bid/40615/references

• 10.24.48 - CVE: CVE-2010-1384 CVE-2010-1385 CVE-2010-1750 CVE-2010-1388CVE-2010-1389 CVE-2010-1390 CVE-2010-1391 CVE-2010-1392 CVE-2010-1393CVE-2010-1394 CVE-2010-1119 CVE-2010-1422 CVE-2010-1395 CVE-2010-1396CVE-2010-1397 CVE-2010-1398 CVE-2010-1399 CVE-2010-1400 C
• Platform: Cross Platform
• Title: Apple Safari Prior to 5.0 and 4.1 Multiple Security Vulnerabilities
• Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to multiple security issues that have been addressed in Apple security advisory APPLE-SA-2010-06-07-1. These issues affect Apple Safari versions prior to Safari 5.0 and 4.1 running on Apple Mac OS X, Windows 7, XP and Vista.
• Ref: http://lcamtuf.blogspot.com/2010/06/safari-tale-of-betrayal-and-revenge.html

• 10.24.49 - CVE: Not Available
• Platform: Cross Platform
• Title: D.R. Software Easy CD-DA Recorder ".pls" File Remote Buffer Overflow
• Description: D.R. Software Easy CD-DA Recorder is an audio CD burner. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when opening a specially crafted ".pls" file. D.R. Software Easy CD-DA Recorder 2007 is affected.
• Ref: http://www.securityfocus.com/bid/40631/references

• 10.24.50 - CVE: Not Available
• Platform: Cross Platform
• Title: Computer Associates PSFormX ActiveX Control Unspecified Security Vulnerability
• Description: Computer Associates PSFormX ActiveX control is exposed to an unspecified security issue. The ActiveX control can be identified by CLSID: 56393399-041A-4650-94C7-13DFCB1F4665.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-034.mspx

• 10.24.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Hexjector "hexjector.php" Cross-Site Scripting Vulnerability
• Description: Hexjector is a PHP-based pen-testing application. Hexjector is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "site" parameter of the "hexjector.php" script. Hexjector version 1.0.7.2 is affected.
• Ref: http://www.securityfocus.com/bid/40509/references

• 10.24.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: e-Pares Unspecified Cross-Site Scripting
• Description: e-Pares is a facilities management application. e-Pares is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified script. e-Pares versions 01 and L01 are affected.
• Ref: http://www.securityfocus.com/bid/40515

• 10.24.53 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: e-Pares Unspecified Cross-Site Request Forgery
• Description: e-Pares is a facilities management application. e-Pares is exposed to a cross-site request forgery issue affecting an unspecified script. This issue occurs because the application allows attackers to perform certain actions using an HTTP request without validating the request. e-Pares versions 01, L01, L03, L10, L20, L30, and L40 are affected.
• Ref: http://www.securityfocus.com/bid/40517

• 10.24.54 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PHP City Portal "cms_data.php" Cross-Site Scripting
• Description: PHP City Portal is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "page" parameter of the "cms_data.php" script. PHP City Portal version 1.3 is affected.
• Ref: http://www.securityfocus.com/bid/40532

• 10.24.55 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MySQL Enterprise Monitor Multiple Unspecified Cross-Site Request Forgery Vulnerabilities
• Description: MySQL Enterprise Monitor is used to monitor MySQL database servers. The application is exposed to multiple unspecified cross-site request forgery issues. These issues occur because the application allows attackers to perform certain actions using an HTTP request without validating the request. MySQL Enterprise Monitor versions prior to 2.1.2 are affected.
• Ref: http://dev.mysql.com/doc/refman/5.1/en/mem-news-2-1-2.html

• 10.24.56 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Horde Groupware Unspecified Cross-Site Request Forgery
• Description: Horde Groupware is a web-based collaboration suite. The application is exposed to a cross-site request forgery issue that occurs because the application allows attackers to perform certain actions using an HTTP request without validating the request. Horde Groupware version 1.2.6 and Horde Groupware Webmail Edition 1.2.6 are affected.
• Ref: http://holisticinfosec.org/content/view/145/45/

• 10.24.57 - CVE: CVE-2010-1963
• Platform: Web Application - Cross Site Scripting
• Title: HP ServiceCenter Unspecified Cross-Site Scripting
• Description: HP ServiceCenter is a web-based IT service management application. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. HP ServiceCenter on AIX, HP-UX, Linux, Solaris, and Windows are affected.
• Ref: http://www.securityfocus.com/archive/1/511635

• 10.24.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MoinMoin "PageEditor.py" Cross-Site Scripting
• Description: MoinMoin is a freely available, open source wiki written in Python. It is available for UNIX and Linux platforms. The application is affected by cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "template" parameter in the "NonExistantUser" source file when the "action" parameter is set to "edit". MoinMoin version 1.9.2 is affected.
• Ref: http://www.securityfocus.com/bid/40549

• 10.24.59 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: eFront Multiple Cross-Site Scripting
• Description: eFront is a PHP-based e-learning application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "remote_theme", "name", "system_email", "password_length", "math_server", "site_motto" and "site_name" parameters. eFront versions prior to 3.6.3 build 7400 are affected.
• Ref: http://www.securityfocus.com/archive/1/511637

• 10.24.60 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: KubeLabs PHPDug "upcoming.php" Cross-Site Scripting
• Description: KubeLabs PHPDug is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "id" parameter of the "phpdug/upcoming.php" script. KubeLabs PHPDug version 2.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/40554

• 10.24.61 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Obsession-Design Image-Gallery "display.php" Cross-Site Scripting
• Description: Obsession-Design Image-Gallery is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "folder" parameter of the "odig/display.php" script. Obsession-Design Image-Gallery version 1.1 affected.
• Ref: http://www.securityfocus.com/bid/40557/references

• 10.24.62 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Western Digital My Book World Edition "lang" Parameter Cross-Site Scripting Vulnerabilities
• Description: My Book World Edition is a Network Accessible Storage (NAS) device with a web-based management interface. The management interface is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. My Book World Edition version 01.01.16 with MioNet 2.3.9.13 firmware is affected.
• Ref: http://www.securityfocus.com/bid/40564

• 10.24.63 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: MRWhois "mrwhois.php" Cross-Site Scripting
• Description: MRWhois is a PHP-based whois lookup script. MRWhois is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "type" parameter of the "mrwhois.php" script. MRWhois version 2.2 Lite is affected.
• Ref: http://www.securityfocus.com/bid/40579/references

• 10.24.64 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Gigya Socialize Plugin for Wordpress Cross-Site Scripting
• Description: Gigya Socialize is a plugin for the Wordpress publishing application; it aggregates authentication. Gigya Socialize is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the login widget. Gigya Socialize version 1.1.8 is affected.
• Ref: http://www.securityfocus.com/archive/1/511662

• 10.24.65 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PHP BandwidthMeter Multiple Cross-Site Scripting Vulnerabilities
• Description: PHP BandwidthMeter is a broadband connection speed testing script. PHP BandwidthMeter is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "admin/view_by_name.php" and "admin/view_by_ip.php" scripts. PHP BandwidthMeter version 0.72 is affected.
• Ref: http://www.securityfocus.com/bid/40583

• 10.24.66 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: WmsCms Multiple Cross-Site Scripting Vulnerabilities
• Description: WmsCms is a content manager implemented in ASP. WmsCms is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "sbr", "p", and "sbl" parameters of the "default.asp" script.
• Ref: http://www.securityfocus.com/bid/40593

• 10.24.67 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ReVou Search Field Cross-Site Scripting
• Description: ReVou is a microblogging application. ReVou is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input in the search field. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. ReVou version 2.0 Beta is affected.
• Ref: http://www.securityfocus.com/bid/40596

• 10.24.68 - CVE: CVE-2010-2155
• Platform: Web Application - Cross Site Scripting
• Title: ZoneCheck Multiple Cross-Site Scripting
• Description: ZoneCheck is a DNS zone checking tool. ZoneCheck is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "ze_error", "zc_version", and "domainname" parameters of the "zc/publisher/html.rb" script. ZoneCheck version 2.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/40601/references

• 10.24.69 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: boastMachine "key" Parameter Cross-Site Scripting
• Description: boastMachine is a web-based content manager. boastMachine is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "key" parameter. boastMachine version 3.1 is affected.
• Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_boastmachine.html

• 10.24.70 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: fileNice "sstring" Parameter Cross-Site Scripting
• Description: fileNice is a PHP-based file browser. fileNice is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "sstring" parameter of the "index.php" script. fileNice version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/40624/references

• 10.24.71 - CVE: CVE-2010-1904
• Platform: Web Application - SQL Injection
• Title: RSA Key Manager Client Metadata SQL Injection
• Description: RSA Key Manager Client is a component of the RSA Key Manager application. The application is exposed to an SQL injection issue because it fails to sufficiently validate metadata received from the RSA Key Manager server before using it in an SQL query. RSA Key Manager Client version 1.5 is affected.
• Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0078.html

• 10.24.72 - CVE: CVE-2010-1070
• Platform: Web Application - SQL Injection
• Title: ImagoScripts Deviant Art Clone "index.php" SQL Injection
• Description: Deviant Art Clone is a PHP-based image posting and voting script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Specifically, the "seid" parameter of the "index.php" script is affected when "mode" is set to "forums" and "act" is set to "viewcat".
• Ref: http://packetstormsecurity.org/1001-exploits/imagoscriptsdac-sql.txt

• 10.24.73 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: WmsCms Multiple SQL Injection Vulnerabilities
• Description: WmsCms is a content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters before using it in an SQL query. The "default.asp" script with parameters "search", "sbr", "pid", "sbl" and "FilePath". The "printpage.asp" script with parameters "sbr", "pr" and "psPrice".
• Ref: http://www.securityfocus.com/bid/40591

• 10.24.74 - CVE: CVE-2010-1070
• Platform: Web Application - SQL Injection
• Title: IDevSpot TextAds "page" Parameter SQL Injection
• Description: TextAds is an automated advertisement system implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Specifically, the "page" parameter of the "index.php" script is affected. TextAds version 2.08 is affected.
• Ref: http://www.securityfocus.com/bid/40592/references

• 10.24.75 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PonVFTP "login.php" SQL Injection
• Description: PonVFTP is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" field of the "login.php" script.
• Ref: http://www.securityfocus.com/bid/40608

• 10.24.76 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: DZOIC ClipHouse Login Page "password" Parameter SQL Injection
• Description: DZOIC ClipHouse is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/40616

• 10.24.77 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: CommonSense CMS "article_id" Parameter SQL Injection
• Description: CommonSense CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "article_id" parameter of the "article.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/40621

• 10.24.78 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: EMO Realty Manager "cat1" Parameter SQL Injection
• Description: EMO Realty Manager is a PHP-based realty listing management solution software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat1" parameter of the "/googlemap/index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/40625

• 10.24.79 - CVE: Not Available
• Platform: Web Application
• Title: ECOMAT "index.php" SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: ECOMAT is a PHP-based content management application. The application is exposed to multiple input validation issues affecting the "index.php" script: 1) A cross-site scripting issue that affects the "show" parameter. 2) An SQL injection issue that affects the "lang" parameter. ECOMAT version 5.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/511586

• 10.24.80 - CVE: Not Available
• Platform: Web Application
• Title: dotDefender "index1.cgi" Remote Command Execution
• Description: dotDefender is a website security application. dotDefender is exposed to an issue that attackers can leverage to execute arbitrary commands because the software fails to adequately sanitize user-supplied input. dotDefender versions 3.8-5 and earlier 3.x versions are affected.
• Ref: http://www.applicure.com/news/vendor-response-linux-vulnerability

• 10.24.81 - CVE: Not Available
• Platform: Web Application
• Title: phpGraphy "mysql_cleanup.php" Remote File Include
• Description: phpGraphy is a photo gallery script implemented in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "include_path" parameter of the "base/misc/mysql_cleanup.php" script. The issue affects phpGraphy 0.9.13b and prior.
• Ref: http://www.securityfocus.com/bid/40506/references

• 10.24.82 - CVE: Not Available
• Platform: Web Application
• Title: TCExam "admin/code/tce_functions_tcecode_editor.php" Arbitrary File Upload
• Description: TCExam is a web-based assessment application implemented in PHP. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input before uploading files via the "admin/code/tce_functions_tcecode_editor.php" script. Files with arbitrary extensions can be uploaded to a directory inside the web root. TCExam version 10.1.007 is affected.
• Ref: http://cross-site-scripting.blogspot.com/2010/06/tcexam-101006-arbitrary-upload.
  html

• 10.24.83 - CVE: Not Available
• Platform: Web Application
• Title: e-Pares Session Fixation
• Description: e-Pares is a facilities management application. The application is exposed to a session fixation issue caused by a design error when handling sessions. e-Pares versions 01, L01, L03, L10, L20, and L30 are affected.
• Ref: http://www.securityfocus.com/bid/40513/references

• 10.24.84 - CVE: Not Available
• Platform: Web Application
• Title: TPO Duyuru Scripti Insecure Cookie Authentication Bypass
• Description: TPO Duyuru Scripti is a web application implemented in PHP. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Specifically, attackers can gain administrative access to the application by setting the "kullanici" cookie parameter to an unspecified username and the "path" parameter to "/" via the "duyuruyonetim.php" script.
• Ref: http://www.securityfocus.com/bid/40519

• 10.24.85 - CVE: Not Available
• Platform: Web Application
• Title: Anodyne Productions SIMM Management System "page" Parameter Local File Include
• Description: Anodyne Productions SIMM Management System is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. Anodyne Productions SIMM Management System versions 2.6.10 is affected.
• Ref: http://www.securityfocus.com/bid/40543/references

• 10.24.86 - CVE: Not Available
• Platform: Web Application
• Title: Content Management System module for PHProjekt "path_pre" Remote File Include
• Description: Content Management System for PhProjekt is a content manager for PhProjekt. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "path_pre" parameter of the "cm_navigation.inc.php" script. Content Management System module for PHProjekt (CMS4P) version 0.6.1 is affected.
• Ref: http://www.securityfocus.com/bid/40545

• 10.24.87 - CVE: CVE-2010-1514,CVE-2010-1515
• Platform: Web Application
• Title: TomatoCMS Multiple Security Issues
• Description: TomatoCMS is a PHP-based content management system. The application is exposed to multiple security issues like cross-site scripting, HTML injection, cross-site request forgery and arbitrary file upload issue. TomatoCMS version 2.0.6 is affected.
• Ref: http://secunia.com/secunia_research/2010-57/

• 10.24.88 - CVE: Not Available
• Platform: Web Application
• Title: SmartISoft phpBazar "picturelib.php" Remote File Include
• Description: phpBazar is a social networking script. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "cat" parameter of the "bazar/picturelib.php" script. phpBazar version 2.1.1 is affected.
• Ref: http://www.securityfocus.com/bid/40546

• 10.24.89 - CVE: Not Available
• Platform: Web Application
• Title: p30vel eBook Store "login.php" File Disclosure
• Description: p30vel eBook Store is a PHP-based online book store. The application is exposed to a local file disclosure issue that affects the "filename" parameter of the "admin/file_manager.php/login.php" script.
• Ref: http://www.securityfocus.com/bid/40552

• 10.24.90 - CVE: Not Available
• Platform: Web Application
• Title: osCSS Remote File Upload
• Description: osCSS is a PHP-based ecommerce shopping program. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately limit the types of files that can be uploaded through the "admin/file_manager.php/login.php" script. Attackers can execute their uploaded script through the "/osCSS" directory. osCSS version 1.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/40555

• 10.24.91 - CVE: Not Available
• Platform: Web Application
• Title: DDL CMS "thanks.php" Remote File Include
• Description: DDL CMS is a web-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "skin" parameter of the "thanks.php" script. DDL CMS version 2.1 is affected.
• Ref: http://www.securityfocus.com/bid/40567

• 10.24.92 - CVE: Not Available
• Platform: Web Application
• Title: abcm2ps "getarena()" Heap-Based Buffer Overflow
• Description: abcm2ps is a command line ABC to PostScript music sheet converter implemented in C. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs in the "getarena()" function in "abc2ps.c" when converting ABC files. abcm2ps versions prior to 5.9.13 are affected.
• Ref: http://moinejf.free.fr/abcm2ps-5.txt

• 10.24.93 - CVE: Not Available
• Platform: Web Application
• Title: Ninja Blog Cross-Site Scripting and Remote File Include
• Description: Ninja Blog is a PHP-based blogging application. Ninja Blog is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. 1) A cross-site scripting issue affects the "index.php" script. 2) A remote file include issue affects the "page" parameter of the "index.php" script. Ninja Blog version 4.8 is affected.
• Ref: http://www.securityfocus.com/bid/40584

• 10.24.94 - CVE: Not Available
• Platform: Web Application
• Title: Sphider "en" Parameter Remote Command Execution
• Description: Sphider is a PHP-based search engine. Sphider is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the software fails to adequately sanitize user-supplied input to the "en" parameter in the "conf.php" script. Sphider version 1.3.5 is affected.
• Ref: http://www.securityfocus.com/bid/40589/references

• 10.24.95 - CVE: Not Available
• Platform: Web Application
• Title: WebBiblio Subject Gateway System "page" Parameter Local File Include
• Description: WebBiblio is a tool to create online subject gateways. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "shared/help.php" script. WebBiblio version 3.0 is affected.
• Ref: http://www.securityfocus.com/bid/40594/references

• 10.24.96 - CVE: Not Available
• Platform: Web Application
• Title: iScripts eSwap Multiple Security Issues
• Description: iScripts eSwap is an online trading software implemented in PHP. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. 1) A cross-site scripting issue affects the "search.php" script. 2) A SQL injection issue affects the "type" parameter of the "addsale.php" script. iScripts eSwap version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/40597/references

• 10.24.97 - CVE: Not Available
• Platform: Web Application
• Title: CuteSITE CMS Multiple Security Issues
• Description: CuteSITE CMS is a PHP-based content management system. The application is exposed to the following issues because it fails to sufficiently sanitize user-supplied input. 1) An SQL injection issue affects the "user_id" parameter of the "manage/add_user.php" script. 2) A cross-site scripting issue affects the "fld_path" parameter of the "manage/main.php" script. CuteSITE CMS version 1.5.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/511669

• 10.24.98 - CVE: Not Available
• Platform: Web Application
• Title: eazyPortal HTML Injection and Multiple Unauthorized Access Vulnerabilities
• Description: eazyPortal is a PHP-based content manager. The application is exposed to multiple issues. 1) Multiple unauthorized access issues that affect the "upwd" and "ucpwd" parameters of an unspecified script. 2) An HTML injection issue that affects the "a", "p" and "s" parameters of the "index.php" script. 3) An unauthorized access issue that affects the "d" parameter of the "index.php" script. 4) An unauthorized access issue that affects the "del" parameter of the "index.php" script. eazyPortal version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/40613

• 10.24.99 - CVE: Not Available
• Platform: Web Application
• Title: cPanel Image Manager "target" Parameter Local File Include
• Description: cPanel is a web hosting control panel implemented in PHP. Image Manager allows users to view and modify images in cPanel. The Image Manager component of cPanel is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "target" parameter of the "doconvert.html" script.
• Ref: http://www.securityfocus.com/bid/40622

• 10.24.100 - CVE: Not Available
• Platform: Web Application
• Title: Rayzz Photoz HTML Injection
• Description: Rayzz Photoz is a photo and image sharing web application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects data submitted through the "Add Scrap" field.
• Ref: http://www.securityfocus.com/bid/40627

• 10.24.101 - CVE: Not Available
• Platform: Network Device
• Title: Motorola SBV6120E SURFboard Digital Voice Modem Directory Traversal
• Description: Motorola SBV6120E SURFboard Digital Voice Modem is a networking device. It includes an embedded web server. The device's web server is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. SBV6120E SURFboard Digital Voice Modem with SBV6X2X-1.0.0.5-SCM-02-SHPC firmware is affected.
• Ref: http://www.securityfocus.com/bid/40550

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.