@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Google Chrome prior to 5.0.375.99 Multiple Security Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 10.28.1 - Microsoft Windows "NtUserCheckAccessForIntegrityLevel" Local Privilege Escalation
• 10.28.2 - Microsoft IIS 5.1 Alternate Data Stream Authentication Bypass Issue
• 10.28.3 - Microsoft MFC Library "UpdateFrameTitleForDocument()" Buffer Overflow

Microsoft Office

• 10.28.4 - Microsoft Office Unspecified Remote Code Execution

Third Party Windows Apps

• 10.28.5 - Flash Slideshow Maker ".fss" File Multiple Heap Buffer Overflow Issue
• 10.28.6 - Mp3 DigitalBox ".mp3" File Remote Buffer Overflow
• 2.7is - SaschArt SasCam Webcam Server ActiveX Control "Head()" Method Buffer Overflow Issue
• 10.28.8 - ASX to MP3 Converter ".m3u" File Buffer Overflow

Cross Platform

• 10.28.9 - Qt Remote Denial of Service Issue
• 10.28.10 - PHP "strrchr()" Function Information Disclosure
• 10.28.11 - Splunk Cross-Site Scripting and Directory Traversal Issue
• 10.28.12 - Sumatra PDF Denial Of Service Issue
• 10.28.13 - Opera Web Browser Multiple Security Issue
• 10.28.14 - Cisco CSS/ACE Certificate Spoofing and HTTP Response Splitting Vulnerabilities
• 10.28.15 - Ruby "ARGF.inplace_mode" Buffer Overflow Issue
• 10.28.16 - iSCSI Enterprise Target Multiple Implementations iSNS Message Stack Buffer Overflow
• 10.28.17 - Dren's PHP Uploader "index.php" Remote File Upload Issue
• 10.28.18 - Google Chrome Multiple Security Issues
• 10.28.19 - bogofilter Base64 Encoding "=" Character Heap Memory Corruption
• 10.28.20 - IBM BladeCenter Management Module Multiple Issues
• 10.28.21 - Sun Java System Web Server Admin Interface Denial of Service

Web Application - Cross Site Scripting

• 10.28.22 - ArcademSX "cat" Parameter Cross-Site Scripting Issue
• 10.28.23 - HTML Purifier Unspecified Cross-Site Scripting Issue
• 10.28.24 - LiveZilla Multiple Cross-Site Scripting Issues
• 10.28.25 - Mako "cgi.escape()" Cross-Site Scripting Issue
• 10.28.26 - Zoph Multiple Cross-Site Scripting Issues
• 10.28.27 - Novell Identity Manager Roles Based Provisioning Multiple Cross-Site Scripting Issues
• 10.28.28 - i-Net Solution Matrimonial Script "alert.php" Cross-Site Scripting
• 10.28.29 - Orbis CMS "editor-body.php" Cross-Site Scripting Issue
• 10.28.30 - cPanel Cross-Site Request Forgery Issue

Web Application - SQL Injection

• 10.28.31 - System CMS Contentia "news.php" SQL Injection
• 10.28.32 - Mumble Murmur Denial of Service Issue
• 10.28.33 - E-topbiz Shopcart DX "products.php" SQL Injection
• 10.28.34 - Oxygen "post.php" SQL Injection Issue
• 10.28.35 - SIDA University System "UserStart.aspx" SQL Injection
• 10.28.36 - iScripts CyberMatch "profile.php" SQL Injection
• 10.28.37 - iScripts ReserveLogic "packagedetails.php" SQL Injection
• 10.28.38 - phpaaCMS "id" Parameter Multiple SQL Injection
• 10.28.39 - Ziggurat Farsi CMS "main.asp" SQL Injection Issue
• 10.28.40 - BrotherScripts Recipe Website "recipedetail.php" SQL Injection Issue
• 10.28.41 - BrotherScripts Business Directory "info.php" SQL Injection Issue
• 10.28.42 - Multiple BrotherScripts "username" and "password" SQL Injection
• 10.28.43 - iScripts MultiCart "refund_request.php" SQL Injection Issue
• 10.28.44 - Multi-Vendor Shopping Malls Multiple SQL Injection
• 10.28.45 - Scriptsfeed Scripts Directory Software

Web Application

• 10.28.46 - Kryn.cms Cross-Site Request Forgery and HTML Injection Issues
• 10.28.47 - TornadoStore SQL Injection and HTML Injection Issues
• 10.28.48 - Webgriffe Multimedia photoDiary "install.php" Local File Include
• 10.28.49 - DPScms "q" Parameter SQL Injection and Cross-Site Scripting Issues
• 10.28.50 - Trend Micro InterScan Web Security Virtual Appliance Multiple HTML Injection
• 10.28.51 - iScripts EasyBiller Multiple HTML Injection
• 10.28.52 - ReCMS "users_lang" Parameter Directory Traversal Issue
• 10.28.53 - Views Module for Drupal "views_ajax_autocomplete_user" Authentication Bypass
• 10.28.54 - Pointter PHP Micro-Blogging Social Network "showphoto.php" Local File Include
• 10.28.55 - WordPress WP-UserOnline URL HTML Injection Issue
• 10.28.56 - iScripts SocialWare Multiple Security Issues
• 10.28.57 - Online Guestbook Pro "ogp_show.php" Multiple Input Validation
• 10.28.58 - Online Contact Manager "view.php" Multiple Input Validation
• 10.28.59 - SocialABC NetworX Arbitrary File Upload and Cross-Site Scripting Issue

Network Device

• 10.28.60 - ALPHA Ethernet Adapter II Web-Manager Security Bypass Issue
• 10.28.61 - BlackBerry 9700 Web Browser Unspecified Remote Denial of Service Issue
• 10.28.62 - Apple iPad Unspecified Client Side Remote

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 28, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9700 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.28.1 - CVE: Not Available
• Platform: Windows
• Title: Microsoft Windows "NtUserCheckAccessForIntegrityLevel" Local Privilege Escalation
• Description: The "Win32k.sys" kernel mode device driver provides various functions such as the window manager, collection of user input, screen output, and Graphics Device Interface. It also serves as a wrapper for DirectX support. Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel "Win32k.sys" kernel mode device driver. The problem occurs when handling the "NtUserCheckAccessForIntegrityLevel" system calls and may result in a use after free memory corruption condition.
• Ref: http://seclists.org/fulldisclosure/2010/Jul/3

• 10.28.2 - CVE: Not Available
• Platform: Windows
• Title: Microsoft IIS 5.1 Alternate Data Stream Authentication Bypass Issue
• Description: Microsoft Internet Information Services (IIS) is a web server available for Microsoft Windows. The application is exposed to an authentication bypass issue because it fails to properly enforce access restrictions on certain requests to directories that require authentication. Microsoft IIS version 5.1 is affected.
• Ref: http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypas
  s-by-using-i30index_allocation/

• 10.28.3 - CVE: Not Available
• Platform: Windows
• Title: Microsoft MFC Library "UpdateFrameTitleForDocument()" Buffer Overflow
• Description: The Microsoft Windows MFC library is prone to a buffer overflow issue because it fails to perform adequate boundary checks of user-supplied input. Specifically, the issue exists in the "UpdateFrameTitleForDocument()" function of the "CFrameWnd" class in "mfc42.dll".
• Ref: http://www.securityfocus.com/bid/41333

• 10.28.4 - CVE: Not Available
• Platform: Microsoft Office
• Title: Microsoft Office Unspecified Remote Code Execution
• Description: Microsoft Office is a suite of interrelated desktop applications for Microsoft Windows and Mac OS. Microsoft Office is exposed to an unspecified remote code execution issue that allows an attacker to bypass the Data Execution Prevention and Office File validation features.
• Ref: http://www.vupen.com/english/threats/

• 10.28.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Flash Slideshow Maker ".fss" File Multiple Heap Buffer Overflow Issue
• Description: Flash Slideshow Maker is a flash album creator application. Flash Slideshow Maker is exposed to multiple heap-based buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied data. The issues occur when handling excessively large "Title", "Description", or "Url" attributes of a "Photo_data" element contained in a ".fss" file. Flash Slideshow Maker version 5.0 is affected.
• Ref: http://security.bkis.com/vulnerability-in-flash-slideshow-maker/

• 10.28.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Mp3 DigitalBox ".mp3" File Remote Buffer Overflow
• Description: Mp3 DigitalBox is a media player for the Windows operating system. The application is exposed to a remote stack based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".mp3" file. Mp3 DigitalBox version 2.7.2.0 is affected.
• Ref: http://www.securityfocus.com/bid/41329

• 2.7is - CVE: Not Available0297D24A-F425-47EE-9F3B-A459BCE593E3. SasCam Webcam Server version affected.
• Platform: Third Party Windows Apps
• Title: SaschArt SasCam Webcam Server ActiveX Control "Head()" Method Buffer Overflow Issue
• Description: SasCam Webcam Server is a web camera application available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. The issue affects the "Head()" method of the ActiveX control identified by CLSID:
• Ref: http://www.securityfocus.com/bid/41343

• 10.28.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: ASX to MP3 Converter ".m3u" File Buffer Overflow
• Description: ASX to MP3 Converter is a multimedia converter available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a specially crafted ".m3u" file. ASX to MP3 Converter version 3.1.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/41380

• 10.28.9 - CVE: Not Available
• Platform: Cross Platform
• Title: Qt Remote Denial of Service Issue
• Description: Qt is a cross-platform application development framework for GUI programs. Qt is exposed to a denial of service issue caused by an infinite loop condition. Specifically, the issue affects the "QSslSocketBackendPrivate::transmit()" function in "src/network/ssl/qsslsocket_openssl.cpp". Qt versions 4.6.3 and prior are affected.
• Ref: http://www.securityfocus.com/bid/41250

• 10.28.10 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP "strrchr()" Function Information Disclosure
• Description: PHP is a programming language commonly used for web applications. PHP is exposed to an information disclosure issue because the "strrchr()" function can be interrupted and used to disclose memory due to a call time pass by reference error.
• Ref: http://www.securityfocus.com/bid/41265/references

• 10.28.11 - CVE: Not Available
• Platform: Cross Platform
• Title: Splunk Cross-Site Scripting and Directory Traversal Issue
• Description: Splunk is an IT infrastructure monitoring system. The application is exposed to multiple input validation issues because it fails to sanitize user-supplied input.
• Ref: http://www.splunk.com/view/SP-CAAAFGD#31067

• 10.28.12 - CVE: Not Available
• Platform: Cross Platform
• Title: Sumatra PDF Denial Of Service Issue
• Description: Sumatra PDF is a PDF viewer application for Windows. The application is exposed to an unspecified denial of service issue. Specifically, the issue occurs when a crafted PDF file is parsed. Sumatra PDF version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/41276

• 10.28.13 - CVE: Not Available
• Platform: Cross Platform
• Title: Opera Web Browser Multiple Security Issue
• Description: Opera Web Browser is a browser that runs on multiple operating systems. Opera is exposed to the multiple security issues like remote code execution and information disclosure issues. Opera Web Browser versions prior to Opera 10.60 are affected.
• Ref: http://www.securityfocus.com/bid/41284/references

• 10.28.14 - CVE: CVE-2010-1575, CVE-2010-1576
• Platform: Cross Platform
• Title: Cisco CSS/ACE Certificate Spoofing and HTTP Response Splitting Vulnerabilities
• Description: The Cisco CSS (Content Services Switch) is a high-performance, high-availability modular architecture for Web infrastructures. Cisco ACE (Application Control Engine) is a load balancing and application delivery solution for data centers. Cisco CSS and ACE are exposed to multiple issues.
• Ref: http://www.securityfocus.com/archive/1/512144

• 10.28.15 - CVE: Not Available
• Platform: Cross Platform
• Title: Ruby "ARGF.inplace_mode" Buffer Overflow Issue
• Description: Ruby is an object oriented scripting language. Ruby is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when a danger value is assigned to "ARGF.inplace_mode" on Windows. Ruby versions 1.9.3 dev, 1.9.1 patch level 378 and prior, and 1.9.2 preview 3 and prior are affected.
• Ref: http://www.securityfocus.com/bid/41321

• 10.28.16 - CVE: CVE-2010-2221
• Platform: Cross Platform
• Title: iSCSI Enterprise Target Multiple Implementations iSNS Message Stack Buffer Overflow
• Description: iSCSI Enterprise Target is an open source iSCSI implementation based on the Ardis target implementation. Multiple implementations of iSCSI Enterprise Target are exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling a specially crafted iSNS message. The following products are affected: iSCSI Enterprise Target 1.4.20.1 and prior, Generic SCSI Target Subsystem for Linux 1.0.1.1 and prior, Linux SCSI target framework 1.0 and prior
• Ref: http://www.securityfocus.com/bid/41327

• 10.28.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Dren's PHP Uploader "index.php" Remote File Upload Issue
• Description: Dren's PHP Uploader is a file upload script. Dren's PHP Uploader is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately limit the types of files that can be uploaded. Specifically, this issue affects the "index.php" script, and attackers can execute their uploaded script through the "files/" directory.
• Ref: http://www.securityfocus.com/bid/41331

• 10.28.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Multiple Security Issues
• Description: Google Chrome is a web browser for multiple platforms. Google Chrome is exposed to multiple security issues. Google Chrome versions prior to 5.0.375.99 are affected.
• Ref: http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html

• 10.28.19 - CVE: Not Available
• Platform: Cross Platform
• Title: bogofilter Base64 Encoding "=" Character Heap Memory Corruption
• Description: bogofilter is a Bayesian spam filtering application designed to run on Linux and Unix platforms. bogofilter is exposed to a remote heap memory corruption issue due to an off by one error. This issue occurs when processing Base64 encoded strings beginning with an equals character (=). bogofilter version 1.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/41339

• 10.28.20 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM BladeCenter Management Module Multiple Issues
• Description: IBM BladeCenter Management Module is a system management processor for BladeCenter servers. The application is exposed to multiple security issues. IBM BladeCenter Management Module BPET48L is affected.
• Ref: http://www.securityfocus.com/bid/41383

• 10.28.21 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java System Web Server Admin Interface Denial of Service
• Description: Sun Java System Web Server is an HTTP server. The application is exposed to a denial of service issue that occurs when a "{" character is sent to the admin interface of the server. Sun Java System Web Server version 7.0 Update 7 is affected.
• Ref: http://www.securityfocus.com/bid/41389

• 10.28.22 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ArcademSX "cat" Parameter Cross-Site Scripting Issue
• Description: ArcademSX is a web-based meta search script. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "cat" parameter of the "arcademsx/index.php" script. ArcademSX version 2.904 is affected.
• Ref: http://www.securityfocus.com/bid/41252

• 10.28.23 - CVE: CVE-2010-2479
• Platform: Web Application - Cross Site Scripting
• Title: HTML Purifier Unspecified Cross-Site Scripting Issue
• Description: HTML Purifier is an HTML filtering application implemented in PHP. The application is prone to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter. HTML Purifier versions Prior to 4.1.1 are affected.
• Ref: http://htmlpurifier.org/news/2010/0531-4.1.1-released

• 10.28.24 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: LiveZilla Multiple Cross-Site Scripting Issues
• Description: LiveZilla is a PHP-based online support application. LiveZilla is exposed to multiple cross-site scripting issues because it fails to properly sanitize user supplied input. LiveZilla version 3.1.8.3 is affected.
• Ref: http://www.securityfocus.com/bid/41271/info

• 10.28.25 - CVE: CVE-2010-2480
• Platform: Web Application - Cross Site Scripting
• Title: Mako "cgi.escape()" Cross-Site Scripting Issue
• Description: Mako is a template library for the Python platform. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Specifically single quotes are not filtered by the "cgi.escape()" function. Mako versions prior to 0.3.4 are affected.
• Ref: http://bugs.python.org/issue9061

• 10.28.26 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Zoph Multiple Cross-Site Scripting Issues
• Description: Zoph is a web-based image management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "user_name", "title", "called", "email", "dob", "middle_name", "last_name", "first_name", "subject", "message", "photographer_id", "person_id", "_random", "_rating-op", "rating", "timestamp" and "_timestamp-op" parameters of unspecified scripts. Zoph versions prior to 0.8.0.3 and 0.8.1.1 are affected.
• Ref: http://www.securityfocus.com/bid/41316

• 10.28.27 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Novell Identity Manager Roles Based Provisioning Multiple Cross-Site Scripting Issues
• Description: Novell Identity Manager is an application used for automating identity management. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/41337

• 10.28.28 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: i-Net Solution Matrimonial Script "alert.php" Cross-Site Scripting
• Description: i-Net Solution Matrimonial Script is a web-based matrimonial application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "id" parameter of the "alert.php" script. i-Net Solution Matrimonial Script version 2.0.3 is affected.
• Ref: http://www.securityfocus.com/bid/41387

• 10.28.29 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Orbis CMS "editor-body.php" Cross-Site Scripting Issue
• Description: Orbis CMS is a content manager implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user supplied input to the "s" parameter of the "admin/editors/text/editor-body.php" script. Orbis CMS version 1.0.2 is affected.
• Ref: http://www.securityfocus.com/bid/41390

• 10.28.30 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: cPanel Cross-Site Request Forgery Issue
• Description: cPanel is a web hosting control panel implemented in PHP. The application is exposed to a cross-site request forgery issue. Specifically, this issue occurs when a specially crafted HTML Page containing a request for adding an FTP account is sent to the "frontend/x3/ftp/doaddftp.html" script. cPanel version 11.25 is affected.
• Ref: http://www.securityfocus.com/bid/41391

• 10.28.31 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: System CMS Contentia "news.php" SQL Injection
• Description: System CMS Contentia is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41248

• 10.28.32 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Mumble Murmur Denial of Service Issue
• Description: Mumble is a voice chat application. Murmur is the server component for Mumble. Mumble Murmur is exposed to a denial of service issue. Specifically, this issue occurs when the server processes malformed data in an SQL query. Mumble versions 1.2.2 and prior are affected.
• Ref: http://www.securityfocus.com/bid/41251

• 10.28.33 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: E-topbiz Shopcart DX "products.php" SQL Injection
• Description: Shopcart DX is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "products.php" script before using it in an SQL query. Shopcart DX versions 4.30 and prior are affected.
• Ref: http://www.securityfocus.com/bid/41255/references

• 10.28.34 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Oxygen "post.php" SQL Injection Issue
• Description: Oxygen is a PHP-based bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fid" parameter of the "post.php" script before using it in an SQL query. Oxygen version 1.1.3 is affected.
• Ref: http://www.securityfocus.com/bid/41291

• 10.28.35 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SIDA University System "UserStart.aspx" SQL Injection
• Description: SIDA University System is a ASP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "email" parameter of the "Portal/Research/ResearchPlan/UserStart.aspx" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41294/references

• 10.28.36 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: iScripts CyberMatch "profile.php" SQL Injection
• Description: iScripts CyberMatch is a PHP-based online dating script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "profile.php" script. CyberMatch version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/41300

• 10.28.37 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: iScripts ReserveLogic "packagedetails.php" SQL Injection
• Description: iScripts ReserveLogic is a PHP-based reservation manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "packagedetails.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41325

• 10.28.38 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpaaCMS "id" Parameter Multiple SQL Injection
• Description: phpaaCMS is a PHP-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "show.php" and the "list.php" scripts. phpaaCMS version 0.3.1 UTF-8 is affected.
• Ref: http://www.securityfocus.com/bid/41341

• 10.28.39 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Ziggurat Farsi CMS "main.asp" SQL Injection Issue
• Description: Ziggurat Farsi CMS is an ASP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "grp" parameter of the "main.asp" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41349

• 10.28.40 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: BrotherScripts Recipe Website "recipedetail.php" SQL Injection Issue
• Description: BrotherScripts Recipe Website is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "recipedetail.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41365

• 10.28.41 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: BrotherScripts Business Directory "info.php" SQL Injection Issue
• Description: BrotherScripts Business Directory is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "info.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41367

• 10.28.42 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Multiple BrotherScripts "username" and "password" SQL Injection
• Description: Multiple BrotherScripts applications are exposed to multiple SQL injection issues because they fail to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the login page before using it in an SQL query. Scripts Directory, Recipe Website, Business Directory are affected.
• Ref: http://www.securityfocus.com/bid/41371

• 10.28.43 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: iScripts MultiCart "refund_request.php" SQL Injection Issue
• Description: iScripts MultiCart is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "gorderid" parameter of the "refund_request.php" script. iScripts MultiCart version 2.2 is affected.
• Ref: http://www.securityfocus.com/bid/41377

• 10.28.44 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Multi-Vendor Shopping Malls Multiple SQL Injection
• Description: Multi-Vendor Shopping Malls is a web-based application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
• Ref: http://www.securityfocus.com/bid/41393

• 10.28.45 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Scriptsfeed Scripts Directory Software
• Description: Scriptsfeed Scripts Directory Software is a PHP-based online directory application. The application is exposed to multiple SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "us" and "ps" parameters of the "login.php" script.
• Ref: http://www.securityfocus.com/bid/41395

• 10.28.46 - CVE: Not Available
• Platform: Web Application
• Title: Kryn.cms Cross-Site Request Forgery and HTML Injection Issues
• Description: Kryn.cms is a PHP-based content manager. The application is exposed to multiple remote issues like cross-site request forgery and HTML injection.
• Ref: http://www.securityfocus.com/bid/41229

• 10.28.47 - CVE: Not Available
• Platform: Web Application
• Title: TornadoStore SQL Injection and HTML Injection Issues
• Description: TornadoStore is a PHP-based e-commerce application. The e-commerce application is exposed to multiple security issues because it fails to sufficiently sanitize user-supplied data. TornadoStore version 1.4.3 is affected.
• Ref: http://www.bonsai-sec.com/en/research/vulnerabilities/tornadostore-multiple-sql-
  injection-0106.php

• 10.28.48 - CVE: Not Available
• Platform: Web Application
• Title: Webgriffe Multimedia photoDiary "install.php" Local File Include
• Description: Webgriffe Multimedia photoDiary is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lng" parameter of the "admin/install.php" script. photoDiary version 1.3 is affected.
• Ref: http://www.securityfocus.com/bid/41266/references

• 10.28.49 - CVE: Not Available
• Platform: Web Application
• Title: DPScms "q" Parameter SQL Injection and Cross-Site Scripting Issues
• Description: DPScms is a PHP-based web application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. These issues affect the "q" parameter of the "index.php" script.
• Ref: http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_702.html

• 10.28.50 - CVE: Not Available
• Platform: Web Application
• Title: Trend Micro InterScan Web Security Virtual Appliance Multiple HTML Injection
• Description: InterScan Web Security Virtual Appliance is a security device. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input to the "desc", "metric_notifybody" and "metric_notify_subject" fields when creating a new user. InterScan Web Security Virtual Appliance version 5.0 is affected.
• Ref: http://www.securityfocus.com/bid/41296

• 10.28.51 - CVE: Not Available
• Platform: Web Application
• Title: iScripts EasyBiller Multiple HTML Injection
• Description: iScripts EasyBiller is a PHP-based billing application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to fields of the "editprofile.php" script.
• Ref: http://www.securityfocus.com/bid/41304

• 10.28.52 - CVE: Not Available
• Platform: Web Application
• Title: ReCMS "users_lang" Parameter Directory Traversal Issue
• Description: ReCMS is a PHP-based content manager for realty agencies. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "users_lang" parameter of the "state.php" script.
• Ref: http://www.securityfocus.com/bid/41310

• 10.28.53 - CVE: Not Available
• Platform: Web Application
• Title: Views Module for Drupal "views_ajax_autocomplete_user" Authentication Bypass
• Description: Views is a module for the Drupal content manager. The module is exposed to an authentication bypass issue because it fails to perform adequate access checks. Specifically, this issue affects the "q" parameter of the "views_ajax_autocomplete_user" function. Views versions 6.x-2.10 and 6.x-2.11 are affected.
• Ref: http://www.securityfocus.com/bid/41318

• 10.28.54 - CVE: Not Available
• Platform: Web Application
• Title: Pointter PHP Micro-Blogging Social Network "showphoto.php" Local File Include
• Description: Pointter PHP Micro-Blogging Social Network is a social networking application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "pid" parameter of the "showphoto.php" script.
• Ref: http://www.securityfocus.com/bid/41323

• 10.28.55 - CVE: Not Available
• Platform: Web Application
• Title: WordPress WP-UserOnline URL HTML Injection Issue
• Description: WP-UserOnline is a plugin for WordPress. The WP-UserOnline plugin is exposed to an HTML injection issue. This issue occurs because the application fails to sanitize the URL after the installation before displaying it through the "wp-content/plugins/wp-useronline/wp-useronline.php" script. WP-UserOnline versions prior to 2.70 are affected.
• Ref: http://www.securityfocus.com/bid/41335

• 10.28.56 - CVE: Not Available
• Platform: Web Application
• Title: iScripts SocialWare Multiple Security Issues
• Description: iScripts SocialWare is a web-based social networking application. The application is exposed to multiple security issues. iScripts SocialWare version 2.2 is affected.
• Ref: http://www.securityfocus.com/bid/41355

• 10.28.57 - CVE: Not Available
• Platform: Web Application
• Title: Online Guestbook Pro "ogp_show.php" Multiple Input Validation
• Description: Online Guestbook Pro is a PHP-based guestbook application. The application is exposed to the multiple issues like SQL injection, cross-site scripting, and HTML injection issues that affect the "search_choice" parameter of the "ogp_show.php" script. Online Guestbook Pro version 5.1 is affected.
• Ref: http://www.securityfocus.com/bid/41363

• 10.28.58 - CVE: Not Available
• Platform: Web Application
• Title: Online Contact Manager "view.php" Multiple Input Validation
• Description: Online Contact Manager is a PHP-based web application. The application is exposed to an SQL injection issue and an HTML injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "view.php" script. Online Contact Manager version 3.0 is affected.
• Ref: http://www.securityfocus.com/bid/41373

• 10.28.59 - CVE: Not Available
• Platform: Web Application
• Title: SocialABC NetworX Arbitrary File Upload and Cross-Site Scripting Issue
• Description: SocialABC NetworX is a web-based social networking application. The application is exposed to multiple security issues. NetworX version 1.0.3 is affected.
• Ref: http://www.securityfocus.com/bid/41396

• 10.28.60 - CVE: Not Available
• Platform: Network Device
• Title: ALPHA Ethernet Adapter II Web-Manager Security Bypass Issue
• Description: ALPHA Ethernet Adapter II is an Ethernet adapter. ALPHA Ethernet Adapter II Web Manager is exposed to a security bypass issue. This issue affects the device's web interface. ALPHA Ethernet Adapter II version 3.40.2 is affected.
• Ref: http://seclists.org/fulldisclosure/2010/Jul/10

• 10.28.61 - CVE: Not Available
• Platform: Network Device
• Title: BlackBerry 9700 Web Browser Unspecified Remote Denial of Service Issue
• Description: BlackBerry 9700 is a smartphone. BlackBerry is exposed to a remote denial of service issue that affects the web browser included in the affected device.
• Ref: http://www.securityfocus.com/bid/41375

• 10.28.62 - CVE: Not Available
• Platform: Network Device
• Title: Apple iPad Unspecified Client Side Remote
• Description: Apple iPad is a tablet computing device. Apple iPad is exposed to an unspecified remote issue that can be triggered through an unspecified client.
• Ref: http://www.securityfocus.com/archive/1/512160

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.