Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 29
July 15, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • ------------------------ -------------------------------------
    • Other Microsoft Products
    • 3 (#1,#2)
    • Third Party Windows Apps
    • 8 (#3)
    • Linux
    • 6
    • BSD
    • 1
    • Cross Platform
    • 25
    • Web Application - Cross Site Scripting
    • 29
    • Web Application - SQL Injection
    • 20
    • Web Application
    • 21
    • Network Device
    • 1
Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
BSD
Cross Platform
Web Application - Cross Site Scripting
Web Application
Web Application - SQL Injection
Network Device
PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Microsoft Access ActiveX Control Multiple Instantiation Remote Code Execution Issue
  • Affected:
    • Microsoft Access 2007 0
    • Microsoft Access 2007 SP1
    • Microsoft Access 2007 SP2
    • Microsoft Access 2003 SP3
    • Microsoft Access 2003 SP2
    • Microsoft Access 2003

  • Description: Two vulnerabilities exist in certain versions of Microsoft Access. By enticing the user to visit a malicious site, an attacker can exploit these vulnerabilities in order to execute arbitrary code in the context of the currently logged-in user. The first vulnerability has to do with three specific ActiveX controls. Loading all three controls in a particular order causes a memory corruption that can be leveraged for code execution. The second has to do with the use of an uninitialized variable in an ActiveX control.

  • Status: vendor confirmed, updates available

  • References:
  • (2) HIGH: Microsoft Outlook TNEF Stream With MAPI Attachment Remote Code Execution Vulnerability
  • Affected:
    • Microsoft Outlook 2007 SP2 0
    • Microsoft Outlook 2007 SP1 0
    • Microsoft Outlook 2007 0
    • Microsoft Outlook 2003 SP3
    • Microsoft Outlook 2003 SP2
    • Microsoft Outlook 2003 0
    • Microsoft Outlook 2002 SP3
    • Microsoft Outlook 2002 SP2
    • Microsoft Outlook 2002 SP1
    • Microsoft Outlook 2002 0

  • Description: Microsoft Outlook is susceptible to a remote code-execution vulnerability. By enticing the user to double click on a malicious attachment, an attacker can exploit this vulnerability in order to execute arbitrary code on the target's machine. Ordinarily, Microsoft Outlook will treat attachments as a security threat and display appropriate warnings to the user. Due to an error handing attachments that are only attached by reference, however, these threats can be bypassed. Although an attacker may not specify command-line arguments in the attached references, limiting the potential for attacks using local executables, a remote file may be referenced. That file will not be treated as a security threat.

  • Status: vendor confirmed, updates available

  • References:
  • (3) MEDIUM: Winamp VP6 Content Parsing Stack Buffer Overflow Vulnerabilities
  • Affected:
    • Winamp prior to 5.58

  • Description: Nullsoft Winamp, a popular proprietary media player available freely for download, is susceptible to multiple stack-based buffer overflow vulnerabilities. By enticing the user to open a Flash Video (FLV) file with malicious codec information, an attacker can exploit this vulnerability in order to execute arbitrary code with the permissions of the currently logged-in user.

  • Status: vendor confirmed, updates available

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 29, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com <http://www.qualys.com> <http://www.qualys.com> This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9725 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.29.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Exchange Server Outlook Web Access Cross-Site Request Forgery
  • Description: Microsoft Outlook Web Access is an application designed to integrate with Microsoft Exchange Server to provide secure web-based access to email. The application is exposed to a cross-site request forgery issue. This issue occurs because the application allows attackers to perform certain actions without validating the request. Specifically, attackers can supply data via the "name" parameter of the "ev.owa" script through a POST request. Microsoft Exchange Server 2007 versions prior to Service Pack 3 are reported to be affected.
  • Ref: http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails
  • 10.29.2 - CVE: CVE-2010-1881, CVE-2010-0814
  • Platform: Other Microsoft Products
  • Title: Microsoft Access ActiveX Control Multiple Instantiation Remote Code Execution Issue
  • Description: Microsoft Access is a database application. Microsoft Access is exposed to a remote code execution issue that occurs when multiple ActiveX controls are successively instantiated. This issue affects the "AccWizObjects" ActiveX control, which is included in the Microsoft Access Wizard Controls ("ACCWIZ.dll") library.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-044.mspx
  • 10.29.3 - CVE: CVE-2010-0266
  • Platform: Other Microsoft Products
  • Title: Microsoft Outlook SMB Attachment Remote Code Execution Issue
  • Description: Microsoft Outlook is a mail client for Microsoft Windows. Microsoft Outlook is exposed to a remote code execution issue. Specifically, SMB file extensions are not properly verified when sent as an email attachment.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-045.mspx
  • 10.29.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SimplePlayer ".wav" File Remote Buffer Overflow
  • Description: SimplePlayer is a media player available for Microsoft Windows. SimplePlayer is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. SimplePlayer version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41437
  • 10.29.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apollo Player ".aap" File Remote Buffer Overflow Issue
  • Description: Apollo Player is a media player available for Microsoft Windows. Apollo Player is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-upplied input. Specifically, this issue occurs when opening a specially crafted ".aap" file. Apollo Player version 37 is affected.
  • Ref: http://www.securityfocus.com/bid/41439/references
  • 10.29.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: J. River Media Jukebox Remote Stack Buffer Overflow
  • Description: J. River Media Jukebox is a media player available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing specially crafted ".m3u" or ".pls" files. Media Jukebox version 8.0.400 is affected.
  • Ref: http://www.securityfocus.com/bid/41472
  • 10.29.7 - CVE: CVE-2010-2620
  • Platform: Third Party Windows Apps
  • Title: Open-FTPD Multiple Command Authentication Bypass Vulnerabilities
  • Description: Open-FTPD is an FTP server available for Microsoft Windows. The application is exposed to multiple authentication bypass issues because it fails to perform adequate access checks. Specifically, this issue allows remote attackers to send "LIST", "RETR", "STOR" and other commands without performing the required login steps. Open-FTPD (Open&amp;Compact Ftp Server) version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41479
  • 10.29.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Grabit "NZB" File Remote Buffer Overflow
  • Description: Grabit is an application for downloading Usenet content; it is available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. GrabIt version 1.7.2 Beta 4 is affected.
  • Ref: http://www.securityfocus.com/bid/41483
  • 10.29.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Grabit Date Field Denial of Service
  • Description: Grabit is a newsreader application available for Microsoft Windows. The application is exposed to a remote denial of service issue that affects the ".nzb" file. Specifically, this occurs when a ".nzb" file includes a file reference with a very large value in the date field. Grabit version 1.7.2 Beta 4 is affected.
  • Ref: http://www.scip.ch/?vuldb.4143
  • 10.29.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MP3 Cutter MP3 File Processing Remote Denial of Service Issue
  • Description: MP3 Cutter is a multimedia application. MP3 Cutter is exposed to a remote denial of service issue that occurs when an application handles a specially crafted ".mp3" file. MP3 Cutter version 1.8 is affected.
  • Ref: http://www.securityfocus.com/bid/41506
  • 10.29.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winamp VP6 Content Parsing Stack Buffer Overflow Issues
  • Description: Nullsoft Winamp is a media player for Microsoft Windows. Winamp is exposed to multiple stack based buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied input. These issues occur in the "vp6.w5s" component when handling specially crafted VP6 content. Winamp versions prior to 5.58 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512326
  • 10.29.12 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel NFSv4 "read_buf()" "nfs4xdr.c" Invalid Page Denial of Service Issue
  • Description: The Linux kernel is exposed to a denial of service issue that affects NFS. Specifically, when the "read_buf()" function is called to move to the next page in the pagelist, the "argp->end" pointer is set to a random address. Subsequent "read_buf()" calls may fail because memory locations were not properly validated. This issue can be triggered with specially crafted NFSv4 WRITE requests.
  • Ref: http://www.securityfocus.com/bid/41433
  • 10.29.13 - CVE: CVE-2010-2066
  • Platform: Linux
  • Title: Linux Kernel Donor File Security Bypass
  • Description: The Linux kernel is exposed to a security bypass issue. Specifically, the issue may allow attackers to corrupt donor files if the file is set to append-only. Linux kernel versions 2.6.x versions are affected.
  • Ref: http://www.securityfocus.com/bid/41466
  • 10.29.14 - CVE: CVE-2010-2071
  • Platform: Linux
  • Title: Linux Kernel "btrfs" File Permissions Security Bypass
  • Description: The Linux kernel is exposed to a security bypass issue affecting the "btrfs" file system. Specifically, the "btrfs_xattr_set_acl" function in "fs/btrfs/acl.c" of Btrfs fails to properly verify file ownership before setting an access control list (ACL). Local attackers may be able to exploit this issue by setting arbitrary ACLs to any files of any other user and therefore gain access to sensitive information.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=595579
  • 10.29.15 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "br_multicast.c" Bridge NULL Pointer Dereference Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue that affects the "br_mdb_ip_get()" function in the "net/bridge/br_multicast.c" source file. A NULL-pointer deference error can be triggered with a specially crafted IGMP packet with no multicast table allocated.
  • Ref: http://www.spinics.net/lists/netdev/msg134414.html
  • 10.29.16 - CVE: Not Available
  • Platform: Linux
  • Title: Printoxx Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Printoxx is an image printing tool available for the Linux operating system. Printoxx is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer. Printoxx version 2.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41481
  • 10.29.17 - CVE: CVE-2010-2525
  • Platform: Linux
  • Title: Linux Kernel GFS2 Access Control List (ACL) Security Bypass
  • Description: The Linux kernel is exposed to a security bypass issue affecting the GFS2 file system. Specifically, any user may set arbitrary Access Control Lists for files that they do not own. Linux kernel version 2.6.32 is affected.
  • Ref: http://comments.gmane.org/gmane.comp.security.oss.general/3177
  • 10.29.18 - CVE: CVE-2010-2693
  • Platform: BSD
  • Title: FreeBSD mbuf Handling Local Privilege Escalation
  • Description: FreeBSD is exposed to a local privilege escalation issue. The issue stems from the fact that the read only flag is not correctly copied when an mbuf buffer reference is duplicated. FreeBSD versions 7.x and later are affected.
  • Ref: http://www.securityfocus.com/bid/41577
  • 10.29.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Bugzilla Group Selection During Bug Creation Information Disclosure
  • Description: Bugzilla is a freely available, open source bug tracker available for Linux, UNIX, and Microsoft Windows. The application is exposed to an information disclosure issue. Attackers can exploit this issue to obtain potentially sensitive information that may aid in other attacks. Bugzilla versions 3.7 and 3.7.1 are affected.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=574892
  • 10.29.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player "ftp://" URI Handler ".m3u" File Buffer Overflow Issue
  • Description: VLC is a cross platform multimedia player and framework. VLC is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".m3u" file with the "ftp://" URI handler. VLC media player version 1.0.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/512188
  • 10.29.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xlight FTP Server Multiple Directory Traversal Vulnerabilities
  • Description: Xlight FTP Server is an FTP server for Windows. The application is exposed to multiple directory traversal issues because it fails to sufficiently sanitize user-supplied input. Xlight FTP Server version 3.5.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/512192
  • 10.29.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: pam_captcha Username Enumeration Weakness
  • Description: pam_captcha is a visual text-based CAPTCHA challenge module for PAM (Pluggable Authentication Modules). The module is exposed to a username enumeration weakness because it responds differently to login attempts, depending on whether or not the username exists. pam_captcha version 1.3 affected.
  • Ref: http://www.securityfocus.com/archive/1/512197
  • , - CVE: CVE-2010-0911, CVE-2010-0903, CVE-2010-0902,CVE-2010-0892, CVE-2010-0900, CVE-2010-0901, CVE-2010-0873,CVE-2010-0910, CVE-2010-0898, CVE-2010-0907, CVE-2010-0899,CVE-2010-0906, CVE-2010-0904, CVE-2010-0849, CVE-2009-3555,CVE-2010-2375, CVE-2010-2370,
  • Platform: Cross Platform
  • Title: Oracle July critical patch multiple issues
  • Description: Oracle has released a critical patch update for July 2010 which fixes multiple vulnerabilities for the following products: Oracle Database, Oracle TimesTen In-Memory Database, Oracle Secure Backup, Oracle Application Server, Oracle Identity Management 10g, Oracle WebLogic Server, Oracle JRockit, Oracle Business Process Management, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Release, Oracle Transportation Manager, PeopleSoft Enterprise Campus Solutions and Oracle Sun Product Suite.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul20
    10.html
  • 10.29.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hero DVD Player Remote Buffer Overflow
  • Description: Hero DVD Player plays media files. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs because the application fails to properly handle long URIs when it tries to play a remotely hosted media file. Hero DVD Player version 3.0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/41423
  • 10.29.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: minerCPP Format String and Buffer Overflow Issue
  • Description: minerCPP is a custom server application. minerCPP is exposed to multiple issues. minerCPP version 0.4b is affected.
  • Ref: http://www.securityfocus.com/bid/41426
  • 10.29.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Panda Multiple Products "RKPavProc.sys" IOCTL Request Multiple Vulnerabilities
  • Description: Multiple Panda products are exposed to multiple issues. A security issue occurs in the "RKPavProc.sys" kernel driver when processing crafted IOCTL requests. A stack-based buffer overflow issue occurs in the "RKPavProc.sys" kernel driver when handling crafted IOCTL requests.
  • Ref: http://www.pandasecurity.com/homeusers/support/card?id=80184&idIdioma=2
  • 10.29.27 - CVE: CVE-2009-4453
  • Platform: Cross Platform
  • Title: SoftCab Sound Converter "sndConverter.ocx" ActiveX Control Arbitrary File Overwrite
  • Description: SoftCab Sound Converter is an ActiveX control that converts several media formats. The application is exposed to an issue that allows attackers to overwrite arbitrary files. Sound Converter ActiveX version 1.2 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 10.29.28 - CVE: CVE-2009-4457
  • Platform: Cross Platform
  • Title: Vsftpd Webmin Module Multiple Unspecified Vulnerabilities
  • Description: Vsftpd Webmin Module is a module for configuring the Vsftpd FTP server. Vsftpd Webmin Module is exposed to multiple unspecified vulnerabilities caused by unspecified errors. Vsftpd Webmin Module versions prior to 1.3b are affected.
  • Ref: http://freshmeat.net/projects/vsftpdwebmin/releases/310064
  • 10.29.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Altair Engineering PBS Pro "pbs_mom" Insecure Temporary File Creation
  • Description: Altair Engineering PBS Pro is a job scheduler for cluster and grid computing. PBS Pro creates temporary files in an insecure manner. The issue occurs because the execution daemon, "pbs_mom", creates files in an insecure manner in "var/spool/pbs/spool". PBS Pro versions prior to 10.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512212
  • 10.29.30 - CVE: CVE-2010-0832
  • Platform: Cross Platform
  • Title: PAM MOTD Module Local Privilege Escalation Issue
  • Description: Pluggable authentication modules (PAM) provide a standard interface to various authentication mechanisms. PAM is exposed to a local privilege escalation issue. Specifically, the issue occurs because the PAM MOTD module creates user file stamps in an insecure manner.
  • Ref: http://www.securityfocus.com/bid/41465/references
  • 10.29.31 - CVE: CVE-2010-2630, CVE-2010-2631
  • Platform: Cross Platform
  • Title: LibTIFF Unknown Tag Second Pass Processing Remote Denial of Service
  • Description: LibTIFF is a library for reading and manipulating Tag Image File Format files. LibTIFF is exposed to a denial of service issue because it fails to properly validate user-supplied input.
  • Ref: http://bugzilla.maptools.org/show_bug.cgi?id=2210
  • 10.29.32 - CVE: CVE-2010-2482
  • Platform: Cross Platform
  • Title: LibTIFF "td_stripbytecount" NULL Pointer Dereference Remote Denial of Service Issue
  • Description: LibTIFF is a library for reading and manipulating Tag Image File Format files. LibTIFF is exposed to a denial of service issue because it fails to properly validate user-supplied input. libTIFF versions up to and including 3.9.4 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=603024
  • 10.29.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Input Applications Multiple Arbitrary File Upload Vulnerabilities
  • Description: Multiple Input applications are exposed to multiple arbitrary file upload issues because they fail to adequately sanitize user-supplied input before uploading onto the web server.
  • Ref: http://www.securityfocus.com/bid/41492
  • 10.29.34 - CVE: CVE-2010-2522, CVE-2010-2523
  • Platform: Cross Platform
  • Title: Usagi Project mipv6-daemon Unicast Kernel Message Spoofing Issue
  • Description: mipv6-daemon is a mobile IPv6 stack for Linux. mipv6-daemon is exposed to an issue that allows attackers to spoof Unicast messages. Specifically, any user may send Unicast messages, but the application expects to receive message from the kernel only.
  • Ref: http://www.securityfocus.com/bid/41524
  • 10.29.35 - CVE: CVE-2010-2227
  • Platform: Cross Platform
  • Title: Apache Tomcat "Transfer-Encoding" Information Disclosure and Denial of Service Vulnerabilities
  • Description: Apache Tomcat is a Java-based web server application for multiple operating systems. Tomcat is exposed to multiple remote issues including information disclosure and denial of service issues. Tomcat versions 5.5.0 to 5.5.29; 6.0.0 to 6.0.27 and 7.0.0 are affected.
  • Ref: http://tomcat.apache.org/security-7.html
  • 10.29.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera "Canvas" Tag Remote Denial of Service
  • Description: Opera is a web browser application. Opera is exposed to a remote denial of service issue. This issue occurs when viewing a page containing a specially crafted "canvas" tag.
  • Ref: http://www.securityfocus.com/bid/41555
  • 10.29.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple BSD Kernel Implementations "netsmb" Kernel Module Local Denial of Service Issue
  • Description: Multiple BSD kernels are prone to multiple local denial of service issues because they fail to properly verify signedness of user-supplied values. These issues affect versions prior to the "netsmb" kernel module 1.35 on NetBSD, FreeBSD and Apple OS X where "netsmb" is available as a kernel extension.
  • Ref: http://www.securityfocus.com/bid/41557
  • 10.29.38 - CVE: CVE-2010-2427, CVE-2010-2667
  • Platform: Cross Platform
  • Title: VMWare Studio Temporary Files Local Privilege Escalation Issue
  • Description: VMware Studio is an application that allows users to create, configure, and deploy VMware virtual applications and appliances. Virtual appliances created with VMware Studio contain an in-guest management agent with a web console. The application is exposed to a privilege escalation issue because the application writes temporary files in an insecure manner. VMWare Studio version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41568/references
  • 10.29.39 - CVE: CVE-2010-1766
  • Platform: Cross Platform
  • Title: WebKit "WebSocketHandshake::readServerHandshake()" Memory Corruption
  • Description: WebKit is a browser framework used in multiple applications including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote memory corruption issue due to an off-by-one error that affects the "WebSocketHandshake::readServerHandshake()" function.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=596494
  • 10.29.40 - CVE: CVE-2010-1772
  • Platform: Cross Platform
  • Title: WebKit Geolocation Events Use After Free Memory Corruption
  • Description: WebKit is a browser framework used in multiple applications including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote memory corruption issue due to a use-after-free error when handling geolocation events after a document is deleted.
  • Ref: http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
  • 10.29.41 - CVE: CVE-2010-1971
  • Platform: Cross Platform
  • Title: HP Insight Control Server Migration Unspecified Cross-Site Request Forgery Issue
  • Description: HP Insight Control is used to migrate data and applications from one server to another. HP Insight Control Server Migration is exposed to a cross-site request forgery issue. This issue occurs because the application allows attackers to perform certain actions without validating the request. HP Insight Control Server Migration versions prior to 6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/41581
  • 10.29.42 - CVE: CVE-2010-1970
  • Platform: Cross Platform
  • Title: HP Insight Control Server Migration Data Access Local Privilege Escalation
  • Description: HP Insight Control is used to migrate data and applications from one server to another. HP Insight Control Server Migration for Windows is exposed to a local privilege escalation issue because the application allows unauthorized access to certain data. HP Insight Control Server Migration versions prior to 6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/41585
  • 10.29.43 - CVE: CVE-2009-4897
  • Platform: Cross Platform
  • Title: Ghostscript "iscan.c" PDF Handling Remote Buffer Overflow
  • Description: Ghostscript is a set of tools and libraries for handling Portable Document Format and PostScript files. Ghostscript is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input before copying it into a finite sized buffer. Ghostscript version 8.64 is affected.
  • Ref: http://bugs.ghostscript.com/show_bug.cgi?id=690523
  • 10.29.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NTSOFT BBS E-Market Professional Multiple Cross-Site Scripting Vulnerabilities
  • Description: NTSOFT BBS E-Market Professional is a Korean ecommerce application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "pageurl", "b_temcode", and "co_no" parameters of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/512186
  • 10.29.45 - CVE: CVE-2009-4678
  • Platform: Web Application - Cross Site Scripting
  • Title: Winn GuestBook "index.php" Cross-Site Scripting Issue
  • Description: Winn GuestBook is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input passed to the "Winn-Guestbook[php]/index.php" script. Winn GuestBook version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/41414/references
  • 10.29.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jan Hoffman cms -db Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
  • Description: Jan Hoffman cms -db is a PHP-based content management system. The application is exposed to multiple security issues. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Jan Hoffman cms -db version 0.7.13 is affected.
  • Ref: http://staging.cms-db.de/cms/admin/version.php
  • 10.29.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NewsOffice "news_show.php" Cross-Site Scripting
  • Description: NewsOffice is an online application for managing news. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "n-cat" parameter of the "/newsoffice/news_show.php" script. NewsOffice version 2.0.18 is affected.
  • Ref: http://www.securityfocus.com/bid/41419
  • 10.29.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Bitweaver "fImg" Parameter Cross-Site Scripting
  • Description: Bitweaver is a web application framework and content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "fImg" parameter of the "preview_image.php" script. Bitweaver version 2.7 is affected.
  • Ref: http://www.securityfocus.com/bid/41421
  • 10.29.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: odCMS "archive.php" Cross-Site Scripting Issue
  • Description: odCMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user supplied input to the "design" parameter of the "archive.php" script. odCMS version 1.07 is affected.
  • Ref: http://www.securityfocus.com/bid/41422
  • 10.29.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Soft64 PHP AjaxWhois "whois.php" Cross-Site Scripting
  • Description: Soft64 PHP AjaxWhois is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "domain" parameter of the "whois.php" script. PHP AjaxWhois version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41435
  • 10.29.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Uploader Downloader "updown.php" Cross-Site Scripting Issue
  • Description: PHP Uploader Downloader is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an unspecified parameter of the "updown.php" script. PHP Uploader Downloader version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41441/references
  • 10.29.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Exponent CMS "slideshow.js.php" Cross-Site Scripting
  • Description: Exponent CMS is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "u" parameter of the "modules/slideshowmodule/slideshow.js.php" script. Exponent version 0.97.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41447
  • 10.29.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RunCms "check.php" Cross-Site Scripting Issue
  • Description: RunCms is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "user-agent" field of the "modules/forum/check.php" script. RunCms version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41448
  • 10.29.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal MultiSafepay Integration Module Cross-Site Request Forgery
  • Description: MultiSafepay Integration "uc_multisafepay" is a module for the Drupal content manager. The module is exposed to a cross-site request forgery issue. uc_multisafepay versions prior to 6.x-1.1 are affected.
  • Ref: http://drupal.org/node/847460
  • 10.29.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Worxware DCP-Portal Multiple Cross-Site Scripting Vulnerabilities
  • Description: Worxware DCP-Portal is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. DCP-Portal version 7.0 Beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/512210
  • 10.29.56 - CVE: CVE-2009-4580
  • Platform: Web Application - Cross Site Scripting
  • Title: Hasta Blog "id" Parameter Multiple Cross-Site Scripting
  • Description: Hasta Blog is a PHP-based online blogging application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "id" parameter of the "yorumyaz.php" and "blog.php" scripts. Hasta Blog version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/41455/references
  • 10.29.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pligg "install1.php" Cross-Site Scripting
  • Description: Pligg is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "language" parameter of the "install/install1.php" script.
  • Ref: http://www.securityfocus.com/bid/41456
  • 10.29.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MODx "connection.collation.php" Cross-Site Scripting Issue
  • Description: MODx is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "database_collation" variable of the "install/connection.collation.php" script. MODx versions 1.0.3 and 1.0.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/512211
  • 10.29.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CruxPA "newappointment.php" Multiple Cross-Site Scripting Issues
  • Description: CruxPA is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to multiple unspecified parameters of the "/newappointment.php" script. CruxPA version 2.00 is affected.
  • Ref: http://www.securityfocus.com/bid/41478
  • 10.29.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPFABER CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHPFABER CMS is a PHP-based content management system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. PHPFABER CMS version 2.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/41498
  • 10.29.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CruxCMS "login.php" Cross-Site Scripting Issue
  • Description: CruxCMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "txtusername" parameter of the "login.php" script. CruxCMS version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41501
  • 10.29.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: LISTSERV "T" Parameter Cross-Site Scripting Issue
  • Description: LISTSERV is an email management application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "T" Parameter of the "wa.exe". LISTSERV versions 15 and 16 are affected.
  • Ref: http://www.securityfocus.com/bid/41503
  • 10.29.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Real Estate Manager "index.php" Cross-Site Scripting
  • Description: Real Estate Manager is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "lang" parameter of the "index.php" script. Real Estate Manager version 1.0.1 is affected.
  • Ref: http://packetstormsecurity.org/0912-exploits/rem101-xss.txt
  • 10.29.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Model Agency Manager "search_process.php" Cross-Site Scripting
  • Description: Model Agency Manager is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "searchtype" parameter of the "search_process.php" script.
  • Ref: http://www.securityfocus.com/bid/41509
  • 10.29.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ArticleMS "c[]" Parameter Cross-Site Scripting
  • Description: ArticleMS is a PHP-based content publishing system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "c[]" parameter of the "search/index.php" script. ArticleMS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41511
  • 10.29.66 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SimpNews Multiple Cross-Site Scripting Issue
  • Description: SimpNews is a PHP-based news system. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "layout" and "sortorder" parameters of the "simpnews/news.php" script. SimpNews version 2.47.03 is affected.
  • Ref: http://www.securityfocus.com/bid/41517
  • 10.29.67 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mac's CMS "searchString" Parameter Cross-Site Scripting
  • Description: Mac's CMS is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "searchString" field of the "index.php/footer/search?" script. Mac's CMS version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/41529
  • 10.29.68 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eliteCMS Multiple Cross-Site Scripting Issues
  • Description: eliteCMS is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "page" parameter of multiple scripts. eliteCMS version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/41537
  • 10.29.69 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GetSimple CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: GetSimple CMS is a PHP-based content management system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. GetSimple CMS version 2.01 is affected.
  • Ref: http://code.google.com/p/get-simple-cms/
  • 10.29.70 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RunCms "magpie_debug.php" Cross-Site Scripting Issue
  • Description: RunCms is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "url" parameter of the "modules/headlines/magpierss/scripts/magpie_debug.php" script. RunCms version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41551
  • 10.29.71 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: dotDefender Cross-Site Scripting Security Bypass Issue
  • Description: dotDefender is a Web Application Firewall (WAF) application. The application is exposed to a security bypass issue because it fails to restrict malicious data from reaching protected sites. Specifically, a specially crafted URI containing malicious code can be sent to a protected site behind the WAF.
  • Ref: http://www.securityfocus.com/bid/41560
  • 10.29.72 - CVE: Not Available
  • Platform: Web Application
  • Title: dotDefender "clave" Parameter Cross-Site Scripting
  • Description: dotDefender is a web-based application providing proactive web-based application security. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "clave" parameter. dotDefender version 4.02 is affected.
  • Ref: http://www.securityfocus.com/bid/41541
  • 10.29.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PSnews "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: PSnews is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. PSnews version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/41410
  • 10.29.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: I-Escorts Directory Script "country_escorts.php" SQL Injection Issue
  • Description: I-Escorts Directory Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "country_id" parameter of the "escorts-directory/country_escorts.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41416
  • 10.29.75 - CVE: CVE-2009-4456
  • Platform: Web Application - SQL Injection
  • Title: Green Desktiny "news_detail.php" SQL Injection
  • Description: Green Desktiny is a PHP-based help desk application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news_detail.php" script before using it in an SQL query. Green Desktiny version 2.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41417
  • 10.29.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Green Shop "index.php" SQL Injection
  • Description: Green Shop is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.exploit-db.com/exploits/14259/
  • 10.29.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simple Document Management System "detail.php" SQL Injection
  • Description: Simple Document Management System is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "doc_id" parameter of the "detail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41431
  • 10.29.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Datenator "event.php" SQL Injection Issue
  • Description: Datenator is a PHP-based event calendar application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "event.php" script before using it in an SQL query. Datenator version 0.3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41438
  • 10.29.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: bbScript "id" Parameter SQL Injection Issue
  • Description: bbScript is a PHP-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. bbScript version 1.1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41470/references
  • 10.29.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AuroraCMS "content.php" SQL Injection
  • Description: AuroraCMS is a content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "content.php" script before using it in an SQL query. AuroraCMS versions 1.0, 2.0, and 3.0 are affected.
  • Ref: http://www.securityfocus.com/bid/41486
  • 10.29.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Clicktech ClickGallery "gallery.asp" SQL Injection
  • Description: Clicktech ClickGallery is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "currentpage" parameter of the "gallery.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41487
  • 10.29.82 - CVE: CVE-2009-4423
  • Platform: Web Application - SQL Injection
  • Title: weenCompany "index.php" SQL Injection
  • Description: weenCompany is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "moduleid" parameter of the "index.php" script before using it in an SQL query. weenCompany version 4.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41488/references
  • 10.29.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KMSoft GB "default.asp" SQL Injection
  • Description: KMSoft GB is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "p" parameter of the "default.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41491
  • 10.29.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpCollegeExchange Multiple SQL Injection Vulnerabilities
  • Description: phpCollegeExchange is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://phpcollegeex.sourceforge.net/
  • 10.29.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Softwex CMS "news_details.php" SQL Injection Issue
  • Description: Softwex CMS is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news_details.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41512
  • 10.29.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: pragmaMX "modules.php" Multiple SQL Injection Vulnerabilities
  • Description: pragmaMX is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "rop", "orderby", "min" and "id" parameters of the "modules.php" script before using it in an SQL query. pragmaMX version 0.1.11 is affected.
  • Ref: http://www.securityfocus.com/bid/41523
  • 10.29.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Sillaj "username" and "password" SQL Injection Issue
  • Description: Sillaj is a web-based time tracking tool implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" input fields of the login page before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/41540
  • 10.29.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke "Your_Account" Module SQL Injection
  • Description: PHP-Nuke is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Your_Account" module of the "module.php" script before using it in an SQL query. PHP-Nuke versions 8.1.0.3.5b and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/41543
  • 10.29.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke "Web_Links" Module SQL Injection Issue
  • Description: PHP-Nuke is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Web_Links" module before using it in an SQL query. PHP-Nuke versions 8.0 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/41546/references
  • 10.29.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FireStats Multiple SQL Injection Issue
  • Description: FireStats is a PHP-based website statistics application for WordPress. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. FireStats version 1.6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/41548
  • 10.29.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Koobi "index.php" SQL Injection
  • Description: Koobi is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "img_id" parameter of the "index.php" script before using it in an SQL query. Koobi CMS versions 4.3.0, 4.2.5 and 4.2.4 are affected.
  • Ref: http://www.securityfocus.com/bid/41562
  • 10.29.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Event Horizon "modfile.php" Multiple SQL Injection Vulnerabilities
  • Description: Event Horizon is a PHP-based application which facilitates the secure transfer of files. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "YourEmail" and "VerificationNumber" parameters of the "modfile.php" script. Event Horizon version 1.1.10 is affected.
  • Ref: http://code.google.com/p/eventh/wiki/Changelog
  • 10.29.93 - CVE: Not Available
  • Platform: Web Application
  • Title: MediaWiki Login Interface Cross-Site Request Forgery Issue
  • Description: MediaWiki is a PHP-based wiki application. MediaWiki is exposed to a cross-site request forgery issue. This issue is related to the "Special:Userlogin" form. MediaWiki versions prior to 1.15.4 and 1.16 beta 3 are affected.
  • Ref: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
  • 10.29.94 - CVE:CVE-2009-4910,CVE-2009-4911,CVE-2009-4912,CVE-2009-4913,CVE-2009-4914,CVE-2009-4915,CVE-2009-4916,CVE-2009-4917,CVE-2009-4918,CVE-2009-4919,CVE-2009-4920,CVE-2009-4921,CVE-2009-4922,CVE-2009-4923
  • Platform: Web Application
  • Title: Cisco Adaptive Security Appliances (ASA) 5580 Series Multiple Security Issues
  • Description: Cisco ASA 5580 series security appliances are network security devices. The devices are exposed to multiple security issues like denial of service and buffer overflow.
  • Ref: http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html
  • 10.29.95 - CVE: CVE-2009-4451
  • Platform: Web Application
  • Title: kandalf upper "upper.php" Arbitrary File Upload Issue
  • Description: kandalf upper is a PHP-based file uploader. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately validate file extensions and content type in the "upper.php" script before uploading them onto the web server. kandalf upper version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41418
  • 10.29.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Sandbox Multiple Remote Issues
  • Description: Sandbox is a personal website package implemented in PHP. The application is exposed multiple remote issues. Sandbox version 2.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/41420
  • 10.29.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Sijio SQL Injection and HTML Injection Issues
  • Description: Sijio is a PHP-based online community application. The issues exist because the application fails to sufficiently sanitize user-supplied data. An SQL injection issue affects the "parent" parameter of the "gallery/index.php" script. An HTML injection issue affects an unspecified parameter of the "edit_blog/index.php" script.
  • Ref: http://www.securityfocus.com/bid/41430
  • 10.29.98 - CVE: Not Available
  • Platform: Web Application
  • Title: phpFK - PHP Forum Script ohne MySQL "upload.php" Arbitrary File Upload
  • Description: phpFK - PHP Forum Script ohne MySQL is a PHP-based online forum application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately validate file extensions and content type in the "upload.php" script before uploading them onto the web server.
  • Ref: http://www.securityfocus.com/bid/41440
  • 10.29.99 - CVE: Not Available
  • Platform: Web Application
  • Title: GiantIsland VideoIsland Remote File Upload Issue
  • Description: VideoIsland is an ASP-based web application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately limit the types of files that can be uploaded through the application's upload functionality. Attackers can execute their uploaded script through the "Storage/" directory.
  • Ref: http://www.securityfocus.com/bid/41445/references
  • 10.29.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Hierarchical Select Module Multiple Unspecified HTML Injection Issues
  • Description: Hierarchical Select is a module for the Drupal content manager that provides a "hierarchical_select" form element. The module is exposed to multiple HTML injection issues because it fails to properly sanitize certain unspecified user-supplied input before using it in dynamically generated content. Hierarchical Select versions prior to 5.x-3.2 and 6.x-3.2 are affected.
  • Ref: http://drupal.org/node/847488
  • 10.29.101 - CVE: Not Available
  • Platform: Web Application
  • Title: MySimpleFileUploader Remote File Upload Issue
  • Description: MySimpleFileUploader is a PHP-based file upload application. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input to the upload feature of the application. MySimpleFileUploader version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/41452/references
  • 10.29.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Pithcms Multiple File Include Vulnerabilities
  • Description: Pithcms is a PHP-based content manager. The application is exposed to local and remote file include issues that affect the "theme" parameter of the "index.php" script. Pithcms version 0.9.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/41461
  • 10.29.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Podcast Generator "download.php" Directory Traversal
  • Description: Podcast Generator is a PHP-based podcasting script. The application is exposed to a directory traversal issue because it fails to sufficiently validate user-supplied input to the "filename" parameter of the "download.php" script. Podcast Generator version 1.3 running on Windows is affected.
  • Ref: http://www.scribd.com/doc/28080332/Podcast-Generator-1-3-Arbitrary-File-Download
    -Windows
  • 10.29.104 - CVE: Not Available
  • Platform: Web Application
  • Title: 35mm Slide Gallery "imgdir" Parameter Directory Traversal
  • Description: 35mm Slide Gallery is a web-based photo gallery implemented in PHP. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "imgdir" parameter of the "index.php" script. 35mm Slide Gallery version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41476
  • 10.29.105 - CVE: Not Available
  • Platform: Web Application
  • Title: PG Social Networking "myprofile.php" Arbitrary File Upload
  • Description: PG Social Networking is a PHP-based web application. PG Social Networking is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input before uploading it onto the web server. Specifically, this issue affects the "social/myprofile.php" script.
  • Ref: http://www.securityfocus.com/bid/41489
  • 10.29.106 - CVE: Not Available
  • Platform: Web Application
  • Title: i-Gallery Directory Traversal and HTML Injection Issues
  • Description: i-Gallery is an ASP-based online photo gallery application. The application is exposed to the multiple input validation issues. i-Gallery version 3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/41493
  • 10.29.107 - CVE: Not Available
  • Platform: Web Application
  • Title: CruxPA Multiple HTML Injection Issues
  • Description: CruxPA is a PHP-based web application. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to multiple scripts and parameters. CruxPA version 2.00 is affected.
  • Ref: msg://bugtraq/201007081428.o68EStBn097110@htbridge.ch
  • 10.29.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Yappa "yappa.php" Multiple Remote Command Execution Vulnerabilities
  • Description: Yappa (Yet Another PHP Photo Album) is a PHP-based web application. Yappa is exposed to multiple remote command execution issues because it fails to properly validate user-supplied input to the "thedir" and "image" parameters of the "yappa/yappa.php" script. Yappa version 3.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/41521
  • 10.29.109 - CVE: Not Available
  • Platform: Web Application
  • Title: The Uploader Remote File Upload
  • Description: The Uploader is a PHP-based file uploading application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately limit the types of files that can be uploaded through the "index.php" script. The Uploader version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/41528
  • 10.29.110 - CVE: Not Available
  • Platform: Web Application
  • Title: EdgePHP CBQuick "search" Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: EdgePHP CBQuick is a PHP-based web application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/41538
  • 10.29.111 - CVE: Not Available
  • Platform: Web Application
  • Title: MyKazaam Notes Management System "notes.php" SQL Injection and Cross-Site Scripting Issue
  • Description: MyKazaam Notes Management System is a PHP-based web application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. These issues affect the "refno" POST parameter of the "notes.php" script.
  • Ref: http://www.securityfocus.com/bid/41542
  • 10.29.112 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Made Simple "default_cms_lang" Parameter Local File Include Issue
  • Description: CMS Made Simple is a web-based content management system implemented in PHP. CMS Made Simple is exposed to a local file include issue because it fails to properly sanitize user-supplied input. This issue affects the "default_cms_lang" parameter of the "addbookmark.php" script. CMS Made Simple version 1.8 is affected.
  • Ref: http://www.securityfocus.com/bid/41565
  • 10.29.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Asterisk Recording Interface Multiple Issues
  • Description: Asterisk Recording Interface (ARI) is a web-based interface to the Asterisk PBX software package. The application is exposed to multiple issues of security bypass and cross-site scripting.
  • Ref: http://www.securityfocus.com/bid/41571
  • 12.2(52)SE - CVE: CVE-2010-157412.2(52)SE and
  • Platform: Network Device
  • Title: Cisco Industrial Ethernet 3000 Series Switches Hardcoded SNMP Community Names Security Issue
  • Description: Cisco Industrial Ethernet 3000 Series Switches are heavy duty Ethernet switches. Cisco Industrial Ethernet 3000 Series Switches are exposed to a security issue because they contain hard coded SNMP community names available for read and write. Specifically, the "public" and "private" community names are used. This issue affects Industrial Ethernet 3000 Series Switches running IOS versions
  • Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3891f.s
    html

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

The level of expertise is unprecedented. People like Ed are hard to find!
-Steve O'Brien, City of Bend

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County