Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 27
July 1, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • ------------------------- -------------------------------------
    • Third Party Windows Apps
    • 4
    • Linux
    • 5
    • Unix
    • 2
    • Novell
    • 2
    • Cross Platform
    • 35 (#1,#2,#3)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 31
    • Web Application
    • 23
    • Network Device
    • 5

************************ Sponsored By SANS ***********************

What is Resiliency and why is it Important to Network Security? Does your organization measure the impact of security threats, blended traffic and extreme load on the overall performance, security and stability of network devices and systems? Take our SANS network resiliency survey and help us find out if organizations have security resiliency on their radars. Complete the survey and be entered in a drawing for a $250 American Express Gift Certificate! Results will be announced in our July 22nd SANS Analyst Webcast, 1PM EST. http://www.sans.org/info/61173

******************************************************************

TRAINING UPDATE

- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

- -- SANS Boston 2010, August 2-8, 2010 11 courses. Special Events include Rapid Response Security Strategy Competition

http://www.sans.org/boston-2010/

- -- SANS Virginia Beach 2010, August 29-September 3, 2010 9 courses. Bonus evening presentations include Future Trends in Network Security

http://www.sans.org/virginia-beach-2010/

- -- SANS Network Security 2010, Las Vegas, September 19-27, 2010 40 courses. Bonus evening presentations include The Return of Command Line Kung Fu and Cyberwar or Business as Usual? The State of US Federal CyberSecurity Initiatives

http://www.sans.org/network-security-2010/

- -- SOS: SANS October Singapore, October 4-11, 2010 7 courses

http://www.sans.org/singapore-sos-2010/

- -- Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at

http://www.sans.org/ondemand/discounts.php#current

Plus Kuala Lumpur, Washington DC, Canberra and Portland all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Mozilla Firefox/Thunderbird/SeaMonkey DOM Nodes Integer Overflow Vulnerability
  • Affected:
    • Firefox 3.6.4
    • Firefox 3.5.10
    • Thunderbird 3.0.5
    • SeaMonkey 2.0.5

  • Description: Multiple Mozilla products are susceptible to an integer overflow vulnerability. This vulnerability, which is due to a bug in the routine used to set the text value for certain types of DOM elements, can be exploited in order to execute arbitrary code with the permissions of the currently logged-in user.

  • Status: vendor confirmed, updates available

  • References:
  • (3) HIGH: Google Chrome prior to 5.0.375.86 Multiple Security Vulnerabilities
  • Affected:

  • Description: Google Chrome is susceptible to multiple security vulnerabilities. Google does not typically release details of its vulnerabilities until well after they are reported and patched, so it is impossible to determine their severity. Three of the vulnerabilities potentially have to do with memory corruption, so it is possible that some of them can be used for code execution.

  • Status: vendor confirmed, updates available

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 27, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9695 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 10.27.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winstats ".fma" File Parsing Remote Buffer Overflow
  • Description: Winstats is a statistics application available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a specially crafted ".fma" file.
  • Ref: http://www.securityfocus.com/bid/41128
  • 10.27.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Wincalc ".num" File Parsing Remote Buffer Overflow
  • Description: Wincalc is a mathematics application available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a specially crafted ".num" file.
  • Ref: http://www.securityfocus.com/bid/41136
  • 10.27.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Wingeom ".wg2" File Buffer Overflow
  • Description: Wingeom is an application for geometric constructions available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a specially crafted ".wg2" file. Wingeom version 7 is affected.
  • Ref: http://www.securityfocus.com/bid/41137/references
  • 10.27.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FieldNotes 32 ".dxf" File Buffer Overflow
  • Description: FieldNotes 32 is a design utility available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a specially crafted ".dxf" file. FieldNotes version 32 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41147
  • 10.27.5 - CVE: Not Available
  • Platform: Linux
  • Title: Weborf HTTP Header Processing Denial of Service
  • Description: Weborf is an HTTP server for the Linux platform. The server is exposed to a denial of service issue when wide characters are used in HTTP header. This issue occurs when a specially crafted HTTP header is processed. Weborf version 0.12.1 is affected.
  • Ref: http://code.google.com/p/weborf/source/browse/branches/0.12.2/CHANGELOG?spec=svn
    437&r=437
  • 10.27.6 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "pppol2tp_xmit" Null Pointer Deference Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue caused by a NULL pointer dereference error. Specifically, when transmitting L2TP frames, the "pppol2tp_xmit()" function derives the outgoing interface's UDP checksum hardware assist capabilities from the tunnel's dst and dev.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/3071
  • 10.27.7 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "time/clocksource.c" Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue that affects the "time/clocksource.c" source file. This issue exists because the "timekeeper/clocksource" fails to initialize the "curr_clocksource" value when using a non-"GENERIC_TIME" clock source.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/3069
  • 10.27.9 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel ethtool "info.rule_cnt" Local Buffer Overflow
  • Description: The Linux kernel is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user supplied data. This issue affects the "ethtool_get_rsnfc()" function of the "ethtool.c" source file.
  • Ref: http://thread.gmane.org/gmane.linux.network/164869
  • 10.27.10 - CVE: CVE-2010-2432
  • Platform: Unix
  • Title: CUPS "cupsDoAuthentication()" Infinite Loop Denial of Service
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to a denial of service issue that affects the "cupsDoAuthentication()" function of the "auth.c" source file. CUPS versions prior to 1.4.4 are affected.
  • Ref: http://cups.org/str.php?L3518
  • 10.27.11 - CVE: CVE-2010-2431
  • Platform: Unix
  • Title: CUPS "cupsFileOpen" function Symlink Attack Local Privilege Escalation
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to a local privilege escalation issue in the "cupsFileOpen()" function. CUPS versions prior to 1.4.4 are affected.
  • Ref: http://cups.org/str.php?L3510
  • 10.27.12 - CVE: CVE-2010-1929
  • Platform: Novell
  • Title: Novell iManager Schema Create Class Stack Buffer Overflow
  • Description: Novell iManager is a web-based management portal for various Novell products. The application is exposed to a stack-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. Novell iManager versions prior to 2.7.4 are affected.
  • Ref: http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-v
    ulnerabilities
  • 10.27.13 - CVE: CVE-2010-1930
  • Platform: Novell
  • Title: Novell iManager Long TREE Field Off-By-One Denial of Service Issue
  • Description: Novell iManager is a web-based management portal for various Novell products. Novell iManager is exposed to a denial of service issue due to an off by one error. This issue occurs when handling a TREE field containing 256 bytes of information.
  • Ref: http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-v
    ulnerabilities
  • 10.27.14 - CVE: CVE-2010-1775
  • Platform: Cross Platform
  • Title: Apple iPhone and iPod touch Race Condition Security Bypass
  • Description: Apple iPhone and iPod touch are exposed to a security bypass issue due to a race condition issue. An attacker may be able to pair the vulnerable device with a computer for a short period during the initial boot stage.
  • Ref: http://www.securityfocus.com/bid/41066
  • 10.27.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avahi "avahi-core/socket.c" Zero Size Packet Denial of Service
  • Description: Avahi is an application for discovering available services on a local network. Avahi is exposed to a denial of service issue because it fails to handle exceptional conditions. This issue occurs when receiving a packet with a broken checksum immediately after a receiving a good packet.
  • Ref: http://www.openwall.com/lists/oss-security/2010/06/23/4
  • 10.27.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Axis Media Controller "AxisMediaControlEmb.dll" ActiveX Remote Code Execution
  • Description: Axis Media Controller is an ActiveX control that handles media streams. Axis Media Controller is exposed to a remote code execution issue. This issue affects the "setimage()" method of the "AxisMediaControlEmb.dll" ActiveX control identified by CLSID: DE625294-70E6-45ED B895-CFFA13AEB044. Axis Media Controller version 5.8.5.3 is affected.
  • Ref: http://0x769c9b5d.blogspot.com/2010/06/axis-media-control-embedded-multiple.html
  • 10.27.17 - CVE: CVE-2010-2327
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server "mod_ibm_ssl" HTTP Request Remote Denial of Service
  • Description: IBM WebSphere Application Server (WAS) is available for various operating systems. IBM WebSphere Application Server for z/OS is exposed to a remote denial of service issue that occurs because the application does not handle large HTTP request bodies when uploading files over SSL. IBM WAS versions prior to 6.0.2.43, 6.1.0.33, and 7.0.0.11 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM10270
  • 10.27.18 - CVE: CVE-2010-2324
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Unspecified Link Injection Security
  • Description: IBM WebSphere Application Server (WAS) is a web server. IBM WebSphere Application Server is exposed to an unspecified issue that may allow attackers to inject links into unspecified locations. IBM WAS versions prior to 7.0.0.11 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM09250
  • 10.27.19 - CVE: CVE-2010-2328
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server "gzip" Data Null Pointer Exception
  • Description: IBM WebSphere Application Server (WAS) is available for various operating systems. IBM WebSphere Application Server is exposed to a null pointer exception issue that occurs when the application attempts to handle large amounts of chunked "gzip" encoded data. IBM WAS versions prior to 7.0.0.11 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM08894
  • 10.27.20 - CVE: CVE-2010-1196
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey DOM Nodes Integer Overflow
  • Description: Firefox is a web browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms. Mozilla Firefox, SeaMonkey, and Thunderbird are exposed to a remote integer overflow issue because they fail to properly bounds check user-supplied input. Firefox versions prior to 3.6.4 and Firefox 3.5.10; Thunderbird versions prior to 3.0.5 and SeaMonkey versions prior to 2.0.5 are affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
  • 10.27.21 - CVE: CVE-2010-2233
  • Platform: Cross Platform
  • Title: LibTIFF Multiple Remote Code Execution Vulnerabilities
  • Description: LibTIFF is a library for reading and manipulating Tagged Image File Format (TIFF) files. LibTIFF is exposed to multiple remote code execution issues because it fails to properly validate user-supplied data. LibTIFF versions prior to 3.9.4 or 4.0 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=607198
  • 10.27.22 - CVE: CVE-2010-2325
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server for z/OS Administrative Console Cross-Site Scripting
  • Description: IBM WebSphere Application Server (WAS) for z/OS is a software application server. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user supplied input. Specifically, this issue affects the administrative console. IBM WAS for z/OS versions prior to 7.0.0.11 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830
  • 10.27.23 - CVE: CVE-2010-1200, CVE-2010-1202, CVE-2010-1197,CVE-2010-1203, CVE-2010-0183, CVE-2010-1201, CVE-2010-1200,CVE-2010-1199
  • Platform: Cross Platform
  • Title: Mozilla Firefox multiple vulnerabilities
  • Description: Firefox is a web browser available for multiple platforms. Mozilla Firefox is exposed to multiple issues. A memory corruption issue exists in the JavaScript engine. A security bypass issue affects attachments with "Content-Disposition" HTTP headers. A remote code execution issue exists because of a use-after-free error in the "nsCycleCollector::MarkRoots()" function. Firefox versions prior to 3.6.4 and 3.5.10 are affected.
  • Ref: http://www.mozilla.org/security/announce/2010/mfsa2010-32.html
  • 10.27.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Dynamic DNS Update Client Credentials Obfuscation Issue
  • Description: Dynamic DNS Update Client is a DNS client application. Dynamic DNS Update Client is exposed to a security issue that may allow attackers to decode sensitive information. This issue occurs because the application uses a weak encoding algorithm to encrypt usernames, passwords, and domain names. Dynamic DNS Update Client version 2.2.1 is affected.
  • Ref: http://www.corelan.be:8800/advisories.php?id=CORELAN-10-052
  • 10.27.25 - CVE: CVE-2010-1763
  • Platform: Cross Platform
  • Title: WebKit Unspecified Security Issue
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to an unspecified security issue.
  • Ref: http://www.securityfocus.com/bid/41125/references
  • 10.27.26 - CVE: CVE-2010-2420
  • Platform: Cross Platform
  • Title: Fenrir ActiveGeckoBrowser Unspecified Denial Of Service
  • Description: Fenrir ActiveGeckoBrowser is a module for the Sleipnir web browser. The application is exposed to an unspecified denial of service issue caused by unspecified vectors in the Gecko engine. Fenrir ActiveGeckoBrowser versions 1.0.0 and 1.0.5 alpha are affected.
  • Ref: http://www.fenrir.co.jp/blog/2010/06/activegeckobrowser.html
  • 10.27.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Twitter for iPhone Unspecified Buffer Overflow Issue
  • Description: Twitter for iPhone is a micro blogging application. Twitter for iPhone is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs when handling an unusual user profile location. Twitter versions prior to for iPhone 3.0.1 are affected.
  • Ref: http://fnstenv.blogspot.com/2010/06/twitter-for-iphone.html
  • 10.27.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome prior to 5.0.375.86 Multiple Security Vulnerabilities
  • Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple issues. See reference link for complete details. Chrome versions prior to 5.0.375.86 are affected.
  • Ref: http://googlechromereleases.blogspot.com/2010/06/stable-channel-update_24.html
  • 10.27.29 - CVE: CVE-2010-1204
  • Platform: Cross Platform
  • Title: Bugzilla "time-tracking" Information Disclosure
  • Description: Bugzilla is a freely available, open source bug tracker. The application is exposed to an information disclosure issue because the application allows an unprivileged user to access the time tracking group by crafting the search URL. Bugzilla versions 2.17.1 through 3.2.6; 3.3.1 through 3.4.6; 3.5.1 through 3.6 and 3.7 are affected.
  • Ref: http://www.bugzilla.org/security/3.2.6/
  • 10.27.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WM Downloader ".m3u" File Remote Stack Buffer Overflow
  • Description: WM Downloader is a file download management application. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".m3u" file. WM Downloader version 2.9.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41145/references
  • 10.27.31 - CVE: CVE-2010-0778
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Console Unspecified Cross-Site Scripting
  • Description: IBM WebSphere Application Server (WAS) is an application server used for service oriented architecture. WAS is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. This issue affects the Administration Console. WAS versions prior to 7.0.0.11 and 6.1.0.33 are affected.
  • Ref: http://xforce.iss.net/xforce/xfdb/59646
  • 10.27.32 - CVE: CVE-2010-0779
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Cross-Site Scripting
  • Description: IBM WebSphere Application Server (WAS) is an application server used for service oriented architecture. WAS is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. This issue affects the Administration Console. IBM WebSphere versions prior to 7.0.0.11 and 6.1.0.33 are affected.
  • Ref: http://xforce.iss.net/xforce/xfdb/59647
  • 10.27.33 - CVE: CVE-2008-7257
  • Platform: Cross Platform
  • Title: Cisco Adaptive Security Response HTTP Response Splitting
  • Description: Cisco Adaptive Security Response (ASA) is a security appliance. Cisco ASA is exposed to an HTTP response splitting issue that occurs when a user connects to the web interface of ASA through HTTP and is then redirected to an SSL encrypted page. Firmware versions prior to Cisco ASA 8.1(2) are affected.
  • Ref: http://www.secureworks.com/ctu/advisories/SWRX-2010-001/
  • 10.27.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: feh "--wget-timestamp" Remote Code Execution
  • Description: feh is an image viewing application that uses imlib2. feh is exposed to a remote code execution issue that occurs because the application fails to sanitize meta characters when opening URI's with the "--wget-timestamp" command line argument.
  • Ref: http://www.securityfocus.com/bid/41161
  • 10.27.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: UltraISO 9.3.6.2750 Multiple Buffer Overflow Vulnerabilities
  • Description: UltraISO is an application for handling CD/DVD images; it is available for Microsoft Windows. UltraISO is exposed to multiple stack-based buffer overflow issues because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer. UltraISO version 9.3.6.2750 is affected.
  • Ref: http://www.securityfocus.com/bid/41162
  • 10.27.36 - CVE: CVE-2010-1205
  • Platform: Cross Platform
  • Title: libpng Memory Corruption and Memory Leak Issue
  • Description: The "libpng" library is a PNG reference library. The library is exposed to multiple issues. Libpng versions prior to 1.4.3 and 1.2.44 are affected.
  • Ref: http://www.securityfocus.com/bid/41174/references
  • 10.27.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM FileNet Security Bypass Issue
  • Description: IBM FileNet Business Process Manager manages workflow among people and systems for content and case based processes. IBM FileNet is exposed to an unspecified security bypass issue that may allow an attacker to install and configure the Content Search Engine or to bootstrap the Content Engine. Refer to advisory for further details.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21438487
  • 10.27.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RM Downloader ".m3u" File Buffer Overflow
  • Description: RM Downloader is an application for downloading media streams. RM Downloader is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling specially crafted ".m3u" files. RM Downloader version 3.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/41180
  • 10.27.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SciTE ".txt" File Buffer Overflow Issue
  • Description: SciTE is a SCIntilla based text editor. SciTE is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling specially crafted ".txt" files. SciTE versions 1.76 is affected.
  • Ref: http://www.securityfocus.com/bid/41185/references
  • 10.27.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP OpenVMS Auditing Unspecified Information Disclosure
  • Description: OpenVMS is a mainframe-like operating system originally developed by Digital. OpenVMS is exposed to an unspecified remote information disclosure issue affecting the "Auditing" component. OpenVMS version 8.3 is affected.
  • Ref: ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VMS83I_SYS_MUP-V1400.txt
  • 10.27.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kingsoft Writer ".doc" File Stack Buffer Overflow
  • Description: Kingsoft Writer is a document processing application. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when opening specially crafted ".doc" files. Kingsoft Writer versions 2010 6.6.0.2462 is affected.
  • Ref: http://www.securityfocus.com/bid/41192/references
  • 10.27.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MemDB Multiple Products Multiple Remote Denial of Service Vulnerabilities
  • Description: MemCompany, Memdb Memory Database System, and Memdb Online Survey System are web-based applications used to perform database transactions on Windows platforms. The application is exposed to multiple remote denial of service issues that occur while processing a large "Host" header in an HTTP request when the "page" parameter is set to "query"; and when processing a large "Host" header in an HTTP request.
  • Ref: http://www.securityfocus.com/bid/41195
  • 10.27.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IDA Pro QNX File Loader Denial of Service
  • Description: DataRescue IDA Pro is a debugger and disassembler available for multiple operating platforms. The application is exposed to a remote denial of service issue that affects the QNX file loader. IDA Pro versions 3.76 up to and including 5.6 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512052
  • 10.27.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Rational ClearQuest Unspecified Security Vulnerabilities
  • Description: IBM Rational ClearQuest is an application for managing software development. The application is exposed to multiple unspecified issues. IBM Rational ClearQuest versions 7.1.0.2 and earlier are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM07157
  • 10.27.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GSM SIM Utility ".sms" File Buffer Overflow
  • Description: GSM SIM Utility is a SIM card cloning software. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when handling specially crafted ".sms" files. GSM SIM Utility versions 5.15 is affected.
  • Ref: http://www.securityfocus.com/bid/41212/references
  • 10.27.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi JP1/ServerConductor/DeploymentManager DPM Denial of Service
  • Description: Hitachi JP1/ServerConductor/DeploymentManager is exposed to a denial of service issue because it fails to properly handle crafted packets. This issue is due to an unspecified error in the client services for DPM.
  • Ref: http://www.securityfocus.com/bid/41219
  • 10.27.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Snare Agents Web Interface Cross-Site Request Forgery
  • Description: Snare is a log management and incident reporting application. Multiple Snare agents are exposed to a cross-site request forgery issue that affect the web interface.
  • Ref: http://www.kb.cert.org/vuls/id/173009
  • 10.27.48 - CVE: CVE-2010-1240, CVE-2010-1285, CVE-2010-1295,CVE-2010-1297, CVE-2010-2168, CVE-2010-2201, CVE-2010-2202,CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210,CVE-2010-2211, CVE-2010-2212
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader Remote Code Execution
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Reader and Acrobat are exposed to the following issues: a remote code execution issue that can be triggered by an invalid pointer, a memory corruption issue, an invalid pointer issue, a denial of service issue, an array indexing error issue and a dereference deleted heap object issue. Adobe Reader and Acrobat versions prior to and including 9.3.2 and 8.2.2 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-15.html
  • 10.27.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: K-Search "index.php" Cross-Site Scripting
  • Description: K-Search is a web-based meta search script. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "term" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/41057
  • 10.27.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Linksys WAP54Gv3 Wireless Router "debug.cgi" Cross-Site Scripting
  • Description: Linksys WAP54Gv3 is a wireless router device. The device is exposed to a cross-site scripting issue because its web interface fails to properly sanitize user-supplied input. Specifically, the application fails to sanitize input supplied to the "data1" POST parameter of the "debug.cgi" script.
  • Ref: http://www.icysilence.org/wp-content/uploads/IS-2010-003_Linksys_WAP54Gv3_debug.
    cgi_Cross_Site_Scripting.txt
  • 10.27.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Masquerade Module Multiple Cross-Site Request Forgery Issues
  • Description: Masquerade is a module for the Drupal content manager. The Masquerade module for Drupal is exposed to multiple cross-site request forgery issues that affect the "masquerade/switch" and "masquerade/unswitch" paths. Masquerade versions prior to 6.x-1.4 are affected.
  • Ref: http://drupal.org/node/835900
  • 10.27.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Block Queue Module For Drupal Cross-Site Request Forgery
  • Description: Block Queue is a module for Drupal content manager. The module is exposed to a cross-site request forgery issue.
  • Ref: http://drupal.org/node/836084
  • 10.27.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cimy Counter for WordPress HTTP Response Splitting and Cross- Site Scripting Vulnerabilities
  • Description: Cimy Counter for WordPress is page access and download counter application for the WordPress content manager. The application is exposed to a cross-site scripting issue and an HTTP response splitting issue because it fails to properly sanitize user-supplied input. Cimy Counter for WordPress versions prior to 0.9.5 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512003
  • 10.27.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Limny "q" Parameter Cross-Site Scripting
  • Description: Limny is a web-based meta search script. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "q" parameter of the "index.php" script. Limny versions prior to 2.2 are affected.
  • Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_limny.html
  • 10.27.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Python Paste "paste.httpexceptions" Multiple Cross-Site Scripting
  • Description: Python Paste is a tool for using Web Server Gateway Interface stacks. Python Paste is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Python Paste versions prior to 1.7.4 are affected.
  • Ref: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
  • 10.27.57 - CVE: CVE-2010-1625
  • Platform: Web Application - Cross Site Scripting
  • Title: LXR Cross Referencer Version Prior to 0.9.7 Multiple Cross-Site Scripting Vulnerabilities
  • Description: LXR Cross Referencer is a web-based application for managing source code. LXR Cross Referencer is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "search" body and the results page for a search. LXR Cross Referencer versions prior to 0.9.7 are affected.
  • Ref: http://marc.info/?l=oss-security&m=127289957223005&w=2
  • 10.27.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MetInfo enterprise website management system "search.php" Cross- Site Scripting
  • Description: MetInfo enterprise website management system is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "search" field of the "search.php" script. MetInfo enterprise website management system version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41203
  • 10.27.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Rent Vs. Buy Calculator Multiple Cross-Site Scripting Vulnerabilities
  • Description: Rent Vs. Buy Calculator is a calculator application. Rent Vs. Buy Calculator is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input.
  • Ref: http://www.patricia-beck.com/calculators/rent_v_buy-instructions.php
  • 10.27.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: How much house can I afford Calculator "monthly_payment.php" Cross-Site Scripting
  • Description: How much house can I afford Calculator is a web-based application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user supplied input to an unspecified field of the "monthly_payment.php" script.
  • Ref: http://www.securityfocus.com/bid/41210/references
  • 10.27.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Amortization Calculator "mortgage_amort.php" Cross-Site Scripting
  • Description: Amortization Calculator is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an unspecified field of the "mortgage_amort.php" script.
  • Ref: http://www.securityfocus.com/bid/41211
  • 10.27.62 - CVE: CVE-2010-1520
  • Platform: Web Application - Cross Site Scripting
  • Title: TaskFreak! "logout.php" Cross-Site Scripting
  • Description: TaskFreak! is a web-based task manager implemented in PHP. TaskFreak! is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "tznMessage" parameter of the "logout.php" script. TaskFreak! versions prior to 0.6.4 are affected.
  • Ref: http://www.securityfocus.com/bid/41221/references
  • 10.27.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Iatek PortalApp "login.asp" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Iatek PortalApp is an open-source portal and a content management system. Iatek PortalApp is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "email", "user_name", and "password" parameters of the "login.asp" script. Iatek PortalApp version 4.0 is affected.
  • Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_portalapp_2.html
  • 10.27.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Site2Nite Boat Classifieds "printdetail.asp" SQL Injection
  • Description: Site2Nite Boat Classifieds is an ASP based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Id" parameter of the "printdetail.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41059/references
  • 10.27.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Projects Multi-Vendor Shopping Malls "products.php" SQL Injection
  • Description: Pre Multi Vendor Shopping Malls is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "products.php" script.
  • Ref: http://www.securityfocus.com/bid/41074/references
  • 10.27.66 - CVE: CVE-2010-2338
  • Platform: Web Application - SQL Injection
  • Title: VU Web Visitor Analyst "redir.asp" Multiple SQL Injection Vulnerabilities
  • Description: VU Web Visitor Analyst is an ASP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "redir.asp" script.
  • Ref: http://www.securityfocus.com/bid/41083
  • 10.27.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz MLM Script "viewnews.php" SQL Injection Issue
  • Description: 2daybiz MLM Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "nwsid" parameter of the "viewnews.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41097/references
  • 10.27.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easy Translator Module For Drupal SQL Injection
  • Description: Easy Translator is a module for the Drupal content manager. The module is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
  • Ref: http://drupal.org/node/836084
  • 10.27.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz Custom Business Card Script "categories.php" SQL Injection
  • Description: 2daybiz Custom Business Card Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "selcat" parameter of the "categories.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41110/references
  • 10.27.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz Photo Sharing Script "freesearch.php" SQL Injection
  • Description: 2daybiz Photo Sharing Script is a PHP-based photo sharing application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "search" parameter of the "freesearch.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41115/references
  • 10.27.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AbleDating "news.php" SQL Injection Issue
  • Description: AbleDating is a PHP-based online dating application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "view" parameter of the "news.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41119/references
  • 10.27.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz Job Site Script Multiple SQL Injection Issue
  • Description: 2daybiz Job Site Script is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/41123/references
  • 10.27.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Lois Software WebDB Script Multiple SQL Injection Vulnerabilities
  • Description: Lois Software WebDB is an online database system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Lois Software WebDB version 2.0a is affected.
  • Ref: http://www.securityfocus.com/archive/1/511997
  • 10.27.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Big Forum "forum.php" SQL Injection Issue
  • Description: Big Forum is a PHP-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "forum.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41135/references
  • 10.27.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AbleSpace "news.php" SQL Injection Issue
  • Description: AbleSpace is a PHP-based community application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "view" parameter of the "news.php" script before using it in an SQL query. AbleSpace version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41139/references
  • 10.27.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz B2B Portal Script "selling_buy_leads1.php" SQL Injection
  • Description: 2daybiz B2B Portal Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "products/business2business/selling_buy_leads1.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41155/references
  • 10.27.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Snipe Gallery "image.php" SQL Injection
  • Description: Snipe Gallery is a PHP-based application for image management. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "_id" parameter of the "image.php" script before using it in an SQL query. Snipe Gallery version 3.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/41164
  • 10.27.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz Matrimonial Script "smartresult.php" SQL Injection
  • Description: 2daybiz Matrimonial Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "complexion" parameter of the "smartresult.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41167/references
  • 10.27.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz Freelance Script "searchproject.php" SQL Injection
  • Description: 2daybiz Freelance Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cate" parameter of the "searchproject.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41170/references
  • 10.27.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 2daybiz Polls Script "searchvote.php" SQL Injection
  • Description: 2daybiz Polls Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "searchvote.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41172/references
  • 10.27.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OlyKit Swoopo Clone 2010 "id" Parameter SQL Injection
  • Description: Swoopo Clone 2010 is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41178
  • 10.27.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: i-Net Online Community Site Script "profile_social.php" SQL Injection
  • Description: i-Net Online Community Site Script is an online social networking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "profile_social.php" script.
  • Ref: http://www.securityfocus.com/bid/41183/references
  • 10.27.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Customer Paradigm PageDirector "id" Parameter SQL Injection
  • Description: Customer Paradigm PageDirector is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/41184
  • 10.27.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PTCPay GeN4 "buyupg.php" SQL Injection
  • Description: PTCPay GeN4 is a script for creating "paid to click" websites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "upg" parameter of the "buyupg.php" script.
  • Ref: http://www.securityfocus.com/bid/41189/references
  • 10.27.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlaherTech Placeto CMS "Username" Parameter SQL Injection
  • Description: BlaherTech Placeto CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "Username" parameter of the "Admin Panel" page before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41190/references
  • 10.27.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: i-Net Multi User Email Script "php121_editname.php" SQL Injection
  • Description: i-Net Multi User Email Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "uid" parameter of the "products/2daybizemail/php121_editname.php" script.
  • Ref: http://www.securityfocus.com/bid/41191
  • 10.27.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Customer Paradigm PageDirector "result.php" SQL Injection
  • Description: Customer Paradigm PageDirector is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "sub_catid" parameter of the "result.php" script.
  • Ref: http://www.securityfocus.com/bid/41196/references
  • 10.27.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eBay Clone Script 2010 "showcategory.php" SQL Injection
  • Description: eBay Clone Script 2010 is a PHP-based eBay clone. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cid" parameter of the "showcategory.php" script.
  • Ref: http://www.securityfocus.com/bid/41200/references
  • 10.27.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Clix"N"Cash Clone 2010 "index.php" SQL Injection
  • Description: Clix'N'Cash Clone 2010 is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "view" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/41202/references
  • 10.27.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: V-EVA Classified Script "classified_img.php" SQL Injection
  • Description: V-EVA Classified Script is a PHP-based classified application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "clsid" parameter of the "classified_img.php" script. V-EVA Classified Script version 5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41204/references
  • 10.27.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TopManage OLK Multiple SQL Injection Issue
  • Description: TopManage OLK is a web application that integrates with SAP based solutions. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to multiple fields before using them in an SQL query. TopManage OLK version1.91.30 affected.
  • Ref: http://www.securityfocus.com/archive/1/512084
  • 10.27.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ECOMAT "show" Parameter SQL Injection
  • Description: ECOMAT is a PHP-based content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "show" parameter of the "index.php" script. ECOMAT version 5.0 is affected.
  • Ref: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_ecomat_cms.html
  • 10.27.93 - CVE: CVE-2010-1521
  • Platform: Web Application - SQL Injection
  • Title: TaskFreak! "login.php" SQL Injection Issue
  • Description: TaskFreak! is a web-based task manager implemented in PHP. TaskFreak! is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "password" parameter in the "login.php" script before using it in an SQL query in "include/classes/tzn_user.php". TaskFreak! versions prior to 0.6.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512077
  • 10.27.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LIOOSYS CMS "news.php" SQL Injection Issue
  • Description: LIOOSYS CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news/news.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41225/references
  • 10.27.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple File Manager "filename" Parameter Directory Traversal
  • Description: Simple File Manager is a web-based file manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "filename" parameter of the "fm.php" script. Simple File Manager version 24a is affected.
  • Ref: http://www.securityfocus.com/bid/41062/references
  • 10.27.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Apache Axis2 "/axis2/axis2-admin" Session Fixation Issue
  • Description: Axis2 is a Web Services, SOAP, and WSDL engine. Apache Axis2 is exposed to a session fixation issue. This issue affects the "module" parameter of the "/axis2/axis2-admin" page. Apache Axis2 version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/41076/references
  • 10.27.97 - CVE: Not Available
  • Platform: Web Application
  • Title: mlmmj Edit and Save Multiple Directory Traversal
  • Description: mlmmj (Mailing List Managing Mad Joyful) is a mailing list application. The application is exposed to multiple directory traversal issues because it fails to sufficiently sanitize user-supplied input. These issues occur when saving and editing list entries that originate from the "phpadmin" web interface. mlmmj versions 1.2.15 and 1.2.16 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=607256
  • 10.27.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple Image Upload Module For Drupal Security Bypass
  • Description: Multiple Image Upload is a module for the Drupal content manager. The Multiple Image Upload module for Drupal is exposed to a security bypass issue that may allow attackers to perform actions without proper authorization.
  • Ref: http://drupal.org/node/836084
  • 10.27.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Pishbiny.com - Football Forecast Script SQL Injection and Cross-Site Scripting Issues
  • Description: Pishbiny.com - Football Forecast Script is a web-based application implemented in PHP. The application is exposed to multiple security issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/41105/references
  • 10.27.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Case Tracker Module Security Bypass and HTML Injection
  • Description: Drupal Case Tracker is a module for the Drupal content manager. The application is exposed to the multiple HTML injection issues. Drupal Case Tracker versions prior to 5.x-1.4 are affected.
  • Ref: http://drupal.org/node/835936
  • 10.27.101 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenEMR "new_comprehensive_save.php" Multiple HTML Injection Vulnerabilities
  • Description: OpenEMR is an electronic medical record application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to the "form_fname" and "form_lname" parameters of the "new_comprehensive_save.php" script before using it in dynamically generated content. OpenEMR version 3.2 is affected.
  • Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0524.html
  • 10.27.102 - CVE: Not Available
  • Platform: Web Application
  • Title: AdaptCMS "init.php" Remote File Include Issue
  • Description: AdaptCMS is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "sitepath" parameter of the "inc/smarty/libs/init.php" script. AdaptCMS version 2.0.0 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/41116/references
  • 10.27.103 - CVE: Not Available
  • Platform: Web Application
  • Title: activeCollab "index.php" Local File Include
  • Description: activeCollab is a project management and collaboration tool. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "module" parameter of the "active/index.php" script. activeCollab version 2.3.0 is affected.
  • Ref: http://www.activecollab.com/forums/post/26737/
  • 10.27.104 - CVE: Not Available
  • Platform: Web Application
  • Title: activeCollab "index.php" Multiple Local File Include Issues
  • Description: activeCollab is a project management and collaboration tool. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "action" and "controller" parameters of the "active/index.php" script. activeCollab versions prior to 2.3.1 are affected.
  • Ref: http://www.securityfocus.com/bid/41142/references
  • 10.27.105 - CVE: Not Available
  • Platform: Web Application
  • Title: activeCollab Unspecified HTML Injection
  • Description: activeCollab is a project management and collaboration tool. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to an unspecified parameter before using it when generating SVN commit messages. activeCollab versions prior to 2.3.1 are affected.
  • Ref: http://www.activecollab.com/forums/post/26737/
  • 10.27.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Bugzilla "localconfig" Information Disclosure Issue
  • Description: Bugzilla is a freely available, open-source bug tracker. The application is exposed to an information disclosure issue. Specifically, when the "$use_suexec" variable in the "localconfig" file is set to "1" , the "localconfig" file permission is set as world readable by "checksetup.pl". Bugzilla versions 3.5.1 to 3.7 are affected.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=561797
  • 10.27.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Machines Forum Change Administrator Password Security Bypass
  • Description: Simple Machines Forum is a PHP-based application for setting up online communities. The application is exposed to a security bypass issue. Specifically this issue allows an attacker to change the password of the administrator by sending a specially crafted HTTP GET request to the application. Simple Machines Forum version 1.1.11 is affected.
  • Ref: http://www.securityfocus.com/bid/41150/references
  • 10.27.108 - CVE: Not Available
  • Platform: Web Application
  • Title: ARSC Really Simple Chat Cross-Site Scripting and Remote File Include
  • Description: ARSC Really Simple Chat is a PHP-based chat application. ARSC Really Simple Chat is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. ARSC Really Simple Chat version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/41153/references
  • 10.27.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Bilder Upload Script Arbitrary File Upload
  • Description: Bilder Upload Script is a web-based application. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input. Specifically, this issue affects the "upload.php" script. Bilder Upload Script version 1.09 is affected.
  • Ref: http://www.securityfocus.com/bid/41176
  • 10.27.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Speedy Arbitrary File Upload Issue
  • Description: Speedy is a web-based application implemented in PHP. The application is exposed to an arbitrary file upload issue because it fails to properly sanitize user-supplied input. Speedy version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41179/references
  • 10.27.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Mollify Removed Folders Access Security Bypass Issue
  • Description: Mollify is a web file manager implemented in PHP. The application is exposed to a security bypass issue that allows an unrestricted access to the removed folders until the user logs out. Mollify versions prior to 1.6.5.3 are affected.
  • Ref: http://www.mollify.org/index.php
  • 10.27.112 - CVE: Not Available
  • Platform: Web Application
  • Title: OneCMS Multiple Cross-Site Scripting and SQL Injection Issues
  • Description: OneCMS is a PHP-based content management system. The application is exposed to multiple issues because it fails to sanitize user-supplied input. OneCMS version 2.6.1 is affected.
  • Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_news_module_of_onecms.html
  • 10.27.113 - CVE: Not Available
  • Platform: Web Application
  • Title: MySpace Clone 2010 SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: MySpace Clone 2010 is a PHP-based web application. The application is exposed to multiple issues. 1) An SQL injection issue that affects the "mode" parameter of the "index.php" script. 2) A cross-site scripting issue that affects the "mode" parameter of the "index.php" script.
  • Ref: http://www.euro-hq.com/products/MySpace-Clone-2010.html
  • 10.27.114 - CVE: Not Available
  • Platform: Web Application
  • Title: 2daybiz E-mail Portal Script SQL Injection and Security Bypass
  • Description: 2daybiz E-mail Portal Script is a web-based application implemented in PHP. The application is exposed to these security issues. An SQL injection issue occurs because the application fails to properly sanitize input to the "uid" parameter of the "php121_editname.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41214/references
  • 10.27.115 - CVE: Not Available
  • Platform: Web Application
  • Title: CANDID "view.php" SQL Injection and Cross-Site Scripting
  • Description: CANDID is a PHP-based web application for managing images. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. These issues affect the "image_id" parameter of the "view.php" script.
  • Ref: http://www.securityfocus.com/bid/41216/references
  • 10.27.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Dive Trip Calculator SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Dive Trip Calculator is a PHP-based web application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/41217/references
  • 10.27.117 - CVE: Not Available
  • Platform: Web Application
  • Title: Grafik CMS "admin.php" SQL Injection and Cross-Site Scripting
  • Description: Grafik CMS is a PHP-based content management application. The application is exposed to the multiple security issues because it fails to sufficiently sanitize user-supplied input. Grafik CMS version 1.1.2 is affected.
  • Ref: http://www.htbridge.ch/advisory/xss_vulnerability_in_grafik_cms.html
  • 10.27.118 - CVE: Not Available
  • Platform: Network Device
  • Title: Trend Micro InterScan Web Security Virtual Appliance Multiple Issues
  • Description: Trend Micro InterScan Web Security Virtual Appliance is a security device. The application is exposed to a multiple input validation issues. An authenticated user could exploit this issue using directory traversal strings to download or upload arbitrary files outside the root directory. Trend Micro InterScan Web Security Virtual Appliance Critical Build 1386 is affected.
  • Ref: http://www.trendmicro.com/ftp/documentation/readme/iwsva_50_ar64_en_cp1386_readm
    e.txt
  • 10.27.119 - CVE: Not Available
  • Platform: Network Device
  • Title: D-LINK DIR-615 Cross-Site Scripting Issue
  • Description: D-LINK DIR-615 is a wireless router. The device's web interface is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input.
  • Ref: http://swbae.egloos.com/3325910
  • 10.27.120 - CVE: Not Available
  • Platform: Network Device
  • Title: S2 NetBox Multiple Information Disclosure Vulnerabilities
  • Description: S2 NetBox is a device for temperature monitoring and managing physical security and surveillance. The device is managed through a built-in HTTP server with a web-based interface. S2 NetBox is exposed to multiple remote information disclosure issues because it fails to restrict access to sensitive information through authentication. S2 NetBox versions 2.5, 3.3 and 4.0 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/251133
  • 10.27.121 - CVE: Not Available
  • Platform: Network Device
  • Title: D-Link DAP-1160 Wireless Access Point DCC Protocol Security Bypass
  • Description: D-Link DAP-1160 is a wireless access point (WAP). The device is exposed to a security bypass issue because it fails to properly restrict access to the "dccd" daemon through UDP port 2003. D-Link DAP-1160 running firmware versions 120b06, 130b10, and 131b01 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512053
  • 10.27.122 - CVE: Not Available
  • Platform: Network Device
  • Title: D-Link DAP-1160 Web Administration Interface Security Bypass
  • Description: D-Link DAP-1160 is a wireless access point (WAP). The device is exposed to a security bypass issue because it fails to restrict access to certain pages in the web administration interface. D-Link DAP-1160 running firmware v120b06, v130b10 and v131b01 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512076

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The vendor-neutral instructional approach goes a long way in providing a broad base of information without bias.
-Keith Rice, Bank of America

Security 760

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage