@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 3
January 14, 2010

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

- Category
- # of Updates & Vulnerabilities
- Platform Number of Updates and Vulnerabilities
- ------------------------- -------------------------------------
- Windows
- 3 (#1)
- Mac Os
- 1 (#8)
- Linux
- 5
- Solaris
- 2
- Novell
- 1 (#6)
- Cross Platform
- 61 (#2, #3, #4, #5, #7)
- Web Application - Cross Site Scripting
- 27
- Web Application - SQL Injection
- 35
- Web Application
- 31
- Network Device
- 2

*************************************************************************

TRAINING UPDATE

-- SANS AppSec 2010, San Francisco, January 29-February 5, 2010

http://www.sans.org /appsec-2010/"> http://www.sans.org /appsec-2010/

-- SANS Phoenix, February 14 -February 20, 2010

http://www.sans.org /phoenix-2010/"> http://www.sans.org /phoenix-2010/

-- SANS 2010, Orlando, March 6 - March 15, 2010 38 courses and bonus evening presentations, including Software Security Street Fighting Style

http://www.sans.org /sans-2010/"> http://www.sans.org /sans-2010/

-- SANS Northern Virginia Bootcamp 2010, April 6-13

http://www.sans.org /reston-2010/"> http://www.sans.org /reston-2010/

-- SANS Security West, San Diego, May 7-15, 2010 23 courses and bonus evening presentations

http://www.sans.org /security-west-2010/"> http://www.sans.org /security-west-2010/

Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at

http://www.sans.org /ondemand/spring09.php"> http://www.sans.org /ondemand/spring09.php

Plus Tokyo, Bangalore, Oslo and Dublin all in the next 90 days. For a list of all upcoming events, on-line and live:

http://www.sans.org

*************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

(1) CRITICAL: Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability (MS10-001)
(2) CRITICAL: Adobe Reader and Acrobat Multiple Vulnerabilities
(3) CRITICAL: Oracle Multiple Products Multiple Vulnerabilities (CPU Jan 2010)
(4) CRITICAL: Microsoft Windows Flash Player Multiple Vulnerabilities
(5) HIGH: MIT Kerberos RC4 and AES Decryption Integer Underflow Vulnerabilities
(6) HIGH: Novell iManager Buffer Overflow Vulnerability
(7) HIGH: PowerDNS Recursor Multiple Vulnerabilities
(8) MODERATE: Apple Mac OS X Floating Point Memory Corruption Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software

(1) CRITICAL: Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability (MS10-001)
Affected:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems*
- Windows Server 2008 R2 for Itanium-based Systems
Description: Microsoft Windows Embedded OpenType (EOT) fonts are compact form of OpenType fonts embedded in documents or webpage's. A remote code execution vulnerability has been identified in Microsoft Windows Embedded OpenType (EOT) Font Engine, which can be triggered by a specially crafted EOT fonts. The specific flaw is an integer overflow error in Embedded OpenType Font Engine in the way it decompresses files and contents that has malicious embedded fonts. To exploit this flaw, an attacker can take any of the following actions: (a) Create a webpage that contains specially crafted embedded fonts, and entice an attacker to visit his webpage or (b) Send an email with an attached Microsoft Office file containing a specially crafted embedded fonts and convince the user to open it.
Status: Vendor confirmed, updates available.
References:
- Microsoft Security Bulletin (MS10-001)
- http://www.microsoft.com/technet/security/Bulletin/MS10-001.mspx
- Wikipedia Article on Embedded OpenType
- http://en.wikipedia.org/wiki/Embedded_OpenType
- Vendor HomePage
- http://www.microsoft.com/windows/default.mspx
- SecurityFocus BID
- http://www.securityfocus.com/bid/37671

(2) CRITICAL: Adobe Reader and Acrobat Multiple Vulnerabilities
Affected:
- Adobe Reader version 9.2 and prior
- Adobe Acrobat version 9.2 and prior
Description: Adobe Acrobat is a program designed to create, manage and view Portable Document Format (PDF) and Adobe Reader is designed to only view and print PDF's. Both Adobe reader and Acrobat have been reported to have multiple vulnerabilities, which could be triggered by opening a specially crafted PDF file. The first issue is an array boundary error in the U3D module. The second issue is a use-after-free error in the Multimedia.api. The third issue is an integer overflow error in the U3D module. The fourth issue is an error in the 3D module which might allow attackers to load malicious DLLs. The fifth issue is an unspecified script injection vulnerability. The sixth issue is an unspecified memory corruption vulnerability. The seventh flaw is a null pointer dereference error which might lead to a denial-of-service condition. The eight flaw is a buffer overflow vulnerability in the Download Manager, and successful exploitation in this case might lead to arbitrary code execution. Note that the PDF documents are often opened automatically by the vulnerable application without the consent of the user. Some details for some of the vulnerabilities are publicly available.
Status: Vendor confirmed, updates available.
References:
- Adobe Security Advisory (APSB10-02)
- http://www.adobe.com/ support/security/bulletins/apsb10-02.html"> http://www.adobe.com/ support/security/bulletins/apsb10-02.html
- Vendor HomePage
- http://www.adobe.com/
- SecurityFocus BID's
- http://www.securityfocus.com/bid/37331
- http://www.securityfocus.com/bid/37756
- http://www.securityfocus.com/bid/37757
- http://www.securityfocus.com/bid/37758
- http://www.securityfocus.com/bid/37759
- http://www.securityfocus.com/bid/37760
- http://www.securityfocus.com/bid/37761
- http://www.securityfocus.com/bid/37763

(3) CRITICAL: Oracle Multiple Products Multiple Vulnerabilities (CPU Jan 2010)
Affected:
- Oracle Weblogic Server 10.3.1
- Oracle Weblogic Server 9.2
- Oracle Weblogic Server 9.1 GA
- Oracle Weblogic Server 9.0 GA
- Oracle Weblogic Server 8.1
- Oracle Weblogic Server 7.0
- Oracle Weblogic Server 10.3
- Oracle Weblogic Server 10
- Oracle Primavera P6 Web Services 6.2.1
- Oracle Primavera P6 Web Services 7.0
- Oracle Primavera P6 Enterprise Project Portfolio Management 6.2.1
- Oracle Primavera P6 Enterprise Project Portfolio Management 7.0
- Oracle Primavera P6 Enterprise Project Portfolio Management 6.1
- Oracle PeopleSoft Enterprise Human Capital Management 9.0
- Oracle PeopleSoft Enterprise Human Capital Management 8.9
- Oracle Oracle9i Standard Edition 9.2 .x
- Oracle Oracle9i Enterprise Edition 9.2 .8DV
- Oracle Oracle9i Enterprise Edition 9.2 .8.0
- Oracle Oracle11g Standard Edition 11.1 .7
- Oracle Oracle10g Standard Edition 10.x
- Oracle Oracle10g Enterprise Edition 10.x
- Oracle Oracle10g Application Server 10.x
- Oracle JRockit R27.x
- Oracle E-Business Suite 12
- Oracle E-Business Suite 11i 11.5.10.2
- Oracle Access Manager 10.1.4 .2
- Oracle Access Manager 7.0.4 .3
Description: Oracle has released a cumulative security patch for a wide range of its products on January 12, 2010. This Critical Patch Update contains 24 new security fixes across different products. Flaws addressed in this update include remote command execution vulnerabilities, denial of service issues, information disclosure vulnerabilities, SQL injection vulnerabilities, security restrictions bypass issues. There still are some issues whose impacts are yet unknown. Authentication is not required to exploit some of these vulnerabilities while for some authentication is required.
Status: Vendor confirmed, updates available.
References:
- Oracle Critical Patch Update (CPU January 2010)
- http://www.oracle.com /technology/deploy/security/critical-patch-updates/cpujan2010.html"> http://www.oracle.com /technology/deploy/security/critical-patch-updates/cpujan20
  10.html
- Zero Day Initiative Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-002
- Vendor Home Page
- http://www.oracle.com
- SecurityFocus BID's
- http://www.securityfocus.com/bid/37728
- http://www.securityfocus.com/bid/37729
- http://www.securityfocus.com/bid/37730
- http://www.securityfocus.com/bid/37731
- http://www.securityfocus.com/bid/37732
- http://www.securityfocus.com/bid/37733
- http://www.securityfocus.com/bid/37734
- http://www.securityfocus.com/bid/37735
- http://www.securityfocus.com/bid/37736
- http://www.securityfocus.com/bid/37737
- http://www.securityfocus.com/bid/37738
- http://www.securityfocus.com/bid/37739
- http://www.securityfocus.com/bid/37740
- http://www.securityfocus.com/bid/37741
- http://www.securityfocus.com/bid/37743
- http://www.securityfocus.com/bid/37744
- http://www.securityfocus.com/bid/37745
- http://www.securityfocus.com/bid/37746
- http://www.securityfocus.com/bid/37748
- http://www.securityfocus.com/bid/37750
- http://www.securityfocus.com/bid/37751

(4) CRITICAL: Microsoft Windows Flash Player Multiple Vulnerabilities
Affected:
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
Description: Adobe Flash Player 6, a browser plug-in used to play interactive content and video, was shipped with Windows XP and is reported to contain multiple vulnerabilities. One of the vulnerabilities is a use-after-free error in the Flash Player in the way it unloads Flash objects and it might lead to memory corruption. A specially crafted web page can be used to trigger this vulnerability. The other vulnerabilities are disclosed and fixed previously by Adobe Flash Player but note that the current version of Flash Player bundled in Windows XP is still vulnerable to them. Some technical details for some of the vulnerabilities are publicly available.
Status: Vendor confirmed, updates available.
References:
- Microsoft Security Advisory (979267)
- http://www.microsoft.com/technet/security/advisory/979267.mspx
- Secunia Research Advisory
- http://secunia.com/secunia_research/2007-77/
- Vendor HomePage
- http://www.microsoft.com/windows/default.mspx
- Secunia Advisory
- http://secunia.com/advisories/27105/

(5) HIGH: MIT Kerberos RC4 and AES Decryption Integer Underflow Vulnerabilities
Affected:
- MIT Kerberos 5.x
Description: MIT Kerberos is the reference implementation of the Kerberos authentication protocol, a protocol used for secure authentication across potentially insecure networks. Integer underflow vulnerabilities have been reported in the crypto libraries of the MIT Kerberos software and a specially crafted ciphertext can be used to trigger these issues. The specific flaw is caused by integer underflow errors in the RC4 and AES decryption operations while handling malicious ciphertexts. Successful exploitation might allow an attacker to execute arbitrary code. Full technical details for these vulnerabilities is publicly available via source code analysis.
Status: Vendors confirmed, updates available.
References:
- MIT Security Advisory
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt
- Wikipedia Article on the Kerberos Protocol
- http://en.wikipedia.org/wiki/Kerberos_(protocol)
- Product Home Page
- http://web.mit.edu/kerberos/www/
- SecurityFocus BID
- http://www.securityfocus.com/bid/37749

(6) HIGH: Novell iManager Buffer Overflow Vulnerability
Affected:
- Novell iManager prior to 2.7.3
Description: Novell iManager is a web-based administration console for various Novell products. A buffer overflow vulnerability has been reported in Novell iManager and it can be triggered by a specially crafted schema information. The specific flaw is in the way iManager handles importing and exporting of schema information. Specifically during importing and exporting, the sub-application does not do adequate bounds check on user-supplied data. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Some technical details for the vulnerability are publicly available.
Status: Vendors confirmed, updates available.
References:
- Novell Security Bulletin
- http://www.novell.com/support/viewContent.do?externalId=7004985&sliceId=1
- Zero Day Initiative Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-001/
- Product Home Page
- http://www.novell.com/products/consoles/imanager/features.html
- SecurityFocus BID
- http://www.securityfocus.com/bid/37672

(7) HIGH: PowerDNS Recursor Multiple Vulnerabilities
Affected:
- PowerDNS Recursor prior to 3.1.7.2
Description: PowerDNS is a popular cross-platform Domain Name System (DNS) server and PowerDNS Recursor is a resolving DNS server. Two Vulnerabilities have been reported in PowerDNS Recursor. The first flaw is a buffer overflow vulnerability caused by unspecified error and it can be triggered by specially crafted packets. Successful exploitation might lead to remote code execution. The second flaw is a spoofing vulnerability caused by unspecified errors and can be triggered by specially crafted zones. Successful exploitation might fool the affected application into accepting wrong data. No technical details are provided for these vulnerabilities.
Status: Vendors confirmed, updates available.
References:
- PowerDNS Security Advisories
- http://doc.powerdns.com/powerdns-advisory-2010-01.html
- http://doc.powerdns.com/powerdns-advisory-2010-02.html
- Wikipedia Article on PowerDNS
- http://en.wikipedia.org/wiki/PowerDNS
- Vendor Home Page
- http://www.powerdns.com/
- SecurityFocus BID's
- http://www.securityfocus.com/bid/37650
- http://www.securityfocus.com/bid/37653

(8) MODERATE: Apple Mac OS X Floating Point Memory Corruption Vulnerability
Affected:
- Apple Mac OS X 10.5
- Apple Mac OS X 10.6
Description: Apple Mac OS X, an operating system from Apple Inc, is exposed to a memory corruption vulnerability. The specific flaw is an error in the way "strtod()" function handles floating point numbers passed to it. A specially crafted flowing point number passed by an application to the "strtod()" function will trigger this vulnerability. Successful exploitation might allow an attacker to execute arbitrary code. Full technical details for this vulnerability are publicly available along with proof-of-concept.
Status: Vendors confirmed, updates available.
References:
- SecurityReason Advisory
- http://securityreason.com/achievement_securityalert/81
- Product Home Page
- http://www.apple.com/macosx/
- SecurityFocus BID
- http://www.securityfocus.com/bid/37687

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2010

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7833 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

10.3.1 - CVE: Not Available
Platform: Windows
Title: Kantaris Media Player ".m3u" File Remote Buffer Overflow
Description: Kantaris Media Player is a multimedia player available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a ".m3u" playlist file that contains excessive data. Kantaris Media Player version 0.5.6 is affected.
Ref: http://www.securityfocus.com/bid/37662

10.3.2 - CVE: Not Available
Platform: Windows
Title: TTPlayer ".m3u" File Remote Buffer Overflow
Description: TTPlayer is a multimedia player available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a ".m3u" playlist file that contains excessive data. TTPlayer version 5.6 Beta 3 is affected.
Ref: http://www.securityfocus.com/bid/37665

10.3.3 - CVE: CVE-2010-0018
Platform: Windows
Title: Microsoft Windows Embedded OpenType Font Engine LZCOMP Remote Code Execution
Description: Embedded OpenType (EOT) fonts are designed for use on webpages. EOT fonts can also be embedded in documents. Microsoft Windows is exposed to a remote code execution issue that affects EOT fonts. Specifically, an integer overflow issue occurs when decompressing content that contains a specially crafted Microtype Express font. This issue occurs in the LZCOMP decompressor provided by the "t2embed.dll" file. Ref: http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx

10.3.4 - CVE: CVE-2009-0689
Platform: Mac Os
Title: Mac OS X "libc/strtod(3)" Memory Corruption
Description: Mac OS X is exposed to a memory corruption issue because the software fails to properly bounds check data used as an array index. This issue affects the "dtoa" implementation in the "libc/gdtoa" and "libc/strtod(3)" libraries. Mac OS X versions 10.5 and 10.6 are affected.
Ref: http://securityreason.com/securityalert/6932

10.3.5 - CVE: CVE-2009-4145, CVE-2009-4144
Platform: Linux
Title: NetworkManager Connection Verification Bypass and Information Disclosure Vulnerabilities
Description: NetworkManager is an application used for automated networking on Linux platforms. The application is exposed to multiple issues. A security issue affects the application that may allow an attacker to disclose sensitive information. A security vulnerability affects the application because it facilitates connections to a network even after CA certificate of the network has been removed by the user. NetworkManager version 0.7.2 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=546795

10.3.6 - CVE: Not Available
Platform: Linux
Title: Skype Technologies Skype for Linux SED Remote Denial of Service
Description: Skype is peer-to-peer communications software that supports internet based voice communications. Skype is exposed to a remote denial of service issue because it fails to properly handle malformed content sent through the "Sed" feature ("sed" is a Unix-based command-line tool for editing text). Skype version 2.1 beta for Linux is affected.
Ref: http://www.securityfocus.com/bid/37599

10.3.7 - CVE: Not Available
Platform: Linux
Title: Linux Kernel "print_fatal_signal()" Local Information Disclosure
Description: The Linux kernel is exposed to a local information disclosure issue because it fails to properly sanitize data before writing to a logfile. Specifically, when the "print-fatal-signals" kernel option is enabled, user space applications can cause data located at an arbitrary memory location to be dumped to a logfile by attempting to jump to that location. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b45c6e76bc2c72f6426c14bed64fdcbc9bf37cb0

10.3.8 - CVE: CVE-2010-0014
Platform: Linux
Title: Fedora SSSD Kerberos Authentication Security Bypass
Description: Fedora SSSD provides a set of daemons to manage access to remote directories and other authentication mechanisms. The application is exposed to a security bypass issue. Specifically, when SSSD is configured to use Kerberos for authentication, any password can be accepted provided that the following conditions are met: 1) The affected computer is offline, and 2) The attacker has a valid Ticket Granting Ticket for the Kerberos realm configured with the "to" option set to "krb5_realm" in the attacker's credential file.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=553233

10.3.9 - CVE: Not Available
Platform: Linux
Title: Linux Kernel "ebtables" Security Bypass
Description: The Linux kernel is exposed to a security bypass issue that occurs because the kernel fails to properly restrict access using the "CAP_NET_ADMIN" capability check before allowing a user to set or modify the "ebtables" rules. The vulnerability exists in the "do_ebt_set_ctl()" and "do_ebt_get_ctl()" functions of the "net/bridge/netfilter/ebtables.c" file. Linux kernel versions prior to 2.6.33-rc4 are affected. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dce766af541f6605fa9889892c0280bab31c66ab

10.3.10 - CVE: Not Available
Platform: Solaris
Title: Sun OpenSolaris "hald" Daemon Unspecified
Description: OpenSolaris "hald" daemon is used to maintain a database of devices connected to a system in real time. The application is exposed to an unspecified issue. Exploitation of the issue may allow an attacker to prevent the application from writing audit logs even if the system is configured to do so. OpenSolaris versions snv_51 through snv_130 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-274830-1

10.3.11 - CVE: Not Available
Platform: Solaris
Title: Sun Solaris Trusted Extensions Missing Libraries Local Privilege Escalation
Description: Sun Solaris is exposed to a local privilege escalation issue that may also allow attackers to run arbitrary code with elevated privileges. This issue stems from an unspecified error and arises due to libraries which were not delivered with Solaris Trusted Extensions. Sun Solaris 10 for SPARC and x86 platforms is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-275410-1

10.3.12 - CVE: Not Available
Platform: Novell
Title: Novell NetWare CIFS and AFP Handling Remote Denial of Service Vulnerabilities
Description: Novell NetWare is a network operating system. NetWare is exposed to multiple remote denial of service issues. Specifically, the "CIFS.nlm Semantic Agent" and "AFPTCP.nlm Build" services fail to handle large quantities of "CIFS" (Common Internet File System) or "AFS" (Apple Filing Protocol) traffic. NetWare version 6.5 SP8 is affected.
Ref: http://www.securityfocus.com/archive/1/508731

10.3.13 - CVE: Not Available
Platform: Cross Platform
Title: PDF-XChange Viewer Remote Code Execution
Description: PDF-XChange Viewer is an application for handling PDF files. It is available for Windows. PDF-XChange Viewer is exposed to a remote code execution issue when handling malformed PDF files. The issue stems from an unspecified error in the "PDFXCview.exe" process and "XCShInfo.dll". The vulnerability arises when a user views, selects or hovers the mouse pointer over a malicious PDF file. All PDF-XChange Viewer and Viewer SDK versions prior to release 2.044 are affected.
Ref: http://www.docu-track.com/news/show/80

10.3.14 - CVE: Not Available
Platform: Cross Platform
Title: httpdx Space Character Remote File Disclosure
Description: httpdx is an HTTP server application available for Microsoft Windows. The HTTP component is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input. Specifically, an attacker can obtain the source code of a file by providing a "%20" character at the end of the filename in an HTTP request. httpdx version 1.5 is affected.
Ref: http://www.securityfocus.com/archive/1/508696

10.3.15 - CVE: Not Available
Platform: Cross Platform
Title: Gretech GOM Player ".asx" File Remote Denial of Service
Description: Gretech GOM Player is a multimedia player. The application is exposed to a remote denial of service vulnerability when handling specially crafted ".asx" files. Gretech GOM Player version 2.1.9 is affected.
Ref: http://www.securityfocus.com/bid/37592

10.3.16 - CVE: Not Available
Platform: Cross Platform
Title: S2 Security Linear eMerge Access Control System Authentication Bypass
Description: S2 Security Linear eMerge Access Control System is a control system for physical security devices. The system includes a web-based management console. The management console is exposed to an authentication bypass issue because it fails to restrict access to an unspecified script. S2 Security Linear eMerge Access Control System version 2.5.x is affected.
Ref: http://www.kb.cert.org/vuls/id/571629

10.3.17 - CVE: CVE-2009-4400, CVE-2009-4401
Platform: Cross Platform
Title: TYPO3 Parish Administration Database Extension Multiple Unspecified Vulnerabilities
Description: Parish Administration Database ("ste_parish_admin") is an extension for the TYPO3 content manager. The extension is exposed to a cross-site scripting issue and an SQL injection issue because it fails to properly sanitize user-supplied input. Parish Administration Database versions 0.1.3 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.18 - CVE: Not Available
Platform: Cross Platform
Title: PHPDirector Game Edition Multiple Input Validation Vulnerabilities
Description: PHPDirector Game Edition is a game management application. The application is exposed to multiple input validation issues: An HTML injection issue that affects the comment form of the "game.php" script, An SQL injection issue that affects the "id" parameter of the "game.php" script, and A local file include issue that affects the "lang" parameter of the "header.php" script. PHPDirector Game Edition version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/37639

10.3.19 - CVE: Not Available
Platform: Cross Platform
Title: MySQL 5.0.51a Unspecified Remote Code Execution
Description: MySQL is an open source SQL database available for multiple operating systems. MySQL 5.0.51a is exposed to an unspecified remote code execution issue. An attacker can leverage this issue to execute arbitrary code within the context of the vulnerable application. MySQL version 5.0.51a is affected.
Ref: http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html

10.3.20 - CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Web Server Unspecified Remote Code Execution
Description: Sun Java System Web Server is an HTTP server. Sun Java System Web Server is exposed to a remote code execution issue. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Sun Java System Web Server version 7.0 Update 6 is affected.
Ref: http://www.securityfocus.com/bid/37641

10.3.21 - CVE: Not Available
Platform: Cross Platform
Title: Visualization Library Multiple Unspecified Security Vulnerabilities
Description: Visualization Library is a C++ library for building 2-3D graphics applications. The library is exposed to multiple unspecified security issues.
Ref: http://visualizationlibrary.com/documentation/pagchangelog.html

10.3.22 - CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Web Server Information Disclosure
Description: Sun Java System Web Server is a web server available for multiple platforms. The application is exposed to a remote information disclosure issue. Sun Java System Web Server version 7.0U6 is affected.
Ref: http://www.securityfocus.com/bid/37648

10.3.23 - CVE: CVE-2009-4009
Platform: Cross Platform
Title: PowerDNS Recursor Buffer Overflow
Description: PowerDNS is a DNS nameserver available for various platforms. PowerDNS is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input before copying it into a fixed length buffer. This issue affects PowerDNS Recursor. Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.
Ref: http://doc.powerdns.com/powerdns-advisory-2010-01.html

10.3.24 - CVE: CVE-2009-4010
Platform: Cross Platform
Title: PowerDNS Recursor Remote Cache Poisoning
Description: PowerDNS is an open source DNS server. PowerDNS is exposed to a remote cache poisoning issue that occurs in the recursor when providing a specially crafted zone. An attacker can exploit this issue to divert data from a legitimate site to an attacker-specified site. PowerDNS versions 3.1.7.1 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/508743

10.3.25 - CVE: Not Available
Platform: Cross Platform
Title: FreeBSD ZFS ZIL Insecure File Permissions
Description: The ZFS Intent Log (ZIL) is a mechanism that gathers transactions of memory writes, and is flushed onto disk when synchronous semantics is necessary. ZIL is exposed to an insecure file permissions issue that arises when replaying a "setattr" transaction that can set insecure file attributes which may persist when a system crash or restart takes place.
Ref: http://www.securityfocus.com/bid/37657

10.3.26 - CVE: CVE-2010-0012
Platform: Cross Platform
Title: Transmission Arbitrary File Overwrite
Description: Transmission is a multi platform BitTorrent client. The application is exposed to an issue that may allow remote attackers to overwrite arbitrary local files. This issue occurs because the software fails to handle malformed data contained in a ".torrent" file. Specifically, the library fails to properly validate the "name" key used to specify file locations. Transmission versions prior to 1.77 are affected.
Ref: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625

10.3.27 - CVE: CVE-2009-3952
Platform: Cross Platform
Title: Adobe Illustrator Unspecified Buffer Overflow
Description: Adobe Illustrator is a graphics application available for Microsoft Windows and Mac OS X. Illustrator is exposed to an unspecified buffer overflow issue. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the affected application. Illustrator versions CS3 and CS4 are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-01.html

10.3.28 - CVE: Not Available
Platform: Cross Platform
Title: Juniper Networks JUNOS Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities
Description: Juniper Networks JUNOS is exposed to a remote denial of service issue that occurs when processing specially crafted TCP packets. Specifically, this issue occurs because of improper handling of TCP option fields. JUNOS firewall filters will not filter these packets, which will cause network device kernels to crash. JUNOS is also exposed to six other unspecified security vulnerabilities. These issues may include privilege escalation or denial of service issues. JUNOS versions 7.x, 8.x, and 9.x are affected. Ref: http://praetorianprefect.com/archives/2010/01/junos-juniper-flaw-exposes-core-routers-to-kernal-crash/

10.3.29 - CVE: Not Available
Platform: Cross Platform
Title: IBM Lotus Domino Web Access Multiple Unspecified Security Vulnerabilities
Description: IBM Lotus Domino Web Access or iNotes facilitates web access to Domino based mail, calendar, schedule, to-do lists, contact lists, and notebooks for Lotus Domino users. The application is exposed to multiple issues: an unspecified security issue that exists in "ultra-light" edit contact scene, an unspecified security issue when script commands are present in URL for status alerts in "ultra-light", and an unspecified security issue when using "Try Lotus iNotes anyway" link in unsupported browser page. IBM Lotus Domino Web Access version 8.0.2 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27017776

10.3.30 - CVE: Not Available
Platform: Cross Platform
Title: Multiple ACDSee Products "XMB" File Remote Buffer Overflow
Description: ACDSee products are applications designed to manage and edit digital photographs. Multiple ACDSee applications are exposed to a remote buffer overflow issue because they fail to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing a malformed "XMB" (X Bitmap) file. Successful exploits may allow remote attackers to execute arbitrary code in the context of the application.
Ref: http://www.securityfocus.com/archive/1/508817

10.3.31 - CVE: CVE-2009-0689
Platform: Cross Platform
Title: MATLAB "dtoa" Implementation Memory Corruption
Description: MATLAB is a high level language used for computationally intensive tasks. MATLAB is exposed to a memory corruption issue because the software fails to properly bounds check data used as an array index. This issue affects the "dtoa" implementation. MATLAB version R2009b is affected.
Ref: http://securityreason.com/achievement_securityalert/80

10.3.32 - CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Directory Server "core_get_proxyauth_dn" Denial of Service
Description: Sun Java System Directory Server is an LDAP (Lightweight Directory Access Protocol) server distributed with Directory Server 7.0 Enterprise Edition. Directory Server is exposed to a denial of service issue that affects the "ns-slapd" process. The issue arises in the "core_get_proxyauth_dn" function and stems from a NULL pointer dereference issue when processing specially crafted LDAP requests. Directory Server version 7.0 is affected.
Ref: http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html

10.3.33 - CVE: Not Available
Platform: Cross Platform
Title: RealNetworks RealPlayer ".rm" File Malformed URI Remote Denial of Service
Description: RealNetworks RealPlayer is an application that allows users to play various media formats. The application is exposed to a remote denial of service issue because it fails to handle ".rm" files containing a specially crafted URI. RealPlayer version 12.0.0.343 is affected.
Ref: http://www.securityfocus.com/bid/37704

10.3.34 - CVE: CVE-2009-4487
Platform: Cross Platform
Title: nginx Terminal Escape Sequence in Logs Command Injection
Description: The "nginx" program is an HTTP server and mail proxy server. The software is exposed to a command injection issue because it fails to adequately sanitize user-supplied input in logfiles. Specifically, the software fails to properly filter escape sequences before writing to logfiles. nginx version 0.7.64 is affected.
Ref: http://www.securityfocus.com/archive/1/508830

10.3.35 - CVE: CVE-2009-4494
Platform: Cross Platform
Title: AOLServer Terminal Escape Sequence in Logs Command Injection
Description: AOLServer is an open source web server. AOLServer is exposed to a command injection issue because it fails to adequately sanitize user-supplied input in log files. AOLServer version 4.5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/508830

10.3.36 - CVE: CVE-2009-4489
Platform: Cross Platform
Title: Cherokee Terminal Escape Sequence in Logs Command Injection
Description: Cherokee is an HTTP web server available for multiple platforms. Cherokee is exposed to a command injection issue because it fails to adequately sanitize user-supplied input in log files. Cherokee versions 0.99.30 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/508830

10.3.37 - CVE: Not Available
Platform: Cross Platform
Title: Yaws Terminal Escape Sequence in Logs Command Injection
Description: Yaws (Yet Another Web Server) is an HTTP server for Unix and Linux platforms. The application is exposed to a command injection issue because it fails to adequately sanitize user-supplied input in log files. Yaws version 1.85 is affected.
Ref: http://www.securityfocus.com/archive/1/508830

10.3.38 - CVE: CVE-2009-4490, CVE-2009-4491
Platform: Cross Platform
Title: Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection
Description: Acme "thttpd" and "mini_httpd" are web server applications. The applications are exposed to a command injection issue because they fail to adequately sanitize user-supplied input in log files. thttpd version 2.25b and mini_httpd version 1.19 is affected.
Ref: http://www.securityfocus.com/archive/1/508830

10.3.39 - CVE: CVE-2009-4493
Platform: Cross Platform
Title: Orion Application Server Terminal Escape Sequence in Logs Command Injection
Description: Orion Application Server is a Java-based application server. Orion Application Server is exposed to a command injection issue because it fails to adequately sanitize user-supplied input in log files. Orion Application Server version 2.0.7 is affected.
Ref: http://www.securityfocus.com/archive/1/508830

10.3.40 - CVE: CVE-2009-4496
Platform: Cross Platform
Title: Boa Web Server Terminal Escape Sequence in Logs Command Injection
Description: Boa Web server is a single-tasking HTTP web server. Boa Web server is exposed to a command injection issue because it fails to adequately sanitize user-supplied input in log files. Boa Web Server version 0.94.14rc21 is affected.
Ref: http://www.securityfocus.com/archive/1/508830

10.3.41 - CVE: Not Available
Platform: Cross Platform
Title: UDisk Password Field Remote Denial of Service
Description: UDisk is an FTP server application available for Apple iPod Touch or iPhone. UDisk is exposed to a remote denial of service issue because the application fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling an excessively large password field.
Ref: http://www.securityfocus.com/bid/37722

10.3.42 - CVE: Not Available
Platform: Cross Platform
Title: Open Handset Alliance Android Screen Lock Security Bypass
Description: Android from Open Handset Alliance (previously Google Android) is a software stack and operating system for mobile phones. Android is exposed to a security bypass issue because the screen lock may be bypassed. Android version 2.0.1 running on the Motorola Droid phone is affected.
Ref: http://www.securityfocus.com/bid/37723

10.3.43 - CVE: Not Available
Platform: Cross Platform
Title: TurboFTP "DELE" FTP Command Remote Buffer Overflow
Description: TurboFTP is an FTP server application. TurboFTP is exposed to a remote buffer overflow issue. Specifically, the issue occurs when an overly large string is passed to the "DELE" FTP command. TurboFTP version 1.00.712 is affected. Ref: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-004-turboftp-server-1-00-712-dos/

11.1.0.7 - CVE: CVE-2010-007110.1.0.5, and are affected.Ref:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Platform: Cross Platform
Title: Oracle Database CVE-2010-0071 Remote Listener
Description: Oracle Database is prone to a remote vulnerability in Listener. The vulnerability can be exploited over the "Oracle Net" protocol. An attacker does not require privileges to exploit this vulnerability. Oracle Database versions: 9.2.0.8, 9.2.0.8DV,

10.2.0.3 - CVE: CVE-2009-341510.1.0.5 and are affected.Ref:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Platform: Cross Platform
Title: Oracle Database CVE-2009-3415 OLAP Remote Unspecified
Description: Oracle Database is prone to a remote vulnerability in Oracle OLAP. The vulnerability can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "Create Session" privileges. Oracle Database versions: 9.2.0.8, 9.2.0.8DV,

10.3.47 - CVE: CVE-2009-3416
Platform: Cross Platform
Title: Oracle E-Business Suite CVE-2009-3416 Oracle Application Object Library Remote
Description: Oracle E-Business Suite is exposed to a remote issue in Oracle Application Object Library. The vulnerability can be exploited over the "HTTP" protocol. An attacker does not require privileges to exploit this vulnerability. This vulnerability affects the following supported versions: 11.5.10.2, 12.0.6 and 12.1.1. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.1.2.3 - CVE: CVE-2009-341210.1.0.5 and Oracle Application Server version are affected.Ref:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Platform: Cross Platform
Title: Oracle Database and Application Server CVE-2009-3412 Local Unzip
Description: Oracle Database and Application Server are exposed to a local issue in Unzip. Oracle Database versions 9.2.0.8, 9.2.0.8DV and

10.3.49 - CVE: CVE-2010-0080
Platform: Cross Platform
Title: Oracle PeopleSoft Enterprise HCM CVE-2010-0080 Remote eProfile
Description: Oracle PeopleSoft Enterprise Human Capital Management is exposed to a remote issue in PeopleSoft Enterprise HCM - eProfile. The issue can be exploited over the "HTTP" protocol. Oracle PeopleSoft Enterprise versions 8.9 Bundle #21 and 9.0 Bundle #11 are affected. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.3.50 - CVE: CVE-2010-0072
Platform: Cross Platform
Title: Oracle Database CVE-2010-0072 Oracle Secure Backup Remote Code Execution
Description: Oracle Database is exposed to a remote code execution issue in Oracle Secure Backup. The vulnerability can be exploited over the "HTTP" protocol. Specifically, the Secure Backup Services daemon "observiced.exe" fails to properly bounds check reverse lookups of connections to TCP port 10000. Oracle Database version 10.2.0.3 is affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-002/

10.3.51 - CVE: CVE-2010-0076
Platform: Cross Platform
Title: Oracle Application Express CVE-2010-0076 Remote Application Express Application Builder
Description: Oracle Application Express is exposed to a remote issue in Application Express Application Builder. The issue can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Developer account in the Application Builder" privileges. Oracle Application Express version 3.2.1.00.10 is affected. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

12.1.1 - CVE: CVE-2010-007512.0.6 and are affected.Ref:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Platform: Cross Platform
Title: Oracle E-Business Suite CVE-2010-0075 Remote Oracle HRMS (Self Service)
Description: Oracle E-Business Suite is exposed to a remote issue in Oracle HRMS (Self Service). The vulnerability can be exploited over the "HTTP" protocol. Oracle E-Business Suite versions 11.5.10.2,

10.3.53 - CVE: CVE-2010-0069
Platform: Cross Platform
Title: Oracle Weblogic Server CVE-2010-0069 Unspecified Remote
Description: Oracle Weblogic Server is exposed to a remote issue that can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Web Services" privileges. Oracle Weblogic Server versions 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 are affected. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.3.55 - CVE: CVE-2010-0066
Platform: Cross Platform
Title: Oracle Application Server CVE-2010-0066 Access Manager Identity Server Remote
Description: Oracle Application Server is exposed to a remote issue in Access Manager Identity Server. The vulnerability can be exploited over the "HTTP" protocol. Oracle Application Server versions 7.0.4.3 and 10.1.4.2 are affected. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.3.56 - CVE: CVE-2010-0078
Platform: Cross Platform
Title: Oracle WebLogic Server CVE-2010-0078 Remote WebLogic Server
Description: Oracle WebLogic Server is exposed to a remote issue in WebLogic Server. The vulnerability can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Servlet Container Package" privileges. Oracle WebLogic Server versions 9.0, 9.1, 9.2MP3, 10.0MP2 and 10.3.1 are affected. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.3.57 - CVE: CVE-2009-3411
Platform: Cross Platform
Title: Oracle Database CVE-2009-3411 Remote Oracle Data Pump
Description: Oracle Database is exposed to a remote issue in Oracle Data Pump. The vulnerability can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "Create Session" privileges. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.3.58 - CVE: CVE-2010-007010.1.3.4 are affected.Ref:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Platform: Cross Platform
Title: Oracle Application Server CVE-2010-0070 Remote Oracle Containers for J2EE
Description: Oracle Application Server is exposed to a remote issue in Oracle Containers for J2EE. The vulnerability can be exploited over the "HTTP" protocol. Oracle Application Server versions 10.1.2.3 and

12.1.2 - CVE: CVE-2010-007712.0.6 and are affected.Ref:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Platform: Cross Platform
Title: Oracle E-Business Suite CVE-2010-0077 CRM Technical Foundation (mobile) Remote
Description: Oracle E-Business Suite is exposed to a remote issue in CRM Technical Foundation (mobile). The vulnerability can be exploited over the "HTTP" protocol. Oracle E-Business Suite versions 11.5.10.2,

10.3.60 - CVE: CVE-2009-3410
Platform: Cross Platform
Title: Oracle Database CVE-2009-3410 Remote RDBMS
Description: Oracle Database is exposed to a remote issue in RDBMS. The vulnerability can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "Create Session" privileges. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.3.61 - CVE: CVE-2010-0068
Platform: Cross Platform
Title: Oracle WebLogic Server CVE-2010-0068 Remote WebLogic Server
Description: Oracle WebLogic Server is prone to a remote vulnerability. The vulnerability can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Web Services" privileges. Oracle WebLogic Server versions 9.0,9.1, 9.2MP2 and 10.0 are affected. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.3.62 - CVE: CVE-2009-4212
Platform: Cross Platform
Title: MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
Description: MIT Kerberos is a suite of applications and libraries designed to implement the Kerberos network authentication protocol. MIT Kerberos is exposed to multiple integer underflow issues because it fails to properly handle malformed encrypted data. Specifically, integer underflow errors can be triggered by malformed AES and RC4 encrypted data that fails to meet the minimum length required of valid encrypted data. Kerberos versions prior to 5 1.6.4 and 1.7.1 are affected.
Ref: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt

10.1.3.4 - CVE: CVE-2010-006710.1.2.3 and are affected.Ref:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Platform: Cross Platform
Title: Oracle Application Server CVE-2010-0067 Remote Oracle Containers for J2EE
Description: Oracle Application Server is exposed to a remote vulnerability in Oracle Containers for J2EE. The vulnerability can be exploited over the "HTTP" protocol. Oracle Application Server versions

10.3.64 - CVE: CVE-2010-0074
Platform: Cross Platform
Title: Oracle WebLogic Server CVE-2010-0074 Remote
Description: Oracle WebLogic Server is exposed to a remote issue that can be exploited over the "HTTP" protocol. For an exploit to succeed, the attacker must have "Servlet Container Package" privileges. Oracle WebLogic Server versions 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 are affected. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

10.3.65 - CVE: Not Available
Platform: Cross Platform
Title: Adobe Flash Player 6 Multiple Remote Code Execution Vulnerabilities
Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Flash Player 6 is exposed to multiple remote code execution issues: multiple unspecified remote code execution vulnerabilities, and an unspecified heap based memory corruption vulnerability that affects the "flash.ocx" and "flash6.ocx" ActiveX controls.
Ref: http://www.microsoft.com/err/technet/security/advisory/979267

10.3.66 - CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Identity Manager Privilege Escalation
Description: Sun Java System Identity Manager is used to provide role based user provisioning. The application is exposed to a privilege escalation issue. Attackers may exploit the issue to gain administrator privileges when the application is configured with Sun Java System Access Manager, OpenSSO Enterprise 8.0 or IBM Tivoli Access Manager. Sun Java System Identity Manager version 8.1 is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1

10.3.67 - CVE: CVE-2009-3959
Platform: Cross Platform
Title: Adobe Reader and Acrobat U3D Support Remote Code Execution
Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue because they fail to properly handle certain U3D support data.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-02.html

10.3.68 - CVE: CVE-2009-3955
Platform: Cross Platform
Title: Adobe Reader and Acrobat JpxDecode Memory Corruption
Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue when handling specially crafted PDF files. Specifically, an integer overflow occurs when processing a "JPC_MS_RGN" marker in the Jp2c stream of a JpxDecode encoded data stream within a PDF file. Adobe Reader and Acrobat versions 9.2 and earlier are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-02.html

10.3.69 - CVE: CVE-2009-3953
Platform: Cross Platform
Title: Adobe Reader and Acrobat U3D Remote Code Execution
Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue when handling specially crafted PDF files. Specifically the vulnerability occurs due to an array boundary condition error in the U3D support. Adobe Reader and Acrobat 9.2 and earlier versions are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-02.html

10.3.70 - CVE: Not Available
Platform: Cross Platform
Title: Adobe Reader and Acrobat Download Manager Remote Code Execution
Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue because they fail to perform boundary checks prior to copying user-supplied data into process buffers which may cause memory to become corrupted due to a buffer overflow. Specifically, the Download Manager component is vulnerable.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-02.html

10.3.71 - CVE: CVE-2009-3957
Platform: Cross Platform
Title: Adobe Reader and Acrobat Null Pointer Dereference Denial of Service
Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Reader and Acrobat are exposed to a denial of service issue that arises due to a null pointer dereference when handling malformed PDF documents. Successful exploits may allow the attacker to crash the affected applications, denying service to legitimate users.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-02.html

10.3.72 - CVE: Not Available
Platform: Cross Platform
Title: Adobe Reader and Acrobat DLL Loading in 3D Remote Code Execution
Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote code execution issue when handling specially crafted PDF files. Specifically the issue is related to DLL-loading in 3D. Adobe Reader and Acrobat versions 9.2 and earlier are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-02.html

10.3.73 - CVE: CVE-2009-3956
Platform: Cross Platform
Title: Adobe Reader and Acrobat Remote Security Bypass
Description: Adobe Reader and Acrobat are applications for handling PDF files. The applications are exposed to a remote security bypass issue because of an unspecified input validation error.
Ref: http://www.adobe.com/support/security/bulletins/apsb10-02.html

10.3.74 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Discuz! Multiple Cross-Site Scripting Vulnerabilities
Description: Discuz! is web-based forum software. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "post.php": "pid" and "misc.php": "tid". Discuz! version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/37573

10.3.75 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SLAED CMS "stop" Parameter Cross-Site Scripting
Description: SLAED CMS is a PHP-based content manager. SLAED CMS is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "stop" parameter of the "index.php" script. SLAED CMS version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/37574

10.3.76 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: pL-PHP "index.php" Cross-Site Scripting
Description: pL-PHP is a web-based application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "index.php" script. pL-PHP version 0.9 beta is affected.
Ref: http://www.securityfocus.com/bid/37593

10.3.77 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Private Messaging Module for XOOPS "op" Parameter Cross Site Scripting
Description: Private Messaging is a PHP-based component for the XOOPS content manager. The component is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "op" parameter of the "modules/pm/readpmsg.php" script before using it in dynamically generated content.
Ref: http://www.xoops.org/modules/news/article.php?storyid=5178

10.3.78 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WMNews "admin/wmnews.php" Cross-Site Scripting
Description: WMNews is a web-based application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "admin/wmnews.php" script.
Ref: http://packetstormsecurity.org/1001-exploits/wmnews-xss.txt

10.3.79 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MercuryBoard "index.php" Cross-Site Scripting
Description: MercuryBoard is a web-based application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "index.php" script. MercuryBoard version 1.1.5 is affected.
Ref: http://www.securityfocus.com/bid/37605

10.3.80 - CVE: CVE-2009-4497
Platform: Web Application - Cross Site Scripting
Title: LXR Cross Referencer Multiple Cross-Site Scripting Vulnerabilities
Description: LXR Cross Referencer is web-based application for source code management. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. One of the issues affects the "i" parameter in the "/ident" script. Other parameters and scripts may also be affected. LXR Cross Referencer versions 0.9.5 and 0.9.6 are affected. Ref: http://sourceforge.net/mailarchive/message.php?msg_name=E1NS2s4-0001PE-F2%403bkjzd1.ch3.sourceforge.com

10.3.81 - CVE: CVE-2009-4336
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Diocese of Portsmouth Calendar Cross-Site Scripting
Description: TYPO3 Diocese of Portsmouth Calendar is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.82 - CVE: CVE-2009-4340
Platform: Web Application - Cross Site Scripting
Title: TYPO3 No indexed Search Cross-Site Scripting
Description: TYPO3 No indexed Search is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. No indexed Search versions 0.2.0 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.83 - CVE: CVE-2009-4344
Platform: Web Application - Cross Site Scripting
Title: TYPO3 ZID Linkliste Cross-Site Scripting
Description: TYPO3 ZID Linkliste is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. TYPO3 ZID Linkliste versions 1.0.0 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.84 - CVE: CVE-2009-4345
Platform: Web Application - Cross Site Scripting
Title: TYPO3 vShoutbox Cross-Site Scripting
Description: TYPO3 vShoutbox is an extension for the TYPO3 content manager. The extension is expsoed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. vShoutbox version 0.0.1 is affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.85 - CVE: CVE-2009-4391
Platform: Web Application - Cross Site Scripting
Title: TYPO3 File list Cross-Site Scripting
Description: TYPO3 File list ("dr_blob") is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. File list version 2.1.1 is affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.86 - CVE: CVE-2009-4397
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Diocese of Portsmouth Resources Database Cross-Site Scripting
Description: TYPO3 Diocese of Portsmouth Resources Database is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Diocese of Portsmouth Resources Database versions 0.1.1 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.87 - CVE: CVE-2009-4343
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Training Company Database Cross-Site Scripting
Description: TYPO3 Training Company Database is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. TYPO3 Training Company Database version 0.4.7 is affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.88 - CVE: CVE-2009-4345
Platform: Web Application - Cross Site Scripting
Title: TYPO3 vShoutbox Cross-Site Scripting
Description: TYPO3 vShoutbox is an extension for the TYPO3 content manager. The extension is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. TYPO3 vShoutbox version 0.0.1 is affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.89 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: D-LINK DKVM-IP8 "auth.asp" Cross-Site Scripting
Description: D-LINK DKVM-IP8 is a KVM hardware device that includes an embedded web server and web-based administration interface. The device's web interface is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "nickname" parameter of the "auth.asp" script.
Ref: http://www.securityfocus.com/bid/37646

10.3.90 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RoundCube Webmail Cross-Site Scripting
Description: RoundCube Webmail is a web-based IMAP client. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "program/steps/error.inc" script.
Ref: http://www.securityfocus.com/bid/37654

10.3.91 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DevWorx BlogWorx "forum.asp" Cross-Site Scripting
Description: BlogWorx is a weblog application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "ofdisp" parameter of the "forum.asp" script. BlogWorx version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/37695

10.3.92 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DigitalHive "mt" Parameter Cross-Site Scripting
Description: DigitalHive is PHP-based forum software. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "mt"parameter of the "base.php" script.
Ref: http://www.securityfocus.com/bid/37697

10.3.93 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DeltaScripts PHP Links "email" Parameter Cross-Site Scripting
Description: DeltaScripts PHP Links is a link manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "email" parameter of the "login.php" script. DeltaScripts PHP Links version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/37700

10.3.94 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jamit Job Board "post_id" Parameter Cross-Site Scripting
Description: Jamit Job Board is a PHP-based job board application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "post_id" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/37701

10.3.95 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: @lex Guestbook Multiple Cross-Site Scripting Vulnerabilities
Description: @lex Guestbook is a guestbook application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "seeMess" and "seeNotes" parameters of the "index.php" script. @lex Guestbook version 5.0.2 is affected.
Ref: http://www.securityfocus.com/bid/37706

10.3.96 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Active Calendar "$_SERVER["PHP_SELF"]" Variable Multiple Cross- Site Scripting Vulnerabilities
Description: Active Calendar is a web-based calendar application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input included in the "$_SERVER["PHP_SELF"]" PHP global variable when the "enableYearNav()", "enableMonthNav()", "enableDayLinks()", and "enableDatePicker()" functions provided by the "activeCalendar" class are called without supplying the "$link" parameter. Active Calendar version 1.2.0 is affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0174.html

10.3.97 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PhPepperShop "USER_ARTIKEL_HANDLING_AUFRUF.php" Cross-Site Scripting
Description: PhPepperShop is an e-commerce application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "darstellen" parameter of the "USER_ARTIKEL_HANDLING_AUFRUF.php" script. PhPepperShop version 2.5 is affected.
Ref: http://www.securityfocus.com/bid/37707

10.3.98 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Docmint "id" Parameter Cross-Site Scripting
Description: Docmint is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "id" parameter of the "index.php" script. Docmint version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/37721

10.3.99 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Simple PHP Blog "search.php" Cross-Site Scripting
Description: Simple PHP Blog is a web-log application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "q" parameter of the "search.php" script. Simple PHP Blog version 0.5.11 is affected.
Ref: http://www.securityfocus.com/bid/37752

10.3.100 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Zope "standard_error_message" Cross-Site Scripting
Description: Zope is a content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied unspecified input. The issue is related to the "standard_error_message" template. Zope versions prior to 2.12.3, 2.11.6, 2.10.11, 2.9.12, and 2.8.12 are affected. Ref: https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html

10.3.101 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Jobads "type" Parameter SQL Injection
Description: Jobads application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "type" parameter of the "com_jobads" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37686

10.3.102 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_aprice" Component "analog" Parameter SQL Injection
Description: The "com_aprice" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "analog" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37575

10.3.103 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_avosbillets" Component "id" Parameter SQL Injection
Description: The "com_avosbillets" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37576

10.3.104 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Module for Alfresco "id_pan" Parameter SQL Injection
Description: Joomla! Module for Alfresco ("com_alfresco") is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_pan" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37578

10.3.105 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: joomlabamboo JB Simpla Joomla! Template "id" Parameter SQL Injection
Description: JB Simpla is a PHP-based template for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of "com_content" before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37579

10.3.106 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! BF Survey Pro "catid" Parameter SQL Injection
Description: The BF Survey Pro application is a survey component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37584

10.3.107 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_tpjobs" Component "id_c[]" Parameter SQL Injection
Description: The "com_tpjobs" application is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_c[]" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37591

10.3.108 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_otzivi" Component "Itemid" Parameter SQL Injection
Description: The "com_otzivi" application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37595

10.3.109 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS "include/notification_update.php" SQL Injection
Description: XOOPS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "not_list" parameter of the "include/notification_update.php" script before using it in an SQL query. XOOPS versions prior to 2.4.3 are affected.
Ref: http://www.xoops.org/modules/news/article.php?storyid=5178

10.3.110 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Shape5 Bridge of Hope Template for Joomla! "id" Parameter SQL Injection
Description: Bridge of Hope is a PHP-based template for the Joomla! content manager. The template is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "bridgeofhope/index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37602

10.3.111 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: "com_doqment" Joomla! Component "cid" Parameter SQL Injection
Description: The "com_doqment" application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "com_doqment" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37606

10.3.112 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: WP Events Calendar Plugin for WordPress "event_id" Parameter SQL Injection
Description: WordPress is a web-based publishing application implemented in PHP. The WP Events Calendar plugin provides a calendar for WordPress. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "event_id" parameter of the "[Plugins]/index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37607

10.3.113 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! J-Projects Component "project" Parameter SQL Injection
Description: The J-Projects application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "project" parameter of the "com_j-projects" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37608

10.3.114 - CVE: CVE-2009-4337
Platform: Web Application - SQL Injection
Title: TYPO3 Diocese of Portsmouth Calendar Unspecified SQL Injection
Description: Diocese of Portsmouth Calendar is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Diocese of Portsmouth Calendar versions 0.4.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.115 - CVE: CVE-2009-4340
Platform: Web Application - SQL Injection
Title: TYPO3 No indexed Search Unspecified SQL Injection
Description: TYPO3 "No indexed Search" is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. No indexed Search versions 0.2.0 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.116 - CVE: CVE-2009-4339
Platform: Web Application - SQL Injection
Title: TYPO3 Subscription Extension Unspecified SQL Injection
Description: TYPO3 Subscription ("mf_subscription") is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 Subscription version 0.2.2 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.117 - CVE: CVE-2009-4342
Platform: Web Application - SQL Injection
Title: TYPO3 Job Exchange Unspecified SQL Injection
Description: Job Exchange is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Job Exchange versions 0.0.3 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.118 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! jEmbed Component "catid" Parameter SQL Injection
Description: jEmbed is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_jembed" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37627

10.3.119 - CVE: CVE-2009-4396
Platform: Web Application - SQL Injection
Title: TYPO3 Diocese of Portsmouth Resources Database Unspecified SQL Injection
Description: TYPO3 Diocese of Portsmouth Resources Database is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Diocese of Portsmouth Resources Database versions 0.1.1 and prior versions are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.120 - CVE: CVE-2009-4392
Platform: Web Application - SQL Injection
Title: TYPO3 XDS Staff List Unspecified SQL Injection
Description: TYPO3 XDS Staff List ('xds_staff') is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. XDS Staff List versions 0.0.3 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.121 - CVE: CVE-2009-4393
Platform: Web Application - SQL Injection
Title: TYPO3 Document Directory Unspecified SQL Injection
Description: Document Directory ("danp_documentdirs") is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Document Directory versions 1.10.7 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.122 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Snitz Forums 2000 "X-Forwarded-For" SQL Injection
Description: Snitz Forums 2000 is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "X-Forwarded-For" HTTP header before using it in an SQL query in the "inc_func_common.asp" script. Snitz Forums 2000 version 3.4.07 is affected.
Ref: http://www.securityfocus.com/bid/37637

10.3.123 - CVE: CVE-2009-4338
Platform: Web Application - SQL Injection
Title: TYPO3 Flash SlideShow Extension Unspecified SQL Injection
Description: Flash SlideShow is an extension for the TYPO3 content manager. The extension is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Flash SlideShow version 0.2.2 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.124 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_perchagallery" Component "id" Parameter SQL Injection
Description: The "com_perchagallery" application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter when the "view" parameter is set to "editunidad" before using the data in an SQL query.
Ref: http://www.securityfocus.com/bid/37642

10.3.125 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: "com_kk" Joomla! Component "kat" Parameter SQL Injection
Description: The "com_kk" application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kat" parameter of the "com_kk" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37645

10.3.126 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! DM Orders Component "id" Parameter SQL Injection
Description: The DM Orders application is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_dm_orders" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37655

10.3.127 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Document Seller for Docman "id" Parameter SQL Injection
Description: Document Seller for Docman is a PHP-based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter when "task" parameter is set to "order_form" and the "payment_method" parameter is set to "Paypal". Document Seller for Docman version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/37660

10.3.128 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: dotProject 2.1.3 Multiple SQL Injection and HTML Injection Vulnerabilities
Description: dotProject is a PHP-based web application. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple issues. The attacker may exploit these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. dotProject version 2.1.3 is affected.
Ref: http://www.madirish.net/?article=444

10.3.129 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Live Chat Joomla! Component "last" Parameter SQL Injection
Description: Live Chat is a PHP-based component for the Joomla! content manager. Live Chat is expsoed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "last" parameter of the "com_livechat" component before using it an SQL query.
Ref: http://www.securityfocus.com/bid/37681

10.3.130 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Links "index.php" SQL Injection
Description: DeltaScripts PHP Links is a web-based link directory. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37683

10.3.131 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpMDJ "profile.php" SQL Injection
Description: phpMDJ is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "profile.php" script before using it in an SQL query. phpMDJ version 1.0.3 is affected.
Ref: http://www.securityfocus.com/bid/37698

10.3.132 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Classifieds "rate.php" SQL Injection
Description: DeltaScripts PHP Classifieds is a PHP-based application for online advertisements. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "rate.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37684

10.3.133 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: ZeeWays eBay Clone Auction Script "product_desc.php" SQL Injection
Description: ZeeWays eBay Clone Auction Script is a web-based auction application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "product_desc.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37702

10.3.134 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: ProArcadeScript "id" Parameter SQL Injection
Description: ProArcadeScript is a PHP-based script for arcade sites. ProArcadeScript is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "game.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/37703

10.3.135 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Novell ZENWorks Asset Management SQL Injection
Description: Novell ZENWorks Asset Management is used to manage IT assets in an organization. The application is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. Novell ZENWorks Asset Management version 7.5 is affected.
Ref: http://www.novell.com/support/viewContent.do?externalId=7005128

10.3.136 - CVE: Not Available
Platform: Web Application
Title: CARTwebERP Joomla! Component "controller" Parameter Local File Include
Description: The CARTwebERP application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
Ref: http://www.securityfocus.com/bid/37581

10.3.137 - CVE: Not Available
Platform: Web Application
Title: Bible Study Joomla! Component "controller" Parameter Local File Include
Description: The Bible Study ("com_biblestudy") application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of "com_biblestudy". Bible Study version 6.1 is affected.
Ref: http://www.securityfocus.com/bid/37583

10.3.138 - CVE: Not Available
Platform: Web Application
Title: BF Survey Pro Joomla! Component "controller" Parameter Local File Include
Description: The BF Survey Pro application is a survey component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter.
Ref: http://www.securityfocus.com/bid/37584

10.3.139 - CVE: Not Available
Platform: Web Application
Title: BLOG:CMS Comment Editing HTML Injection
Description: BLOG:CMS is a content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before displaying it in a browser. Specifically, this issue occurs when editing a comment. BLOG:CMS versions prior to 4.2.1e are affected.
Ref: http://www.securityfocus.com/bid/37587

10.3.140 - CVE: Not Available
Platform: Web Application
Title: Dailymeals Joomla! Component "controller" Parameter Local File Include
Description: The Dailymeals application is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_dailymeals" component.
Ref: http://www.securityfocus.com/bid/37596

10.3.141 - CVE: Not Available
Platform: Web Application
Title: IMAGIN "writeToFile.php" Multiple Remote Command Execution Vulnerabilities
Description: IMAGIN is a flash photo gallery. IMAGIN is exposed to multiple issues that attackers can leverage to execute arbitrary commands. These issues occur because the software fails to adequately sanitize user-supplied input to the "path" and "raw_data" parameters in the "scripts_ralcr/filesystem/writeToFile.php" script. IMAGIN 3 beta 5 is affected.
Ref: http://www.securityfocus.com/bid/37598

10.3.142 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_cartikads" Component Arbitrary File Upload
Description: The "com_cartikads" application is a PHP-based component for the Joomla! content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize file extensions before uploading the file to the web server through the "uploadimage.php" script.
Ref: http://www.securityfocus.com/bid/37604

10.3.143 - CVE: Not Available
Platform: Web Application
Title: Magento Multiple HTML Injection Vulnerabilities
Description: Magento is a web-based e-commerce application. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple HTML injection issues that affect the following fields: "Name" and "Product SKU" when creating a product "Group Name" when creating customer groups "Name" when creating root categories or attribute sets "Class Name" when creating customer or product tax classes "Tax Identifier" when creating tax rates "Poll Question" and "Answer Title" when creating polls/ Magento version 1.3.2.4 is affected.
Ref: http://www.securityfocus.com/bid/37611

10.3.144 - CVE: Not Available
Platform: Web Application
Title: Skype Technologies Skype for Linux GUI HTML Injection
Description: Skype is peer-to-peer communications software that supports internet based voice communications. Skype is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Skype version 2.1 beta for Linux is affected.
Ref: http://www.securityfocus.com/bid/37603

10.3.145 - CVE: Not Available
Platform: Web Application
Title: LineWeb 1.0.5 Multiple Remote Vulnerabilities
Description: LineWeb is a web-based application implemented in PHP. LineWeb is exposed to multiple remote issues. Multiple local file-include issues affect the "op" parameter of the "index.php" script and the "admin/index.php" script. An SQL injection issue affects the "newsid" parameter of the "admin/edit_news.php" script. A security bypass issue affects the "edit_download.php" script. LineWeb version 1.0.5 is affected.
Ref: http://www.securityfocus.com/archive/1/508742

10.3.146 - CVE: Not Available
Platform: Web Application
Title: Dating Agent PRO SQL Injection and HTML Injection Vulnerabilities
Description: Dating Agent PRO is a web-based dating and personal classifieds application. The application is exposed to multiple input validation issues. An HTML injection issue affects the "subject" parameter of the "picture.php" script when a picture is being rated. Multiple SQL injection issues affect the following scripts and parameters: "picture.php": "pid", "subject", "message", "rating" "advance.php": "login", "fname", "lname", "country", "state", "city", "yahoo", "msn", "aol", "icq", "ethnicity" "login.php": "login", and "pswd". Dating Agent PRO version 4.9.1 is affected.
Ref: http://www.securityfocus.com/bid/37614

10.3.147 - CVE: CVE-2009-3742
Platform: Web Application
Title: Liferay Portal "p_p_id" Parameter HTML Injection
Description: Liferay Portal is a Java-based web portal for enterprises. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Specifically, this issue affects the "p_p_id" parameter of the plugin configuration section. Liferay Portal version 5.3.0 is affected.
Ref: http://www.kb.cert.org/vuls/id/750796

10.3.148 - CVE: CVE-2009-4395, CVE-2009-4394
Platform: Web Application
Title: TYPO3 Random Prayer 2 Extension Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities
Description: TYPO3 Random Prayer 2 ("ste_prayer2") is an extension for the TYPO3 content manager. The extension is exposed to a cross-site scripting issue and an SQL injection issue because it fails to properly sanitize user-supplied input. Random Prayer 2 versions 0.0.3 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/

10.3.149 - CVE: Not Available
Platform: Web Application
Title: Movable Type Unspecified Security Bypass
Description: Movable Type is a web log application implemented in Perl and PHP. The application is exposed to an unspecified access restriction security bypass issue. Movable Type versions prior to 4.27 and 5.01 are affected.
Ref: http://jvn.jp/en/jp/JVN09872874/index.html

10.3.150 - CVE: Not Available
Platform: Web Application
Title: Docebo "modname" Parameter Local File Include
Description: Docebo is PHP-based elearning software for enterprises. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "modname" parameter of the "index.php" script. Docebo version 3.6.0.2 is affected.
Ref: http://www.securityfocus.com/bid/37643

10.3.151 - CVE: Not Available
Platform: Web Application
Title: Drupal Wunderbar! Module "username" HTML Injection
Description: The Wunderbar! module provides a floating toolbar for web pages created with the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, this issue affects the "username" parameter. Wunderbar! versions prior to 6.x-0.6 are vulnerable.
Ref: http://drupal.org/node/675968

10.3.152 - CVE: Not Available
Platform: Web Application
Title: Drupal Currency Exchange Module "watchdog" HTML Injection
Description: Currency Exchange is a module for the Drupal content manager. The module allows users to display currency exchange rates. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before logging it to the watchdog. Currency Exchange versions prior to 6.x-1.2 are affected.
Ref: http://drupal.org/node/676216

10.3.153 - CVE: Not Available
Platform: Web Application
Title: Drupal Forward Module HTML Injection
Description: The Wunderbar! module provides a floating toolbar for web pages created with the Drupal content manager. The module is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Specifically, users with the "access administration pages" and "administer forward" permissions, or users with "access administration pages" and "administer site configuration" permissions may inject scripts into unspecified sections of the application. Forward versions prior to 6.x-1.12 are affected.
Ref: http://drupal.org/node/677350

10.3.154 - CVE: Not Available
Platform: Web Application
Title: Dada Mail Dada Bridge Plugin Unspecified Security Bypass
Description: Dada Mail is a webmail application. The Dada Bridge plugin is exposed to an unspecified security issue that allows attackers to bypass access restrictions. For example, an attacker without a subscription may post to discussion lists. Dada Mail versions prior to 4.0.2 are affected.
Ref: http://freshmeat.net/projects/dada/releases/310559

10.3.155 - CVE: CVE-2009-4486
Platform: Web Application
Title: Novell iManager Importing/Exporting Schema Stack Buffer Overflow
Description: Novell iManager is a web-based management portal for various Novell products. The application is exposed to a stack-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when importing and exploiting schemas. Novell iManager versions 2.7.2 and earlier are affected. Ref: http://www.novell.com/support/viewContent.do?externalId=7004985&sliceId=1

10.3.156 - CVE: Not Available
Platform: Web Application
Title: Calendarix "calpath" Parameter Remote File Include
Description: Calendarix is a web-based calendar application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "calpath" parameter of the "cal_config.inc.php" script. Calendarix version 0.7 is affected.
Ref: http://www.securityfocus.com/bid/37673

10.3.157 - CVE: Not Available
Platform: Web Application
Title: Drupal Multiple HTML Injection Vulnerabilities
Description: Drupal is a web-based content manager. The application is exposed to multiple input validation issues. An HTML injection issue affects the "Mask" field of the "Access rules" section. An HTML injection issue affects the "Name Role" field in the "Roles management" section. Drupal version 6.15 is affected. Ref: http://www.backtrack.it/~emgent/exploits/DrupalMultiplePermanentXss-20090107.txt

10.3.158 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_dashboard" Component Directory Traversal
Description: The "com_dashboard" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_dashboard" component.
Ref: http://www.securityfocus.com/bid/37689

10.3.159 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_jcollection" Component Directory Traversal
Description: The "com_jcollection" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_jcollection" component.
Ref: http://www.securityfocus.com/bid/37691

10.3.160 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_jashowcase" Component Directory Traversal
Description: The "com_jashowcase" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_jashowcase" component.
Ref: http://www.securityfocus.com/bid/37692

10.3.161 - CVE: Not Available
Platform: Web Application
Title: Simply Classifieds Multiple HTML Injection Vulnerabilities
Description: Simply Classifieds is a web-based application used for classified advertisement. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Simply Classifieds version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/37693

10.3.162 - CVE: Not Available
Platform: Web Application
Title: Joomla! "com_jvideodirect" Component Directory Traversal
Description: The "com_jvideodirect" component is a PHP-based application for the Joomla! content manager. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "controller" parameter of the "com_jvideodirect" component.
Ref: http://www.securityfocus.com/bid/37694

10.3.163 - CVE: Not Available
Platform: Web Application
Title: profitCode Shopping Cart Multiple Remote and Local File Include Vulnerabilities
Description: profitCode Shopping Cart is web-based shopping cart application. The application is exposed to the multiple input validation issues that affect multiple scripts and parameters. Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the web server process or obtain potentially sensitive information.
Ref: http://www.securityfocus.com/bid/37696

10.3.164 - CVE: CVE-2009-4492
Platform: Web Application
Title: Ruby WEBrick Terminal Escape Sequence in Logs Command Injection
Description: WEBrick is a core library of the Ruby programming language that provides HTTP server functionality. Ruby WEBrick is exposed to a command injection issue because it fails to adequately sanitize user-supplied input in log files. WEBrick versions prior to the following are affected: Ruby 1.8.6 patch level 388, Ruby 1.8.7 patch level 249 and Ruby 1.9.1 patch level 378. Ref: http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/

10.3.165 - CVE: CVE-2009-4488
Platform: Web Application
Title: Varnish Terminal Escape Sequence in Logs Command Injection
Description: Varnish is an HTTP accelerator. Varnish is exposed to a command injection issue because it fails to adequately sanitize user-supplied input in log files. Varnish version 2.0.6 is affected.
Ref: http://www.securityfocus.com/archive/1/508830

10.3.166 - CVE: Not Available
Platform: Web Application
Title: FAQEngine "path_faqe" Parameter Multiple Remote File Include Vulnerabilities
Description: FAQEngine is a PHP-based application to maintain an FAQ database. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "path_faqe" parameter. An attacker can exploit these issues to execute malicious PHP code in the context of the web server process. FAQEngine version 4.24.00 is affected.
Ref: http://www.securityfocus.com/bid/37719

10.3.167 - CVE: Not Available
Platform: Network Device
Title: SanDisk Cruzer Enterprise USB Flash Drives Access Control Security Bypass
Description: SanDisk Cruzer Enterprise USB Flash Drives are portable flash hard drives. The devices are exposed to a local security bypass issue caused by an error in the access control mechanism. Attackers with physical access to an affected drive can exploit this issue to bypass password protection mechanisms to obtain data stored on the device. Ref: http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009

10.3.168 - CVE: Not Available
Platform: Network Device
Title: Verbatim Corporate Secure Flash Drives Access Control Security Bypass
Description: Verbatim Corporate Secure flash drives are portable flash hard drives. The devices are exposed to a local security bypass issue caused by an error in the access control mechanism. An attacker with physical access to an affected drive can exploit this issue to bypass password protection mechanisms to obtain data stored on the device.
Ref: http://www.verbatim.com/security/security-update.cfm

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Check Them Out!

The vendor-neutral instructional approach goes a long way in providing a broad base of information without bias.
-Keith Rice, Bank of America

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 3
January 14, 2010

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

Mac Os

Linux

Solaris

Novell

Cross Platform

Web Application - Cross Site Scripting

Web Application - SQL Injection

Web Application

Network Device

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2010

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 3January 14, 2010

Current Newsletters

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

Mac Os

Linux

Solaris

Novell

Cross Platform

Web Application - Cross Site Scripting

Web Application - SQL Injection

Web Application

Network Device

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered VulnerabilitiesWeek 3, 2010

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

Volume: IX, Issue: 3
January 14, 2010

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2010