Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 26
June 25, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • @RISK is the SANS community's consensus bulletin summarizing the most
    • important vulnerabilities and exploits identified during the past week
    • and providing guidance on appropriate actions to protect your systems
    • (PART I). It also includes a comprehensive list of all new
    • vulnerabilities discovered in the past week (PART II).
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 9
    • Mac Os
    • 2
    • Linux
    • 3
    • Novell
    • 1
    • Cross Platform
    • 23 (#1,#2,#3)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 24
    • Web Application
    • 28
    • Network Device
    • 1

********************* Sponsored By Catbird ***********************

Join SANS on June 30th at 1 PM EDT for a special webinar event: a roundtable with leading experts on cloud security and compliance featuring Dave Shackleford, author of SANS' upcoming white paper on cloud security; McAfee Cloud CTO and Bugtraq inventor Scott Chasin; and Catbird CTO Michael Berman, a member of the Electronic Crimes Taskforce. Sponsored by Catbird and McAfee

http://www.sans.org/info/60948

******************************************************************

TRAINING UPDATE

- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

- -- SANS Boston 2010, August 2-8, 2010 11 courses. Special Events include Rapid Response Security Strategy Competition

http://www.sans.org/boston-2010/

- -- SANS Virginia Beach 2010, August 29-September 3, 2010 9 courses. Bonus evening presentations include Future Trends in Network Security

http://www.sans.org/virginia-beach-2010/

- -- SANS Network Security 2010, Las Vegas, September 19-27, 2010 40 courses. Bonus evening presentations include The Return of Command Line Kung Fu and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Initiatives

http://www.sans.org/network-security-2010/

- -- SOS: SANS October Singapore, October 4-11, 2010 7 courses

http://www.sans.org/singapore-sos-2010/

- -- Looking for training in your own community? http://sans.org/community/

Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Amsterdam, Washington DC, Canberra and Portland all in the next 90 days.

For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*********************** Sponsored Links: *************************

1) REGISTER NOW for the upcoming webcast: Making the Case for SIEM http://www.sans.org/info/60953, Sponsored By: ArcSight http://www.arcsight.com/

2) Contribute to our SANS network security survey. Help us determine how organizations are hardening their network infrastructure against attack and high-stress application load. The survey takes five minutes and makes you eligible for a $250 Gift Card. Results will be announced in a July 22nd SANS Analyst Webcast. http://www.sans.org/info/60958

3) REGISTER NOW for the re-release of webcast: A Revolution in Federal Cyber Security: Continuous Automated FISMA Reporting - What's Required By OMB? What Works? Sponsored by Core and NCircle http://www.sans.org/info/60963 ******************************************************************

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) HIGH: Apple Flash Player Memory Corruption Remote Code Execution Vulnerability
  • Affected:
    • Adobe Flash Player 10.0.45.2 and earlier

  • Description: Apple Flash player is susceptible to a memory corruption vulnerability. The vulnerability is triggered when ActionScript native object 2200 is called multiple times with differing strings. By enticing a target to open a malicious page, an attacker can exploit this vulnerability in order to execute arbitrary code with the permissions of the currently logged-in user.

  • Status: vendor confirmed, updates available

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 26, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9679 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.26.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Rosoft Audio Converter Buffer Overflow
  • Description: Rosoft Audio Converter is an audio converter application for windows. Rosoft Audio Converter is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied input. Specifically, the issue occurs when a malicious crafted file is opened in Rosoft Audio Converter and then saved. Rosoft Audio Converter version 4.4.4 is affected.
  • Ref: http://www.securityfocus.com/bid/40878/references
  • 10.26.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sumatra PDF Unspecified Denial Of Service
  • Description: Sumatra PDF is a PDF viewer application for windows. The application is exposed to an unspecified denial of service issue. The issue occurs when a crafted PDF file is parsed. Sumatra PDF version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/40865
  • 10.26.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SasCam Webcam Server "GET" Request Remote Denial of Service
  • Description: SasCam Webcam Server is a web camera application available for Microsoft Windows. The application is exposed to a denial of service issue when handling certain requests. Specifically, when processing a long HTTP "GET" request the application crashes. SasCam Webcam Server versions 2.7, 2.6.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/40874
  • 10.26.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winplot ".wp2" File Buffer Overflow
  • Description: Winplot is a general purpose plotting utility available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a specially crafted ".wp2" file.
  • Ref: http://www.securityfocus.com/bid/40879
  • 10.26.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Batch Audio Converter ".wav" File Remote Stack Buffer Overflow
  • Description: Batch Audio Converter is a media player available for Microsoft Windows. Batch Audio Converter is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".wav" file. Batch Audio Converter (Lite Edition) version 1.0.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40940/references
  • 10.26.7 - CVE: CVE-2010-2305
  • Platform: Third Party Windows Apps
  • Title: Sygate Personal Firewall "SSHelper.dll' ActiveX Control Buffer Overflow
  • Description: Sygate Personal Firewall is a personal firewall application for Microsoft Windows operating systems. Sygate Personal Firewall ActiveX control is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. Sygate Personal Firewall version 5.6 build 2808 is affected.
  • Ref: http://www.securityfocus.com/bid/40960
  • 10.26.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Trident Software PowerZip ZIP Archive Stack Buffer Overflow
  • Description: Trident Software PowerZip is a file compression/extraction application for the Windows operating system. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user supplied data. This issue occurs when the application processes a crafted ZIP archive. PowerZip version 7.21 (Build 4010) is affected.
  • Ref: http://www.securityfocus.com/bid/40968/references
  • 10.26.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: KeyWorks Software KeyHelp ActiveX Controls Multiple Buffer Overflow Vulnerabilities
  • Description: KeyHelp is a set of HTML components. KeyHelp is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input to multiple ActiveX controls.
  • Ref: http://sotiriu.de/adv/NSOADV-2010-008.txt
  • 10.26.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Orbital Viewer ".ov" File Stack Based Buffer Overflow
  • Description: Orbital Viewer is an application for viewing ".orb" and ".ov" files. The application is exposed to a stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when a specially crafted ".ov" file is opened. Orbital Viewer version 1.04 is affected.
  • Ref: http://www.securityfocus.com/bid/40985/references
  • 10.26.11 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues that have been addressed in Security Update APPLE-SA-2010-06-15-1. The update addresses new issues that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server and Wiki Server components of Mac OS X.
  • Ref: http://www.securityfocus.com/bid/40886
  • 10.26.12 - CVE: CVE-2010-1748, CVE-2010-0540
  • Platform: Mac Os
  • Title: Apple Mac OS X CUPS Web Interface Unspecified Cross-Site Request Forgery
  • Description: Apple Mac OS X is exposed to a cross-site request forgery issue that affects the CUPS web interface component. This issue affects Mac OS X 10.5.8, Mac OS X Server 10.5.8, Mac OS X 10.6 through 10.6.3, and Mac OS X Server 10.6 through 10.6.3.
  • Ref: http://cups.org/articles.php?L596
  • 10.26.13 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel XSF "SWAPEXT" IOCTL Local Information Disclosure
  • Description: The Linux kernel is exposed to a local information disclosure issue. This issue affects the XSF IOCTL driver. Specifically, local attackers may use the "SWAPEXT" IOCTL to swap a write only file owned by an arbitrary user for a file owned by the attacker.
  • Ref: http://www.securityfocus.com/bid/40920/references
  • 10.26.14 - CVE: CVE-2010-2223
  • Platform: Linux
  • Title: Red Hat Enterprise Virtualization Hypervisor VDM Information Disclosure
  • Description: Red Hat Enterprise Virtualization Hypervisor is a hypervisor-based technology used to provide a virtualization platform. Red Hat Enterprise Virtualization Hypervisor is exposed to an information disclosure issue that affects the Virtual Desktop Server Manager.
  • Ref: http://www.securityfocus.com/bid/41044/references
  • 10.26.15 - CVE: CVE-2010-2224
  • Platform: Linux
  • Title: Red Hat Enterprise Virtualization Manager Postzero Parameter Information Disclosure
  • Description: Red Hat Enterprise Virtualization Manager is a hypervisor-based technology used to provide a virtualization platform. Red Hat Enterprise Virtualization Manager is exposed to an information disclosure issue because the application fails to properly pass the "postzero" parameter for deleted volumes after snapshot merging.
  • Ref: http://www.securityfocus.com/bid/41045
  • 10.26.16 - CVE: CVE-2010-0284
  • Platform: Novell
  • Title: Novell Access Manager Administration Console "getEntry()" Arbitrary File Upload
  • Description: Novell Access Manager is an application that provides single sign on for all corporate web applications. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user supplied input. Novell Access Manager versions 3.1 is affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-112/
  • 10.26.17 - CVE: CVE-2010-1406
  • Platform: Cross Platform
  • Title: WebKit HTTP URI Clipboard Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue. This issue is due to a design error when the application handles URIs inside a clipboard.
  • Ref: http://www.securityfocus.com/bid/40752
  • 10.26.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Titan FTP Server "xcrc" Command Arbitrary File Disclosure
  • Description: Titan is an FTP server. Titan FTP Server is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input passed to the "xcrc" command. Titan FTP Server version 8.10.1125 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511839
  • 10.26.19 - CVE: CVE-2010-2063
  • Platform: Cross Platform
  • Title: Samba "SMB1 Packet Chaining" Unspecified Remote Memory Corruption
  • Description: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows users to share files and printers between operating systems on UNIX and Windows platforms. Samba is exposed to an unspecified memory corruption issue. This issue is due to the application's failure to properly validate user supplied input when handling the chaining of SMB1 packets. Samba versions prior to 3.3.13 are affected.
  • Ref: http://www.samba.org/samba/security/CVE-2010-2063.html
  • 10.26.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe SVG Viewer Circle Transform Remote Code Execution
  • Description: Adobe SVG Viewer is an application and browser plugin used to view SVG (Scalable Vector Graphics) files. It is available for a number of platforms. Adobe SVG Viewer is exposed to a remote code execution issue that is triggered when processing SVG "circle" elements with "transform" properties containing excessive data. Adobe SVG Viewer version 3.03 is affected.
  • Ref: http://www.securityfocus.com/bid/40885
  • 10.26.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Teamspeak Webserver Multiple Remote Issue
  • Description: Teamspeak Webserver is a web server application. Teamspeak Webserver is exposed to multiple remote issues, including security-pass and denial of service. Teamspeak Webserver versions prior to 3.0.0-beta25 are affected.
  • Ref: http://forum.teamspeak.com/showthread.php?t=55646
  • 10.26.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TurboFTP Server Directory Traversal
  • Description: TurboFTP Server is a file transfer server for Microsoft Windows. The application is exposed to a directory traversal issue in the FTP and SFTP modules because it fails to sufficiently sanitize directory traversal strings from user-supplied input. TurboFTP Server version 1.20.745 is affected.
  • Ref: http://www.securityfocus.com/bid/40919
  • 10.26.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: File Sharing Wizard "HEAD" Command Remote Buffer Overflow
  • Description: File Sharing Wizard is a file sharing application. File Sharing Wizard is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input to the "HEAD" command. File Sharing Wizard version 1.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40928
  • 10.26.24 - CVE: CVE-2010-2192
  • Platform: Cross Platform
  • Title: pmount Insecure Temporary File Creation
  • Description: pmount is a wrapper around the standard mount program. pmount creates temporary files in the "/var/lock" directory in an insecure manner. A local attacker could potentially perform symbolic link attacks, overwriting arbitrary files in the context of the affected application.
  • Ref: http://www.securityfocus.com/bid/40939
  • 10.26.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DotNetNuke Multiple Security Vulnerabilities
  • Description: DotNetNuke is an open source framework for creating and deploying websites. The application is exposed to multiple security issues. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. DotNetNuke versions prior to 5.4.3 are affected.
  • Ref: http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno37/tabid/1568/De
    fault.aspx
  • 10.26.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Titan FTP Server "comb" Command Directory Traversal
  • Description: Titan FTP Server is a file transfer server for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize directory traversal strings (..) passed to the "comb" command. Titan FTP Server version 8.10.1125 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511873
  • 10.26.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Corel VideoStudio Pro MP4 File Handling Remote Buffer Overflow
  • Description: Corel VideoStudio Pro is an application for processing images. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Corel VideoStudio Pro X3 is affected.
  • Ref: http://www.securityfocus.com/bid/40963
  • 10.26.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: H264 WebCam HTTP Server Buffer Overflow
  • Description: H264 WebCam is remote video surveillance software. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data supplied to the built-in HTTP server. H264 WebCam version 3.7 is affected.
  • Ref: http://www.securityfocus.com/bid/40965
  • 10.26.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Multiple Security Issues
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. Opera Web Browser is exposed to multiple security issues. The impact of these issues has not been disclosed. Opera Web Browser versions prior to 10.54 are affected.
  • Ref: http://www.opera.com/docs/changelogs/windows/1054/
  • 10.26.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MoreAmp ".maf" File Buffer Overflow
  • Description: MoreAmp is an audio player, transcoder and CD ripper for Mac OS X, Windows, Unix, and Linux. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input.
  • Ref: http://www.securityfocus.com/bid/40980
  • 10.26.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ZNC NULL Pointer Dereference Denial of Service
  • Description: ZNC is a bouncer application for Internet Relay Chat (IRC). The application is exposed to a remote denial of service issue caused by a NULL pointer dereference. This issue occurs when the application processes traffic statistics while there is an unauthenticated connection to ZNC. ZNC version 0.090 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=603915
  • 10.26.32 - CVE: CVE-2010-0831, CVE-2010-2322
  • Platform: Cross Platform
  • Title: FastJar "extract_jar()" Archive Extraction Directory Traversal
  • Description: FastJar is an implementation of the popular jar utility; it is implemented in C. FastJar is exposed to a directory traversal issue because the utility fails to properly sanitize user-supplied data.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=594497
  • 10.26.33 - CVE: CVE-2010-2065
  • Platform: Cross Platform
  • Title: LibTIFF "TIFFroundup()" Remote Integer Overflow
  • Description: LibTIFF is a library for reading and manipulating Tag Image File Format (TIFF) files. The library is exposed to a remote integer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, the "TIFFroundup()" macro called from "TIFFFillStrip()" can return 0 while allocating an insufficiently sized memory buffer. LibTIFF versions prior to versions 3.9.3 are affected.
  • Ref: http://www.securityfocus.com/bid/41011/references
  • 10.26.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sysax Multi Server "SFTP" Module Multiple Denial Of Service
  • Description: Sysax Multi Server is an SSH2 and FTP server for Microsoft windows. Sysax Multi Server is exposed to multiple denial of service issues. Specifically, these issues occur because the "SFTP" module fails to properly handle overly long strings passed to the "open", "scp_get", "unlink", or "mkdir" commands. Sysax Multi Server version 5.25 is affected.
  • Ref: http://www.securityfocus.com/archive/1/511911
  • 10.26.36 - CVE: CVE-2010-1751, CVE-2010-1752, CVE-2010-1753,CVE-2010-1754, CVE-2010-1775, CVE-2010-1755, CVE-2010-1756,CVE-2010-1387, CVE-2010-1407, CVE-2010-1757, CVE-2010-1769
  • Platform: Cross Platform
  • Title: Apple iPhone/iPod touch Prior to iOS 4 Multiple Vulnerabilities
  • Description: Apple iOS is an operating platform for iPhone and iPod touch. iPhone is a mobile phone that runs on the ARM architecture. Apple iPod touch is a portable music player that also contains the Safari web browser. Apple iOS is exposed to multiple issues affecting the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Apple iPhone/iPod touch versions prior to iOS 4 are affected.
  • Ref: http://www.apple.com/iphone/softwareupdate/
  • 10.26.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wing FTP Server "PORT" Command Denial of Service
  • Description: Wing FTP Server is a secure multi protocol file server for Windows, Linux, Mac, FreeBSD and Solaris. Wing FTP Server is exposed to a denial of service issue. Specifically, this issue occurs because the server fails to properly handle invalid parameters passed to the "PORT" command. Wing FTP Server version 3.1.2 is affected.
  • Ref: http://blog.trendmicro.com/trend-micro-discovers-wing-ftp-server-port-command-do
    s-bug/
  • 10.26.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Explzsh LHA File Processing Buffer Overflow Issue
  • Description: Explzsh is a file compression application. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing specially crafted LHA file headers. Explzsh version 5.62 is affected.
  • Ref: http://jvn.jp/en/jp/JVN34729123/index.html
  • 10.26.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Subtitle Translation Wizard ".srt" File Stack-Based Buffer Overflow
  • Description: Subtitle Translation Wizard is an application for subtitle translation. The application is exposed to a stack-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Subtitle Translation Wizard version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41026
  • 10.26.40 - CVE: CVE-2010-0541
  • Platform: Web Application - Cross Site Scripting
  • Title: Ruby WEBrick UTF-7 Encoding Cross-Site Scripting
  • Description: WEBrick is a core library of the Ruby programming language that provides HTTP server functionality. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. The problem occurs because error pages may be treated as UTF-7, allowing for the injection of arbitrary script.
  • Ref: http://www.securityfocus.com/bid/40895
  • 10.26.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Software Index "signinform.php" Cross-Site Scripting issue
  • Description: Software Index is a web-based application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "msg" parameter of the "signinform.php" script.
  • Ref: http://www.securityfocus.com/bid/40914/references
  • 10.26.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ceica-GW "login.php" Cross-Site Scripting
  • Description: Ceica-GW is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input from the URI in the "login.php" script.
  • Ref: http://www.securityfocus.com/bid/40917
  • 10.26.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Splunk HTTP "Referer" Header Cross-Site Scripting
  • Description: Splunk is an IT infrastructure monitoring system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input through the HTTP "Referer" header when responding to a request for a non-existent resource. Splunk versions 4.0 through 4.1.2 are affected.
  • Ref: http://www.splunk.com/view/SP-CAAAFHY
  • 10.26.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Studio theme pack Module For Drupal Cross-Site Scripting
  • Description: Studio theme pack is a module for Drupal content manager. The module is exposed to a cross-site scripting issue because it fails to properly sanitize unspecified input before displaying it in a user's browser. Studio theme pack 6.x versions prior to 6.x-1.2 are affected.
  • Ref: http://drupal.org/node/829414
  • 10.26.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: osCmax "articles.php" Cross-Site Scripting
  • Description: osCMax is a web-based e-commerce application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "articles_description[]" parameter of the "admin/articles.php" script. osCMax version 2.0.25 is affected.
  • Ref: http://www.securityfocus.com/bid/41000/references
  • 10.26.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sigmer Technologies Scribe CMS "copy_folder.php" Cross-Site Scripting
  • Description: Sigmer Technologies Scribe CMS is a PHP-based application. Scribe CMS is EXPOSED to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "copy_folder.php" script.
  • Ref: http://www.securityfocus.com/archive/1/511906
  • 10.26.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Hitachi Groupmax World Wide Web Desktop Unspecified Cross-Site Scripting
  • Description: Hitachi Groupmax World Wide Web Desktop is a web-based desktop application. Multiple Groupmax World Wide Web Desktop products are exposed to a cross-site scripting issue because they fail to properly sanitize user-supplied input. The specific cause of this issue is unknown.
  • Ref: http://www.securityfocus.com/bid/41028
  • 10.26.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM WebSphere ILOG JRules Cross-Site Scripting Issue
  • Description: IBM WebSphere ILOG JRules is a rule execution server for Java. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input returned within the "faces/explore/explore.jsp", "faces/compose/compose.jsp" and "faces/home.jsp" scripts. This issue affects the ILog Error handling mechanism. IBM WebSphere version 6.7 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1RS00133
  • 10.26.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eSitesBuilder Multiple Cross-Site Scripting Issues
  • Description: eSitesBuilder is a PHP-based website authoring application. eSitesBuilder is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/511904
  • 10.26.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Multiple Fujitsu Interstage Products Unspecified Cross-Site Scripting
  • Description: Fujitsu Interstage Application Server is a Java-based application server that includes Tomcat Servlet Services. Multiple Fujitsu Interstage products are exposed to a cross-site scripting issue because they fail to properly sanitize user-supplied input. The specific cause of this issue is unknown.
  • Ref: http://www.securityfocus.com/bid/41038
  • 10.26.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eWebquiz "QuizType" Parameter SQL Injection
  • Description: eWebquiz is a web-based application for creating quizzes; it is implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "QuizType" parameter of the "eWebQuiz.asp" script before using the data in an SQL query. eWebquiz version 8 is affected.
  • Ref: http://www.securityfocus.com/bid/40876/references
  • 10.26.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Active Auction Pro "catid" Parameter SQL Injection
  • Description: Active Auction Pro is an auction application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "default.asp" script before using it in an SQL query. Active Auction Pro version 6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/40877
  • 10.26.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Anblik PenPal "admin/login.asp" Multiple SQL Injection Issues
  • Description: PenPal is an ASP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "admin/login.asp" script. PenPal version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40925/references
  • 10.26.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Softwebs Nepal Real Estate "viewphoto.asp" SQL Injection Issue
  • Description: Softwebs Nepal Real Estate is a web-based real estate application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "viewphoto.asp" script before using it in an SQL query. Softwebs Nepal Real Estate version 3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/40927/references
  • 10.26.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ananda Image Gallery "default.asp" SQL Injection Issue
  • Description: Ananda Image Gallery is an ASP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "default.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40929/references
  • 10.26.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Sell@Site PHP E-MALL SQL Injection Issue
  • Description: Sell@Site PHP E-MALL is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "products.php" script.
  • Ref: http://www.securityfocus.com/bid/40934/references
  • 10.26.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke print Module SQL Injection Issue
  • Description: print is a module for PHP-Nuke content manager. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter before using it in an SQL query. PHP-Nuke print module version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/40942/references
  • 10.26.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KubeSupport "lang" Parameter SQL Injection
  • Description: KubeSupport is a PHP-based application used to manage tickets posted by customers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lang" parameter of the "/KubeSupport/install/index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40970/references
  • 10.26.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Kubelance "profile.php" SQL Injection
  • Description: Kubelance is a PHP-based application that allows users to post and bid on jobs and projects. The application is exposed to an SQL injection issue because its fails to sufficiently sanitize user-supplied data before using it in an SQL query. Kubelance version 1.7.6 is affected.
  • Ref: http://www.securityfocus.com/bid/40974
  • 10.26.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Banner Management Script "trackads.php" SQL Injection
  • Description: YourFreeWorld Banner Management Script is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input in the "trackads.php" script before using it in an SQL query.
  • Ref: http://www.yourfreeworld.com/script/bannermanagementscript.php
  • 10.26.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Elite Gaming Ladders "standings.php" SQL Injection
  • Description: Elite Gaming Ladders is a PHP-based online games script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ladder[id]" parameter of the "standings.php" script before using it in an SQL query. Elite Gaming Ladders 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/40981/references
  • 10.26.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SnowCade Multiple SQL Injection Vulnerabilities
  • Description: SnowCade is a PHP-based gaming template. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cat" and "gameid" parameter of the "index.php" script before using it in an SQL query. SnowCade version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/40984
  • 10.26.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Overstock "storecat.php" SQL Injection Issue
  • Description: Overstock is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "store" parameter of the "storecat.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40990/references
  • 10.26.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OroHYIP "withdraw_money.php" SQL Injection
  • Description: OroHYIP is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "withdraw_money.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40992/references
  • 10.26.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Shareasale "merchant_product_list.php" SQL Injection
  • Description: Shareasale is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "merchant_id" parameter of the "merchant_product_list.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40993
  • 10.26.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SaffaTunes CMS "news.php" Multiple SQL Injection Vulnerabilities
  • Description: SaffaTunes CMS is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" and "year" parameters of the "news.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/40995
  • 10.26.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Job Search Engine "show_search_result.php" SQL Injection
  • Description: Job Search Engine is a PHP-based web application for creating a job search portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "keyword" parameter of the "show_search_result.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41018
  • 10.26.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Top Sites "category.php" SQL Injection
  • Description: Top Sites is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "category.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41019/references
  • 10.26.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: getaphpsite.com Classifieds "search.php" SQL Injection
  • Description: Classifieds is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "rate" parameter of the "search.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41021
  • 10.26.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: getaphpsite.com Job Search "content.php" SQL Injection
  • Description: Job Search is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "topic" parameter of the "content.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41023/references
  • 10.26.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz Social Community Script Admin Login Multiple SQL Injection Issues
  • Description: Social Community Script is a web application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "socialcommunity/admin/index.php" script.
  • Ref: http://www.securityfocus.com/bid/41037/references
  • 10.26.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Projects Multi-Vendor Shopping Malls "detail.php" SQL Injection
  • Description: Pre Multi-Vendor Shopping Malls is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "prodid" parameter of the "detail.php" script.
  • Ref: http://www.securityfocus.com/bid/41034
  • 10.26.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: webConductor "default.asp" SQL Injection
  • Description: webConductor is an ASP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "default.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41042
  • 10.26.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Site2Nite Boat Classifieds "detail.asp" SQL Injection
  • Description: Site2Nite Boat Classifieds is an ASP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" parameter of the "detail.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41046
  • 10.26.75 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPAuction "sell.php" PHP Code Injection
  • Description: PHPAuction is a PHP-based auction application. The application is exposed to an issue that lets attackers inject arbitrary PHP code. The issue occurs because the application fails to sanitize the "Item description" field in the "sell.php" script.
  • Ref: http://www.securityfocus.com/bid/40912/references
  • 10.26.76 - CVE: Not Available
  • Platform: Web Application
  • Title: 2daybiz Network Community Script SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: 2daybiz Network Community Script is a PHP-based social networking application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data. 1) An SQL injection issue that affects the "alb" parameter of the "view_photo.php" script. 2) A cross-site scripting issue that affects the "id" parameter of the "scrapbook.php" script.
  • Ref: http://www.securityfocus.com/bid/40913
  • 10.26.77 - CVE: Not Available
  • Platform: Web Application
  • Title: EZPX Photoblog "commentform.php" Remote File Include
  • Description: EZPX photoblog is a web-based application implemented in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "tpl_base_dir" parameter of the "commentform.php" script. EZPX photoblog version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/40881/references
  • 10.26.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Nakid CMS "core[system_path]" Parameter Remote File Include
  • Description: Nakid CMS is a content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "core[system_path]" parameter of the "/modules/catalog/upload_photo.php" script. Nakid CMS version 0.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/40882
  • 10.26.79 - CVE: Not Available
  • Platform: Web Application
  • Title: 2daybiz Online Classified Script SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: 2daybiz Online Classified Script is a PHP-based web application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data. 1) An SQL injection issue that affects the "alb" parameter of the "view_photo.php" script. 2) A cross-site scripting issue that affects the "sid" parameter of the "products/classified/headersearch.php" script.
  • Ref: http://www.securityfocus.com/bid/40890
  • 10.26.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Omid Samadbin Software Index Image Upload Remote Arbitrary File Upload
  • Description: Software Index is a PHP-based web application. The application is exposed to a remote arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input. Specifically, a malicious PHP file can be uploaded through the image upload feature.
  • Ref: http://www.securityfocus.com/bid/40921
  • 10.26.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal FileField Multiple HTML Injection Issues
  • Description: FileField is a module for the Drupal content manager. The FileField module is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data. FileField versions prior to 6.x-2.5 and 5.x-3.4 are affected.
  • Ref: http://drupal.org/node/829808
  • 10.26.82 - CVE: Not Available
  • Platform: Web Application
  • Title: PithCMS "lang" Parameter Local File Include
  • Description: PithCMS is a PHP-based content management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "oldnews_reader.php" script. PithCMS version 0.9.5 is affected.
  • Ref: http://www.securityfocus.com/bid/40926
  • 10.26.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Ogone | Ubercart payment Drupal Module Payment Validation Security Bypass
  • Description: Ogone | Ubercart payment is a module for the Drupal content manager. The Ogone | Ubercart payment module for Drupal is exposed to a security bypass issue because it fails to properly verify return codes. Ogone | Ubercart payment versions 5.x prior to 5.x-1.6 and versions 6.x prior to 6.x-1.5 are affected.
  • Ref: http://drupal.org/node/829412
  • 10.26.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Ubercart MIGS Gateway Drupal Module Security Bypass
  • Description: Ubercart MIGS Gateway is a module for the Drupal content manager. The Ubercart MIGS Gateway module for Drupal is exposed to a security bypass issue because it fails to properly handle crafted HTTP requests. Ubercart MIGS Gateway versions prior to 6.x-1.2 are affected.
  • Ref: http://drupal.org/node/829528
  • 10.26.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Views Module HTML Injection and Cross-Site Request Forgery Vulnerabilities
  • Description: Views is a module for the Drupal content manager. The module is exposed to multiple security issues. 1) An HTML injection issue because it fails to sufficiently sanitize user-supplied input before using it in dynamically generated content. 2) A cross-site request forgery issue that affects the Views "UI" module. Views versions prior to 5.x-1.8 and 6.x-2.11 are affected.
  • Ref: http://drupal.org/node/829840
  • 10.26.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Content Construction Kit (CCK) Multiple Security Bypass Issues
  • Description: Content Construction Kit (CCK) is a module for Drupal content manager. The module is exposed to multiple security bypass issues. The Content Construction Kit 5.x versions prior to 5.x-1.11 and 6.x versions prior to 6.x-2.7 are affected.
  • Ref: http://drupal.org/node/829566
  • 10.26.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Firebook Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities
  • Description: Firebook is Perl-based guest book script. The application is exposed to multiple input validation issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/511871
  • 10.26.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle Multiple Security Issues
  • Description: Moodle is a content manager for online courseware; it is implemented in PHP. The application is exposed to multiple security issues. Moodle versions prior to Moodle 1.9.9 and 1.8.13 are affected.
  • Ref: http://moodle.org/security/
  • 10.26.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Xerox WorkCentre XRX10-003 Multiple Unspecified Issues
  • Description: Xerox WorkCentre is a web-capable printer and photocopier. Multiple Xerox WorkCentre devices are exposed to multiple unspecified issues. Very little information is known about these issues. The following versions are Xerox WorkCentre affected: 5135, 5150, 5632, 5638, 5645, 5655, 5665, 5675 and 5687.
  • Ref: http://www.securityfocus.com/bid/40946
  • 10.26.90 - CVE: CVE-2010-2225
  • Platform: Web Application
  • Title: PHP "SplObjectStorage" Unserializer Arbitrary Code Execution
  • Description: PHP is a general purpose scripting language that is suited for web development and can be embedded into HTML. PHP is exposed to an issue that an attacker could exploit to execute arbitrary code. This issue affects the "SplObjectStorage" unserializer.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=605641
  • 10.26.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Atlassian JIRA Crowd Single Signon Security Bypass
  • Description: Atlassian JIRA is a web-based bug tracking application. The application is exposed to a security bypass issue. This issue affects the login functionality when JIRA is connected to "Atlassian Crowd" and using "Crowd Single Signon" (SSO). Atlassian versions prior to JIRA 4.1.2 are affected.
  • Ref: http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-06-18
  • 10.26.92 - CVE: CVE-2010-1622
  • Platform: Web Application
  • Title: Spring Framework "class.classLoader" Code Injection
  • Description: Spring Framework is a layered Java/J2EE application framework. The application is exposed to a remote code injection issue because it fails to sufficiently sanitize input passed through the "class.classLoader" HTTP parameter. Spring Framework versions prior to 3.03, 2.5.6.SEC02 and 2.5.7.SR01 are affected.
  • Ref: http://www.springsource.com/security/cve-2010-1622
  • 10.26.93 - CVE: Not Available
  • Platform: Web Application
  • Title: MarketSaz "fckeditor" Arbitrary File Upload
  • Description: MarketSaz is a web-based application. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/40971
  • 10.26.94 - CVE: CVE-2010-1632
  • Platform: Web Application
  • Title: Apache Axis2 Document Type Declaration Processing Security
  • Description: Apache Axis2 is a Web Services/SOAP/WSDL engine. The application is exposed to a security issue because the application fails to properly restrict the processing of XML Document Type Declarations (DTD). Apache Axis2 versions prior to 1.5.2 and 1.6 are affected.
  • Ref: http://www.securityfocus.com/bid/40976/references
  • 10.26.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Plone "safe_html" HTML Injection
  • Description: Plone is a Python-based content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, this issue affects the "safe_html" HTML filter in the PortalTransforms tool. All versions since Plone 2.1 are affected.
  • Ref: http://plone.org/products/plone/security/advisories/CVE-2010-2422
  • 10.26.96 - CVE: Not Available
  • Platform: Web Application
  • Title: MindArray synType CMS "cmnt_body" Parameter HTML Injection
  • Description: MindArray synType CMS is a PHP-based content manager. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input to the "cmnt_body" parameter of an unspecified script in the "Dein Kommentar" text area. SynType CMS version 0.12.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41002
  • 10.26.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Ultimate PHP Board Multiple Local File Include Vulnerabilities
  • Description: Ultimate PHP Board (UPB) is a PHP-based online bulletin board. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "register.php" script and the "file" parameter of the "upb/admin_restore.php" script. UPB version 2.2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/41007/references
  • 10.26.98 - CVE: Not Available
  • Platform: Web Application
  • Title: SimpleAssets SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: SimpleAssets is a PHP-based asset management application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/41008
  • 10.26.99 - CVE: Not Available
  • Platform: Web Application
  • Title: iBoutique "page" Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: iBoutique is a web-based shopping application. iBoutique is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "iboutique/index.php" script.
  • Ref: http://www.securityfocus.com/bid/41014
  • 10.26.100 - CVE: Not Available
  • Platform: Web Application
  • Title: The Uploader "download_launch.php" Directory Traversal
  • Description: The Uploader is a PHP-based application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "filename" parameter of the "download_launch.php" script. The Uploader version 2.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/41020
  • 10.26.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Online Classified Script "categorysearch.php" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: 2daybiz Online Classified Script is a PHP-based web application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/41024
  • 10.26.102 - CVE: Not Available
  • Platform: Web Application
  • Title: SoftComplex PHP Event Calendar Multiple Remote Vulnerabilities
  • Description: SoftComplex PHP Event Calendar is a web-based application for event scheduling. SoftComplex PHP Event Calendar is exposed to multiple remote issues. Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions. PHP Event Calendar version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/41043

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Very intense. I have never been to a conference where we received so much information and so much more to learn post-conference.
-Paul Abels, UPS

vLive FOR408

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County