@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Microsoft Windows Shell Shortcut Parsing Vulnerability
• (2) HIGH: Mozilla Products Multiple Vulnerabilities
• (3) MEDIUM: Apple iTunes 'itpc:' URI Remote Buffer Overflow Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 10.30.1 - Microsoft Windows Shortcut "LNK" Files Automatic File Execution

Third Party Windows Apps

• 10.30.2 - Millennium Mp3 Studio ".pls" File Stack Buffer Overflow
• 10.30.3 - Ipswitch IMail Server List Mailer "imailsrv.exe" Buffer Overflow
• 10.30.4 - Ipswitch IMail "SMTPDLL.dll" Multiple Remote Code Execution Issues Issue
• 10.30.5 - CooolSoft PowerFTP "RETR" Command Remote Buffer Overflow Issue

Aix

• 10.30.6 - IBM AIX FTP Server "NLST" Command Information Disclosure

Novell

• 10.30.7 - Novell GroupWise Internet Agent Stack Buffer Overflow
• 10.30.8 - Novell GroupWise WebAccess Authentication Information Disclosure
• 10.30.9 - Novell Teaming Unspecified Remote Code Execution Issue

Cross Platform

• , - Oracle July critical patch multiple issues
• 10.30.11 - IBM SolidDB "solid.exe" Handshake Remote Code Execution Issue
• 10.30.12 - HP OpenVMS Multiple Security Vulnerabilities
• 10.30.13 - Skype Technologies Skype Client for Mac Chat Feature Remote Denial of Service Issue
• 10.30.14 - FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities
• 10.30.15 - Opera Web Browser Multiple Security Issues
• 10.30.16 - Novell GroupWise Agents HTTP Interface HTTP Header Injection Issue
• 10.30.17 - Novell GroupWise WebAccess Proxy Feature Stack Buffer Overflow Issue
• 10.30.18 - ISC BIND 9 "RRSIG" Record Type Remote Denial of Service
• 10.30.19 - UltraEdit Spell Checker Stack-Based Buffer Overflow
• 10.30.20 - MOJO IWMS "default.asp" Cookie Manipulation Issue
• 10.30.21 - Apple iTunes "itpc:" URI Remote Buffer Overflow

Web Application - Cross Site Scripting

• 10.30.22 - F5 FirePass Pre-logon Pages Cross-Site Scripting
• 10.30.23 - ConPresso CMS "mod_search/index.php" Multiple Cross-Site Scripting Vulnerabilities
• 10.30.24 - ViArt CMS "admin_articles.php" Cross-Site Scripting Issue
• 10.30.25 - Novell GroupWise Agents HTTP Interfaces Multiple Cross-Site Scripting Vulnerabilities
• 10.30.26 - Novell GroupWise WebAccess Cross-Site Scripting issue
• 10.30.27 - phpwcms "phpwcms.php" Cross-Site Scripting Issue
• 10.30.28 - cPanel Unspecified Cross-Site Scripting
• 10.30.29 - Pligg "search.php" Cross-Site Scripting
• 10.30.30 - NQcontent CMS "admin/index.cfm" Cross-Site Scripting and Information Disclosure Vulnerabilities
• 10.30.31 - SAP J2EE Engine Core Unspecified Cross-Site Scripting issue

Web Application - SQL Injection

• 10.30.32 - 2daybiz Custom Business Card Script Login Form Multiple SQL Injection Vulnerabilities
• 10.30.33 - BrotherScripts Scripts Directory "info.php" SQL Injection
• 10.30.34 - Kayako eSupport "functions.php" SQL Injection
• 10.30.35 - icash Click&Rank "admin.asp" SQL Injection Issue
• 10.30.36 - Calendarix "cal_cat.php" SQL Injection
• 10.30.37 - DeDeCMS "rss.php" SQL Injection Issue
• 10.30.38 - ClickTech Texas Rank'em "player.asp" SQL Injection

Web Application

• 10.30.39 - CMSQLite Cross-Site Scripting and Multiple SQL Injection Issues
• 10.30.40 - 2daybiz Custom T-Shirt Design Script Comment HTML Injection Issue
• 10.30.41 - Saurus CMS Multiple Remote File Include Vulnerabilities
• 10.30.42 - gpEasy CMS "admin_password.php" Remote File Include Issue
• 10.30.43 - Billwerx SQL Injection and HTML Injection Vulnerabilities
• 10.30.44 - Zeecareers Cross-Site Scripting and Authentication Bypass Issues
• 10.30.45 - Piwigo SQL Injection and HTML Injection Issues
• 10.30.46 - Acc Autos "Description" Parameter HTML Injection
• 10.30.47 - GetSimple CMS Multiple Vulnerabilities
• 10.30.48 - Novell GroupWise WebAccess HTML Injection Issue
• 10.30.49 - Multi-Vendor Shopping Malls SQL Injection and Cross-Site Scripting Vulnerabilities
• 10.30.50 - ZEEWAYS ZeeJobsite "advance_search.php" HTML Injection Issue

Network Device

• 10.30.51 - D-Link DAP-1160 Web Administration Interface "formFilter()" Function Buffer Overflow
• 10.30.52 - Juniper Networks SA2000 SSL VPN Appliance "welcome.cgi" Cross-Site Scripting Issue
• 10.30.53 - F5 FirePass Pre-Login Token Security Bypass
• 10.30.54 - Siemens SIMATIC WinCC Default Password Security Bypass

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 30, 2010

Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9752 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 10.30.1 - CVE: CVE-2010-2568
• Platform: Windows
• Title: Microsoft Windows Shortcut "LNK" Files Automatic File Execution
• Description: Microsoft Windows is exposed to an issue that may allow a file to automatically run because the software fails to handle "LNK" files properly. A specially crafted "LNK" file can cause Windows to automatically execute code that is specified by the shortcut file.
• Ref: http://blogs.technet.com/b/msrc/archive/2010/07/16/security-advisory-2286198-rel
  eased.aspx

• 10.30.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Millennium Mp3 Studio ".pls" File Stack Buffer Overflow
• Description: Mp3 Millennium is a multimedia player for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".pls" file. Millennium Mp3 Studio version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/41658/references

• 10.30.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Ipswitch IMail Server List Mailer "imailsrv.exe" Buffer Overflow
• Description: Ipswitch IMail Server is an email server that serves clients their mail through a web interface. Ipswitch IMail Server List Mailer is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Ipswitch IMail Server versions prior to 11.02 are affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-126/

• 10.30.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Ipswitch IMail "SMTPDLL.dll" Multiple Remote Code Execution Issues Issue
• Description: Ipswitch IMail Server is an email server that serves clients their mail through a web interface. It runs on Microsoft Windows. Ipswitch IMail is exposed to multiple remote code execution issues.
• Ref: http://www.securityfocus.com/bid/41718

• 10.30.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: CooolSoft PowerFTP "RETR" Command Remote Buffer Overflow Issue
• Description: CooolSoft PowerFTP is a multiple thread FTP client for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. PowerFTP version 2.30 is affected.
• Ref: http://www.securityfocus.com/bid/41782

• 10.30.6 - CVE: Not Available
• Platform: Aix
• Title: IBM AIX FTP Server "NLST" Command Information Disclosure
• Description: AIX FTP Server is an FTP server application. The application is exposed to a remote information disclosure issue. An attacker can exploit this issue by sending a crafted "NLST" command and disclose root password hash.
• Ref: http://www.securityfocus.com/bid/41762

• 10.30.7 - CVE: Not Available
• Platform: Novell
• Title: Novell GroupWise Internet Agent Stack Buffer Overflow
• Description: Novell GroupWise is collaboration software and includes an Internet Agent process for mail transfer. Novell GroupWise Internet Agent is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Novell GroupWise versions prior to 8.0 SP2 are affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-129/

• 10.30.8 - CVE: Not Available
• Platform: Novell
• Title: Novell GroupWise WebAccess Authentication Information Disclosure
• Description: Novell GroupWise WebAccess is cross-platform collaborative software. Novell GroupWise WebAccess is exposed to an information disclosure issue because parameters passed to the affected application may allow attackers to gain access to authentication information. GroupWise versions 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0 and 8.01x are affected.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7006373

• 10.30.9 - CVE: Not Available
• Platform: Novell
• Title: Novell Teaming Unspecified Remote Code Execution Issue
• Description: Novell Teaming is an enterprise application for collaboration and conferencing. The application is exposed to an unspecified remote code execution issue that allows remote attackers to execute arbitrary code on affected machines. Novell Teaming 2.1 is affected.
• Ref: http://www.securityfocus.com/bid/41795

• , - CVE: CVE-2010-0911, CVE-2010-0903, CVE-2010-0902,CVE-2010-0892, CVE-2010-0900, CVE-2010-0901, CVE-2010-0873,CVE-2010-0910, CVE-2010-0898, CVE-2010-0907, CVE-2010-0899,CVE-2010-0906, CVE-2010-0904, CVE-2010-0849, CVE-2009-3555,CVE-2010-2375, CVE-2010-2370,
• Platform: Cross Platform
• Title: Oracle July critical patch multiple issues
• Description: Oracle has released a critical patch update for July 2010 which fixes multiple vulnerabilities for the following products: Oracle Database, Oracle TimesTen In-Memory Database, Oracle Secure Backup, Oracle Application Server, Oracle Identity Management 10g, Oracle WebLogic Server, Oracle JRockit, Oracle Business Process Management, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Release, Oracle Transportation Manager, PeopleSoft Enterprise Campus Solutions and Oracle Sun Product Suite.
• Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul20
  10.html

• 10.30.11 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM SolidDB "solid.exe" Handshake Remote Code Execution Issue
• Description: IBM SolidDB is a relational SQL database. The application is exposed to a remote code execution issue because it fails to properly validate the length of the username field in the first handshake packet. The issue affects the "solid.exe" process which listens by default on TCP port 1315. IBM SolidDB version 6.5 is affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-10-125/

• 10.30.12 - CVE: Not Available
• Platform: Cross Platform
• Title: HP OpenVMS Multiple Security Vulnerabilities
• Description: OpenVMS is a mainframe-like operating system originally developed by Digital. The application is exposed to a denial of service issue and an unspecified issue that allows local attackers to disclose sensitive information or elevate privileges.
• Ref: ftp://ftp.itrc.hp.com/openvms_patches/alpha/V8.2/VMS82A_SYS_MUP-V1700.txt

• 10.30.13 - CVE: Not Available
• Platform: Cross Platform
• Title: Skype Technologies Skype Client for Mac Chat Feature Remote Denial of Service Issue
• Description: Skype is peer-to-peer communications software that supports internet-based voice communications. Skype is exposed to a remote denial of service issue because it fails to properly sanitize user-supplied input in the embedded chat feature. Skype version 1.3.0.275 for Apple iPhone and 2.8 for Mac OS X are affected.
• Ref: http://www.securityfocus.com/bid/41040

• 10.30.14 - CVE: CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,CVE-2010-2500, CVE-2010-2519, CVE-2010-2520
• Platform: Cross Platform
• Title: FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities
• Description: FreeType is an open source font handling library. FreeType is exposed to multiple remote issues. An attacker can exploit these issues by enticing an unsuspecting user to open a specially crafted font file.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2498

• 10.30.15 - CVE: CVE-2010-2659, CVE-2010-2662, CVE-2010-2663,CVE-2010-2664
• Platform: Cross Platform
• Title: Opera Web Browser Multiple Security Issues
• Description: Opera Web Browser is a browser that runs on multiple operating systems. Opera is exposed to information disclosure, security bypass and denial of service issues. Opera versions prior to 10.60 are affected.
• Ref: http://www.opera.com/docs/changelogs/unix/1060/

• 10.30.16 - CVE: Not Available
• Platform: Cross Platform
• Title: Novell GroupWise Agents HTTP Interface HTTP Header Injection Issue
• Description: Novell GroupWise is collaboration software available for a number of platforms, including Linux and Microsoft Windows. The HTTP interfaces for GroupWise agents (Message Transfer Agent, Post Office Agent, Internet Agent, WebAccess Agent, Monitor Agent) are exposed to an issue that allows attackers to inject arbitrary HTTP headers because they fail to sanitize input. Novell GroupWise versions 7.0, 7.01, 7.02, 7.03x, 8.0 and 8.01x are affected.
• Ref: http://www.securityfocus.com/bid/41705

• 10.30.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Novell GroupWise WebAccess Proxy Feature Stack Buffer Overflow Issue
• Description: Novell GroupWise is collaboration software. WebAccess is a secure mobile option for GroupWise collaboration software. Novell GroupWise WebAccess is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data to the proxy feature. Novell GroupWise versions prior to 8.0 SP2 are affected.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7006380

• 10.30.18 - CVE: CVE-2010-0213
• Platform: Cross Platform
• Title: ISC BIND 9 "RRSIG" Record Type Remote Denial of Service
• Description: ISC BIND is exposed to a remote denial of service issue because it fails to properly handle specially crafted dynamic update requests. BIND versions 9.7.1 and 9.7.1-P1 are affected.
• Ref: http://www.securityfocus.com/bid/41730

• 10.30.19 - CVE: Not Available
• Platform: Cross Platform
• Title: UltraEdit Spell Checker Stack-Based Buffer Overflow
• Description: UltraEdit is a text editor application. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue affects the Spell Check library (aspell6.dll) when handling excessively large strings. UltraEdit versions 15.20 and 16.00 are affected.
• Ref: http://code.google.com/p/skylined/issues/detail?id=2

• 10.30.20 - CVE: Not Available
• Platform: Cross Platform
• Title: MOJO IWMS "default.asp" Cookie Manipulation Issue
• Description: MOJO IWMS is an integrated content management application. The application is exposed to a cookie manipulation issue because it fails to sufficiently sanitize user-supplied input to the "ERRMSG" parameter of the "upload/default.asp" script. MOJO IWMS version 7 is affected.
• Ref: http://www.securityfocus.com/bid/41746/references

• 10.30.21 - CVE: CVE-2010-1777
• Platform: Cross Platform
• Title: Apple iTunes "itpc:" URI Remote Buffer Overflow
• Description: Apple iTunes is a media player for Microsoft Windows and Apple Mac OS X. iTunes is exposed to a remote buffer overflow issue because the application fails to properly bounds check user-supplied input.
• Ref: http://www.securityfocus.com/bid/41789

• 10.30.22 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: F5 FirePass Pre-logon Pages Cross-Site Scripting
• Description: F5 FirePass is a Virtual Private Network device. The device is exposed to a cross-site scripting issue because the web interface fails to properly sanitize user-supplied input to the pre-logon pages. F5 FirePass versions 5.5.2 and 6.1 are affected.
• Ref: http://www.securityfocus.com/bid/41671

• 10.30.23 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ConPresso CMS "mod_search/index.php" Multiple Cross-Site Scripting Vulnerabilities
• Description: ConPresso CMS is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "rubric" and "q" parameters to the "mod_search/index.php" script. ConPresso CMS version 4.1.1 is affected.
• Ref: http://www.securityfocus.com/bid/41690

• 10.30.24 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ViArt CMS "admin_articles.php" Cross-Site Scripting Issue
• Description: ViArt CMS is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "s" variable of the "admin/admin_articles.php" script when "sc" is set. ViArt CMS version 3.6 is affected.
• Ref: http://www.securityfocus.com/bid/41700

• 10.30.25 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Novell GroupWise Agents HTTP Interfaces Multiple Cross-Site Scripting Vulnerabilities
• Description: Novell GroupWise is a cross-platform collaborative software product. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the HTTP interfaces for GroupWise agents. Groupwise versions prior to 7.0 SP4 and 8.0 SP2 are affected.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7006371

• 10.30.26 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Novell GroupWise WebAccess Cross-Site Scripting issue
• Description: Novell GroupWise WebAccess is a secure mobile option for GroupWise collaboration software. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input when replying to a specially formatted message. Novell GroupWise version 8.0 and Groupwise 8.01x are affected.
• Ref: http://www.securityfocus.com/bid/41714

• 10.30.27 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: phpwcms "phpwcms.php" Cross-Site Scripting Issue
• Description: phpwcms is a PHP-based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "calendardate" parameter of the "phpwcms.php" script. phpwcms version 1.4.5 is affected.
• Ref: http://www.securityfocus.com/bid/41720

• 10.30.28 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: cPanel Unspecified Cross-Site Scripting
• Description: cPanel is a web hosting control panel. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. cPanel version 11.25 is affected.
• Ref: http://www.securityfocus.com/archive/1/512383

• 10.30.29 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Pligg "search.php" Cross-Site Scripting
• Description: Pligg is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "search" parameter of the "search.php" script. Pligg version 1.0.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/512394

• 10.30.30 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: NQcontent CMS "admin/index.cfm" Cross-Site Scripting and Information Disclosure Vulnerabilities
• Description: NQcontent CMS is a content management application. The application is exposed to multiple issues. An information disclosure issue exists because it fails to restrict access to sensitive information. A cross-site scripting issue exists because the application fails to sufficiently sanitize user-supplied input to the "login" POST parameter of the "admin/index.cfm" script.
• Ref: http://www.securityfocus.com/bid/41799

• 10.30.31 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: SAP J2EE Engine Core Unspecified Cross-Site Scripting issue
• Description: SAP J2EE Engine Core is a Java virtual machine implementation. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied input.
• Ref: http://www.securityfocus.com/bid/41805

• 10.30.32 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: 2daybiz Custom Business Card Script Login Form Multiple SQL Injection Vulnerabilities
• Description: Custom Business Card Script is a web application implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" fields of the "login.php" script.
• Ref: http://www.securityfocus.com/bid/41652

• 10.30.33 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: BrotherScripts Scripts Directory "info.php" SQL Injection
• Description: BrotherScripts Scripts Directory is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "info.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41733

• 10.30.34 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Kayako eSupport "functions.php" SQL Injection
• Description: eSupport is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "_a" parameter in the "functions.php" script and "newsid" parameter of the "supportsuite/index.php" script before using it in an SQL query. eSupport version 3.70.02 is affected.
• Ref: http://www.securityfocus.com/bid/41756

• 10.30.35 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: icash Click&Rank "admin.asp" SQL Injection Issue
• Description: Click&Rank is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" parameter of the "admin.asp" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41760

• 10.30.36 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Calendarix "cal_cat.php" SQL Injection
• Description: Calendarix is a web-based calendar. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "limit" parameter of the "cal_cat.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41769

• 10.30.37 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: DeDeCMS "rss.php" SQL Injection Issue
• Description: DeDeCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "_Cs" parameter of the "rss.php" script before using it in an SQL query. DeDeCMS version 5.6 GBK is affected.
• Ref: http://www.securityfocus.com/bid/41777

• 10.30.38 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ClickTech Texas Rank'em "player.asp" SQL Injection
• Description: Texas Rank'em is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "player_id" parameter of the "player.asp" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/41808

• 10.30.39 - CVE: Not Available
• Platform: Web Application
• Title: CMSQLite Cross-Site Scripting and Multiple SQL Injection Issues
• Description: CMSQLite is a PHP-based content management system. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. The issues include cross-site scripting and multiple SQL injection issues. CMSQLite version 1.3 is affected.
• Ref: http://www.securityfocus.com/bid/41594/references

• 10.30.40 - CVE: CVE-2010-2692
• Platform: Web Application
• Title: 2daybiz Custom T-Shirt Design Script Comment HTML Injection Issue
• Description: 2daybiz Custom T-Shirt Design Script is a PHP-based web application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input when posting a comment.
• Ref: http://www.securityfocus.com/bid/41668

• 10.30.41 - CVE: Not Available
• Platform: Web Application
• Title: Saurus CMS Multiple Remote File Include Vulnerabilities
• Description: Saurus CMS is a PHP-based content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Saurus CMS version 4.6.4 is affected.
• Ref: http://www.securityfocus.com/bid/41674

• 10.30.42 - CVE: Not Available
• Platform: Web Application
• Title: gpEasy CMS "admin_password.php" Remote File Include Issue
• Description: gpEasy CMS is a PHP-based content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "rootDir" parameter of the "include/admin/admin_password.php" script. gpEasy CMS version 1.5 RC3 is affected.
• Ref: http://www.securityfocus.com/bid/41684/references

• 10.30.43 - CVE: Not Available
• Platform: Web Application
• Title: Billwerx SQL Injection and HTML Injection Vulnerabilities
• Description: Billwerx is a PHP-based online billing and client management application. The application is exposed to An SQL injection issue that affects the "description" POST parameter of the "employees/company_files.php" script and Multiple HTML injection issues because the application fails to sufficiently sanitize user-supplied data, Billwerx RC version 3.1 is affected.
• Ref: http://www.securityfocus.com/bid/41685

• 10.30.44 - CVE: Not Available
• Platform: Web Application
• Title: Zeecareers Cross-Site Scripting and Authentication Bypass Issues
• Description: Zeecareers is a PHP-based HR Recruitment application. PHPMyCart is exposed to multiple remote and cross-site scripting issues. Zeecareers version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/41689

• 10.30.45 - CVE: Not Available
• Platform: Web Application
• Title: Piwigo SQL Injection and HTML Injection Issues
• Description: Piwigo is a web-based photo gallery application implemented in PHP. The application is exposed to multiple input validation issues. Piwigo version 2.0.6 is affected.
• Ref: http://www.securityfocus.com/bid/41692

• 10.30.46 - CVE: Not Available
• Platform: Web Application
• Title: Acc Autos "Description" Parameter HTML Injection
• Description: Acc Autos is a PHP-based auto dealer script. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Description" parameter of the user profile section. Acc Autos version 5.0 is affected.
• Ref: http://www.securityfocus.com/bid/41693

• 10.30.47 - CVE: Not Available
• Platform: Web Application
• Title: GetSimple CMS Multiple Vulnerabilities
• Description: GetSimple CMS is a PHP-based content manager. The component is exposed to multiple input validation issues. GetSimple CMS version 2.01 is affected.
• Ref: http://www.securityfocus.com/bid/41697

• 10.30.48 - CVE: Not Available
• Platform: Web Application
• Title: Novell GroupWise WebAccess HTML Injection Issue
• Description: Novell GroupWise WebAccess is a secure mobile option for GroupWise collaboration software. The application is exposed to an HTML-injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Novell GroupWise versions 8.0 and 8.01x are affected.
• Ref: http://www.securityfocus.com/bid/41712

• 10.30.49 - CVE: Not Available
• Platform: Web Application
• Title: Multi-Vendor Shopping Malls SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: Pre Multi-Vendor Shopping Malls is a PHP-based shopping cart application. The application is exposed to multiple issues. A SQL injection issue affects the "username" parameter of the "login.php" script because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A cross-site scripting issue affects the "search" parameter of the "search.php" script because it fails to sufficiently sanitize user-supplied data.
• Ref: http://www.securityfocus.com/bid/41731

• 10.30.50 - CVE: Not Available
• Platform: Web Application
• Title: ZEEWAYS ZeeJobsite "advance_search.php" HTML Injection Issue
• Description: ZeeJobsite is a PHP-based content management application. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input to an unspecified parameter in "advance_search.php" script. ZeeJobsite version 3x is affected.
• Ref: http://www.securityfocus.com/bid/41800

• 10.30.51 - CVE: Not Available
• Platform: Network Device
• Title: D-Link DAP-1160 Web Administration Interface "formFilter()" Function Buffer Overflow
• Description: D-Link DAP-1160 is a wireless access point. The web administration interface of the device is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. D-Link DAP-1160 running firmware v120b06, v130b10, and v131b01 are affected.
• Ref: http://www.securityfocus.com/bid/41661

• 10.30.52 - CVE: Not Available
• Platform: Network Device
• Title: Juniper Networks SA2000 SSL VPN Appliance "welcome.cgi" Cross-Site Scripting Issue
• Description: Juniper Networks SA2000 SSL VPN appliance is a network security device, powered by Juniper IVE OS. The device is exposed to a cross-site scripting issue because the web interface fails to properly sanitize user-supplied input to the "u" parameter of the "dana-na/auth/url_default/welcome.cgi" script. Juniper Networks SA2000 running IVE OS version 6.5R1 (Build 14599) are affected.
• Ref: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-16

• 10.30.53 - CVE: Not Available
• Platform: Network Device
• Title: F5 FirePass Pre-Login Token Security Bypass
• Description: F5 FirePass is a Virtual Private Network device. F5 FirePass is exposed to a security bypass issue because of an error when accepting pre-logon sequence tokens. This issue affects the device's web interface, allowing an attacker to access the login page from a non-compliant workstation using a token generated on a compliant workstation. F5 FirePass versions 5.5.2 and 6.1 are affected.
• Ref: http://secunia.com/advisories/40611/

• 10.30.54 - CVE: Not Available
• Platform: Network Device
• Title: Siemens SIMATIC WinCC Default Password Security Bypass
• Description: Siemens SIMATIC WinCC is a SCADA device management application. Siemens SIMATIC WinCC is exposed to a remote security bypass issue because the database uses a default password that cannot be changed.
• Ref: http://it.slashdot.org/comments.pl?sid=1721020&cid=32920758

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.