Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 25
June 17, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • @RISK is the SANS community's consensus bulletin summarizing the most
    • important vulnerabilities and exploits identified during the past week
    • and providing guidance on appropriate actions to protect your systems
    • (PART I). It also includes a comprehensive list of all new
    • vulnerabilities discovered in the past week (PART II).
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 14 (#1)
    • Mac Os
    • 1 (#2)
    • Linux
    • 2 (#5)
    • Cross Platform
    • 32 (#3)
    • Web Application - Cross Site Scripting
    • 8
    • Web Application - SQL Injection
    • 33
    • Web Application
    • 21
    • Network Device
    • 7 (#4)

********************* Sponsored By IBM *************************

Application Security is the Hot Topic for 2010 & Beyond

The headlines have made one thing clear: If you don't take the appropriate measures to protect your company's systems, applications, private data and customer information, the consequences to your bottom line and your brand can be devastating.

http://www.sans.org/info/60623

******************************************************************

TRAINING UPDATE

- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

- -- SANS Boston 2010, August 2-8, 2010

11 courses. Special Events include Rapid Response Security Strategy Competition

http://www.sans.org/boston-2010/

- -- SANS Virginia Beach 2010, August 29-September 3, 2010 9 courses. Bonus evening presentations include Future Trends in Network Security

http://www.sans.org/virginia-beach-2010/

- -- SANS Network Security 2010, Las Vegas, September 19-27, 2010 40 courses. Bonus evening presentations include The Return of Command Line Kung Fu and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Initiatives

http://www.sans.org/network-security-2010/

- -- SOS: SANS October Singapore, October 4-11, 2010 7 courses

http://www.sans.org/singapore-sos-2010/

- -- Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Amsterdam, Washington DC, Canberra and Portland all in the next 90 days.

For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

******************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

********************* Sponsored Link: ****************************

1) Register now for SANS Analyst Webcast: Compliance in Cloud-based Data Centers: Key Policy Points on June 24th at 1PM ET. In this webcast, learn the difference between public and private clouds, followed by key policy points and resources. Go To: http://www.sans.org/info/60628

******************************************************************

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Mac OS X Update for Multiple Vulnerabilities
  • Affected:
    • Mac OS X prior to v10.6.4

  • Description: Apple has reported and patched multiple vulnerabilities for Mac OS X. By enticing the user to visit a maliciously crafted web site, an attacker can exploit one of several vulnerabilities in order to execute arbitrary code. The code-execution vulnerabilities are as follows: a cross-site scripting issue in the Help Viewer; an integer overflow in the handling of TIFF files; a memory corruption vulnerability in the handling of MPEG2-encoded movie files; an integer overflow in AES and RC4 decryption; a double free vulnerability in the ticket-renewal and ticket-validation code of the KDC process; a buffer overflow in libcurl's code handling gzip-compressed web content; a format string vulnerability in the handling of afb, cifs, and smb URIs; and an integer overflow in the calculation of page sizes.

  • Status: vendor confirmed, updates available

  • References:
  • (4) HIGH: Novell Netware SMB Remote Buffer Overflow Vulnerability
  • Affected:
    • Netware versions 6.5 SP8

  • Description: Novell Netware, a network operating system by Novell, is susceptible to a remote buffer overflow vulnerability. By sending malicious SMB "Sessions and Setup AndX" packets, an attacker can exploit this vulnerability in order to execute arbitrary commands with elevated privileges. The specific flaw exists in the "CIFS.NLM" driver.

  • Status: vendor confirmed, updates available

  • References:
  • (5) MEDIUM: Samba Unspecified Remote Memory Corruption Vulnerability
  • Affected:
    • Samba 3.0.x - 3.3.12 (inclusive)

  • Description: Samba, a Windows interoperability suite for Unix-like systems, is susceptible to a remote code-execution vulnerability. Maliciously chained SMB1 packets can be used by an unauthenticated attacker to exploit the vulnerability and execute arbitrary code with the permissions of the service.

  • Status: vendor confirmed, updates available

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 25, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9643 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.25.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kodak Gallery Easy Upload Manager ActiveX Control Unspecified Security Vulnerability
  • Description: Kodak Gallery Easy Upload Manager is a photo uploading application. Kodak Gallery Easy Upload Manager ActiveX control is exposed to an unspecified security issue.
  • Ref: http://support.microsoft.com/kb/240797
  • 10.25.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avaya CallPilot Unified Messaging ActiveX Control Unspecified Security Vulnerability
  • Description: Avaya CallPilot Unified Messaging is an IP-based messaging platform. Avaya CallPilot Unified Messaging ActiveX control is exposed to an unspecified security issue.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-034.mspx
  • 10.25.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NCH Software Switch ".mpga" File Buffer Overflow
  • Description: NCH Software Switch is a multimedia player available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".mpga" file.
  • Ref: http://www.securityfocus.com/bid/40696/references
  • 10.25.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Samo Systems n.player Unknown Heap Buffer Overflow
  • Description: n.player is a multimedia player available for Microsoft Windows. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. n.player version 1.2.07 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508719
  • 10.25.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ofilter Player Skin File Buffer Overflow
  • Description: Ofilter Player is a multimedia player available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user supplied input. Ofilter Player version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/508723
  • 10.25.7 - CVE: CVE-2010-0356
  • Platform: Third Party Windows Apps
  • Title: Movie Player Pro SDK ActiveX Control "DrawText" Stack Buffer Overflow
  • Description: Movie Player Pro SDK ActiveX is an ActiveX control that provides media playback functionality. Movie Player Pro SDK ActiveX control is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Movie Player Pro SDK ActiveX version 6.8 is affected.
  • Ref: http://www.shinnai.net/exploits/X6hU4E0E7P5H3qH5yXrn.txt
  • 10.25.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: nginx Remote Source Code Disclosure and Denial of Service
  • Description: nginx is an HTTP server, reverse proxy, and mail proxy server available for multiple platforms, including Microsoft Windows. The application is exposed to multiple issues like a source code disclosure issue that affects the application because it fails to properly sanitize user supplied input. A denial of service issue that affects the application when a long sequence of "%c0.%c0./" characters terminating with "%20" is provided to the application. nginx version 0.8.36 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/40760/references
  • 10.25.9 - CVE: CVE-2010-0990
  • Platform: Third Party Windows Apps
  • Title: Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow
  • Description: Creative Software AutoUpdate Engine ActiveX control is an auto update component for Creative Labs software. The Creative Software AutoUpdate Engine ActiveX control is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The issue is caused by a stack-based buffer overflow in a callback function used when handling the "BrowseFolder()" function. Creative Software AutoUpdate Engine ActiveX control version 2.0.12.0 is affected.
  • Ref: http://secunia.com/secunia_research/2010-52/
  • 10.25.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Power Tab Editor ".ptb" File Buffer Overflow
  • Description: Power Tab Editor is a musical score editor available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".ptb" file. Power Tab Editor version 1.7 (Build 80) is affected.
  • Ref: http://www.securityfocus.com/bid/40804/references
  • 10.25.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Media Player Classic ".mpcpl" File Remote Denial Of Service
  • Description: Media Player Classic is a multimedia playback application for the Microsoft Windows operating system. The application is exposed to a remote denial of service issue. Specifically, the issue occurs when handling maliciously crafted ".mpcpl" files. Media Player Classic version 1.3.1774.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40821/references
  • 10.25.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SolarWinds TFTP Server Write Request Denial of Service
  • Description: SolarWinds TFTP Server is a Trivial File Transfer Protocol server available for Microsoft Windows platforms. The application is exposed to a denial of service issue because it fails to handle maliciously crafted write (opcode 0x02) requests. SolarWinds TFTP Server version 10.4.0.13 is affected.
  • Ref: http://www.securityfocus.com/bid/40824/references
  • 10.25.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CP3 Studio ".cp3" File Buffer Overflow
  • Description: CP3 Studio is a multimedia player available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. CP3 Studio version 2.0 (for PC) is affected.
  • Ref: http://www.securityfocus.com/bid/40833
  • 10.25.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: XnView MBM File Remote Heap Buffer Overflow
  • Description: XnView is a graphics application available for Microsoft Windows. The application is exposed to a remote heap-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing an MBM (MultiBitMap) image file containing crafted data. XnView versions prior to 1.97.5 are affected.
  • Ref: http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow
  • 10.25.15 - CVE: CVE-2010-0540, CVE-2010-1748, CVE-2010-0545,CVE-2010-0546, CVE-2010-1373, CVE-2010-1374, CVE-2010-0543,CVE-2010-1375, CVE-2010-1376, CVE-2010-1377, CVE-2010-1379,CVE-2010-1380, CVE-2010-0541, CVE-2010-1381, CVE-2010-1382
  • Platform: Mac Os
  • Title: Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues that have been addressed in Security Update APPLE-SA-2010-06-15-1. The update addresses new issues that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X.
  • Ref: http://www.securityfocus.com/bid/40871
  • 10.25.16 - CVE: CVE-2010-0407
  • Platform: Linux
  • Title: PCSC-Lite "PCSCD" Daemon Unspecified Local Buffer Overflow
  • Description: PCSC-Lite is a Linux implementation of the SCard API (PC/SC) used for smartcard interaction. PCSC-Lite is exposed to a local buffer overflow issue because it fails to adequately bounds check user-supplied input. This issue affects the "PCSCD" daemon process. PCSC-Lite version 1.4.102 is affected.
  • Ref: http://www.securityfocus.com/bid/40758/references
  • 10.25.17 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "tty_fasync()" Race Condition Null Pointer Dereference
  • Description: The Linux kernel is exposed to a null pointer dereference issue. Specifically, this issue is caused by a race condition affecting the "tty_fasync()" function.
  • Ref: http://comments.gmane.org/gmane.comp.security.oss.general/3055
  • 10.25.18 - CVE: CVE-2010-1961
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager "ovutil.dll" Stack Buffer Overflow
  • Description: HP OpenView Network Node Manager is a fault-management application for IP networks. HP OpenView Network Node Manager is exposed to a stack-based buffer overflow issue that affects the "ovutil.dll".
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-106/
  • 10.25.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome prior to 5.0.375.70 Multiple Security Vulnerabilities
  • Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple security issues. Refer to reference link for complete details. Google Chrome versions prior to 5.0.375.70 are affected.
  • Ref: http://www.securityfocus.com/bid/40651
  • 10.25.20 - CVE: CVE-2010-1385
  • Platform: Cross Platform
  • Title: Apple Safari PDF Handling Remote Code Execution
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to a remote code execution issue caused by a use after free error when the browser handles malicious PDF files.
  • Ref: http://www.securityfocus.com/bid/40673/info
  • 10.25.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: I've Found Mp4 Player ".m4v" File Buffer Overflow
  • Description: I've Found Mp4 Player is a media player. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".m4v" file. I've Found Mp4 Player version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40681
  • 10.25.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ImageStore HTTP Header Remote Arbitrary File Upload
  • Description: ImageStore is a PHP-based image hosting script. The application is exposed to a remote arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input. Specifically, a malicious PHP file can be uploaded by altering the "Content-type:" HTTP header.
  • Ref: http://www.securityfocus.com/bid/40685
  • 10.25.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server "default_create.log" Information Disclosure
  • Description: IBM WebSphere Application Server (WAS) is a service oriented architecture. WebSphere Application Server is exposed to an information disclosure issue. Specifically, if the "BBOWWPFx" job in the "zPMT" is used to create a profile, sensitive information may be logged to the "default_create.log" file. This issue can occur if using "WebSphere Application Server managed security", rather than "no security" or a "z/OS security product". IBM WebSphere Application Server versions prior to 7.0.0.11 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454
  • 10.25.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server "addNode.log" Information Disclosure
  • Description: IBM WebSphere Application Server (WAS) is a service-oriented architecture. WebSphere Application Server is exposed to an information disclosure issue. Specifically, using the "addNode - -trace" option during node federation can result in sensitive information being written to the "addNode.log" file. WAS versions prior to 7.0.0.11 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM10684
  • 10.25.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Keyboard Focus Cross-Domain Information Disclosure
  • Description: Mozilla Firefox is a web browser application available for multiple platforms. Firefox is exposed to a cross-domain information disclosure issue that arises because of an error in the handling of JavaScript keypress events.
  • Ref: http://lcamtuf.blogspot.com/2010/06/curse-of-inverse-strokejacking.html
  • 10.25.26 - CVE: CVE-2010-1384
  • Platform: Cross Platform
  • Title: Apple Safari Authentication Data URI Spoofing
  • Description: Apple Safari is a web browser for multiple operating platforms. Apple Safari is exposed to a domain spoofing issue because it fails to safely display URIs which include user authentication information. Specifically, the browser fails to properly warn users when displaying a URI which contains a username or password before the domain.
  • Ref: http://www.securityfocus.com/bid/40704
  • 10.25.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sophos Anti-Virus "NtQueryAttributesFile()" System Call Local Privilege Escalation
  • Description: Sophos Anti-Virus is cross-platform security software providing antivirus, antispyware, and firewalling capabilities for both enterprise and endpoint based systems. Sophos Anti-Virus is exposed to a local privilege escalation issue. The issue affects the "NtQueryAttributesFile()" system call of the "avonaccessfilter.sys" filter driver. Specifically the application fails to properly handle certain parameters, which may cause memory to become corrupted.
  • Ref: http://www.sophos.com/support/knowledgebase/article/111126.html
  • 10.25.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities
  • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and for UNIX-like operating systems. Wireshark is exposed to multiple issues when handling certain types of packets and protocols in varying conditions. Wireshark versions 0.8.20 through 1.2.8 are affected.
  • Ref: http://www.wireshark.org/security/wnpa-sec-2010-05.html
  • 10.25.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MaraDNS Hostname Null Pointer Dereference Remote Denial of Service
  • Description: MaraDNS is an open source DNS server application. MaraDNS is exposed to a remote denial of service issue that occurs because the application fails to properly handle hostname strings that do not end with a "." character. MaraDNS versions prior to 1.4.03 and 1.3.07.10 are affected.
  • Ref: http://maradns.blogspot.com/2010/02/maradns-1403-and-130710-released.html
  • 10.25.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KVIrc DCC Directory Traversal and Multiple Format String Vulnerabilities
  • Description: KVIrc is an Internet Relay Chat client available for multiple platforms. The KVIrc DCC (Direct Client-to-Client) implementation is exposed to multiple issues. A directory traversal issue occurs because the application fails to sufficiently sanitize user-supplied data. Multiple format string issues occur because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
  • Ref: http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html
  • 10.25.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gitolite "pubkey" Name Security Bypass
  • Description: Gitolite is an application that allows a server to host many "git" repositories and provide access to many developers without having to give them real user IDs on the server. Gitolite is exposed to a security bypass issue. Public key names are not properly sanitized for shell metacharacters. Gitolite versions prior to 1.4.1 are affected.
  • Ref: http://github.com/sitaramc/gitolite/commit/5deffee3cff5f9a13c59b8c1e357c5a32487d
    1c3
  • 10.25.32 - CVE: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297,CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167,CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172,CVE-2010-2173, CVE-2010-2174,
  • Platform: Cross Platform
  • Title: Adobe Flash Player and AIR Multiple Remote Vulnerabilities
  • Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing Internet applications on the desktop. Flash Player and AIR are exposed to a remote code execution issue that is caused by a memory exhaustion issue. Adobe Flash Player versions 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris and Adobe AIR versions 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-14.html
  • 10.25.33 - CVE: CVE-2010-2156
  • Platform: Cross Platform
  • Title: ISC DHCP Server "find_length()" Zero-Length Client Identifier Remote Denial of Service
  • Description: ISC DHCP is a reference implementation of the DHCP protocol, including a DHCP server, client, and relay agent. ISC DHCP Server is exposed to a remote denial of service issue that affects the "find_length()" function in the "omapip/hash.c" which invokes the "log_fatal()" function with a zero-length client ID. ISC DHCP Server versions prior to 4.0.2-P1 and 4.1.1-P1 are affected.
  • Ref: http://www.isc.org/software/dhcp/advisories/cve-2010-2156
  • 10.25.34 - CVE: CVE-2010-2070
  • Platform: Cross Platform
  • Title: Xen "arch/ia64/xen/faults.c" Local Denial Of Service
  • Description: Xen is an open source hypervisor or virtual machine monitor. Xen is exposed to a denial of service issue because of an error in the "arch/ia64/xen/faults.c" source code file. Specifically, an unprivileged local attacker can enable Big Endian applications by modifying the user mask of the Processor Status Register. This issue affects Xen on the 64 bit Itanium architecture.
  • Ref: http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb
  • 10.25.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Plesk Server Administrator (PSA) "locale" Parameter Local File Include
  • Description: Plesk Server Administrator is a web-based systems administration application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "locale" parameter of the "servlet/Help" script.
  • Ref: http://www.securityfocus.com/bid/40813/references
  • 10.25.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: LiteSpeed Web Server Source Code Information Disclosure
  • Description: LiteSpeed Web Server is a scalable web server that is interchangeable with Apache. LiteSpeed Web Server is exposed to an issue that lets attackers access source code files. Specifically, an HTTP request for a specific file followed by a "x00.txt" characters can disclose the source code of the file instead of returning the page to the client. LiteSpeed Web Server versions prior to 4.0.15 are affected.
  • Ref: http://www.litespeedtech.com/latest/litespeed-web-server-4.0.15-released.html
  • 10.25.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: UnrealIRCd Backdoor Unauthorized Access
  • Description: UnrealIRCd is an Internet Relay Chat server. UnrealIRCd is exposed to an unauthorized access issue because the official application was replaced on certain mirrors by malicious attackers with an application that contains a backdoor.
  • Ref: http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt
  • 10.25.38 - CVE: CVE-2010-1411
  • Platform: Cross Platform
  • Title: LibTIFF FAX3 Decoder Remote Integer Overflow
  • Description: LibTIFF is a library for reading and manipulating Tag Image File Format (TIFF) files. It is freely available for UNIX and UNIX-like operating systems and for Microsoft Windows. The library is exposed to a remote integer overflow issue because it fails to perform adequate boundary checks on user-supplied data. LibTIFF versions prior to 3.9.3 are affected.
  • Ref: http://www.remotesensing.org/libtiff/v3.9.3.html
  • 10.25.39 - CVE: CVE-2010-2068
  • Platform: Cross Platform
  • Title: Apache "mod_proxy_http" Timeout Handling Information Disclosure
  • Description: The Apache server is exposed to an information disclosure issue. Specifically, the issue affects the "mod_proxy_http" module because it does not properly handle timeout conditions. Apache versions 2.2.9 through 2.2.15 are affected.
  • Ref: http://httpd.apache.org/security/vulnerabilities_22.html
  • 10.25.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cherokee URI Directory Traversal Vulnerability and Information Disclosure
  • Description: Cherokee is an HTTP web server available for multiple platforms. Cherokee is exposed to multiple input validation issues. A directory traversal issue occurs because it fails to sufficiently sanitize directory traversal strings (%..5C) from the URI. An information disclosure issue occurs because the application fails to sanitize "%20" characters appended to the end of the URI. Cherokee versions 0.5.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/511814
  • 10.25.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: pyftpd Remote Default Account Vulnerabilities
  • Description: pyftpd is an FTP server implemented in python. pyftpd is exposed to multiple default account issues that stem from a design flaw that makes several accounts available to remote attackers. pyftpd versions prior to 0.8.5 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776
  • 10.25.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: pyftpd Log File Insecure Temporary File Creation
  • Description: pyftpd is an FTP server implemented in Python. pyftpd creates log files in the "/tmp" directory in an insecure manner. Specifically, it uses a predictable temporary filename to save logs. pyftpd versions prior to 0.8.5 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585773
  • 10.25.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Planner SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: PHP Planner is a PHP-based web application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/40846
  • 10.25.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: QuickOffice Malformed HTTP Request Remote Denial of Service
  • Description: QuickOffice is a productivity application available for the iPhone and the iPod Touch. QuickOffice is exposed to a remote denial of service issue that occurs when handling a malformed HTTP Request. QuickOffice version 3.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40857
  • 10.25.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Impact PDF Reader For The iPhone/iPod Touch "POST" Method Remote Denial Of Service
  • Description: Impact PDF Reader is a PDF document handling application for the iPhone and iPod Touch. The application is exposed to a remote denial of service issue because it fails to handle crafted HTTP "POST" method requests. Impact PDF Reader version 2.0 and 1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/40858/references
  • 10.25.46 - CVE: CVE-2008-5983
  • Platform: Cross Platform
  • Title: Python "PySys_SetArgv" Remote Command Execution
  • Description: Python is an interpreted, dynamic object-oriented programming language that is available for many operating systems. The application is exposed to a remote command execution issue because it may include Python files from an unsafe location. The problem occurs because the application prep ends an empty string to "sys.path" when the argv[0] argument does not contain a path separator, allowing for the possibility of running an arbitrary file in the working directory. Python version 2.6 is affected.
  • Ref: http://bugs.python.org/issue5753
  • 10.25.47 - CVE: CVE-2010-2089
  • Platform: Cross Platform
  • Title: Python "audioop" Module Memory Corruption
  • Description: Python is an interpreted, dynamic object-oriented programming language that is available for many operating systems. The "audioop" module for Python is exposed to a memory corruption issue that occurs when "audioop" module takes input as byte string and size arguments but fails to perform adequate boundary checks, which leads to the application to crash.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=598197
  • 10.25.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: File Sharing Wizard "Content-Length" Header Buffer Overflow
  • Description: File Sharing Wizard is an application for sharing files with others through a web browser. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a specially crafted "Content-Length" header. File Sharing Wizard version 1.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40866/references
  • 10.25.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: odCMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: odCMS is a PHP-based content management system. odCMS is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. odCMS version 1.06 is affected.
  • Ref: http://holisticinfosec.org/content/view/146/45/
  • 10.25.51 - CVE: CVE-2010-0320
  • Platform: Web Application - Cross Site Scripting
  • Title: x10Media Glitter Central Script "submitlink.php" Cross-Site Scripting
  • Description: x10Media Glitter Central Script is a PHP-based glitter generator script. Glitter Central Script is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "catid" parameter of the "submitlink.php" script.
  • Ref: http://www.securityfocus.com/bid/40693
  • 10.25.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: McAfee Unified Threat Management Firewall "page" Parameter Cross-Site Scripting
  • Description: McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) is a hardware firewall device. The device's web interface is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "page" parameter of the "cgi-bin/cgix/help" script. UTM Firewall firmware versions 3.0.0 through 4.0.6 are affected.
  • Ref: http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site
    -scripting/
  • 10.25.53 - CVE: CVE-2010-1885
  • Platform: Web Application - Cross Site Scripting
  • Title: Microsoft Help and Support Center "sysinfo/sysinfomain.htm" Cross-Site Scripting
  • Description: Help and Support Center provides operating system help facilities that may be accessed via HCP URIs. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "svr" parameter of the "sysinfo/sysinfomain.htm" script.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html
  • 10.25.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eLMS Pro "msg" Parameter Cross-Site Scripting
  • Description: eLMS Pro is a PHP-based learning management application. eLMS Pro is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "msg" parameter of the "error.php" script.
  • Ref: http://www.securityfocus.com/bid/40766
  • 10.25.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dijitals CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: Dijitals CMS is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/40777
  • 10.25.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VideoWhisper PHP 2 Way Video Chat "r" Parameter Cross-Site Scripting
  • Description: VideoWhisper PHP 2 Way Video Chat is a PHP-based live video chat application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "r" parameter of the "index.php" script. .
  • Ref: http://www.securityfocus.com/bid/40832/references
  • 10.25.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PunBB "profile.php" Cross-Site Scripting
  • Description: PunBB is a PHP-based forum application. PunBB is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter of the "profile.php" script. PunBB versions prior to 1.3.4 are affected.
  • Ref: http://punbb.informer.com/forums/topic/21669/punbb-134/
  • 10.25.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iScripts EasyBiller "viewhistorydetail.php" SQL Injection
  • Description: iScripts EasyBiller is a PHP-based billing application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "planid" parameter of the "viewhistorydetail.php" script. EasyBiller version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/40634
  • 10.25.59 - CVE: CVE-2010-1931
  • Platform: Web Application - SQL Injection
  • Title: CubeCart "shipKey" Parameter SQL Injection
  • Description: CubeCart is a web-based e-commerce application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "shipKey" parameter of the "index.php" script before using it in an SQL query. CubeCart version prior to 4.4.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/511735
  • 10.25.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPList "archive.php" SQL Injection
  • Description: PHPList is a PHP-based newsletter manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "newmail/archive.php" script before using it in an SQL query. PHPList 2.8.11 is affected.
  • Ref: http://www.securityfocus.com/bid/40643/references
  • 10.25.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GREEZLE - Global Real Estate Agent Login Multiple SQL Injection Vulnerabilities
  • Description: GREEZLE - Global Real Estate Agent Site is a web-based real estate application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "user" and "password" fields of the "en/login" script.
  • Ref: http://www.securityfocus.com/bid/40676
  • 10.25.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebWiz Forum "new_reply_form.asp" SQL Injection
  • Description: WebWiz Forum is an ASP-based web forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "TID" parameter of the "new_reply_forum.asp" script before using it in an SQL query. WebWiz Forum version 9.68 is affected.
  • Ref: http://www.securityfocus.com/bid/40683
  • 10.25.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Virtual Real Estate Manager "listing_detail.asp" SQL Injection
  • Description: Virtual Real Estate Manager is an ASP-based real estate listing script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "Lid" parameter of the "listing_detail.asp" script before using it in an SQL query. Virtual Real Estate Manager version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/40687
  • 10.25.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP car hire script "group.php" SQL Injection
  • Description: PHP car hire script is a PHP-based car rental application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "group.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40688/references
  • 10.25.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DMXReady Online Notebook Manager "onlinenotebookmanager.asp" SQL Injection
  • Description: DMXReady Online Notebook Manager is a web-based application used to create, edit, and manage online documents. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "ItemID" parameter of the "onlinenotebookmanager.asp" script before using it in an SQL query. DMXReady Online Notebook Manager version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/40692
  • 10.25.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Arab Portal "members.php" SQL Injection
  • Description: Arab Portal is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "by" parameter of the "apt/members.php" script before using it in an SQL query. Arab Portal version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/40735
  • 10.25.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BtiTracker "reqdetails.php" SQL Injection
  • Description: BtiTracker is a PHP-based tracking system for BitTorrent. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "reqdetails.php" script before using it in an SQL query. BtiTracker versions 1.3 through 1.4.8 are affected.
  • Ref: http://www.securityfocus.com/bid/40742/references
  • 10.25.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Krizleebear PHPAccess "index.php" SQL Injection
  • Description: Krizleebear PHPAccess is a PHP-based web security admin tool. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "phpaccess/dynamisch/index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40744
  • 10.25.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Eicra Real Estate Script "index.php" SQL Injection
  • Description: Eicra Real Estate Script is a PHP-based real estate application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "p_id" parameter of the "index.php" script before using it in an SQL query. Eicra Real Estate Script version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40748/references
  • 10.25.70 - CVE: CVE-2010-0375
  • Platform: Web Application - SQL Injection
  • Title: JCE-Tech PHP Calendars "product_list.php" SQL Injection
  • Description: JCE-Tech PHP Calendars is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "product_list.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40757
  • 10.25.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Miniweb "module" Parameter SQL Injection
  • Description: Miniweb is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data submitted to the "module" parameter of the "index.php" script before using it in an SQL query. Miniweb version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40763
  • 10.25.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Netvolution "artID" Parameter SQL Injection
  • Description: Netvolution is a content manager implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artID" parameter of the "default.asp" script before using it in an SQL query. Netvolution 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40764/references
  • 10.25.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HauntmAx CMS "index.php" SQL Injection
  • Description: HauntmAx CMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "state" parameter of the "index.php" script when the "c_action" parameter is set to "listings".
  • Ref: http://www.securityfocus.com/bid/40778/references
  • 10.25.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DaLogin "id" Parameter SQL Injection
  • Description: DaLogin is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40810/references
  • 10.25.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Digital Interchange Document Library "view_group.asp" SQL Injection
  • Description: Digital Interchange Document Library is an ASP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "intGroupID" parameter of the "view_group.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40819/references
  • 10.25.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Classified Listings "siteid" Parameter SQL Injection
  • Description: Pre Classified Listings is a web-based classified ad management application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "siteid" parameter of the "/admin/detail_ad.asp" script before using it in an SQL query. Pre Classified Listings version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40817
  • 10.25.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Collabtive "uid" Parameter SQL Injection
  • Description: Collabtive is open source collaboration software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uid" parameter before using it in an SQL query. Collabtive version 0.6.3 is affected.
  • Ref: http://www.securityfocus.com/bid/40818/references
  • 10.25.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Digital Interchange Calendar "index.asp" SQL Injection
  • Description: Digital Interchange Calendar is an ASP-based event management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "intDivisionID" parameter of the "index.asp" script before using it in an SQL query. Digital Interchange Calendar version 5.8.5 is affected.
  • Ref: http://www.securityfocus.com/bid/40829
  • 10.25.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Real-time ASP Calendar "calendar.asp" SQL Injection
  • Description: Real-time ASP Calendar is a web-based calendar application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "dt" parameter of the "calendar.asp" script before using it in an SQL query. Real-time ASP Calendar version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40830/references
  • 10.25.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AneCMS "modules/blog/index.php" SQL Injection
  • Description: AneCMS is a PHP-based content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. This issue affects the "modules/blog/index.php" script. AneCMS version 1.3 is affected.
  • Ref: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_anecms.html
  • 10.25.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Yamamah Photo Gallery SQL Injection and Source Code Disclosure
  • Description: Yamamah is an open-source photo gallery management system. The application is exposed to the following issues because it fails to sufficiently sanitize user-supplied input like SQL injection issue that affects the "news" parameter and source-code disclosure issue that affects the "download" parameter of the "index.php" script. Yamamah version 1.00 is affected.
  • Ref: http://www.securityfocus.com/bid/40835/references
  • 10.25.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MODx "index.php" Multiple SQL Injection
  • Description: MODx is a PHP-based content manager. MODx is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "a" and "id" parameters of the "index.php" script before using it in an SQL query. MODx version 1.0.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511815
  • 10.25.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BrightSuite Groupware "contact_list_mail_form.asp" SQL Injection
  • Description: BrightSuite Groupware (now known as Denali) is a web-based groupware, intranet and team collaboration application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. This issue affects the "ContactID" parameter of the "pages/contact_list_mail_form.asp" script. BrightSuite Groupware version 5.4 is affected.
  • Ref: http://www.securityfocus.com/bid/40845/references
  • 10.25.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Banner 1 Multiple SQL Injection
  • Description: E-topbiz Banner 1 is a PHP-based banner management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "user" and "pass" parameters.
  • Ref: http://www.securityfocus.com/bid/40848/references
  • 10.25.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Subdreamer CMS "admin/pages.php" SQL Injection
  • Description: Subdreamer CMS is a content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "categoryids[]" parameter of the "admin/pages.php" script before using it in an SQL query. Subdreamer CMS versions 3.x.x are affected.
  • Ref: http://www.securityfocus.com/archive/1/511818
  • 10.25.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Daily Inspirational Quotes Script SQL Injection
  • Description: Daily Inspirational Quotes Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. This issue affects the "id" parameter of the "tellafriend.php" script.
  • Ref: http://www.securityfocus.com/bid/40850/references
  • 10.25.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Book Store "search.php" SQL Injection
  • Description: E-Book Store is a PHP-based online book store application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "keyword" parameter of the "search.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40853/references
  • 10.25.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Membership Site Script "view.php" SQL Injection
  • Description: Membership Site Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "view.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40854
  • 10.25.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Sell@Site PHP Online Jobs Login Multiple SQL Injection Vulnerabilities
  • Description: Sell@Site PHP Online Jobs is a web application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "jobseekers/preview.php" and "employers/postjob.php" scripts.
  • Ref: http://www.securityfocus.com/bid/40869
  • 10.25.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Acuity CMS "article.asp" SQL Injection
  • Description: Acuity CMS is an ASP-based content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "article.asp" script before using it in an SQL query. Acuity CMS version 2.7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/40872/references
  • 10.25.91 - CVE: Not Available
  • Platform: Web Application
  • Title: log1 CMS Session Handling Remote Security Bypass and Remote File Include Vulnerabilities
  • Description: log1 CMS is a PHP-based content management application. log1 CMS is exposed to multiple issues. 1) A security bypass issue because of a design flaw when handling administrator sessions. 2) A remote file include issue because it fails to properly sanitize user-supplied input to an unspecified script in "db/uploaded/". log1 CMS version 2.0 is affected.
  • Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_log1cms.html
  • 10.25.92 - CVE: Not Available
  • Platform: Web Application
  • Title: PhreeBooks Multiple HTML-Injection and Local File Include Vulnerabilities
  • Description: PhreeBooks is a web-based Enterprise Resource Planning application. The application is exposed to the multiple HTML injection issues because it fails to properly sanitize user-supplied input. PhreeBooks version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40639
  • 10.25.93 - CVE: Not Available
  • Platform: Web Application
  • Title: PG Auto Pro SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: PG Auto Pro is a car dealer inventory software. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. 1) A cross-site scripting issue that affects the "order_direction" parameter. 2) An SQL injection issue that affects the "page" parameter.
  • Ref: http://www.securityfocus.com/bid/40664
  • 10.25.94 - CVE: Not Available
  • Platform: Web Application
  • Title: eLMS Pro "subscribe.php" SQL Injection and Cross-Site Scripting
  • Description: eLMS Pro is a PHP-based learning management application. The application is exposed to an SQL injection issue and a cross-site scripting issue. Both issues affect the "course_id" parameter of the "subscribe.php" script.
  • Ref: http://www.securityfocus.com/bid/40677
  • 10.25.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board Calendar Application HTML Injection
  • Description: Invision Power Board is a web-based forum application. It is implemented in PHP. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the calendar application included in the core module. Invision Power Board version 3.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/40686/references
  • 10.25.96 - CVE: CVE-2010-0279
  • Platform: Web Application
  • Title: BTS-GI Read Excel "upload.php" Arbitrary File Upload
  • Description: BTS-GI Read Excel is a PHP-based script for reading excel files. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input before uploading it onto the web server. This issue affects the "upload.php" script. BTS-GI Read Excel version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/40700/references
  • 10.25.97 - CVE: CVE-2010-0348
  • Platform: Web Application
  • Title: C3 Corp WebCalenderC3 Unspecified Local File Include
  • Description: C3 Corp WebCalenderC3 is a web-based calendar application. The application is exposed to an unspecified local file include issue because it fails to properly sanitize user-supplied input. WebCalenderC3 version 0.32 and prior versions are affected.
  • Ref: http://jvn.jp/en/jp/JVN22247093/index.html
  • 10.25.98 - CVE: CVE-2010-0367
  • Platform: Web Application
  • Title: Bits Video Script Multiple Remote File Include Vulnerabilities
  • Description: Bits Video Script is a PHP-based script for creating video websites. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the "rowptem[template]" parameter of the "showcasesearch.php" and "showcase2search.php" scripts. Bits Video Script version 2.05 Gold Beta is affected.
  • Ref: http://www.securityfocus.com/bid/40709/references
  • 10.25.99 - CVE: Not Available
  • Platform: Web Application
  • Title: SilverStripe CMS File Renaming Security Bypass
  • Description: SilverStripe CMS is a PHP-based content manager. SilverStripe CMS is exposed to a security bypass issue that occurs because the application allows unauthorized users to rename files that are already on the web server. SilverStripe CMS version 2.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40679
  • 10.25.100 - CVE: Not Available
  • Platform: Web Application
  • Title: AWCM CMS "notify.php" Local File Include
  • Description: AWCM CMS is a web-based content manager implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "notify.php" script. AWCM versions 2.0, 2.1 and 2.2 are affected.
  • Ref: http://www.securityfocus.com/bid/40736/references
  • 10.25.101 - CVE: Not Available
  • Platform: Web Application
  • Title: SchoolMation "studentmain.php" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: SchoolMation is a PHP-based student information system. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "session" parameter of the "studentmain.php" script. SchoolMation version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/40737
  • 10.25.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Flatnux "head" Parameter HTML Injection
  • Description: Flatnux is a PHP-based content manager. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "head" parameter of the "index.php" script when the "mod" parameter is set to "news". Flatnux version 2010-06-09 is affected.
  • Ref: http://www.securityfocus.com/bid/40738/references
  • 10.25.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Science Fair In A Box "winners.php" Input Validation
  • Description: Science Fair In A Box is a web-based application. The application is exposed to an input validation issue that may allow attackers to perform cross-site scripting and SQL injection attacks because it fails to properly sanitize user-supplied input to the "type" parameter of the "winners.php" script. Science Fair In A Box version 2.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/40743
  • 10.25.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Zincksoft Property Listing Script "view.php" Input Validation
  • Description: Zincksoft Property Listing Script is a web-based application. The application is exposed to an input validation issue that may allow attackers to perform cross-site scripting and SQL injection attacks because it fails to properly sanitize user-supplied input to the "PID" parameter of the "view.php" script. Property Listing Script version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40755
  • 10.25.105 - CVE: Not Available
  • Platform: Web Application
  • Title: E-Php B2B Trading Marketplace Script Multiple Vulnerabilities
  • Description: E-Php B2B Trading Marketplace Script is a web-based application implemented in PHP. The application is exposed to multiple issues because it fails to sanitize user-supplied input. A cross-site scripting issue that affects the "errmsg" parameter of the "gen_confirm.php" script. Multiple SQL injection issues that affect the different scripts and parameters like "contactuser.php", "es_id", "listings.php" and "mem_id".
  • Ref: http://www.securityfocus.com/bid/40769
  • 10.25.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Miniweb "module" Parameter Local File Include
  • Description: Miniweb is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "module" parameter of the "index.php" script. Miniweb version 2.0 X10 is affected.
  • Ref: http://www.securityfocus.com/bid/40772
  • 10.25.107 - CVE: Not Available
  • Platform: Web Application
  • Title: AWCM "awcm_lang" Cookie Parameter Local File Include
  • Description: AWCM is a web-based content manager implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "awcm_lang" cookie parameter before being used to include files in header.php script. AWCM version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/40774/references
  • 10.25.108 - CVE: Not Available
  • Platform: Web Application
  • Title: ardeaCore "ardeaInit.php" Remote File Include
  • Description: ardeaCore is a web-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "pathForArdeaCore" parameter of the "ardeaInit.php" script. ardeaCore PHP Framework version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/40811
  • 10.25.109 - CVE: Not Available
  • Platform: Web Application
  • Title: UTStats Multiple issues
  • Description: UTStats is a PHP-based web statistics application. The application is exposed to multiple issues because it fails to sanitize user-supplied input. A cross-site scripting issue that affects the "pid" parameter of the "index.php" script. An SQL injection issue that affects the "mid" parameter of the "pages/match_report.php" script.
  • Ref: http://www.securityfocus.com/bid/40836/references
  • 10.25.110 - CVE: Not Available
  • Platform: Web Application
  • Title: AneCMS "modules/blog/index.php" HTML Injection
  • Description: AneCMS is a PHP-based content management application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. AneCMS version 1.3 is affected.
  • Ref: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_anecms_blog_module.h
    tml
  • 10.25.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Smart ASP Survey SQL Injection and Cross-Site Scripting
  • Description: Smart ASP Survey is an ASP-based survey application. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "catid" parameter of the "poll/default.asp" script.
  • Ref: http://www.securityfocus.com/bid/40870/references
  • 10.25.112 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys WAP54Gv3 Wireless Router Debug Credentials Security Bypass
  • Description: Linksys WAP54Gv3 is a wireless router device. The device is exposed to a security bypass issue because it allows access to debugging functionality through hard coded credentials. Specifically, remote attackers can access the "debug.cgi" and "Debug_command_page.asp" scripts by providing the username "Gemtek" and the password "gemtekswd".
  • Ref: http://www.securityfocus.com/archive/1/511733
  • 10.25.113 - CVE: CVE-2010-1571
  • Platform: Network Device
  • Title: Cisco Unified Contact Center Express Bootstrap Service Directory Traversal
  • Description: Cisco Unified Contact Center Express provides routing and call treatment for communication channels. Cisco Unified Contact Center Express is exposed to a directory traversal issue. Specifically, this issue affects the bootstrap server, and can be triggered by sending crafted bootstrap messages addressed to TCP port 6295. This issue is tracked by Cisco BugID CSCsx76165.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.s
    html#@ID
  • 10.25.114 - CVE: CVE-2010-1572
  • Platform: Network Device
  • Title: Cisco Application Extension Platform Remote Privilege Escalation
  • Description: Cisco Application Extension Platform (AXP) is an application platform used to extend the capabilities of the Cisco Integrated Services Router. The application is exposed to a remote privilege escalation issue affecting the command line interface of the tech support diagnostic shell. This issue is tracked by Cisco Bug ID CSCtb65413. Cisco Application Extension Platform version 1.1 and 1.1.5 are affected.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.s
    html
  • 10.25.115 - CVE: CVE-2010-1570
  • Platform: Network Device
  • Title: Cisco Unified Contact Center Express CTI Messages Denial of Service
  • Description: Cisco Unified Contact Center Express provides routing and call treatment for communication channels. Cisco Unified Contact Center Express is exposed to a denial of service issue that affects the computer telephony integration (CTI) component. The issue can be triggered when the application processes specially crafted CTI messages sent to the listening port; the listening port is TCP 42027 by default. This issue is tracked by Cisco Bug ID CSCso89629.
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.s
    html#@ID
  • 10.25.116 - CVE: Not Available
  • Platform: Network Device
  • Title: Dlink Di-604 IP Textfield Size Cross-Site Scripting and Denial of Service
  • Description: Dlink Di-604 is a wireless router. Dlink Di-604 products are exposed to a cross-site scripting and a denial of service issue because the devices fail to properly handle user-supplied input to the "ip text field" size.
  • Ref: http://www.securityfocus.com/archive/1/511751
  • 10.25.117 - CVE: Not Available
  • Platform: Network Device
  • Title: Juniper Networks IVE OS "homepage.cgi" URI Redirection
  • Description: Juniper Networks IVE OS software powers some of the network devices from Juniper. IVE OS is exposed to an open redirection issue because it fails to properly sanitize user-supplied input to the "homepage.cgi" script. IVE OS versions 6.5R1.0 and 6.5R2.0 are affected.
  • Ref: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17
  • 10.25.118 - CVE: Not Available
  • Platform: Network Device
  • Title: snom VoIP Phone Firmware Web Interface Remote Security Bypass
  • Description: snom VoIP phone firmware is used with various VoIP phone devices made by snom.

I have attended several of SANS rivals and SANS blew them away!
-Alton Thompson, US Marines

Healthcare Cyber Security Summit - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage